Copy Link
Add to Bookmark
Report

k-1ine_21

eZine's profile picture
Published in 
K1INE
 · 5 years ago

  

k-21-(10)-01

OoO=o=oOO=o=O=OoO=o=oOO=o=O=OoO=o=oOO=o=O=>
OoO=o=oOO=o=O=OoO=o=oOO=o=O=OoO=o=oOO=o=O=>
OoO=o=oOO=o=O=>
: -`- -`- OoO=o=oOO=o=O=>
; _|_--oOO--(_)--OOo--_|_ OoO=oOO==OoO=o=oOO=o=O=>
| ¡ K-1ine Zine ! | OoO=o=oOO=o=O=>
! issue 21, volume 10¡ OoO=o=oOO=o=O=OoO=o=oOO=o=O=>
---------O^O---- OoO=o=oOO=o=O=OoO=o=oOO=o=O=>
;. |__|__| oODestructionO=oOr=oOO=WorldooODomination?=o=o=O=>
|| || OoO=o=oOO=o=O=OoO=o=oOO=o=O=OoO=o=oOO=o=O=>
ooO Ooo OoO=o=oOO=o=O=OoO=o=oOO=o=O=OoO=o=oOO=o=O=>
OoO=o=oOO=o=O=OoO=o=oOO=o=O=O=o=ooO=o=>

;`-.> November 2001 <=o=O=o=O=o=O


'Come With Us'


"As part of the conversion, computer specialists rewrote 1,500
programs; a process that traditionally requires some debugging."
-- USA Today, referring to the IRS switchover


_____________________________________________________________________________

» .- Words from the Editor -. « |

*: [-] Introduction .......................................... The Clone :*
*: (-) Contact Information ................................... The Clone :*
*: (-) Advertisment .......................................... HackerSalvage:*
*: (-) Link of the Month ..................................... The Clone :*
*: (-) K-1ine Mirrors ........................................ The Clone :*
*: (+) News: Chemical Brothers | 'Come With Us' .............. The Clone :*
____________________________________________________________________________

» .- Documents -. « |

*: (x) 'The TRS(Telus Relay Service) Loophole' ............... Phlux :*
*: (x) 'The Invisible Box' ................................... Lucky225 :*
*: (x) 'Nortel Screen Phones Explored/ADSI Carrier Scan' ..... p1asm1c :*
*: (x) 'An Introduction to Telus' Terminating Test Lines' .... The Clone :*
*: (x) 'A Mobile Phone ANI-Diversion Technique' .............. The Clone :*
_____________________________________________________________________________

» .- Conclusion -. « |

*: [-] Credits ............................................... The Clone :*
*: [-] Shouts ................................................ The Clone :*
_____________________________________________________________________________



Introduction -

Welcome to the newest issue of K-1ine... issue #21. We have a bunch of great
article compilations for your liking. Take the time to read through them,
and don't forget to submit something - you might just be in the next issue.

I hope you enjoy this issue... see you next month!

-->

Contact Information;
=-=-=-=-=-=-==-=-=-=

Comments/Questions/Submissions: theclone@hackcanada.com

On IRC: irc.2600.net - #hackcanada, #cpu (key)

Check out my site: (Nettwerked) http://www.nettwerked.net

-->
--

-- Advertisment --

+++ WWW.HACKERSALVAGE.COM +++

HackerSalvage.com is a non-profit website dedicated to
keeping old hardware in circulation. Many of us have
piles of it sitting around but can't just toss it out.
Here you can post computer items for sale or post a
want ad for items you are looking for. A perfect place
to get rid of perfectly good junk.... and get some new
stuff to rebuild the pile.
+++ +++

--


--=[ LINK OF THE MONTH ]=--

Every month I post one really great "link of the month" on every issue
of K-1ine magazine. The link can be anything in the technology industry,
music scene, rave scene, punk scene, or even a good article you read on a
news site. I'll be taking submissions via e-mail or IRC right away;
so get your links in and maybe you'll see it in the next issue of K-1ine!

