.--- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --- .
/ dms d dmsdm d m s dms d d d d d /
/ m d m m s m d m d m m m m m /
/ s m s sdmsd sdmsm s m s s s /
/ d sd d d s s sd d d d d /
/ m m m m d m m m s m s /
.--- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --- .
"NPANXX upholding the Bell tradition
of quality text files and exploits"
outh.bellsouth.bellsouth. outh.bellsouth.bellsouth.
outh.bellsouth.bellsouth. bellsouth.bellsouth.bells
bells.--------------.outh bells.--------------.outh
bells| TeamPhreak |outh Volume 1 Issue 1 - 10/20/01 bells| TeamPhreak |outh
bells| |outh "Where is my mind?" bells| |outh
bells| .----------. |outh bells| .----------. |outh
bells| | NPANXX | |outh bells| | NPANXX | |outh
bells| .----------. |outh bells| .----------. |outh
bells| *** |outh bells| *** |outh
bells| *** |outh NPANXX bells| *** |outh
bells| *** |outh In Pee Ay. In Ex Ex) bells| *** |outh
bells| _ |outh bells| _ |outh
bells| | ||outh bells| | ||outh
bells| |_||outh bells| |_||outh
bells.--------------.outh bells.--------------.outh
bellsouth.bells| |outh.bellsouth. bellsouth.bells| |outh.bellsouth.
bellsouth.bells|Where|outh.bellsouth. 10101010101010101010101 bellsouth.bells|Where|outh.bellsouth.
bellsouth.bells| IS |outh.bellsouth. 01010101010101010101010 bellsouth.bells| IS |outh.bellsouth.
bellsouth.bells| My |outh.bellsouth. www.musicforhackers.com bellsouth.bells| My |outh.bellsouth.
bellsouth.bells|MIND?|outh.bellsouth. 10101010101010101010101 bellsouth.bells|MIND?|outh.bellsouth.
bellsouth.bells| |outh.bellsouth. bellsouth.bells| |outh.bellsouth.
bellsouth.bells| |outh.bellsouth. [Soundscapes for Compromising a remote host] bellsouth.bells| |outh.bellsouth.
bellsouth.bells| |outh.bellsouth. bellsouth.bells| |outh.bellsouth.
bellsouth.bel| |lsouth.bells. bellsouth.bel| |lsouth.bells.
bellsouth.bel|__Sucks__|lsouth.bells. bellsouth.bel|__Sucks__|lsouth.bells.
bellsouth.bellsouth.bellsouth.bellso. bellsouth.bellsouth.bellsouth.bellso.
NPANXX - Volume 1 Issue 1 - 10/20/01 October 21, 2001 NPANXX - Volume 1 Issue 1 - 10/20/01
==== || ====== === ==== || \\ // \\ //
|| \\ || || || // \\ || \\ || \\ // \\ //
|| \\ || ||===|| //===\\ || \\ || \\// \\//
|| \\|| || // \\ || \\|| //\\ //\\
|| \|| || // \\ || \|| // \\ // \\
.---------------------------------------------------------------------------------------------------------.
| Contents |
. .-----------------------------------------------------------------------------------------------. .
| | | |
| | Introduction | |
| | | |
| | 1. The BellSouth Operator Assistance Training Manual 2.5 (Part 1)..............by Rebitbusy | |
| | 2. The lowdown on SekurIds....................................................by mcphearson | |
| | 3. Caller Id and Call Frwing Source code.........................by RebitBusy and mcphearson| |
| | 4. 1800 - 567 - 99xx Scans.....................................................by mcphearson| |
| | 5. The DATU Modes and Practical Uses...........................................by Phractal | |
| | 6. Harris DATU RT user Guide................................Unknown (typed up by mcphearson)| |
| | | |
| | Links and More Advertisements | |
| | | |
| | Staff Email : | |
| | teamphreak@telcobox.net | |
| | If you have a email to one of the staff members just include | |
| | his name in the subject and it will be delivered to his | |
| | personal email. Thanks! | |
| | | |
| | | |
. .-----------------------------------------------------------------------------------------------. .
| "Where is my mind?" |
.---------------------------------------------------------------------------------------------------------.
----------------- ---------------------
\npan.STAFF.npan/ ShoutOuts
|---------------| ---------------------
|npanp.bor.anpan|
|np.phractal.anp| Op Divert
|np.rebitBusy.an| The MFH Crew
|np.mcphearson.a| Overlord DDRP
|npa.tekk250.npa| Culhavoc
/npanpanpanpanpa\ Setient
----------------- Crew of Teamvirus
Iluffu
9x and d4rkcyde
Chasey Lain for all those late night moments
And finally all the Original TP members
===========================================================
_ _ ___ _ _ _ _ ___ _ _ _ ========
| | \ | | | ) | | | \ | | / | | | | | \ | ========
| | \| | | \ |_| |_/ |_| \_ | | |_| | \| ========
===========================================================
Well, here we are. We, TeamPhreak, the IRC whores from 2600.net
finally got off our asses and put out a zine. TeamPhreak has existed for
a while lurking around irc.2600.net and on the PSTN. But rather than just
conf and irc all hours of the night, we decided to put together a
magazine. This first issue has enough to keep you interested for a while.
