boxes.txt100660 0 0 13026 5645066125 11047 0ustar rootroot August 9, 1993 I have been reading with interest the thread concerning all the different boxes. I would like to take a moment to try and clear up a few misunderstandings that seem to have wormed their way into the discussion. First and foremost: BLUE BOXING IS STILL POSSIBLE IN THE USA! Somewhere along the line I have seen reference to something similar to "Because of ESS Blue boxing is impossible". This is incorrect. When I lived in Connecticut I was able to blue box under Step by Step, #1AESS, and DMS-100. the reason is simple, even though I was initiating my call to an 800 number from a different exchange (Class 5 office, aka Central Office) in each case, when the 800 call was routed to the toll network it would route through the New Haven #5 Crossbar toll Tandem office. It just so happens that the trunks between the class 5 (CO's) and the class 4 (toll office, in this case New Haven #5 Xbar), utilized in-band (MF) signalling, so regardless of what I dialed, as long as it was an Inter-Lata call, my call would route through this particular set of trunks, and I could Blue box until I was blue in the face. The originating Central Offices switch (SXS/ESS/Etc..) had little effect on my ability to box at all. While the advent of ESS (and other electronic switches) has made the blue boxers task a bit more difficult, ESS is not the reason most of you are unable to blue box. The main culprit is the "forward audio mute" feature of CCIS (out of band signalling). Unfortunately for the boxer 99% of the Toll Completion centers communicate using CCIS links, This spells disaster for the blue boxer since most of you must dial out of your local area to find trunks that utilize MF signalling, you inevitably cross a portion of the network that is CCIS equipped, you find an exchange that you blow 2600hz at, you are rewarded with a nice "winkstart", and no matter what MF tones you send at it, you meet with a re-order. This is because as soon as you seized the trunk (your application of 2600hz), your Originating Toll Office sees this as a loss of supervision at the destination, and Mutes any further audio from being passed to the destination (ie: your waiting trunk!). You meet with a reorder because the waiting trunk never "hears" any of the MF tones you are sending, and it times out. So for the clever amongst you, you must somehow get yourself to the 1000's of trunks out there that still utilize MF signalling but bypass/disable the CCIS audio mute problem. (Hint: Take a close look at WATS extenders). Blotto Box - DOES NOT EXIST! , it was a joke, a farce, etc.. there is no such thing as a blotto box, so please stop attaching some sort of mystical power to something that never existed., please.. Box that makes all phones in an exchange/NPA ring simultaneously (rose?) - Simple mathematics involving ring voltages, available interoffice trunks and CO battery Amperages would render this device a total figment of the imagination. Any color box that can trace a call (Gold?) - Even the most rudimentary understanding of how a call is traced would dispell this myth. There is NO DEVICE MADE that can trace a call from a customers premise. (Caller ID boxes are NOT tracing a call, they are displaying CLID information that is sent to them by the Central Office prior to the call being answered, this is NOT a trace.) Forget about tracing a call from home, you cannot do it. Beige Box - Is simply a linemans handset, period.. (real or homemade). Lock and Trace - DOES NOT EXIST! - years, and years ago when the predominate switch was Step X Step, the telco utilized something similar to this to catch prank callers. They used to refer to it as a "Call Plug". It would simply prevent the calling party from being able to close his local loop (hang up his call), by keeping the loop open at the destination end. (roughly worked like that). Then the Central Office Craftspersons could manually trace the call back through the Strowger wipers (manual was the ONLY way!) and determine the originating caller. ESS (and any other electronic switch for that matter), Has no need for such crude methods, as there are far easier (via Stored program control) ways to initiate call tracing, (ie. a Call trace (CT0x)) request on ESS simply identifies the callers # on a maintenance TTY at the CO whenever a thusly marked number is called). The days of "Lock and Trace" are long gone.. (it is interesting to note that on the early versions of Step X Step. the called party would be unable to get a dialtone until the calling party hung up the connection, no matter how long the called party were to leave his switchook closed. People used to go to a remote coinstation, call their victims and leave the phone off the hook. the victim was unable