For the month of November, the link of the month is:

http://www.peopleiworkwith.com
Pure Craziness...

[submitted by: The Clone]

--

K-1ine Mirrors:

http://the.wiretapped.net/security/info/textfiles/k1ine/


"Wiretapped.net is an Australian site offering an archive of open
source software, informational and advisory textfiles and radio/conference
broadcasts covering the areas of network security, network operations,
host integrity, cryptography and privacy. We aim to become the largest
archive of this nature in the Asia/Pacific region through steady growth
of our archives and regular updates to them (most updated nightly).
We are proudly telehoused on a 10Mbit/sec connection by Connect.com.au using
OneGuard hardware donated by eSec Limited. The archive, along with its
sister site on the same machine, The AusMac Archive, generates between 10
and 60 gigabytes of outbound traffic daily. Wiretapped.net is hosted in
Sydney, Australia."

--

News: Chemical Brothers | 'Come With Us'

To celebrate the Chemical Brothers new album, I thought I'd title this issue of
K-1ine with the same name as their newest album. Can't wait to check this album
out since I've been a huge Chems fan since they were (temporarly) Dust Brothers
in late 1994. Support these great artists by buying their newest album.

The Chemical Brothers have announced details of their fourth studio album,
the follow up to the hugely successful SURRENDER. Come With Us will be released
on January 29, 2002. The tracklisting is as follows:

* Come With Us
* It Began In Afrika
* Galaxy Bounce
* Star Guitar
* Hoops
* My Elastic Eye
* The State We’re In
* Denmark
* Pioneer Skies
* The Test

The album features two guest vocalists; Beth Orton on 'The State We’re In'
and Richard Ashcroft on 'The Test'. Check out www.astralwerks.com/chemical
for more details on the forthcoming single, "Star Guitar," released on January 15.

--
<h410gen> Carnivore = TCPDUMP
--

_______________________________________
: :
: The TRS(Telus Relay Service) Loophole :
:_______________________________________:
_____________________
: 8/15/2001 :
: by phlux :
: phlux@fucktelus.com :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

=================================================================================================

$!@#$!@#$!@#$
$@ WARNING #@
&@#$*%@#&#@$&

NONE OF THIS TEXT FILE MAY BE REPRODUCED IN PART OR ENTIRETY OR ELSE AND STUFF UNLESS YOU DON'T
TELL ME THAT YOU DID IN WHICH CASE I MIGHT NOT FIND OUT BUT IF I DO THE STREETS WILL RUN RED WITH
YOUR BLOOD AND ANYONE WHO COPPERATED AND HELPED AND THEY'RE DOGS MAYBE EVEN YODA SO BE FUCKING
CAREFUL WHO YOU GIVE THIS TO SO THAT THIS KIND OF TECHNOLOGY DOESN'T GET INTO THE WRONG HANDS

=================================================================================================

NOTE: This is not a really major finding, however I think its kind of funny, and it is usable
so i felt it was txt worthy. I dont recomend you actually use this loophole, but rather just
retain the knowledge, as knowledge is power.(ROUND 1 FIGHT!)

=================================================================================================

Introduction:

I needed to call a good friend of mine.. having no calling cards and not being able
to call direct, I thought of the possibilities. I have PBXs, out dials, social engineering, but I
didn't feel a need to make an illegal call as it was a serious matter. Rooting around some old
back up CDs i found this one text, TTY.TXT, a text documenting the telus relay service.(by me!)

I think it was just information i ripped from telus' site or something sometime ago, as it was all
very basic. However I re-taught myself the terms used in TTY, then I read on, and got to the part
about HCOs and VCOs.

This loophole will alow you to make a phone call from alberta to anywhere in canada with 50% off
the long distance charges. Also my phone book says gimps using TTY get free local calling (bring
yer computer to the payphone). I am not sure if this is still true as the phone book is not the
newest available...