We also would like to announce that if you want to contribute, we accept
articles about phone and computer (in)security. Expect future issues to
deal with computer information as well. As for now, we have plenty to
bring out the phreak in you. We hope for the mag to flourish and provide
the h/p community with fresh info, much like past magazines. The early
Phrack issues are a major inspiration to us.
-Phractal of TeamPhreak.
*****************************************************************************
*****Section 1***** The BellSouth Operator Assistance Training Manual 2.5****
******************************************PART 1*****************************
*****************************************************************************
(PART 2 will be out next issue)
COPIED BY REPITBUSY
OPERATOR 21**.
Welcome to the BellSouth Operator Assistance Training Manual 2.5
This manual will show you how to operate efficently within our
regional call centers. Different etiquettes may be required in
different regional settings. Please ask your supervisor if you
have any inquiries.
I. Starting your day the RIGHT way (OPRS 9:00A BGN/SHFT)
When you leave for your call center in the morning, make sure
that you make arrangements to arrive at least 10 minuts earlier
than you are scheduled. Bring all of your belongings to your
workstation,
including personal items, and safety items. You will also need your
security card should a member of our personnell ask you to verify
your identity. Failure to bring items may result in in-efficency
of your workflow or posible ejection from the facility.
Please note that you are only allowed to enter the building 10 minutes
before your shift. Once you leave for the day, you will only be
permitted
to re-enter the building with a police escort.
Make sure your workstation is clean and free of dust or foreign objects
left by previous operators. Always make sure that your station is clean
when you leave for the day. Alcohol wipes and other sanitizationary
items are available at the resource table in the front of your
supervisor's
station. Should supplies be low, or empty, please notify your
supervisor
of this inadequacy.
You may greet the surrounding operators, but please remember that they
are working, and a quiet environment is necessary to process calls on
the
Bellsouth quality level. Persons who adversely effect the workplace
environment
will be promptly removed by security personnel.
Sit quietly at your workstation for a few moments to clear your mind.
Make
sure that personal problems dont enter the workplace. To the customer,
you
are probably the first friendly voice they have heard all day long, so
please
be as friendly as possible.
Clear your throat 3 times or less, but no more than 6 times. Your job
will
place un-needed stress on your vocal cavity.
II. Begin your shift (ALL OPR.)
Sit upright at your console. Feet touching the floor, slightly apart.
Your shoulders should be aligned with the bottom of your viewscan, and
your wrists should come middle ways of your keyboard. If these
locations
do not match up, adjust your chair using the levers on the bottom of
it.
A supervisor will be glad to assist you should your chair be
un-comfortable.
WARNING: FAILURE TO OBEY THESE URGONOMIC STANDARDS CAN RESULT IN
INJURY TO YOU. YOU HAVE BEEN WARNED.
Insert your headset jack in the receptacles found underneath your
console. These receptacles are marked ANOD. and CATHOD.
Now, depress the START key. Today, you will be running the PRACTICE
lesson.
You may need to re-read this section in order to obtain maximum
learning.
A Blue rectangle will appear on your screen, with the traditional
BELLSOUTH
logo under the textbox. Type in the text as following.
Type in BELLSOUTH_1, Then BELLSOUTH_TRAIN.1
Press the START key again.
You should hear a single tone. This means you are logged in and your
console
is ready for operation. If you hear 2 tones, log out, and step away
from
your console IMMEDIATELY. Hail your supervisor IMMEDIATELY, and alert
a condition 26.
Now, press ACPT_RDY. This will alert the system that you are READY to
start
accepting calls. An incoming call is preceeded by a single tone. Press
ACPT to accept the call. Here are the demo calls. There are 5 demo
calls
in each operation category.
-- COLLECT CALLS (INWARD, OUT OF AREA,, IIN AREA, OUTWARD, RESIDENTIAL)
[ Tags: SAY, PRESS.]
PRESS: Lighted Line Light.
SAY : OPERATOR.
SAY : One Moment.
PRESS: Un-Lighted Line Light.
PRESS: ST.
PRESS: 256-555-1212.
PRESS: KP.
To do it automatically with BellSouth's ARU.
PRESS: AUTOVBL.
PRESS: CLCT.
PRESS/HOLD DOWN: Both lighted line lights.
PRESS: RLS.
To do it manually.
SAY: This is BELLSOUTH with a collect call from.
SAY: Number found under the field marked A.N.I.
SAY: Would you like to accept the charges?
PRESS/HOLD DOWN: Both lighted line lights.
PRESS: RLS.
-- THIRD PARTY CALLS
[ Tags: SAY, PRESS.]
PRESS: Lighted Line Light.
SAY : OPERATOR.
SAY : One Moment.
PRESS: Un-Lighted Line Light.
PRESS: CHG
PRESS: 256-555-1212 (This is the number accepting the bill.)
PRESS: THR_PTY
PRESS: 256-555-1213 (This is the number the customer is calling.)
PRESS: EXEC
PRESS: Both Lighted Line Lights.
