Copy Link
Add to Bookmark
Report
The New Fone Express 07
=======================================
T H E N E W F O N E E X P R E S S
=======================================
The newsletter of the Society for the Freedom of Information (SFI)
Electronic Edition
Central distribution site is Secret Society BBS
(314) 831-9039, WWIVNet 3460, 24hrs
------------------------------------------------------------------------------
The publisher, SFI, distribution site(s), and authors contributing to the NFX
are protected by the Bill of Rights in the U.S. Constitution, which
specifically protects freedom of speech and freedom of the press. The
information provided in this magazine is for informational purposes only, and
the publisher, SFI, distribution site(s) and authors are not responsible for
any problems resulting from the use of this information. Nor is SFI
responsible for consequences resulting from authors' actions. This
disclaimer is retroactive to all previous issues of the NFX.
We accept article submissions of nearly any sort, about
hack/phreak/anarchy/gov't/nets/etc. Send mail to the publisher (The
Cavalier) at any of these addresses:
WWIVnet [15@3460]
WWIVlink [442@13468]
VMB (301) 771-1151. hit #, then 326. <<CHANGED ADDR>>
Ripco [send mail to Silicon Avalanche]
Daydream Nation [send mail to Silicon Avalanche]
Internet [1098i9@gmuvax2.gmu.edu]
The printed edition of the newsletter is available for $2 (U.S.) for a single
copy. Send mail to the New Fone Express, Jackson House Rm 206, President's
Park, 10309 Senatorial Lane, Fairfax, VA 22030. Don't forget your name and
address. Subscriptions are no longer available.
To download the New Fone Express, call Secret Society at (314) 831-9039 and
log on as NFX, password NFX, phone# 0000, or see the distribution list
elsewhere in this magazine.
------------------------------------------------------------------------------
Highlights for Issue #7/December 1991
=====================================
* Xmascon Info ... by Drunkfux
(see article #1)
* Caller ID Protocol Specs ... by John F. Woods
(see article #2)
* Smart Cards ... by Anonymous
(see article #3)
* Distribution Site List ... edited
(see article #4)
* Editorial ... by the Cavalier
(see article #5)
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Xmascon Info
NIA & Phrack Magazine, & dFx International Digest Are Proud To Present:
The Second Annual
X M A S C O N
Who: All Hackers, Journalists, Security Personnel, Federal Agents, Lawyers,
Authors and Other Interested Parties.
Where:
Houston Airport Hilton Inn
500 North Belt East
Houston, Texas 77060
U.S.A.
Tel: (713) 931-0101
Fax: (713) 931-3523
When: Friday December 27 through Sunday December 29, 1991
Yes, ladies and gentlemen, you read it right... Xmascon has returned! This
will undoubtedly be the telecom event of the year. Unlike certain conferences
in the past, Xmascon 91 has a devoted and dedicated staff who are putting in
an unmentionable amount of time to ensure a large, vast and organized
collection of some of the most diversified people in the telecommunications
world. The event will be open to the public so that anyone may attend and
learn more about the different aspects of computer security.
Hotel Information
-----------------
The Houston Airport Hilton Inn is located about 6 miles from Intercontinental
Airport. The Xmascon group room rates are $49.00 plus tax (15%) per night,
your choice of either single or double. There are also 7 suites available,
the prices of which vary from $140 to $250. You can call the hotel to find
out the differences and availability of the suites, and you will also NEED to
tell them you are with the Xmascon Conference to receive the reduced room
rate, otherwise, you will be paying $69.00. There is no charge for children,
regardless of age, when they occupy the same room as their parents. Specially
designed rooms for the handicapped are available. The hotel provides free
transportation to and from the airport, as well as neighboring Greenspoint
Mall, every 30 minutes on the hour, and on call, if needed. There are 2
restaurants in the hotel. The Wicker Works is open until 11:00 pm, and The
Forty Love is open 24 Hours. There will also be breakfast, lunch and dinner
buffets each day. There is a piano bar, The Cycle Club, as well as a sports
bar, Chaps, which features numerous table games, large screen tv, and a disco
with a DJ. Within the hotel compound, there are 3 pools, 2 of which are
indoors, a jacuzzi, a miniature golf course, and a fully equipped health club
which features universal weights, a whirlpool and sauna. A car rental agency
is located in the hotel lobby, and you can arrange to pick your car up at
either the airport or the hotel. Xmascon attendees are entitled to a
discounted rate. Contact the hotel for more information.