No biggie, but keep in mind its legit! (but you tie up gimpers relay service, kind of like
parking in a handi-capped spot. Or maybe even that time you took a shit in the fat ass stall
that has more square feet then your bedroom. This txt should be labeled as a DoS really)

=================================================================================================

The Loophole:

VCO stands for Voice Carry Over, while HCO means Hearing Carry Over.
If you do not have basic knowledge on TTY, go read my TTY text. I will rip the important stuff;

In a TTY call, VCO enables you to speak directly to the person you are calling, for hearing impaired
people who can speak clearly. When you connect to a CA, just say 'requesting VCO, GA' or equivelant
to use this feature. VCO can only be turned on when the call is answered, to which she will announce
'VCO on GA' or something.

HCO, Hearing Carry Over(you can hear but can't talk, same as above but reverse.)

If you don't already know where this is going.....


TTY your ass to 711:
-

Heres an example transcript;

TRS CA: "Telus Relay Service this is Anne, may I help you q, GA"

You: "Yes please, im trying to call my friend Steven Thrasher at 403-265-2307 GA"

TRS CA: "One moment please GA"

You: "No problem, GA"

...CA rings Steven, confirms he knows how to use TTY, the call is connected...

TRS CA: "Hey Jon, whats up q GA"

You: "Sup stevie... oh yo yo yo I found my hearing aids<CR> CA can i request an HCO q GA"

TRS CA: "Heh you always lose them things... HCO on GA"

You: "GA on HCO"

HCO is now enabled. You still type your messages to the TRC CA to Stevie, but you save the op having to
type what Steve says, so you request a VCO;

You: "CA: That dirty dog steve wants me to tell him this joke myself! requesting VCO"

When the CA does a VCO press your thumb onto your neck, putting pressure on your voice box, and emulate
an electronic voice box(practise finding the right spot before requesting the VCO), and tell the operator
that you can take things from here.

Thats all there is too it.

To do this you will need a TTY that supports HCO and VCO(can be expensive)

However, i have fathomed the idea of building&coding a baudot emulator to be used with an acoustic coupler
from the handset to the soundcard speaker/mic and a parallel port for toggling HCO and VCO to your headset.
Firstly i would need a job, or an accomplise to help me rob radio shack.

props: pooly, Lucky225, theclone, Mark Hubber, PSYKO, and the Zig-Zag man.
plops: TRON(fag teeth)

--

The Invisible Box
By Lucky225
Email: Lucky225@verizonfears.com

Introduction:

The invisible box will make it so that when you pick up a phone on your phone line any
of those in-use lights that tell if an extension phone is picked up, wont light.

Theory:

The theory is based off the same principles as the infamous blackbox that used a 1.8k
resistor to keep the phone line at 50v when you pick up, which actually still works, but
because of SS7 the voice path is cut off from the party calling you, and the phone company
doesn't allow a voice connection any more until your phone goes off hook and there's
supervision. The invisible box works by using high resistance to keep the voltage at
about 20 volts. This is accomplished by placing a resistor of about 470ohms in
series with your phone. The phone is approximately 215ohms and draws 28ma of current, which
means when your phone is off-hook there is approximately 6 volts on the phone line. When
you place the resistor in series with the phone line there is a total resistance of 685ohms.
Using ohm's law, 685 ohms times 28ma gets you 19.2 Volts! So the resistor keeps the phone
line at about 20 volts, and most in use lights only go off when there is about 15 volts or
less on the phone line.

Construction:

You will need a phone cord and a 470ohm resistor(Yellow, Purple, Brown). You can get the
resistor in a 5 pack at radioshack for $0.49. It wouldn't hurt to have some wire stripers,
and possibly electrical tape or solder. Strip the phone cord in the middle, dont cut the
modular jacks off. You'll see 4 or 2 wires, usually black, red, green, and yellow. Dont
worry about the black and yellow wires, in fact cut them off they'll get in the way. Leave
the green wire alone, thats the positive wire, and sense current flows from negative to
positive and we're trying to opose current so the voltage wont drop we leave it alone!
Finally, cut the red wire (that's the negative!) in half and strip both ends, you're going
to insert the resistor here.