-- TRACING A CALL
While a call is in progress:
PRESS: IDFY
PRESS: SEC_ALRT
PRESS: RLS
While a call is NOT in progress
PRESS: IDFY
PRESS: (Number of party who is speaking with another party.)
You will see the name, number, address, and personal information of
the two parties speaking. If the line is not in use, the computer
will return the string "NOT BSY"
-- INTERRUPTING A LINE
PRESS: BARGE
PRESS: (Number of line to break into.)
PRESS: RLS when done.
-- RETRYING A BUSY LINE
PRESS: RTRY_ON_BSY
PRESS: RLS
-- HAILING A SUPERVISOR
PRESS: SUPR
PRESS: KP
PRESS: 350 KP
-- FILLING OUT A TROUBLE TICKET
PRESS: TRBL
PRESS: (Number of trouble, see TROUBLE CODES)
PRESS: EXEC
PRESS: RLS
-- CALLING SECURTY TO LOCAL FACILITY
Using your left thigh, depress the security switch on
the side of your cubicle.
-- TROUBLE CODES
001.1 - LINE BUSY WHILE NOT IN USE.
001.2 - LINE BUSY WITH MORE THAN 3 PARTIES.
001.3 - LINE BUSY WITH MORE THAN 4 PARTIES.
001.4 - LINE VOLTAGE INSUFFICENT.
001.5 - LINE IN USAGE WITH NONBUSY STATE.
001.6 - LINE FILTER NOT IN USE.
001.7 - LINE ARBITRATOR OFFLINE.
001.8 - LINE BUNKER OFFLINE.
001.9 - LINE BUNKER ONLINE WHILE NONBSY STATE.
002.1 - CHIPCODE OFFSET 9
002.2 - CHIPCODE OFFSET 8
************
*** END ****
************
*****************************************************************************
*****Section 2******The low down on SekurIds*********************************
*****************************************************************************
By mcphearson
.-----------------------------------------------------------------.
Sections
1. Establishing an Account
2. Where Can you find the RF-1747csx form and instructions?
3. Using Your SecurID Card for the First Time
4. BellSouth Business In-Dial Phone Numbers
5. How to Dial into the BellSouth Business Network
6. What are Sekur ID's and why are they used?
.-----------------------------------------------------------------.
.--------------.
| Section 1 |
.--------------.
---- Before you will be able to dial-in via the CSX platform, you must:
1) Have an active SecurID (NAC or DIALS) account
2) Have recieved an E-Mail confirmation from the Remote Access and Security Management
group stating that your completed RF-1747CSX form has been processed.
IF BOTH OF THESE STEPS HAVE NOT BEEN DONE, YOU WILL NOT BE ABLE TO ACCESS ANY
BELLSOUTH SYSTEM OR NETWORK REMOTELY VIA CSX PLATFORM.
.--------------.
| Section 2 |
.--------------.
---- You can find the RF-1747CSX formm aand instructions here:
http://user1.home.bst.bls.com/~dibs/
This is a closed network and you will NOT be able to go to this site! Sorry guys
.--------------.
| Section 3 |
.--------------.
---- Using Your SecurID Card for thee FFirst Time
The first time you attempt to use your SecurID card, you will be required to change your
four digit PIN code. It is recommended that you do this prior to making your first
connection. This new will be effective for 120 days.
If you are using a script to automate the connection process, THIS SCRIPT WILL NOT WORK!!!!
no one in BellSouth supports scripts and problems are harder to detect with scripts
running. It his recommended that you disable all scripts and login manually each time.
If you are having problems changing your securID pin and you are using a script, disable it
and follow the procedure stated above (in number 1).
.--------------.
| Section 4 |
.--------------.
--- BellSouth Business In-Dial Phonee NNumbers
________________________________________________________ _____________________
Southern Bell Territory (GA,FL,NC,SC) - Dynamic | 780-6215
Atlanta Area | (404) 322-2001
Charlotte Area | (704) 780-6215
South Central Bell Territory (AL,MS,LA,TN,KY) - Dynamic |557-6226 or (205)7335206
MNS Atlanta | (770) 621-2290
MNS Long Distance | (877) 662-5910
_______________________________________________________________________________
Please remember that area codes change or BellSouth May implement 10-digit dialing
in your area and you need to adjust the phone number above. We will try to keep any
major phone number changes communicated to you via IT Alerts.
.--------------.
| Section 5 |
.--------------.
---- How to Dial into the BellSouth Buusiness Network
Use your Phonebook Entry to Dial a Connection
1. Connect your computer to a telephone line.
2. If you are currently logged into your computer,you must loggoff by pressing
Ctrl-Alt-Del and selecting the Logoff button. Do not select Reboot or Shutdown buttons
3. Press Ctrl-Alt-Del to access the Windows Nt login screen.
4. Click the OK button at teh proprietary warning Screen.
5. At the Widows login screen, enter your NT login ID, password, verify the Domain
is "BBS", and check the box next to "Logon using Dial-up Networking". Click OK.