to get a dialtone until someone eventually happened along and hung up the payphone, or via a trouble call to the telco, it was manually released by a switchroom tech. Eventually the Step offices installed timers that would auto disconnect after a set period (usually 30 secs or so) to prevent this problem. A "Call Plug" was simply a reverse of this effect.) I posted a fairly long winded response related to boxing/Boxes a few months ago here, since the traffic on this newsgroup is so heavy I'll repost it after this for anyone who is interested. It re-iterates a bit of what I said here, and explains a bit on the other (existent!) boxes. Hopefully this bit of trivia will help to dispell some of the misconceptions floating about.. August 9, 1993 The Marauder Legion of Doom! marauder@phantom.com [end] > Silver boxes produce extended DTMF tones, A,B,C,D etc. You can do this > with a modem. That why they're safe? > Blue boxes don't work any more. And anyway, the phone company switching > tone will no longer be 2600 eventually. > Red boxes work. At the moment. There are easy, cheap, ways to filter them > out. (The tones they produce) Basically, when the telco fix a phone, they > add a filter. > Yeah, i think it's the cyberden guys, they sell that kind of stuff. > Easier and cheaper to make/obtain it yourself though. Just to add a few random thoughts?: 1) Silver Boxes revisited: As the message above points out, the "Silver Box" allows the user to generate the extended DTMF keytones, these are also called by some: "The Autovon tones", since you all know they were originally developed and used on the military Autovon network, allowing Autovon users various levels of "precedence" for a given call on that network. They were as follows: Flash Override Flash Interrupt Priority Those of you who are interested, can find any number of old "G-Files" written on the use and abuse of Autovon. In my opinion let us suffice to say that utilization of the Autovon network was limited by most phone Phreaks, since it really didn't allow you to access much of anything. Sure you could prioritize yourself all along the trunk network and in the process maybe raise a few eyebrows, but not much else. I played with it a bit, got bored and moved on to more interesting things. We come now to the second (more useful & fun) use of the "silver box", which relied on the fact that a particular brand of Automatic Call Distributor (ACD), once used quite frequently by AT&T Directory Assistance (DA) positions, just happened to utilize the same set of keytones (ABCD) to place the ACD into a maintenance mode. Knowledge of this allowed us to manipulate said ACD from a remote location (home). Once the ACD was placed into its maintenance mode, the phone Phreak could, by use of various DTMF key combinations, access many interesting features, one in particular was quite useful, this was the ACD Loop feature, by pressing a DTMF 7 one would be placed on one side of a testing loop incorporated into the ACD itself, Another "Silver Boxer" calling the Same DA position, could enter maintenance mode and Send a DTMF 6, and be placed on the other side of the same loop. Since Pre-divestiture calls to DA positions were for the most part free, this enabled silver boxers essentially "free" calls to each other, especially since (800) DA would for a long time allow this. Another interesting feature was the ability to place ones self in a position to Intercept, and thus "Answer" incoming calls to that DA position, It essentially let you become a DA operator!, you can imagine the hours of fun one could have here. Unfortunately, this method of "Silver Boxing" was long ago "corrected" by the various BOCS/RBOCS/etc., and the last "Silver Boxable" DA position I knew of was Alaska's (907) NPA. 2) Red Boxing: In my opinion, Redboxing should simply be called toll fraud, since doing it requires little, or no understanding of the phone system whatsoever. I place it on about the same level as using a Sprint, or MCI code to make a free call. There are a few ways to go about getting yourself a red box, the first and easiest is to make yourself a "Poor man's Redbox" ("King Blotto" - was the first I saw use this term), which is to simply have someone call you from a fortress fone and deposit 5 or 6 quarters whilst you record them, and then playing them back when you want to "box" a coin call. The second method involves building yourself one either from scratch, or by modifying some other piece of hardware, again plans for this abound all over the place. Lastly, you can get yourself a fortress fone and disassemble it, and grab the "Redbox" built into it. (It's interesting to note that on "Northern Telecom" Coinstations (which are by far the best made), the "Redbox" is an actual "Mechanical Device", which consists