T E L C O - I N S I D E P R E S E N T S
___________ ____
/¯¯¯/ / // /
. ' ¯¯¯¯ /¯¯¯¯¯¯¯/¯¯¯¯¯¯'_ .___/ /_
·, (___/_ / / .'/ // (___/ '
/¯¯¯) '. / ( / //¯¯¯) .
/ ______, ·___/___/ //___// , ·
/___/ / / /___/¯¯¯¯¯¯¯
' ·
T E C H N I C A L './ J O U R N A L
The SARTS BlueBoxing journal
by Cuebiz aka Jamie Faith
Hi, Iam SARTS, Cuebiz's pet Yorkshire Terrier and the official
mascot of Telco Inside. You see, Cuebiz thought it would be funny
to have a dog type up infoz on blueboxing and I didn't want to do
it until he threatened to stop feeding me bacon and hotdogs, so here
it is; you fucking HOMOsapiens!
For the n00bs
The year is 1955, when the Bell Technical Journal published an
article entitled "In Band Signal Frequency Signalling", which
described the process used for basic routing, and hanging up trunks
for the (back then) current signalling system; R1. In the year 1964,
TBTJ published the remaining half of its "key ring" by releasing the
frequencies used for hanging up, and routing long distance calls.
This article was ment for use by Bell techs, though they hadn't realized
that 90% of the US engineering schools also had subscriptions to TBTJ. In
6 months time, they recalled all issues; with hopes that noone took notice
to their mistake ....
A year later, Bell engineers were sent over to Washington State College;
to investigate a massive ammount of lengthly calls being made to an "out of area"
WATS number. Upon arrival they discovered ... a strange device with a blue metal
chassis connected to a public payphone;. The device was later nicknamed the
"Blue Box" .... Read more about this here
Then, in November 1988, The CCITT (now known as ITU-T) published recommendation
Q.140, which goes over System No. 5's international functions, and once again
giving away its "secret key".
Explanation
When making a call in the 60's, you would actually be able to hear your exchange
talking to your buddy's exchange when making a long distance call (ie: via WATS
or direct dial), and the theory is: If we can hear it, we can try to imitate it.
This is the basic idea that brings about blueboxing.
Now, the basic principle with R1 signalling was that when a trunk was NOT in use,
it whistled at 2600hz, or 2600 cycles per second. The exploit is obvious from here.
If one could find a way to imitate the 2600hz whistle, then he'd would be able to
trick a long distance trunk into thinking that the other person on the line "hung up".
Now, by releasing the tone, the trunk will hear silence - and think that its once again
"in use" and ready to route another call.
From there, the "blueboxer" is in fact, his own operator. Free to route calls via
terminal or transit as he/she wished (please note that this was obviously before the
creation of ESS).
System R1 was exploited up right until Ron Rosenbaum's Esquire article was published,
it's available for you to read @ Http://telco-inside.spunge.org/files/esquire-sotlbb.txt.
Of course, abuse sky-rocketed, which forced the telco to take action with its "secret weapon",
CCIS, also known as Common Channel Interoffice Signalling, specifically SS6.
This in turn killed system R1 exploration in the US except for several remote
areas (which was later killed off in the late 80s).
The ReBirth
In the late 80's - early 90's - trans-atlantic cable routes were publicly
available and fairly common, the US switched from SS6 to SS7 connections
(our current signalling system) which gave us fast, clear, and totally
"unboxable" lines. This also brought about new advances in the telco;
and they started to intigrate Home Country Direct WATS numbers, which allowed
the US to have WATS numbers directly routed to other countries with different
types of transit signalling systems, of which 90% were analogue (similar to R1,
in the sense that signalling takes place via voice). This opened up a new way
to blue-box for *FREE*.
1. The US (or whereever) gateway would first seize a trunk (2400hz) to start
routing; the recommended seizure time is approximately 125ms. Once a trunk
has been seized, the remote switch will respond back with a "proceed to send"
to prompt the US gateway to start sending route information. The address
information is then send to tell the international switch where to route
the call ... Once the international switch hears an ST, it routes the call.