6. In the [connect to ...] window (your phonebook entry name displays in the title bar)
type in your Bellsouth common user ID (CUID) in "user name" field. Press the <TAB> key
(see figure 1).
7. Type in your common user ID (CUID) in the password field. [click] <OK> and the
[connecting to...] dialog box will appear. IT should read "Dialing 4045556666...."
.--------------.
| Section 6 |
.--------------.
************
*** END ****
************
*****************************************************************************
*****Section 3*****Caller Id and Call Frwing Source code*********************
*****************************************************************************
By mcphearson and RepitBusy of Team Phreak
Definitions from McGraw-hill illustrated TELECOM Dictionay (Second Edition)
Three parts of this TXT
1. Source for Caller ID and Call Frwing
2. Explanations of the Source Code
3. Definitions
1.--------------------SOURCE-----------------
Call Forwarding
CSM BLS AKEY: FILE: CFWD.DMS
ANI_GETNUM,STDIN FS/ST = NUMBER.1$
IF NUMBER.1$=BSY_STATE=TRUE THEN OPEN NUMBER.1$.CUST.DAT
LOCAT.CUST.DAT=CFWD[ENTRY1]/READOUT CM FWD VARIABLE=NUMBER.2$
IF NUMBER1.$=STILL BSY_STATE=TRUE THEN FUNC.FWD NUMBER.2$
RECRD/TOLL=0.00 CM.ENDSWITCH_FWD
ENDSW_FWD
CALLER ID
CSM BLS AKEY: FILE: CALLID.DMS
ANI_GETNUM,STDIN FS/ST = NUMBER.1$
LCD_RDOUT CALLED_NUMBER=TEXT1.NUMBER.1$
IF DATE%=NULL AND TIME%=NULL THEN LCD_RDOUT
= PROPDATE%, PROPDATE%, NUMBER.1$
ENDSW_CID
2.--------------Explanations of source-----------------
--------- Call Forwarding sourcee explination --------
CSM BLS AKEY: FILE: CFWD.DMS = (not sure) standard module, bellsouth,
Akey - Programing lang.
ANI_GETNUM,STDIN FS/ST = NUMBER.1$ = Automatic Number Identification,
standard input, Frist start/stop, NUMBER.1$ = varriable.
IF NUMBER.1$=BSY_STATE=TRUE THEN OPEN NUMBER.1$.CUST.DAT = if the number
"$1" is busy, then open the customer file.
RECRD/TOLL=0.00 CM.ENDSWITCH_FWD = record toll=null, control module,
end switch and forward
ENDSW_CID = stop
-------- Caller ID source explinattioon --------
CSM BLS AKEY: FILE: CALLID.DMS = (not sure) standard mechanism, bellsouth,
Akey - Programing lang
ANI_GETNUM,STDIN FS/ST = NUMBER.1$ = Automatic Number Identification,
standard input, Frist start/stop, NUMBER.1$ = varriable
LCD_RDOUT CALLED_NUMBER=TEXT1.NUMBER.1$ = LCD (liquid Crystal Display) ReadOut, Puts Callers
Number on the LCD screen.
IF DATE%=NULL AND TIME%=NULL THEN LCD_RDOUT= PROPDATE%, PROPDATE%, NUMBER.1$ = If theres
no Date or time then fill in with correct date and time.
ENDSW_CID = stop
3.-----Definitions--------
A. CallForwarding - A service offered by local phone companies
to their Subscribers and a feature of PBX systems that allows a User
to make calls Dialed to their Phone Ring to a differnt phone or phone number.
B. Caller ID - A feature offered by local phone companies
that sends the phone number (and often the name of the caller) down the
phone line in a digital data packet between the first and second ring.
To receive teh data, a subscriber that has signed up for the service
needs to have a caller-ID unit (also called a caller-ID box) plugged into
the phoneline. The caller-ID unit displays the name and number of the calling
party for each incoming cal. CallerID only works if the caller and the called
party's phone service is fed out of a C.O (central office) that has Caller ID
capability. If the C.O does not have Caller-ID capability, the display will
read "out of area" to the called party. If the called party does not have
caller service, they will get a display that says "no data sent."
C. ANI (Automatic Number Identification) - This feature, offered by local phone companies,
sends the phone number (and often the name of the caller) down the phone line in a digital
data packet between the first and second ring. To receive teh data, a subscriber that
has signed up for the service needs to have a CAller ID unit (also called caller ID -
box) plugged into the phone line. The caller-ID unit displays the name and the number
of the calling party for each incoming call. Caller ID only works if the the caller and
the called partys phone service is fed out of a C.O tht has caller-ID capability. If The
C.O does not have caller-ID capability, then the display will read "out of area" to the
called party. If the called party does not have caller service they will get a display
that says "No data Sent."