Xmascon will last 3 days, with the main conference being held on Saturday,
December 28, in the Osage meeting room, starting at 12:00 p.m. and continuing
on throughout the evening. This year, we have our own complete wing of the
hotel, which is housed around a 3,000 square foot atrium ballroom. The wing
is completely separated from the rest of the hotel, so we are strongly
encouraging people to make their reservations as far in advance as possible
to ensure themselves a room within our area.
We are hoping to have a number of people speak on a varied assortment of
topics. If you would like to speak, please contact us as soon as possible and
let us know who you are, who you represent (if anyone), the topic you wish to
speak on, a rough estimate of how long you will need, and whether or not you
will be needing any audio-visual aids.
There will be a display case inside the meeting room which will hold items of
telecom interest. Specific items that will be available, or that we hope to
have, include the first issues of 2600, Tap, Mondo 2000, and other magazines,
non-computer related magazines that feature articles of interest, a wide
array of boxes, the Quaker Oats 2600 mhz whistle, The Metal AE, etc. We will
also have a VCR and monitor set up, so if you have any interesting videos
(such as the Unsolved Mysteries show featuring Kevin Poulsen), or if you have
anything you think people would enjoy having the chance to see, please let us
know ahead of time, and tell us if you will need any help getting it to the
conference. If all else fails, just bring it to the con and give it to us
when you arrive.
Media support has been very strong so far. Publications that have agreed to
print pre-conference announcements and stories include Computer World, Info
World, New York Times, San Francisco Chronicle, Austin Chronicle, Houston
Chronicle, Independent Journal, Mondo 2000, CuD, Informatik, a leading
Japanese computer magazine, NME, Regeneration (Germany), and a few other
European based magazines. PBS stations WHNY, WNET, and KQED, as well as the
stations that carry their syndicated shows, will be mentioning the conference
also. If you are a journalist and would like to do a story on Xmascon 91, or
know someone who would, contact us with any questions you may have, or feel
free to use and reprint any information in this file.
If anyone requires any additional information, needs to ask any
questions, wants to RSVP, or would like to be added to the mailing
list to receive the Xmascon updates, you may write to either myself
(Drunkfux), Judge Dredd, or Lord Macduff via Internet at:
nia@nuchat.sccsi.com
Or via US Mail at:
Hard Data Corporation
ATTN: HoHo
P.O. Box 60695
Houston, Texas
77205-9998
U.S.A.
We will hopefully have an 800 mailbox before the next update is sent out. If
someone cares to donate a decent one, that will stay up throughout the end of
the year, please let us know. We should also be listing a few systems as an
alternative form of reaching us.
Xmascon 91 will be a priceless learning experience for professionals, and
gives journalists a chance to gather information and ideas direct from the
source. It is also one of the very few times when all the members of the
computer underground can come together for a realistic purpose. We urge
people not to miss out on an event of this caliber, which doesn't happen very
often. If you've ever wanted to meet some of the most famous people from the
hacking community, this may be your one and only chance. Don't wait to read
about it in all the magazines, and then wish you had attended, make your
plans to be there now! Be a part of our largest and greatest conference ever.
Remember, to make your reservations, call (713) 931-0101 and tell them
you're with Xmascon.
In closing... if you miss this one, you're only cheating yourself. ><
[TC: ...a public service announcement... heh...]
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Caller ID Protocol Specs
Date: Tue Aug 20 1991 17:57:34
From: John F. Woods
Subj: Telephone Caller ID specs:
Organization: Kendall Square Research Corp.
Message-ID: <5104@ksr.com>
Newsgroups: sci.electronics
Every now and then, someone asks again about Caller ID and how to decode it.