You'll then get an audible cheep upon answer, of which the US international
gateway would acknowledge
2. This is when speach takes place. The guard circuit "listens" to makes sure that
the call wont end prematurely if someone accidentally whistles into the
line or something.
3. If *they* hang-up, the remote switch will send a clear-back signal to tell
the US switch that the caller on its end had hung up and so the call has ended.
The US switch would then audibly acknowledge it. The US switch would almost
immediately try to "clear" the trunk by sending a "clear-forward" to tell the
international switch that the trunk is now free, and then the international
switch would respond back with a release guard and set the trunk to idle
(it can once again be seized).
System No. 5 synapses
C5 is one of the most affordable, versitile signalling systems in the world today,
as well as the worlds MOST used system for intercontinental operations. It allows
for interworking between regional systems such as R1 and R2, while also being able
to encode/decode digital (SS7) via transit with D-CCITT#5. To prevent false release
- it intigrates (strongly suggested since the updated CCITT #5 recommendation) the
use of a release guard tone to be sent in comound with the clear forward - something
that is unique to System No. 5. Its also able to turn PCM with neat little add-on's
such as DSU600-type platforms. Setup and take-down of trunks are unbelievable when
taking into consideration that its an analogue system.
TASI clipping can be bypassed, BLV trunks are able to VFY via transit, digits are
sent in the forward position (with the exception of C5-bis) with 55ms durations and
spacing that varies between regions (areas in Zone 1 tend to use faster dialings;
commonly being 80ms).
Dialing is exactly the same as System R1, but with a Transit signal (kp2), a Code-11
signal (INWARDS), and a Code-12 signal (Directory Assistance op) used for faster routing.
Routing is also done similar to System R1 (able to route via cable/sattelite/microwave/or
radio with its descriminating digit) except for the fact that you can route
intercontinental with kp2, and reach operators with C11 and C12.
C5 connections tend to use a broad spectrum of other signalling systems when being
converted to digital. By far one of the most interesting was when Dynamics explained
the old route from Belize to the US. Which went through a bunch of DMS-100's then to
the national gateway via SS7, then using an R1 connection to the 5ESS international
switch which was then encoded to a digital C5 connection going to the US. *sigh* C5
being used in its prime, how friggin beautiful. (unlike the US who has the same
boring SS7 routes and then finally a digital C5 Belize link in Miami, bleh - boring!).
The C5 dial-set and control chart is put together below:
/usr/bin/DOSEMU/w4rez
BlueLink v1.1 by Ramses III
This isn't a very popular dialer. Slut139 bought this very program back in '95 from
Urmel and we haven't seen it online since. The tones are displayed as they are sent
to your sound card (works excellent on my Adlib sound card), which isn't a very bad
idea; it has a nice dialing speed that works great with today's faster
(*cough* *cough*) c5 trunks. The bad thing about BlueLink is that it was made
for private use in the early 90's - so it only supports two tones being played
at once (ie: the recommended ccitt5 standard seize/clear) which is a bitch to
use on #s that require a guard tone. If anyone has a higher version please email me at
sarts@telco-inside.tk with the "BlueLink."
Scavenger dialer by Scavenger
This is yet another rare gem that seemed to have faded away along with the pstn-bbs scene.
It was written in the early 90s and went through three previous versions. It has a scripting
language three times better than BlueBeep, it has a timer that allows you to run scripts at a
specified time while working in the Scavenger GUI, it has the ability to dial your c5 number
(wats/direct dial) without having to change your dial-set (anything in the "toll free numbers"
section will be dialed with DTMF and everything else is dialed with c5 dialing), it by default
lets you use c4 dial pulsing (more tones), it has a program to convert TLO/BlueBeep phonebooks
into Scavenger format,
its compatable with several THC products (Hi Van Hauser!), and it has a feature to log
your break tone actions. I know some of you are thinking, wtf am I going to do with a
logging feature? Well, here's a scenerio that's happened to me at least twice, you
finally get a line to double pleep back, but being the curious phreak that you are,
you change the tones/durations to look for a better seize and find that the first sieze
is the only one that'll get the line to even respond back, you look through your "trunks"
to find that it isn't there and you can't remember the old sieze! With this logging feature
its bound to save your ass at least once. Volume and speed isn't a problem - even from my
old shitty laptop with a 100mhz processor, If you can get this to work, I advise you to
use it!