D. C.O (Central Office> - A building that houses a telecommunications switching or trafficking
system. Typical switching systems installed in central offices in North America are Lucent
Technologies' 5ess and Northern Telecom's DMS family of switches. There are five classes of
Central offices and five major parts to a central office. as a whole these parts are referred
to as inside plant.
shouts: Bor,Phractal,Teamphreak,Setient
************
*** END ****
************
*****************************************************************************
*****Section 4***** 1800 Scans***********************************************
*****************************************************************************
1800 - 567 - 99xx Scans
Brought to you by mcphearson
Area codes 478,912
Warner Robins, Georgia 31208
00 - Authoritative Busy
01 - easy reach number! enter access code
02 - No answer
03 - to enter a acess code press one
04 - Authoritative Busy
05 - digital pager
06 - no answer
07 - Authoritative Busy
08 - Authoritative Busy
09 - Authoritative Busy
10 - answering machine
11 - Authoritative Busy
12 - talk hotline
13 - Answering Machine
14 - answering machine
15 - Authoritative Busy
16 - No answer
17 - automatic call frw system
18 - Authoritative Busy
19 - Call can not be completed
20 - Call can not be completed
21 - Authoritative Busy
22 - Authoritative Busy
23 - answering machine
24 - has been disconnected
25 - Tech suppoert for ?
26 - answering machine
27 - Authoritative Busy
28 - Authoritative Busy
29 - Authoritative Busy
30 - realestate company
31 - Authoritative Busy
32 - no answer
33 - busy
34 - wetback error msg
35 - number you have dialed is not inservice
36 - please enter your telephone number
37 - please enter your telephone number
38 - please enter your telephone number
39 - Not in service
40 - please enter your telephone number
41 - please enter your telephone number ????
42 - Not in service
43 - please enter your telephone number ????
44 - Authoritative Busy
45 - Authoritative Busy
46 - answer machine
47 - Authoritative Busy
48 - cannot complete this call
49 - call frwed
50 - No answer
51 - answering machine
52 - ?????????!!!
53 - Authoritative Busy
54 - "number you have dialed has a new directory assistance"
55 - busy
56 - easy reach number
57 - disconnected
58 - disconnected
59 - Live operator?
60 - "number you have dialed has a new directory assistance"
61 - digital pager
62 - Authoritative Busy
63 - Authoritative Busy
64 - CV tech
65 - answering machine
66 - Authoritative Busy
67 - Authoritative Busy
68 - weird ringing?
69 - Authoritative Busy
70 - Spanish Answering machine
71 - ring and then a fast busy
72 - fax
73 - Authoritative Busy
74 - answering machine
75 - answering machine
76 - Nonworking tollfree number
77 - err this girl pissed me off, do what you must
78 - Church
79 - answering machine
80 - "number you have dialed has a new directory assistance"
81 - answering machine
82 - Authoritative Busy
83 - Can not be completed as dialed
84 - Authoritative Busy
85 - Pbx
86 - "number you have dialed has a new directory assistance"
87 - Authoritative Busy
88 - Authoritative Busy
89 - united partial service
90 - silent
91 - miricle medic?
92 - welington walt
93 - Authoritative Busy
94 - Charter communications
95 - paperpotomis lol greeting card company
96 - Authoritative Busy
97 - Authoritative Busy
98 - Authoritative Busy
99 - cannot be reached from my area
************
*** END ****
************
*****************************************************************************
*****Section 5*****The DATU Modes and Practical Uses*************************
*****************************************************************************
[disclaimer: unless you are a certified technician, any DATU you access
is not your property and therefore is electronic trespassing into the
insides of your local Central Office. Know what you're getting into. This
information may or may not have been test by someone certified to operate
a DATU. This is merely information, nothing more.]
I. Intro, Switching Diagrams, DATU definition
II. Format of DATUs
III. Test Mode
IV. Admin Mode
V. Practical DATU uses
VI. Theoretical DATU uses
VII. Final Notes
VIII. Technical Acronyms
I. Intro
Well, a great many of articles have been written recently
regarding the Direct Access Test Unit (DATU). A DATU is a computer
that you can connect to via the PSTN, all you need is the phone number.
My local Central Office uses a AT&T 5ESS switch, so I know for a fact that
those switches use DATUs, I am not sure about others, like DMS switches,
but chances are, your local, residential Central Office has a DATU. DATUs
use the ring and tip wires a lot to test lines, the ring and tip wires
are often the red and green wires that go into your phone.
DATUs are tubular little wonders that allow the phone company and
phreaks to perform tests on local loops. To test a line outside your
Central Office's area, you need the DATU number for the Central Office
that serves it.
I should mention that this article discusses but is not necessarily
limited to testing POTS lines.
From the PSTN to your home:
|
\ /
/------------------\ /-----------------------\
_ PSTN! ---ss7--| Toll Switch |---| Local Switch / CO |
|DMS 200, 250, 500 | | 5ESS, DMS 10, DMS 100 |
\------------------/ \-----------------------/
/ | \ |
|
<POTS lines>
|
___
/ \
/--------\ /--------\
|Junction| |Junction|
| Box | | Box |
\--------/ \--------/
/\ Split /\
Your k-rad line~~~~~~~~~>/ \ lines / \
/\ /\ /\ /\
/ \ /
/
/
tip> /\ <ring Residential
/ \ Loops
| |
| |
/------\
| home |
\------/
II. The Format of DATUs
The format of most DATUs is xxx-9935
It is up to you to find an exchange that works, it shouldn't be too hard
since most non-toll COs only serve less than 15 or so exchanges. If you
still can't find it, the DATU could be anyplace else, or you have a
different switch, but for most 9935 is the suffix for the DATU. You can
try wardialing for them. You will recognize a DATU by it's weird prompt.