Diagram:

(-) Red wire 470ohm
-------------/\/\/\----------
-----------------------------
(+) Green wire

Conclusion:

That's it, pretty simple huh? You might be thinking that maybe there is no real use for
this because all it does it make it so that an in-use light doesn't light when you pick up
the phone. But think of the possibilities, you could go beigeboxing with this box and it
might save you if the person your beigeing off of has an in-use light and they always look
at it to see if their kid is on the phone, but because of your trusty invisible box hooked
up to the phone line that light never comes on and they never pick up to yell at what they
would think is their kid. Personally, I use it when I'm talking on my phone line but want
to use my main line to go on the internet, my mom is always checking that damn in-use light
and yelling at me, "You're on the internet with my phone line! GET OFF NOW!" HA-HA! Now
she'll never know! The sad thing is I bet this even bypasses those lame $200 phone tap
detectors you always see on TV.

Okay time for greets:

Yari my beloved!, Spoonm!, Pooly, BigB9000, Xhype, Gizmo, Morbid Angel, Lancomandr,
phlux, cry0, syncron, Omega2, phreak2000.com! and anyone else I left out!


-------
UPDATE
-------


After recently purchasing the 43-443 in-use light from radioshack, I noticed
that they detected current, not voltage, unlike the in-use light on my mom's phone that only
detects voltage drop. However you can defeat these by placing a 220ohm resistor in parallel
with the phone line and when your using your phone there won't be enough current to light
the light. I have made an improved "invisible box" that defeats both the voltage and current
detector in-use lights. Below is the diagram:

Red
Ring(-) 470ohm
---------/\/\/\------->
< 220ohm
>
-----------------------
Tip(+)
Green

If your in-use light still lights trying changing the resistor values as the resistance
of your phone may vary.


--

----------------------------------------------------------------------------------
Nortel Screen Phones Explored/ADSI Carrier Scan 06/07/01 :: by p1asm1c
----------------------------------------------------------------------------------

Note: most of this information applies to the new vista screenphones
(Vista 390, Cybiolink 8000; See below on more info on these phones)

A few years ago, due to my impeccable bill paying and courteous mannerisms with
bell operators I was given the opportunity to receive a free Vista 350 phone,
that's right, FREE!. Ecstatic, I sent back the necessary paperwork to our friends
at bell, and in a few weeks my coveted vista 350 had arrived. The couriers kept on
coming at the wrong times, so I decided to go pick it up myself. My companion and
I grabbed our bikes and ventured to Puralator headquarters, located in the
urban-industrial lakeshore wasteland east of downtown Toronto. But sulfur fumes
wouldn't stop us from obtaining the grail, I mean phone...

While we were on our way back home, we decided to check out the fabulous
collection of dumpsters nearby the warehouses. I spotted an old rackmount server
under a garbage bag. Unfortunately, it wasn't meant to be, as we had a load to
carry already. The mysterious box would have to wait for another day.
We stopped by a local Pizza place and ordered some food, while I hastily ripped
open the box.

Inside the parts were many:

1. Manual for Vista 350 Phone
2. LCD Screen Module
3. Vista 350 Phone
4. Setup Guide
5. Feature 'HotSheet'
6. Standard RJ-14 Headset w/ Cord
7. 9 foot RJ-11 cord
8. Nortel AC Adapter
9. 2 Position desk stand

As I paged through the manual, it explains that the vista phone is structured in
2 basic parts. 

Firstly, the main part of the phone, containing the dialer, speakerphone, and
4 buttons: Hold, Link, Goodbye (Terminates an open line when using data services),
and Options. Lastly a blood red indication light which has become standard on most
Nortel phones. On the underside there were 3 jacks, 2 RJ-11, and 1 RJ-14 for the
receiver. The second RJ11 jack can be used for your fax/data device. Along side was
a standard 16Vac 50-60Hz Power adapter. Also a pass through for an optional printer
for the data module.