Scavenger Drawbacks: This would be the worlds best dialer if not for several important
things. 1. I can't get the breaktone to work - AT ALL. I dont know about you, but its
very important that my bluebox program actually be able to bluebox (It does dial c5
digits, and DTMF and the scripting language works like a dream). 2. The GUI is kind
of cluttered, its good that Scavenger was able to fit all of this into a nice and
neat GUI, but its just my personal preference.
Telekom Bluebox System -BKA- German Bluebox
Some of you may remember this program. Its neat, simple and to the point. This one
works perfectly on my Adlib card (iam starting to see a pattern here), so anyone can
use it. Everything is squished into 5 options, you're either breaking, dialing, or
choosing/entering a number for the phonebook. The words are in German; which makes
it easier for our german/english bilinquals. For those of you who NEED to know what
it says, it roughly translates to:"Telecom BlueBox System - A new service of the
german Ptt Administration-telecom; 'A' for present; 'W' for select; 'V' for directory;
'E' for input number; and 'Q' for quit ;)
MF Dial version 1.0~beta by Vic
MF-Dial has a simple UI, it DOES break a line that uses typical c5 break tones.
I dont recommend using it unless you're forced to. It works fine with my Adlib
sound card, allows manual dialing (I dont know why, but it does), and isn't half
bad compared to other bluebox programs. If you want, make a boot-disk and run this
off that old DOS laptop you bought off of ebay. Take it to a payphone - and if you
get chased by a curious telco security agent, just ditch/destroy the disk (in a
nut-shell, its small enough to fit uncompressed on a 1.44mb floppy; with enough
room for your DOS startup files).
The Little Operator - TSPS for the masses! By Urmel
Just like BlueBeep, TLO has several 100 # phonebooks, allows use of the mouse,
has a nice interface (well, not better than bluebeep, but better than most) -
allows the production of purple noise, war-dials, frequency scans, includes a
timer (for no real reason - but it looks cool that way!), multiple dial sets,
and it follows the common format (A=Kp1 B=Kp2 C=ST) that we all have come
accustomed to. If you dont want to use BlueBeep because you hate Onkel Deitmeyer,
then use TLO - it'll give you almost the same funtionality - and a bonus for the
lazy people; purple noise!
TLO drawbacks:
It doesn't have its own scripting language, which drastically limits its
capabilities (a program this good should have its own scripting language) and
at higher speeds - it skips digits (same problem with BlueBeep). I like the
ability to change your volume level, and the coolness of the purple noise feature;
if you can't get can't get Scavenger to work, and dont like BlueBeep - TLO is the best.
Tank4 Dialer by Tank4
This dialer was made for personal use, but was sold to Cuebiz in '98 for about
50 US cents. It works great with my adlib sound card and even worked on a
Windows[tm] 3.1 box, which has a software based sound card. So I guess it
varies from machine to machine whether it'll run through Windows. Its great
for Kp1'ing into Venezuela CompuServe because it comes with its own full
featured Terminal program (or you could use it to shell to DOS and use your own
Terminal program, yes it lets you shell to DOS!), you can edit your modem commands
if need be, it allows up to 5 simultaneous tones, which means you can utilize c4
dialing, and it has an easy to use frequency scanner (sweeper) that any idiot could run.
If you're on LYNX or didn't look at the screenshot to your left, then you'll need
to know that this program DOES have its own phonebook which is pretty cool. You wont
be able to transfer it to any other program like BlueBeep, Scav, or TLO which kinda
sucks; but the program itself is awesome.
Tank04 Dialer drawbacks: The default c5 dial-set was too SLOW, and had to be modified
for re-release on Telco Inside (not purposly, but I had to use it to review it, right).
When looking at timing, you'll notice that "50" doesn't literally mean 50ms; but rather
just Tank4 timing standards, so it'll take a bit of fiddling around to figure everything
out (it could be because of the shitty 100mhz processor Cuebiz gave me to work with,
but I could be wrong). I had to add my own break-tone, because Tank04 didn't include
an average c5 break string. This program is nice and made for calling Venezuela country direct.