It turns out that Radio Electronics published most of the answer in the
Hardware Hacker column in their August 1991 issue. A quick summary follows:
First, the relevant documents are:
1. NYNEX Catalog of Technical Information, #NIP-7400 (Free).
2. SPCS Customer Premises Equipment Data Interface,
#TR-TSY-0030, $25.
3. CLASS Feature: Calling Number Delivery, #FSD-02-1051, $30.
4. CLASS Feature: Calling Number Delivery Blocking,
#TR-TSY-000391, $33.
Document 2 is the most important, and can be ordered from
Bellcore at (800) 521-CORE; they take VISA.
The caller ID is transmitted as 1200 baud tones (Mark/1 is one cycle of 1200
Hz, Space/0 is nearly two cycles of 2200Hz), 8 bits asynchronous, one stop
bit.
The data transmitted is: 30 bytes of 0x55 as a "channel seizure" signal (when
demodulated, looks like a 1/4 second 600Hz square wave); 150 milliseconds of
all marks; a message-type word (one byte, value 0x04 indicates caller ID); a
message length word (one byte, how many digits in the calling number, does
not include itself or the checksum); the _ASCII_ digits of the phone number,
least significant first; finally, a checksum byte, consisting of the
two's-complement of the 8-bit sum of the message-type word, the
message-length word, and the data.
This is the simplest form that the information will be delivered in, you need
the Bellcore specs if you want to get it right in all cases.
Sierra Semiconductor has two IC's which handle most of the analog portion of
caller-ID, the SC11211N and the SC11210 (which needs an external oscillator
and deletes some of the features); these chips output a digital stream ready
for digestion by a uC. ><
[TC: This file was not written for the NFX; however, it is reasonable to
assume that the author can be reached on the Internet, given that this was
originally posted on a newsgroup.]
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Smart Cards
Smart cards are beginning to gain popularity among many corporations,
yet most people have never seen a 'smart card,' much less know anything about
them. All a smart card basically is is a normal plastic credit card with an
IC embedded, and the traditional magnetic strip on the back. The chip
appears to be a small golden emblem on the left center of the card (see fig.
1) Actually, it's a small microprocessor with several types of memory.
We'll be talking about cards made by the DataCard Corporation, which has
supposedly been in the smart card business since 1985.
___________________________ ___________
| | |___| ___|
| ====== | |___| |___|
| | | | |___| |___|
| ====== | |___|___|___|
| |
|___________________________| Fig. 2
Chip appearance
Fig. 1
Chip approx. location and size
The chips are produced by a variety of outside companies, such as Oki, Asahi,
Texas Instruments, Motorola, Hitachi, and Toshiba. Each chip has ROM, RAM,
and EEPROM built in. The customer can pick an IC module with the specific
features they desire. The IC modules are shipped to DataCard, where they are
implanted in a custom plastic card. The ROM on the IC module is burned at
this time and contains (in DataCard's case) DataCard's proprietary operating
system, SCOS (or Smart Card Operating System). The customer then has the
choice of programming the cards personally or shipping the data to DataCard,
who will program each card individually.
Example Tech Specs
------- ---- -----
Let's take, as an example, DataCard's MIC-1600 Microprocessor Card. It
contains 1920 bytes of EEPROM and enough ROM space to hold SCOS. (The amount
of temporary RAM space was unspecified.) Memory is partitioned into
individual 'files,' which contain a number of fixed-length records. Data can
be read sequentially or randomly by record number. Files marked non-erasable
when created cannot be modified. Files may also be declared 'circular,'
where the oldest record is overwritten when the file wraps around. Files are
protected from 'unauthorized access' by the use of 8 security keys. Only
correct key entries are confirmed, and if eight submissions are incorrect, a
special type of key called the "Issuer" key is required to unlock access.
Ten keys are actually stored in memory: the 8 Application keys, 1 PIN
(Personal Identification Number) key, and 1 Issuer key. The Issuer key is
programmed by the company that issued the card. The keys may be anywhere
from one to eight characters long.
Communication with the card is accomplished through the use of a special
card reader. Card communication is based on the standard ISO 7816/3
protocol, and the metallic contacts conform to ISO 7816/2 specifications.
The contacts measure 86mm by 54mm by 84mm and have a 5 year life.
Optionally, the Pc3 protocol may be used to communicate with the chip, but
I'd expect the ISO 7816/3 protocol to be more prevalent. Communication is
serial, at a speed of 9600 bps async using 8 bit bytes. The transmit
turnaround delay is 5 ms, with the line timeout on the chip being 1.0 sec.
The response delay is < 10 ms maximum, and the reset response is $3B, $A8,
$00, $01, "PC16E4xx" (the first four digits are hexadecimal, of course).
The microprocessor in the MIC-1600 is the 62C580, running at a 3.57 MHz
clock (rather convenient - it's the frequency put out by an NTSC colorburst
crystal, quite cheap). It runs on +5 volts, plus/minus .5 volts. The reset
duration is 10 ms minimum. There is a 20 ms overhead on each command, and
the card can be erased in 20 seconds. The read time is 1.25 ms per byte, and
the write time is 11.25 ms per byte.
Command | Description | Clearance
---------|----------------------------------------------|----------
RESET | Initialize and Return ID | None
SUBMIT | Submit Password Key | None
RDFDT | Read File Definition | None
RDSNO | Read Serial Number | None
FINDZ | Find File Name (Zone) | None
RDSEQ | Read Last Record | Read
RDRAN | Read Random Record | Read
SEARCH | Search File | Read
WRSEQ | Write Next Record | Write
WRRAN | Write Random Record | Write
EMPTY | Empty File | Write
ERASE | Erase Card | Issuer
WRFDT | Write File Definition | Issuer
WRKBY | Write Key Definition | Issuer
---------|----------------------------------------------|----------
Chip Interface Devices
---- --------- -------
DataCard markets two types of "Chip Interface Devices," basically card
readers. The Series 50 unit appears to be somewhat smaller than a 3.5"
floppy drive, has a black bezel and a slot for the card in front. (Exact
measurements: 1.5"x2.6"x3.2") This unit is obviously designed to be
implanted in an enclosure; there is bare circuitry on the top and bottom, and
a good deal of it is surface-mount. A "one-time programmable EPROM"
(whatever the hell that is) can be plugged in, or an optional application
board allows you to load applications into on-board EPROM/RAM. The Series 50
supports three interfaces for reader-to-host communication: the RS-485, TTL
or RS-232 interfaces. It communicates at 19,200 bps half-duplex with
transfer error-detection.
The Series 100 CID comes in a white box and has two card slots. It
measures 7"x8"x2.5". It supports a variety of card drivers for IC module-
independence. They can be used free-standing, containing an 8031
microprocessor clocked at 7.372 MHz with 32K EPROM and battery-backed 32K
RAM. Its interface to the outside world is standard DB-25 RS232. They can
also be interfaced to a MS/DOS or Unix host system.
The 680-IC Transaction Terminal is a horse of a different color; it is
actually a swipe card-style card reader, with the exception of a large white
smart card reader on top. It is shipped with 128k of battery backed RAM and
is expandable to 512k. Its operating system multitasks and supports
applications written in C, with DataCard's OS programming libraries. It has
a 29-key keypad, a 2 line by 24 character LCD screen, and a built-in 1200 bps
modem. It can optionally read Track 1 magnetic cards, along with the built-
in capability to read Track 2 ABA standard cards. It runs on a V25, NEC's
8086-compatible chip clocked at 10 MHz, and the smart card reader uses the
8031 again at 7.372 MHz. It contains 64K of EPROM, and uses the DataCard
Multi-Tasking Operating System.