  Receiver (+) 
||
||
  \/
______{_______
/@|LED| _____ \
|+|...| |LCD | | {
|+|123| |SCR | | { = Removable Module
|+|456| |____| | {
|@|789| ... | ...= Interface Buttons
\_______{__..._ /
Module 1 - Module 2


The data module has 17 buttons on it's face. 4 are used as directional buttons, 6
for Interface, and 6 for service selection. On the underside there is a single RJ11
Connector which can be used for an optional printer. And on the side is the male
connector for the aforementioned 20pin AMP connector.

As I read through more of the documentation I was advised to call a phone number
to initialize my vista phone, this isn't required for normal operation but is
necessary to use the online services.

So when we arrived at the house I plugged in the phone and dialed up the number.
A small load indicator flashes while the speaker gives of a discrete bleep while
the phone is downloading information, your prompted to download the services the
phone has to offer. Dialing this number again later on is also a good idea as new
services are often added (read: the new automated directory services, email, etc...)


After removing the 6 star shaped screws on the main module, I lifted of the back
side of the phone. Inside there were a few things that caught my eye. One, that
Nortel have a very innovative form of directing led light. A large arc of plastic
directed from one small standard 2.5v led is projected it into a 2 inch light as
mentioned above. Similar engineering was used for the speakerphone led indicator.
Looking onto the main circuit board, most of everything was on par compared to a
standard nortel phone. With exception to the new data module chipsets and connectors.
The connector seems to connect to a 20 pin AMP (SN: QMV6368T5) connector labeled
P1 on the board. Accompanied by what looks like a new chipset developed by Nortel.
And finally a vanilla 5 volt speaker used for the speakerphone.

Pictures and Hi-Res shots of the boards will be availible soon at:

http://www.cpj.f2s.com


The way the phone works software-wise is the phone connects using the ADSI protocol
to connect to an NT box running the appropriate software, this connection is
established at 1200bps, the phone then downloads prefabricated scripts which reside
on the server.The modification of these scripts could be done for many purposes,
Since the ADSI is being used more and more for interactive services over telephones,

(most notably a recent project involving a diabetic database entry client
developed in Ontario)


Generic Sample Scripts in C availible for download at http://www.cpj.f2s.com.

This scripts could have endless uses.

Possibilities include a script when dialed could tie up the phone line
unless it is physically disconnected.

This could come in handy if one came into contact with the box that almost every vista
phone calls ever so often (3-4 times a week) and downloads automatic updates. Or you
could create a script that would send all information from electronic banking carriers
to your machine, this would not stand for long but as the volume of users is large,
a few minutes would prove useful, and would embarrass and scandalize a financial
institution of your choice.

Recently, as I was activating one of these phones, it asked me to input my vitals......
low and behold, when i pressed next, the name, address, and postal code of the person
I was setting it up for was displayed on the screen for editing. It would not be
suprising if the vista phone went about keeping you name, address and postal code on
the phone before it's shipped to you. Perhaps bell we're even ahead of the rest,
because like digital convergence's recent manufacturing of the cuecat, it looks like
the vista uses the same tactics or consumer intrusion. This would explain the sudden
generousity and enthusiastic ad campaign for 'free' vista phones.



416 ADSI/ACMS Carrier Scan:

-

Note: Numbers in this exchange which were not ADSI carriers are not listed.
Most of these numbers were out of service with the exception of a fax machine
at 416.421.1096.