P-80 Box by The Researcher
Though it looks like this box was made in VB-DOS, it isn't as fancy as it looks
like. It doesn't have it's own phonebook, it doesn't have a scripting language,
it was made mainly for System R1 dialing (you're CCITT5 break, is labeled "European
Break"), it uses different standards for representing the C**, KP*, and ST digits
(K=kp1, p=kp2, E=c11, T=c12, and S=ST) and it's US specific (ACTS) when it comes
to its red-box capabilities. Its strange; but able to make a decent call to an
average c5 line (since you can't change the break tones). You enter the dial-string
and press enter. You can then watch the magic happen.
On the plus side: If you dial into a country that uses R1 as its regional signalling,
then you could BlueBox locally (within that country) and try out those ol' GreenBox
tones (why not? They're in the prog, right?).
BlueBeep V1.0 by Onkel Deitmeyer!
We here at Telco Inside like BlueBeep, for several reasons. We like the interface,
we like the programmer, we like its recommended sound card (Adlib beey0tch!), we like
its GUI, and of course - we like all of the goodies that BlueBeep has to offer
(including v1.0's .exe overlay system). Its gone through three previous versions and
I personally love all of them! It supports the use of the mouse (*sigh* alas ...),
has its own "not-so-bad" scripting language, has its 100 # phonebook interchangable
with TLO (Urmel, admit it - you did use BlueBeep's phonebook routine), and has all
the tones that'll bring you closer to a 10 year sentence ;) What is this I hear? You
dont want to take a 10 year vacation with your new boyfriend, Bubba? Well, Onkel thought
of covering your ass with BlueBeep's password protection system. Now what other evidence
will the pigs have besides that fact that you have BlueBeep on your computer? Have BlueBeep
questions? Check out BlueBeep's ueber-leeto help files! Dont forget to read the cool
stories in its HoHoCon release and V1.0!
BlueBeep drawbacks: It's scripting language is rather general, which stops users from
getting specific with it (clear_screen doesn't clear the screen!). "Flight through space"
should of been put as a DOS "screen-saver", but I guess thats just Mr. Deitmeyer's
personal preference as to not crash a DOS screen in Windows[tm]. It can only handle
3 simultaneous tones, which is good for guard tones but makes it unable to utilize
c4 dialing. At faster speeds, BlueBeep skips tones (c5 dialing) and causes calls to
be hung up or reordered - this often kills me when I finally get two pleeps from a
line I've been playing with for days. Besides, that - BlueBeep is the WORLD's BEST
software bluebox, EVER!
Blue-Dial v6.2 by Casanova
This program is fairly popular. Its been through 3+ versions, and each time,
its GUI changed. I'd like to thank Casanova for confusing me like that. It was
a blast finding a new interface each time. I like this program because it allows
you to CHOOSE what kind of sound card you're using, which really makes support
better than others. Another good thing about it is, its one of the few that
actually (by default) has a working break-tone with perfect, CCITT5 standard
timings. As you can see, I tried this on Venezuela to see if it works and it
does (at times) when you dial in direct. It supports multiple dial-sets/trunks
and has a well thought-out help
menu system. The phonebook lay-out isn't that bad either, ie: you can dial a number
by just hitting a key on your keyboard, *BUT* one big drawback is that the display
on this program is really distracting ("it flashes Blue-Dial v6.2" -then- "Please
help me to improve BlueDial"). Its a good program, though - its just distracting.
Now, all of you LYNX/command-line people; dont download BlueDial v6.2 *JUST* to find
out the numbers for Venezuela CompuServe carriers (*hint* *hint*).
/usr/bin/UAE/floppy
WhiteBox v11 by Quasar/Liberty
You didn't think I'd forget the loyal Amiga users, right? I decided to throw
up some of the old Amiga programmes that I had hiding on disks; since the only
"popularly" distributed Amiga phreaking progs on the net are either HellsHacker
(*NOT* a phreaking prog - why are there tons of people distributing this as a
"kick-ass phreaking program for the amiga"?), or those stupid DTMF-only dialers.
I recommend using this with older Amiga OS's because it looks fucked up on mine.