It is a 440hz tone sounding like a low hum. The prompt is asking you to
enter in the DATU password on your DTMF keypad. All passwords that I have
found to work are 4 digits, the default is 1111. If it isn't the password,
try pairs like 3535 or 9292, i have found some that work with pairs, as
well as 4300. Then again, don't try and brute force the password, at least
not from home. If the Telco notices a lot of failed DATU logins then they
will contact you or they will change the password, causing a headache for
all the linemen and phreaks who already know it. Use your head :)
The real hardcore hardware nerdy stuff of DATUs can be acquired by reading
Phrack 52, and PPM issue 2 and 3.
Therefore I'm not going to heavily explain what all the functions do
inside the DATU.
Also, for a quick reference, check Telec's article @ phonerangers.org
-Once you have the DATU, and the 440Hzz ttone, you will have to dial the
password using DTMF tones. There are two accounts/passwords THAT I KNOW OF
for each DATU. There is the normal account which is a 4 digit password,
and there is an ADMIN account, which is * followed by 7 digits.
III. Test Mode
Default passwords for the normal account are 1111 and 4300
Once inside the DATU using the normal account you will hear a second
440 Hz tone prompting you to enter in a seven digit phone number that
is served by the switch the DATU is at. After that you should hear an OK
to confirm, otherwise you did something wrong, or the line is busy. You
can perform tests on the line by using the corresponding codes:
Code: Test: Fuction:
1 ---- Announces the menu over the phone
2 Audio Montior Hear SCRAMBLED traffic on the phone, can
be used to test if there is activity on
line or not.
33 Short to Ground Shorts the ring, tip and ground wires of
your line back at the CO(red and green
wires)
37 Ring Ground Shorts ground and ring wires
38 Tip Ground Shorts ground and tip wires
44 Ring/Tip High Tone Bursts a high level tone onto the Tip
and Ring Wires
47 Ring High Tone Bursts a high level tone onto Ring wire,
Tip grounded
48 Tip Hight Tone Bursts a high level tone onto Tip wire,
Ring grounded
5 Low level Tone Bursts low level tone onto tip and ring
wires
6 Open Line Cuts battery power to tip and ring, line
has no electricuty from CO, rendering it
unusable
7 Short Line Electricity given to tip and ring from
CO
9 Permanent Signal Release Used on busy lines in older switches,
refer to the DATU article by BlackAxe in
Phone Punx Magazine Issue 2
* Hold Function Keeps current test on line active after
you disconnect for a specified amount of
time that you have to enter in, most of
the time 10 minutes is the max, to
prevent things like a line being open
for a month.
# New Test Disconnects you from current line, and
prompts you to enter in a new number to
test, like the Control-C of a DATU.
IV. ADMIN MODE:
/!#@$%@#$
HI, I just want to make a point of saying that the following is info is
NOT confirmed, I am writing this from my experiences using admin mode.
For example, I don't know if option 3 actually has the power to delete
exchanges or not, i haven't tried it, and neither should you, really.
The Admin mode is entered by entering in a * followed by a seven digit
passsword. I currently am un-aware of any 'defaults' for this. The
options in the admin account allow you to do things that pertain more to
the Central Office and how it serves the public. You cannot test local
loops with the ADMIN ACCOUNT. Once you get a valid password, you should
NOT hear a second 440hz tone, you should just automatically hear an 'OK'. The
following codes work for the ADMIN mode:
***PLEASE IF YOU HAVE ACCESS HERE, EXPLORE WITH CARE! YOU COULD SERIOUSLY
CAUSE DAMAGE TO YOU AND YOUR LOCAL NEIGHBORS SERVED BY THE LOCAL CO. I
WOULD SUGGEST YOU DO NOT EVEN ATTEMPT TO CHANGE OR ACCESS ANY OPTIONS
OTHER THAN TO CLEAR YOUR TRACKS(covered later).
Code: Option: Sub-Optionz:
1 Set password 1.Set System Password
2.Set User Password
2 Select Busy Test 1.Select Busy Test
4. Stanard Busy Test
5. 5ESS Busy Test
2.Select Dialing Message
1. MF Dialing Message (??)
2. MF Dialing Message
3. Pulse Dialing Message (??)
4. Pulse Dialing Message
5. MF with Reversal Sensing
6. Pulse with Reversal Sensing
3.Select Trunk
1.Standard Trunk
2.Special Trunk
1. Trunk Share
2. No Trunk Share
3 Read/Change Prefixes 3.Add Prefix
4.Clear all prefixes
5.Delete Prefix
6.Read all prefixes
4 Read/Clear Timers 1. Read Timers
1. Usage Timers
2. Function Timers
2. Clear Timers
1. Clear Usage Timers
2. Clear Function Timers
3. Clear all Timers
5 Select # of digits Dial 4, 5, or 7
6 Set AccessTimeout Parameters Dial Three Digits
7 Read/Clear Counters 1. Read Counters
1. Read Usage Counters
2. Read Function Counters
2. Clear Counters
1. Clear Usage Counters
2. Clear Function Counters
3. Clear all Counters
8 Enable/Disable Test 9 Toggle wheather Permanent Signal
Release is allowed or not to be
used
0 Clear Alarm ??
There are other kinds of lines and functions that you can do with the DATU
computer, but I suggest you look them up in Phrack or PPM, or maybe I'll
write a part 2 sometime later :)
BTW, the only tests that work on a busy line are: Audio Monitor, Low Level
Tone, and Permanent Signal Release.