Summary
-------
First off, I apologize if this article sounds too much like an
advertisement for DataCard, but it just happened to be the extent of the
information I had. It should have filled you in on the technical aspects of
smart cards slightly. Also, they are starting to reach greater market
penetration -- suggestions for use include cards for store customers to track
marketing information, cards for drivers to make purchases of gasoline and
fleet-tracking easier, cards for students on campus to authorize purchases
and provide ID, prepaid cards that allow the user to carry around a card in
place of cash or coins, or 'administrative cards,' which act as an audit
trail, monitoring the user's comings and goings. The potential for invasion
of privacy is immense, and most people may be beguiled into it by lures of
'prepaid cards' and 'frequent card-shopper points.' If you would like to try
to get your own information from DataCard, try calling their phone line here
in Minneapolis at (612) 938-3500. ><
[TC: As the author requested anonymity, your best chance for getting in touch
with him is to send mail through me at any of the addresses in the header.]
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Distribution Sites
As of 11/91, the distribution sites with the New Fone Express include:
* Secret Society Blitzkrieg
(314) 831-9039 (502) 499-8933
3/1200 bps 3/12/24/9600?
WWIVNet 3460 WWIVnet 5211
Central Distribution Site TAP Headquarters
Solsbury Hill * The Bamboo Gardens North
(301) 428-3268 (512) 385-2941
3/12/24/9600HST 3/12/2400 bps
Usenet feed WWIVNet 5285
1500+ text files Cyberpunk & Computer Law BBS
A * indicates a system with a 'captive account,' or an account
specifically for downloading the NFX.
Many thanks to the sysops supporting the NFX. ><
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Editorial
"Cyberhippies"
Well, you're at the end of Issue #7. First off, some thank-you's are in
order to Hardcore, for reinstating the VMB after a software reinstall.. if
you haven't noticed, the VMB was non-functional, and it's back up now under
another number. (see header) Also, thank you to Anonymous for the smart card
article... I admit to a certain curiosity about the buggers myself...heh..
Thank you to the Desert Fox, Vorpal Bunny, and the rest of the Worldview crew
for sending me a copy of one of their issues!.. it is a good magazine and I
would encourage you, if you have the means, to contact him at (713) 337-1452,
user #623. It appears to be Fidonet from the address he supplies in his
newsletter (1:106/995).
Re the title of the editorial, "Cyberhippies," I was doing a little bit
of thinking a few weeks back, and noticed quite a few parallels between the
situation that existed in the late 60's and the one that exists now. The
hacker community, like the hippies of the '60s, are fighting against a
government that seems to enjoy persecuting us. As they wanted freedom to
experience what they wanted, and to protest freely against the Vietnam War,
so does the hacker community: information should be free. There are several
comparable issues here: the 'novel' idea that if resources are available,
whether they be physical (like an Internet hookup, or public land) or
intellectual (like a brilliant piece of recursive code, or the right to run
one's own life). We are fighting a protracted 'war' in itself, with hackers
as the soldiers: Hackers are getting busted, 'drafted' through coercion,
manipulation, and falsehoods, and being good little 'narcs', in service of
their country. All to fight a war against the free dissemination of
information and knowledge, and to stifle political truths. This government
doesn't follow its own laws, folks, and I hope none of you would fully
believe it if someone told you they did. Case in point: Operation Sundevil.
I refuse to rehash the events of Sundevil, but I do want to point out that
out of, what, 140 busts or so? ..only one person (to MY knowledge) has been
convicted. Equipment has been impounded and some of it has not returned yet.
Or the infamous Scott Jackson case -- it all adds up, people. As for the
charge that the government hinders the spread of information, consider this:
if military-funded scientific research in fields were shared openly, the jump
in the progress of science in this world would be exponential. I'm not
talking about the Enrico Fermi Atomic Bomb Home Cookbook, I'm talking about
high-yield milspec solar cells. I'm talking about particle-beam lasers. I'm
watching the citizens and leadership of this country drive towards an ultra-
nationalistic right-wing future. President Bush just refused to apologize to
the Japanese for dropping the bomb on two cities, for a countless loss of
life. World War 2 is over, goddamnit! Don't you see this, Bush? Racism and
ultra-nationalism are still prevalent forces in this country, and we need to
be aware of those two forces and indeed the mighty armies arrayed against us.
We will win, if we can band together and keep our collective purpose in mind.
I suppose I should close things up with a "Peace, brother", eh? Good luck to
all of you.
Until next time.