-

416.462.5231 -Not in Service
416.462.5232 -Not in Service
416.462.5233 -Not in Service
416.462.5234 -Screen Phone (Recording/Non ADSI)
416.462.5235 -Screen Phone (Recording/Non ADSI)
416.462.5236 -Screen Phone (Recording/Non ADSI)
416.462.5237 -Screen Phone (Recording/Non ADSI)
416.462.5238 -Presently the number you have reached is busy
416.462.5239 -Ads
416.462.5240 -Presently the number you have reached is busy
416.462.5241 -Ads
416.462.5242 -Sorry, we are presently experiancing difficulties
416.462.5243 -Ads
416.462.5244 -Ads
416.462.5245 -Ads
416.462.5246 -Ads
416.462.5247 -Ads
416.462.5248 -One moment please... (Bell PBX)
416.462.5249 -Ads
416.462.5250 -Sorry, we are presently experiencing difficulties
416.462.5251 -Sorry, we are presently experiencing difficulties
416.462.5252 -Sorry, we are presently experiencing difficulties
416.462.5253 -Sorry, we are presently experiencing difficulties
416.462.5254 -Sorry, we are presently experiencing difficulties
416.462.5255 -Sorry, we are presently experiencing difficulties
416.462.5256 -Sorry, we are presently experiencing difficulties
416.462.5257 -Sorry, we are presently experiencing difficulties
416.462.5258 -Sorry, we are presently experiencing difficulties
416.462.5259 -Sorry, we are presently experiencing difficulties
416.462.5260 -Sorry, we are presently experiencing difficulties
416.462.5261 -Sorry, we are presently experiencing difficulties
416.462.5262 -Sorry, we are presently experiencing difficulties
416.462.5263 -Sorry, we are presently experiencing difficulties
416.462.5264 -Sorry, we are presently experiencing difficulties
416.462.5265 -Sorry, we are presently experiencing difficulties
416.462.5266 -Sorry, we are presently experiencing difficulties
416.462.5267 -Sorry, we are presently experiencing difficulties
416.462.5268 -Canada Trust Bank Profile Updating system
416.462.5269 -Busy
416.462.5270 -Not In Service

-----

416.406.4140 -Electronic Phonebook
416.421.1097 -Email
416.421.1696 -Stocks
416.462.5244 -Bell Direct
888.419.1717 -Financial Services Download




* Vista 390, an identical clone of the Vista 350 with the only difference being
less ROM and a few cosmetic changes.


* Cybiolink 8000 a new screen phone introduced last Christmas which has a larger
screen and more Flash memory.


In any case both of these modifications use the same method and hardware to
communicate to ADSI/ACMS boxes, so most of the information in this document
can be applied to these models.

--




'An Introduction to Telus' Terminating Test Lines'



< Written by: The Clone
< Date: Tuesday, November 6, 2001

(Updated: Thursday, November 8, 2001)

--
InDEX;

* Disclaimer

* Definition

* Introduction

* Default Prefixes

* Additional Terminating Test Lines

* Other Test Numbers

* Conclusion

* Credit

* Contact Information

* Shout-Outs

--

Disclaimer: The content within this file is for informational and
entertainment purposes only. Unauthorized access of the
test systems spoken about in this file may get you in
trouble with local and/or national law enforcement.
By reading this, you agree not to try any of this.


Definition: "Test numbers are dialups to testing equipment or test
features set up by the phone company or private entities."



Introduction:

Back in early 1999 when the 403/780 area code split went on, Telus decided to
set up a series of test numbers called "Alberta Terminating Test Lines" in the
403 and 780 area codes. Since the split affected millions of landline/cellular
customers, Telus thought that permissive phone numbers would be the best way to
keep the information flowing between employees. Alberta Terminating Test Lines
gave Telus tech's the ability to call up a private number and leave detailed
messages regarding any technical issues (problems) that may have arised with
780 to 403 (and 403 to 780) long distance call routing.

To this day, Telus still uses Terminating Test Lines as a way for local and long-
distance carriers to communicate. By dialing up the specific number, you will be
greeted by an automated female voice; "You have reached an Alberta 780 Terminating
Test Line", followed by an Octel system voice telling you that you either have
messages waiting (which it then plays it for you), or it'll tell you: "No messages
are waiting. Please try again later. Thank you. Good-bye."


Default Prefixes:

These prefixes are in the 780 area code only. If you have a list of Alberta Terminating
Test Line prefixes the in 403 area code, please pass them on and I'll add them to this
particular listing. More prefixes are being added as more Terminating Test Line numbers
are discovered.