It supports manual dialing of both DTMF and CCITT5, has a decent phonebook, and
has premade break tones. I personally dont like it, the layout looks cluttered.
Dial-o-Mat by Jolly Roger
I dont think you'll find this program on the internet anymore. I got this off
of Innuendo BBS, which I doubt is still running. It supports 8 tones played at
once (Amiga, remember?) Has the option to show the tones in plain text, has 20
phonebooks, comes with pre-made dialsets (c5, dtmf, c4, and "B-Netz"?), has a
WORKING spectrum analysis tool, and it even works well with modems (*cough*
Venezuela compuserve *cough*) - allowing you to configure your own baud rate,
pickup, hangup and answer modem commands. Just like above, I haven't gotten
around to trying this out - seeing that I dont want to lug my Amiga across the
street *just* to see if it'll work on China Direct.
Note: These are all the Amiga dialers that I have right now, if you still have
copies of Arrested Dialer Workshop, Cdial or the like - send 'em on over to me
@ sarts@telco-inside.tk subject amiga warez.
Conferencing, BLV/EMER-INT, and other "tricks"
Now, common knowledge: CCITT5 signalling cannot send CLID, ANI, or DNIS
information because it wasn't ment to use the ISDN "D" channel or rather
ISDN via international. So, this in general causes an ANI-Failure upon
calling US operators or anyone able to read/forward ANI. So, this will allow
you to fake out AT&T once again - and spoof your ANI. By requesting an op-divert
to a non-WATS conference setup operator (Iam not giving out numbers, fool!) -
you'd be able to bill the call to an enemy and also have them catch the bill
for the conference (only if they dont do call-backs, if they do you'll have to
use the next method). OR, if you're really good at social engineering - you
could ring up the "local" line that gives you the AT&T conference operator
and set it up that way (as an operator).
BLV or Busy Line Verification is a treat that system R1 phreaks had a little
fun with. You'd bluebox to an area's INWARDS op and tell her you need a busy
line interrupt on xxx-xxxx, she'd then punch out VFY+kp1+[BLV screening code]+
[prefix]+[suffix]+ST and then be able to hear gargled noise if the line was in
use and silence if it wasn't. It was cool, and even better when you got them
to interrupt the call. The bad thing about *that* method was that you'd have
to talk to an op. You could still do it by KP2'ing into the US as an operator,
BUT thanks to NynexPhreak we're able to do TRANSIT verifies. It was found that
seizing a c5 BLV trunk was just the same as seizing any other trunk - except a
third tone was to be sent with your clear forward (280hz, 240hz are norm) that
would elavate you to VFY status. Routing would then go Kp2-CC-0-[npa-prefix-suffix]-ST
with Kp2 and STart being sent at 115ms and each digit being sent at 95ms. If the line
is busy you'll hear "rubbish-noise" and if its not, you'll hear silence.
Emergency Interrupt on system R1 would still have to be done through an INWARDS/TSPS op,
which was cool when you got it to work. On c5 trunks, you'd BY-VFY a line then use 440hz
to "call intercept".
Route a call around the world (reorder several trunks) to the payphone next to you.
Thats right! This was last done in the 60s - and now you can do it just like the Captain.
Please note that I dont recommend that you do this because you'll really piss people off.
This was known as "trunk stacking", which is really just seizing multiple lines and stringing
them together. This is pretty cool, because this'll allow you to be totally anonymous
when hitting the last "link" (*hint* *hint* it'll take the pentagon a while to find
you). You'd start off by calling a country, seizing a trunk, then calling another
country with a different duration seize. You could do this forever and then finally
kp2 to the payphone next to you. The voice-delay time should sound pretty interesting
(ie: say "who0t" into one payphone and wait for it to reach you on the other one as
"*static* ........... *static* who0t").
Note: My buddy NynexPhreak first PUBLICLY released information on c5 BLV trunk
seizing in '99 (though it was rumoured through the underground for months before);
so he deserves the credit.