To cover your tracks, clear the onboard logs, aka Timers, via Option 7.
V. Practical Uses for DATUs:
Busy Lines:
Let's say you call a number, be a friend, or wardialing and its
busy. You can use the audio montitor to test if there is actual traffic
on the line, if not, then maybe the line is somesort of test line or
someone left a phone off the hook. I have found audio monitor useful when
trying to hack weird modern COCOTs. Let's say you know a BBS or some
carrier that you want to connect to, but it's busy, like a COCOT's
computer modem, you can blast a Low Level Tone to throw off the modem and
have it get disconected, you can also remotely disconnect any modem from
a connection if you know the number of the line. (You can only do this if
the line has a ground going into thehouse, or building and not just at
the CO) If there is a number you have found that is ALWAYS busy, i mean
ALWAYS, try opening the line and dialing it right after the line is
shorted back. I find that COCOTS almost always have grounds in them.
*Most residential lines will not hear Low Level Tone, because they have
no ground going into the phone.
Beige Boxing in a large Telco Boxes:
When beiging in a large telcobox, depending on where you are, it
can be a puzzle to find the right pair to connect to the line you want to,
if it is a specific line that you are looking for. You can use High Level
Tone Tests to look for the pair, when you reach a pair that has a beeping
you can bet its the same line you inputted into the DATU. If the line is
busy, or you want to be more stealthy, you can use the low level tone,
which is less likely for someone to hear unless they have a ground going
into their phone, most don't nowadays.
Remote Busy Box:
Remember the Busy Box? You crossed the green and red wires to busy
out any line. The green and red wires are tip and ring, so test code 33
can remotely turn any local line into a busy box since the tip and ring
wires are shorted out at the CO. Be in mind that most likely you can only
keep a line shorted for 10 minutes after you hang up, if you want longer,
just keep dialing in every 10 minutes. The same goes for opening a line
(shutting it off) or any tone tests.
(Hint about time limits, study ADMIN functions)
Some notes about Audio Monitor:
--- The Audio Monitor feature is not aa ttap or eavesdropping feature, you
can not understand any speech or capture any DTMF tones traveling along
the line though the DATU. It is merely used to verify that there is indeed
activity on a line, if the line is busy and there is no acitivy, then
there could be a problem.
VI. Theoretical Uses for DATUs:
Creating Phone Numbers:
Have you ever dreamed of creating a phone number out of thin air,
with no billable address like the Legion of Doom did back in the day?
Well, the first step could be creating a new exchange to use your numbers
on. Once the exchange is created, I can't really tell you where to go
from there. If you find other ways of entering the switch, like thru a
dialup or over some Packet Switched Network, then go for it, but be
careful, respect the telco's turf, and DON'T MODIFY OTHER PEOPLE'S STUFF!
Mapping Switch Hardware:
I have heard some DATUs announce the switch they are attached to.
This can be useful to find out info on how to remotely explore the switch.
Also, if Permanent Signal Release is enabled, then you could find a stroke
of unbelievable good luck, Step by Step switching, which in theory of
course, all kinds of things would work, like blueboxing (inband
signalling), black boxes, etc...
VII. Final Notes:
DATUs are for testing lines only, they apply certain tones and can short
lines, but they are not used to add features or anything to a line. You
cannot add three way calling to your line through a DATU. You cannot add
Call Forwarding to you line, you cannot get ISDN or ADSL. And please test
responsably. If you keep opening a line to annoy someone then the
password will most likely get changed.
As far as I know, if you have the dialup and password, you can access the
DATU from anyplace on the PSTN, there is no confirmation that you are
calling from a local number or anything, so If you are in NY, you can test
lines in California providing you have the DATU k0d3z.
VIII. Technical Acronyms:
PSTN Public Switched Telephone Network (the global phone network)
AT&T American Telephone and Telegraph
ESS Electronic Switching System
DMS Digital Multiplexing System
CCITT Committee Consultative International Telegraph and Telephone
POTS Plain Old Telephone System
DTMF Dual Tone Multi Frequency
PPM Phone Punx Magazine
MF Multi Frequency
CO Central Office
COCOT Customer Owned Coin Operated Telephone
BBS Bulliten Board System
ISDN Integrated Services Digital Network
ADSL Asynchronous Digital Subscriber Line
DATU You should know this...
Greets:
9x, Substance, Hybrid, D4RKCYDE, Downtime, Phonerangers, Telec, Mastermind,
Black Axe, Janus, linear, terror eyz, dijit, nawleed, vixen, Zylone,
Pinguino, The Clone, logicbox, velocity, Venadium, Brisk, Bor, Xade :),
notten, barby, bikr, tomgavin, leprekaun, dinkee, purp, vap0r,
Tubular Phreak, 3rd worm, diozepart, Team Phreak, and all my other old
skool conf buddiez, you know who you are ;)
I also owe alot to Telec and MMX to my current understanding of the DATU.
************
*** END ****
************
*****************************************************************************
*****Section 6*****HARRIS DATU RT user Guide*********************************
*****************************************************************************
1. Dial DATU access Number
2. Enter Password
3. Dial Seven Digit Subscriber number (The
Phone number you want to fuck, DipShit)
4. Datu will respond "Connected to xxx-xxxx."
"ok," or "connected to xxx-xxxx, busy line,
audio monitor"
nonpair gain lines proceed to step 7
NOTE: If busy line, DATU will not access the
DC By-Pass Pair or the metallic Access Unit.
5. SLC lines: If line is idle DATU will respond
"Pair Gain Line" followed by "processing"
("Processing" may be repeated for up to 25
seconds> DATU will voice Message:
Single Party line\ (Good)
|
Multi-Party Line | Followed by
Coin Line________/ *ENTER RT NUMBER*
Channel Not Available (No/Bad channel test results)
PGTC Failure/By-Pass If same recording is heard
Pair Busy repeadtedly alert supervisor
Pair Gain System Alarm (Alert Supervisor)
6. If good (or bad) channel test results enter the Rt number
dial "*" to end ("**" toggle on or off the alpha mode).
Enter Pair Number, Dial "*" to end.
Dial "0 *" to use existing DC TEST pair.
DATU will connect to the by-pass pair or
call teh Metallic Access Unit in the RT,
except when by-pass is busy or pair gain
system is in alarm.
See step 7 after connection to the remote site
7. LINE PREPARATION FUNTION DIAL CODES:
2 = Audio Monitor
33 = Short Tip and Ring to Ground
37 = Short Ring to Ground (Tip Open)
38 = Short Tip to Ground <Ring Open>
44 = High Level Tone on Tip and Ring
47 = High Level Tone on Ring (Tip Grounded)
48 = High Level Tone on Tip <Ring Grounded)
5 = Low Level Tone
6 = Open Line
7 = Short Line (Tip to ring Short
9 = Permanent Signal Release
# = New Subscriber Line
## = Force Disconnect
* = Connect preparation funtion after disconnect
(system programmable from 1 to 99 minutes
enter number of minutes); enter number of
minutes after "*"
Single Line Access:
1. Dial The DATU access number
2. Enter the user password
3. Enter the "*" and subscriber number for non pair
gain lines or Enter "**" and subscriber's number
got pair gain lines and then enter RT number.
Dial "*" to end. Enter Pair number. Dial "*" to
end.
4. Enter Function Desired
5. Enter number of minuets to apply condition
6. Hand up and wait 30 seconds for DATU to access and
condition the line, (90 seconds for RT connection.)
Alpha Character Codes:
[space] = 11 , A = 21 , F = 33 , K = 52 , P = 71 , U = 82 , Z = 94
= = 12 , B = 22 , G = 41 , L = 53 , Q = 74 , V = 83
, = 13 , C = 23 , H = 42 , M = 61 , R = 72 , W = 91
/ = 15 , D = 31 , I = 43 , N = 62 , S = 73 , X = 92
NOTE : This is the only UNORIGINAL text in this ezine and hopefully it
will be the last. I wish I could tell you where I got it from
but I forgot. Somebody eles did trash this and they scanned it in
I merly typed it up so if you have seen this text before please
email me at parenomen@yahoo.com and tell me the author so I can
give them credit again i am very sorry this will be the only text
I will use with out premission!
- mcphearson
"Its over so get off your
fat ass and go get into outh.bellsouth.bellsouth.
some more trouble!" bellsouth.bellsouth.bells
- op divert bells.--------------.outh
bells| TeamPhreak |outh
bells| has left |outh
bells| .----------. |outh
bells| | END | |outh
bells| .----------. |outh
bells| *** |outh
bells| END |outh
bells| *** |outh
bells|the building_ |outh
bells| | ||outh
bells| |_||outh
bells.--------------.outh
bellsouth.bells| end |outh.bellsouth.
bellsouth.bells| end |outh.bellsouth.
bellsouth.bells| end |outh.bellsouth.
bellsouth.bells| end |outh.bellsouth.
bellsouth.bells| end |outh.bellsouth.
bellsouth.bells| end |outh.bellsouth.
bellsouth.bells| end |outh.bellsouth.
bellsouth.bells| end |outh.bellsouth.
bellsouth.bel| END |lsouth.bells.
bellsouth.bel|__Sucks__|lsouth.bells.
bellsouth.bellsouth.bellsouth.bellso.
NPANXX - Volume 1 Issue 1 - 10/20/01
"Where is my mind?"