Prefixes;

` 423-XXXX
` 425-XXXX
` 428-XXXX
` 429-XXXX
` 455-XXXX
` 459-XXXX

--

Additional Terminating Test Lines:

British Columbia;

(604/778), Overlay: NPA 778 introduced for service on 11/03/01.

` 778-510-XXXX (Call-Net Communications, Southwestern B.C.)
` 778-610-XXXX (Telus, Southwestern B.C.)
` 778-810-XXXX (AT&T Canada, Southwestern B.C.)
`
Ontario:

(905/289), Overlay: NPA 289 introduced for service on 06/09/01.

` 289-210-8378 (Bell Canada, Southern Ont.)
` 289-510-8378 (Call-Net, Southern Ont.)
` 289-810-8378 (AT&T Canada, Southern Ont.)


Other Test Numbers:

[Taken from "ALT.PHREAKING FAQ 1.41", http://members.tripod.com/~SeusslyOne]

1004 hz test tone - This is a vanilla 1004 hz tone. Nothing too useful here,
without a loop analyser anyway.

ANAC - This test dial up will read off the number of the line you’re calling from.
On rare occasions you will find ANACs with a DTMF response for use with remote
test terminals.

DATUs - DATUs (Digital Audio Test Units) are a godsend to technicians and phone phreaks
everywhere. DATUs allow a caller to monitor lines (don't get too excited), open
and short pairs, and put trace tones on the pair. While it might not sound too
exciting, it has more applications than most people think.

Loops - These numbers exist in linked pairs. Call one number and you’ll get a tone.
Call the other number and you get dead silence. If both are called at the same
time they make a connection. It used to be that you could then talk over this
connection, but now there are filters that block speech placed on most loops.

Ringback - Calls back the originating number in an annoying fashion. Dialing all the
touch-tone digits in order (starting with 1 and ending in # going across
the keypad rows) will generate 2 tones saying the keypad is ok.

Milliwatt test - These are 1004 hz tones sent out at 0 db. Milliwatt tests are used to
check for line loss and other complex tests.

Sweep Tones - Tone sweeps are a test tone ranging from 304hz to 3204hz. A common use
for sweep tones is to check for infinity-transmitter style taps. Dial up
a sweep tone. If an audible clicking is heard during the sweep then a
transmitter could be installed on your line. Telco maintenance uses sweep
tones to check for the presence of loading coils, and other such nasties
that eat high frequency tones in order to qualify a line for high speed
services.

Quiet termination - This feature connects the caller to a port with fixed resistance,
600 ohms or 900 ohms being the most common. There should be nothing
but dead silence on connection. Clicks, static or crosstalk will be
clearly evident if a noisy line is used to dial this test.

-

Conclusion;

I hope this paper was of interest and of benefit to you. Test numbers are quite interesting
little toys to play around with, while travelling through the land of the telephone system.
One never knows what they can find until they start actually taking the time to hand-scan...
(see: http://www.nettwerked.net/files.html | "Scanning (Manual)"). Peace out!

-

Credit:

Thanks to Phlux for the additional input.
Support Phlux's HASH project (http://www.hackcanada.com/hash.txt).

-

Contact Information:

E-MAIL: theclone@hackcanada.com
IRC: irc.2600.net (#hackcanada, #cpu)
URL: www.nettwerked.net

-

Shout-Outs:

Hack Canada (#hackcanada / www.hackcanada.com),
Canadian Phreakers Union (#cpu / www.nettwerked.net/cpu),
CYB0RG/ASM, H410g3n, Phlux, Alan, Seuss, Lucky225.

.END.

--

. A Mobile Phone ANI-Diversion Technique .


Date: Monday, October 29, 2001
Author: The Clone


[ inDEX ]

. - Disclaimer

. - Introduction

. - Explanation

. - Conclusion

. - Credit

. - Contact Information


-_-


Disclaimer: The content within this file is for informational and
entertainment purposes only. Unauthorized access of the
systems spoken about in this file using this ANI-spoofing
technique may get you in trouble with local and/or national
law enforcement. Don't do naughty things... thanks.