Area code / Prefix changes
Within the past two years, there have been area code and area prefix changes
that usually screwed up someone trying to kp1 calls into the country or trying
to get an international sender. Two countries of which this has happened are
Slovakia and Honduras. Here's how everythings setup now:
Slovakia Location Area Code
Bratislava 2
DunaJska' Streda 31
Trene'in 32
Trnava 33
Senica 34
Nove' Za'mky 35
Levice 36
Nitra 37
Topoe'any 38
Zilinia 41
Povazska Bystrica 42
Martin 43
Liptovsky' Mikul'as 44
Zvolen 45
Prievidza 46
Lue`enec 47
Banska Bystrica 48
Presov 51
Poprad 52
Spisska Nova ves 53
Bardejov 54
Kosice 55
Michalovce 56
Humenne' 57
Rozoava 58
Nicaragua (505) Area Code
Boaco 54
Chinandega 341
Diriamba 4222
Esteli 71
Granada 55
Jinotepe 41
Leon 311
Managua 2
Masatepe 44
Masaya 52
Nandaime 4522
Rivas 46
San Juan Del Sur 4682
San Marcos 43
Tipitapa 53
Belize (501) Area Code
August Pine Ridge 3
Belize City 2
Belmopan 8
Benque Viejo Del Carmen 93
Blue Creek 3
BurrelBoom 28
Caye Caulker 22
Corozal Town 4
Dangriga 5
Guinea Grass 3
Hattieville/ Tropical Park 25
Independence 6
Ladyville 25
Orange Walk 3
Patchakan 4
Placencia 6
Progresso 3
Punta Gorda 7
Sand Hill 25
San Estevan 3
San Ignacio 92
San Joaquin 4
San Jose/ San Pablo 3
San Narciso 4
San Pedro 26
Sareneja 4
Spanish Lookout 8
Stan Creek 5
Yo Creek 3
Honduras Prefix change
* Note: Added Belize and Nicaragua area codes for further reference,
more will be posted when asked.
Why is my HCD call routed SS7, through VA or MO?
Iam assuming you're talking about all AT&T country direct routes, which
as of '98 (actually it only RECENTLY started becoming a pain in the ass)
are routed via AT&T's International Call Services. This little bastard was
created to have WATS numbers terminating in other countries monitored 24/7,
as along with setting up better connections (ie: SS7) to international countries.
So, all countries joined into this alliance (*ahem* I mean, subscribed to
this service) will 99% of the time be switched off to SS7. Who's signed up?
KDD (Japan), Singapore Telecom, AT&T-Unisource, Telstra (australia), NZ
Telecom, Alestra of Mexico, HongKong telecom, AT&T Canada, Korea Telecom,
Philipines PLDT, Bezeq International (Israel), CHT-I (Taiwan), CAT (Thailand),
Telekom Malaysia, Indosat (indonesia), Telebras of Brazil and VSNL (india).
Does this mean bye bye, c5 philipines? Uh huh :(
Want proof? By looking up Philpines direct in AT&T's anywho database,
you'll notice that you'll get "Philipines Country Direct via Philco - Reston,
VA 20190 TF", TF meaning Toll Free. Hrrrm. Its located in Virginia, but yet
when calling it at 2am, the ringback isn't US standard (420Hz modulated by a
sine wave of 25Hz played for 2 seconds - 4second silence - then recycle). Why?
AT&T's International Call Service Summit is located in Reston, VA - so; all
calls go through this gateway for monitoring, then via SS7, its sent off over
seas. In MO, Iam not 100% sure where its call service summit is located, so
I've narrowed it down a possibiliy. A CLEC in Blue Springs run by SW Bell
(Verizon) located at 300 S 15th st
Other lines that route through VA (besides the obvious mentioned above)
are Belize (still c5?), Hungary, and Turkey. Lines that route through Montana
are calls going to Croatia, Czech, Baharain, and Fiji. Of all these lines,
the only one that gives a c5 route is Belize. If anyone has a real, CONFIRMED
answer as to whats up with the MO route, email me about it - because Iam really
curious here.
Why do you care about routing?
Some times, you'll encounter problems and wonder why. You'll start to realise
that blueboxing is much like hacking "blindly". You dont know the location of
this switch (well, except what country its in), and you dont know how you got
from point A to point B. Cable and sattelite routing is an essential lesson
that you'll slowly learn by reading, and talking to other phreaks. When traveling
through these intercontinental connections, its important you know how it all
stacks up. Below is a map out of sattelite and cable links.
Questions and answers
Whats TASI clipping?
T.A.S.I was made to clear up intercontinental idle trunks when voice
isn't passing through. So, lets say that you call up your friend in China
where TASI clipping is enabled and you stop talking for about 4 minutes,
it uses "your" trunk to route another call and when you start talking again,
it reassigns you another trunk. This results in about half a second of missing
voice, thus it being "clipped" off.
Whats international sender?
This is mostly found on R1/c5 hybrid systems. Where you CANNOT kp2 out!
So, to make international calls, they'd use international senders to specify
what country they'd be calling - the format went kp1+011+country code+ST,
you'd then hear one pleep then you could proceed to punch out the AreaCode
and Phone Number to go international (without country code, because you already
specified it), routing went something like: kp1+dd+AreaCode+PhoneNumber+ST.
I want free long distance, is blueboxing the way to go?
To make it simple. No. If you want freë long distance; stick to k0dez.
BlueBoxing was ment for explorers. People who find telephone signalling
absolutely the most remarkable thing in the world. Stop killing our lines
with your abusive intentions and BlueBeep'ing joy-sticks.
Can I bluebox with Verizon country directs?
Yes, but maybe not for long. I got a hold of a 15mb .ra recording of a
MeetingPlace conference that sounded relivent to these "recent" changes.
The attendees went over GSI's responsibility to setup Level 3 comm gateways
for Verizon's new network. From what I heard, as of late 2001; there's two
new gateways in Los Angeles. One which will act as a hub for connecting
customers to Western Canada, Asia and Mexico, and another *private* gateway
that'll connect LA with the inernational gateway in New York (Eastern Canada
and Europe route). Then, I rang up my contact in Miami and he let me know that
the Miami international gateway will now be a hub for connections to the
Caribbean, and South America. These changes are said to save Verizon close
to 300 million US dollars over a period of 5 years. Iam not 100% sure if
this will effect anything when it comes to c5 calls. I dont think so, but
I could be wrong.
How do I get US ops?
LOD and Phrack covered this tons of times, but I guess I'll go over it
once again. To get INWARDS, you'd punch out kp2+1+2+NPA+121+ST, to get the
toll test board you'd do kp2+1+2+NPA+101+ST, Oversea's completion goes
kp2+1+2+NPA+151+ST, and Directory Assist. goes kp2+1+2+NPA+131+ST.
Why dont you give out c5 #s anymore?
Please note that everytime you bluebox off a HCD - you're bringing the
line one step closer to being shut down. No, they wont know that YOU'RE
doing it, but ... okay, here's how it goes. Most US HCD's belong to calling
card companies that are offering their services to tourists visiting the US,
wanting to call home with their international calling card. THEY'RE TRYING
TO DO A GOOD DEED HERE! Now, here you come tricking their system into
thinking you called them and hung up. While the US is still billing THEM
for this call. Now, they'll report to AT&T that they only used about 300
hours of call time (which they believe is true) - then AT&T would have on
their print-outs that it was closer to 900 hours; AT&T would accuse the
foreign telecom of trying to rip them off and shut-down the line. THAT
is why Honduras directo doesn't work anymore, THAT is why China found it
cheaper to switch off to SS7. So, when I find a line being heavily abused
- AT&t will get a call from a helpful phone phreak who WANTS SS7 used! bey0tch!
What references do you recommend I read?
I *did* do several write-ups on the subject of blueboxing - of which
all Iam pretty embarrased of (I used to be into abusing them). I dont
recommend that you read the files I've written on it if you're looking
for rock-solid, responsible information. I DO have ITU-T recomm. CCITT5
related "Q" files for your reading, along with a list of international
area codes for China, Belize, and Nicaragua (Slovakia and Honduras area
codes and code changes are listed above). Read them @ /files/bluebox.
Note: This file isn't far from done. Iam currently re-doing the old
Jolly-Box writeup, testing out linux blueboxing software, and I'll be
adding more international exchange stuff when the time is right.
"Stop the distr0 of HellsHacker; you sons of bitches!"
If you want to download any of the programs featured (and more), http://telco-inside.spunge.org/
+++