of a tone producing circuit, and a mechanical "interrupter wheel" to space the tonepair bursts.) This method is generally more trouble than it's worth, but it does produce the most reliable source tones. A little bit on the "workings" of a Coin call, and why a Redbox works. When one places a toll call from a coin station the system buffers the dialed digits, and forwards them to ACTS (Automated Coin Toll System). ACTS, Using the calling number and the called number, Consults a Toll database, computes the amounts of money required to place the call, and Prompts the caller to deposit the required amount. ACTS then listens for the "Coin Deposit" tones, tallies them until the initial deposit amount has been reached, and then releases the buffered digits and allows the call to progress as normal. an OSPS/TOPS operator can also provide you with the same service, however ACTS was developed to relieve the TSPS (predecessor to todays OSPS position) of exactly this. This is the reason a Redbox does not "simply" work for a local call. ACTS is not required for a local call since all calls within the coin stations calling area are a flat 25 cents, there is no reason to even utilize ACTS, and the coin station/CO utilize a ground test to determine if a coin has been deposited. (ala David Lightman in wargames). In effect, on local coin originated calls the system is "Not listening" for the coin deposit tones to determine coin entry (even though the coin station dutifully produces them). Lastly the second party vendor coin stations (called by some: COCOTS), use an entirely different (internal) method for handling toll billing, and generally a red box would be useless against them. 3) Blue Boxing, 1993: Contrary to popular belief, blue boxing is still possible. Most surely it is not the easy game it once was, however the enterprising Phreak can still sniff out a few holes in the network that would allow him/her to utilize inband (MF) call signalling procedures. The reason 90% of would be blue boxers are done in, is due a feature of Common Channel Interoffice Signalling (CCIS), or "out of band" signaling. Briefly; CCIS is a system in which the call routing information is sent on a separate "data channel", than the voice (or Audio) portion of the call. The pre CCIS or "old" method, had both voice/audio AND call routing information being sent on the same pair. Not only does CCIS totally ignore any "MF" tones sent down an associated Voice circuit, it has the "VICIOUS" habit of muting Forward audio on the Voice circuit when it detects a loss of supervision at the destination end. (however it allows the distant end to continue to pass audio to you, so you can hear the various "call progress" tones, such as busy, Intercepts, etc..) This "little" feature is (mainly) what spells disaster for todays Blueboxer, and the reason is this: There are plenty of non-CCIS exchanges left in the United States, and thus will respond nicely to MF signalling, however when you dial directly to one of these, you are 99% assured of crossing some portion of the TOLL network that is CCIS equipped, and in doing so you are faced with the "problem" of the audio muting. I'm sure several of you have met with: Placing a call to a rural exchange, blowing the "infamous" 2600hz to be rewarded with the reassuring "kerchink!", "oh man, TRUNK! you say to yourself", and then, no matter what you send at it, you end up with a reorder, damn! - why? As soon as you applied 2600hz, supervision at some point "PAST" the CCIS link was lost, CCIS "sees" this, and Mutes further audio from your end. So your trunk is sitting there nicely awaiting "KP+all kinds 'o fun stuff+ST", but you, unfortunately can not get them to it. This by no means is the ONLY problem that todays boxers are faced with, just one of the bigger ones. There is also the _DEADLY_ "BLUE BOX REPORT", ( of which my old friend "Phantom Phreaker", first pointed out to me). This report is generated regularly by SCCS, and forwarded to the Corporate Security Center for evaluation. This "system" is constantly looking for strange behavior, odd tones, strange supervisory conditions, etc.. They WILL catch you eventually, in fact "they" are pretty good at catching boxers in general. Things have changed greatly since the days that I, and my friends explored the telephone system, and discovered some of its many wonders. Security is downright _MEAN_, laws have been written, programs are better, etc. I would not trade for anything, the memories I have, nor the friends I have made over the years pursuing my "hobby". Today though, things are changing so rapidly that I sadly, cannot even hope to keep up with it all. To me at least, the telephone system will always remain a most interesting beast. April 21, 1993 The Marauder Legion of Doom! [end]