-

Introduction:

Several months ago while sitting at home having nothing better to do but
mess around with various phone numbers on my cell phone, I discovered
something rather interesting. By calling up specific toll-free ANAC systems
in the United States belonging to AT&T and other carriers, the Automatic
Number Identification (ANI) information that I was read was completely
different than the information that actually belongs to me. This got me a
bit curious as to why this might be occurring. The rest of this file will
delve a little bit into the steps I took in order to conclude the theory of
my misread ANI account data.


Explanation:

With my Pre-Paid FIDO GSM phone calling from the 780 area code in Edmonton,
I called up several ANAC systems and on every one of these systems the ANI
information read back was: 780-707-0000, which didn't appear to be my phone
number. After calling that phone number back, I was suprised that FIDO's
"this number is not in service" recording came on.

When calling from a Rogers AT&T Pay-As-You-Go TDMA cellphone, the ANI
information read back was: 780-965-0000, which didn't appear to be my phone
number either. After calling that phone number back, I got a similar
message from ROGERS AT&T telling me the number I called was not in service.

When calling from a Telus / Clearnet CDMA cellphone, the ANI information
read back was: 780-427-5700, which didn't appear to be my phone number
either. After calling that number back, I got a message from Telus telling
me the number I called wasn't in service.

The Potential? By simply using a cell phone without any physical/mode
modification whatsoever, one may spoof their ANI information from American
Toll-free Carriers such as; AT&T, MCI WORLDCOM, TRACFONE, VERIZON, etc.
With your actual phone number information not being registered with the
end-carrier, you have the ability to bruteforce a large number of the
blocked carriers without fear of being tracked - perfect diversion
techniques. If one wanted to call in a bomb threat, they could get away
with it. If someone wanted to prank call, harrass, or otherwise piss
someone off over the phone without fear of being tracked (through basic means),
they could.

Want an ANAC # to test your cell phone on?
http://groups.google.com/groups?q=ANAC+%23%27s


Conclusion:

Instead of your phone's MIN (MSISDN in GSM terms) passing through to the end-
carrier, the information passing through is that of the mobile switches'
aliased phone number - often called "pseudo ANI". Please keep in mind that the
MSSC (Mobile Services Switching Center, Home Location Register in GSM terms)
do keep records of what customers ESN/MIN called what phone number at any given
time. Please be aware of the consequences, and DO USE other diversion techniques
in addition to this if you wish to be 100% anonymous in all of your future
phreaking escapades!


Credit:

Thanks to 'TRON' for the additional information.


Contact Information:

E-MAIL: theclone@hackcanada.com
URL: www.nettwerked.net
--

-- Credits

Without the following contributions this zine issue would be fairly
delayed or not released, so thank you to the following people:

Lucky225, Phlux, plasm1c, and The Clone (dats me!)


-- Shouts:

Hack Canada (#HackCanada), Canadian Phreakers Union (#cpu), The Grasshopper Unit,
Flippersmack, Pyrofreak, soap, Kybo_ren, Flopik, Pinguino, and lastly to
everyone and anyone who contributes to the Canadian H/P scene.

;. .;.. ; ;. ;..
;.. .;..; .;.; .;; ;..
.;..;. .;..; .;.;...; ;..;..
.;. A .;. .;.
;.. N E T T W E R K E D ;..
;..;.. P R O D U C T ;..;..
.;..; ;..;..
; .;..;.;.. .; . .;. ..;..
.;.. . .; ..;..;..;.. .;
;..;. .;.. . .;.. .;.;.
..;. ..;.. .;. ;.;..;;..;.;
;.;;..;.. ;.;.; .; .
;.;..;. .;. ;.;:.;.
,;....;.
.;.;. .;.;
.;.;.;
.;.;
;..;.
.;.;;.; .;. ..; ;. > > > > > > STOP THAT! I SAID STOP-IT!

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT