|The SARTS BlueBoxing journal|
Hi, Iam SARTS, Cuebiz's pet Yorkshire Terrier and the official mascot of Telco Inside. You see,
Cuebiz thought it would be funny to have a dog type up infoz on blueboxing and I didn't want to do it
until he threatened to stop feeding me bacon and hotdogs, so here it is; you fucking HOMOsapiens!
For the n00bs
The year is 1955, when the Bell Technical Journal
published an article entitled "In Band Signal Frequency
Signalling", which described the process used for basic
routing, and hanging up trunks for the (back then) current
signalling system; R1. In the year 1964, TBTJ published
the remaining half of its "key ring" by releasing the frequencies
used for hanging up, and routing long distance calls.
This article was ment for use by Bell techs, though
they hadn't realized that 90% of the US engineering schools also had
subscriptions to TBTJ. In 6 months time, they recalled all issues;
with hopes that noone took notice to their mistake ....
A year later, Bell engineers were sent over to Washington State College;
to investigate a massive ammount of lengthly calls being made to an "out of area"
WATS number. Upon arrival they discovered ... a strange device with a blue metal
chassis connected to a public payphone;. The device was later nicknamed the "Blue Box" ....
Read more about this here
Then, in November 1988, The CCITT (now known as ITU-T) published recommendation Q.140, which goes
over System No. 5's international functions, and once again giving away its "secret key".
When making a call in the 60's, you would actually be
able to hear your exchange talking to your buddy's exchange when
making a long distance call (ie: via WATS or direct dial), and
the theory is: If we can hear it, we can try to imitate it. This is
the basic idea that brings about blueboxing.
Now, the basic principle with R1 signalling was that when a
trunk was NOT in use, it whistled at 2600hz, or 2600 cycles
per second. The exploit is obvious from here.
If one could find a way to imitate the 2600hz whistle, then
he'd would be able to trick a long distance trunk into thinking that the other
person on the line "hung up". Now, by releasing the tone, the
trunk will hear silence - and think that its once again "in use"
and ready to route another call.
From there, the "blueboxer" is in fact, his own operator. Free to
route calls via terminal or transit as he/she wished (please note that this was obviously
before the creation of ESS).
System R1 was exploited up right until Ron Rosenbaum's Esquire article was published,
it's available for you to read @ Http://telco-inside.spunge.org/files/esquire-sotlbb.txt.
Of course, abuse sky-rocketed, which forced the telco to take action with its "secret weapon", CCIS, also known as Common Channel Interoffice Signalling, specifically SS6.
This in turn killed system R1 exploration in the US except for several remote areas (which was later killed off in the late 80s).
In the late 80's - early 90's - trans-atlantic cable routes were publicly available and fairly common, the US switched from SS6 to SS7 connections
(our current signalling system) which gave us fast, clear, and totally "unboxable" lines. This also brought about new advances in the telco; and they started
to intigrate Home Country Direct WATS numbers, which allowed the US to have WATS numbers directly routed to other countries with different types of transit
signalling systems, of which 90% were analogue (similar to R1, in the sense that signalling takes place via voice). This opened up a new way to blue-box for *FREE*.
1. The US (or whereever) gateway would first seize a trunk (2400hz) to start routing; the recommended seizure time is
approximately 125ms. Once a trunk has been seized, the remote switch will respond back with a "proceed to send" to prompt the
US gateway to start sending route information. The address information is then send to tell the international switch where to route
the call ... Once the international switch hears an ST, it routes the call. You'll then get an audible cheep upon answer, of which the US international gateway would acknowledge
2. This is when speach takes place. The guard circuit "listens" to makes sure that the call wont end prematurely if someone accidentally whistles
into the line or something.
3. If *they* hang-up, the remote switch will send a clear-back signal to tell the US switch that the caller on its end had hung up
and so the call has ended. The US switch would then audibly acknowledge it. The US switch would almost immediately try to "clear" the trunk by sending a "clear-forward" to tell the international switch that the trunk
is now free, and then the international switch would respond back with a release guard and set the trunk to idle (it can once again be seized).
System No. 5 synapses
C5 is one of the most affordable, versitile signalling systems in the world today, as well as the worlds MOST used
system for intercontinental operations. It allows for interworking between regional systems such as R1 and R2, while also being
able to encode/decode digital (SS7) via transit with D-CCITT#5. To prevent false release - it intigrates (strongly suggested
since the updated CCITT #5 recommendation) the use of a release guard tone to be sent in comound with the clear forward - something that is unique
to System No. 5. Its also able
to turn PCM with neat little add-on's such as DSU600-type platforms. Setup and take-down of trunks are unbelievable when taking
into consideration that its an analogue system.
TASI clipping can be bypassed, BLV trunks are able to VFY via transit, digits are sent in the forward position (with the exception of C5-bis) with 55ms durations and
spacing that varies between regions (areas in Zone 1 tend to use faster dialings; commonly being 80ms).
Dialing is exactly the same as System R1, but with a Transit signal (kp2), a Code-11 signal (INWARDS), and a Code-12 signal (Directory Assistance op) used for faster
routing. Routing is also done similar to System R1 (able to route via cable/sattelite/microwave/or radio with its descriminating digit) except for the fact that you can route intercontinental with kp2,
and reach operators with C11 and C12.
C5 connections tend to use a broad spectrum of other signalling systems when being converted to digital. By far one of the most interesting
was when Dynamics explained the old route from Belize to the US. Which went through a bunch of DMS-100's then to the national gateway via SS7, then using an
R1 connection to the 5ESS international switch which was then encoded to a digital C5 connection going to the US. *sigh* C5 being used in its prime, how
friggin beautiful. (unlike
the US who has the same boring SS7 routes and then finally a digital C5 Belize link in Miami, bleh - boring!).
The C5 dial-set and control chart is put together below:
BlueLink v1.1 by Ramses III
This isn't a very popular dialer. Slut139 bought this very program back in '95 from
Urmel and we haven't seen it online since. The tones are displayed as they are
sent to your sound card (works excellent on my Adlib sound card), which isn't a very
bad idea; it has a nice dialing speed that works great with today's faster (*cough* *cough*)
c5 trunks. The bad thing about BlueLink is that it was made for private use in the
early 90's - so it only supports two tones being played at once (ie: the recommended ccitt5 standard
seize/clear) which is a bitch to use on #s that require a guard tone. If anyone has a higher
version please email me at email@example.com.
Scavenger dialer by Scavenger
This is yet another rare gem that seemed to have faded away along with the pstn-bbs scene.
It was written in the early 90s and went through three previous versions. It has a scripting language
three times better than BlueBeep, it has a timer that allows you to run scripts at a specified time
while working in the Scavenger GUI, it has the ability to dial your c5 number (wats/direct dial) without having
to change your dial-set (anything in the "toll free numbers" section will be dialed with DTMF and everything
else is dialed with c5 dialing), it by default lets you use c4 dial pulsing (more tones), it has a program to
convert TLO/BlueBeep phonebooks into Scavenger format,
its compatable with several THC products (Hi Van Hauser!), and it has
a feature to log your break tone actions. I know some of you are thinking, wtf am I going to do with a
logging feature? Well, here's a scenerio that's happened to me at least twice, you finally get a line to
double pleep back, but being the curious phreak that you are, you change the tones/durations to look for a
better seize and find that the first sieze is the only one that'll get the line to even respond back,
you look through your "trunks" to find that it isn't there and you can't remember the old sieze! With this
logging feature its bound to save your ass at least once. Volume and speed isn't a problem - even from my
old shitty laptop with a 100mhz processor, If you can get this to work, I advise you to use it!
Scavenger Drawbacks: This would be the worlds best dialer if not for several important things.
1. I can't get the breaktone to work - AT ALL. I dont know about you, but its very important that my bluebox
program actually be able to bluebox (It does dial c5 digits, and DTMF and the scripting language works like
a dream). 2. The GUI is kind of cluttered, its good that Scavenger was able to fit all of this into a nice
and neat GUI, but its just my personal preference.
Telekom Bluebox System -BKA- German Bluebox
Some of you may remember this program. Its neat, simple and to the point.
This one works perfectly on my Adlib card (iam starting to see a pattern here), so anyone can use it. Everything
is squished into 5 options, you're either breaking, dialing, or choosing/entering a number for the phonebook. The words
are in German; which makes it easier for our german/english bilinquals. For those of you who NEED to know what
it says, it roughly translates to:"Telecom BlueBox System - A new service of the german Ptt Administration-telecom;
'A' for present; 'W' for select; 'V' for directory; 'E' for input number; and 'Q' for quit ;)
MF Dial version 1.0~beta by Vic
MF-Dial has a simple UI, it DOES break a line that uses typical c5 break tones. I dont recommend using it unless
you're forced to. It works fine with my Adlib sound card, allows manual dialing (I dont know why, but it does), and isn't
half bad compared to other bluebox programs. If you want, make a boot-disk and run this off that old DOS laptop you bought
off of ebay. Take it to a payphone - and if you get chased by a curious telco security agent, just ditch/destroy the disk (in
a nut-shell, its small enough to fit uncompressed on a 1.44mb floppy; with enough room for your DOS startup files).
The Little Operator - TSPS for the masses! By Urmel
Just like BlueBeep, TLO has several 100 # phonebooks, allows use of the mouse, has a nice interface (well, not better
than bluebeep, but better than most) - allows the production of purple noise, war-dials, frequency scans, includes a timer (for no
real reason - but it looks cool that way!), multiple dial sets, and it follows the common format (A=Kp1 B=Kp2 C=ST) that we all
have come accustomed to. If you dont want to use BlueBeep because you hate Onkel Deitmeyer, then use TLO - it'll give you almost
the same funtionality - and a bonus for the lazy people; purple noise!
It doesn't have its own scripting language, which drastically limits its capabilities (a program this good should have its
own scripting language) and at higher speeds - it skips digits (same problem with BlueBeep). I like the ability to change your volume level,
and the coolness of the purple noise feature; if you can't get can't get Scavenger to work, and dont like BlueBeep - TLO is the best.
Tank4 Dialer by Tank4
This dialer was made for personal use, but was sold to Cuebiz
in '98 for about 50 US cents. It works great with my adlib sound card and
even worked on a Windows[tm] 3.1 box, which has a software based sound card.
So I guess it varies from machine to machine whether it'll run through Windows.
Its great for Kp1'ing into Venezuela CompuServe because it comes with its own
full featured Terminal program (or you could use it to shell to DOS and use your own
Terminal program, yes it lets you shell to DOS!), you can edit your modem commands if need be,
it allows up to 5 simultaneous tones, which means you can utilize c4 dialing, and it has an easy
to use frequency scanner (sweeper) that any idiot could run.
If you're on LYNX or didn't look at the screenshot to your left, then you'll need to know that this
program DOES have its own phonebook which is pretty cool. You wont be able to transfer it to any other
program like BlueBeep, Scav, or TLO which kinda sucks; but the program itself is awesome.
Tank04 Dialer drawbacks: The default c5 dial-set was too SLOW, and had to be modified for
re-release on Telco Inside (not purposly, but I had to use it to review it, right). When looking at timing,
you'll notice that "50" doesn't literally mean 50ms; but rather just Tank4 timing standards, so it'll take
a bit of fiddling around to figure everything out (it could be because of the shitty 100mhz processor Cuebiz gave
me to work with, but I could be wrong). I had to add my own break-tone, because Tank04 didn't include an
average c5 break string. This program is nice and made for calling Venezuela country direct.
P-80 Box by The Researcher
Though it looks like this box was made in VB-DOS, it isn't as fancy as it looks like.
It doesn't have it's own phonebook, it doesn't have a scripting language, it was made mainly for
System R1 dialing (you're CCITT5 break, is labeled "European Break"), it uses different standards
for representing the C**, KP*, and ST digits (K=kp1, p=kp2, E=c11, T=c12, and S=ST) and it's US specific
(ACTS) when it comes to its red-box capabilities. Its strange; but able to make a decent call to an
average c5 line (since you can't change the break tones). You enter the dial-string and press enter. You
can then watch the magic happen.
On the plus side: If you dial into a country that uses R1 as its regional signalling, then you could
BlueBox locally (within that country) and try out those ol' GreenBox tones (why not? They're in the prog, right?).
BlueBeep V1.0 by Onkel Deitmeyer!
We here at Telco Inside like BlueBeep, for several reasons. We like the interface, we
like the programmer, we like its recommended sound card (Adlib beey0tch!), we like its GUI, and
of course - we like all of the goodies that BlueBeep has to offer (including v1.0's .exe overlay system).
Its gone through three previous versions and I personally love all of them! It supports the use of
the mouse (*sigh* alas ...), has its own "not-so-bad" scripting language, has its 100 # phonebook interchangable
with TLO (Urmel, admit it - you did use BlueBeep's phonebook routine), and has all the
tones that'll bring you closer to a 10 year sentence ;) What is this I hear? You dont want to take a 10 year
vacation with your new boyfriend, Bubba? Well, Onkel thought
of covering your ass with BlueBeep's password protection system. Now what other evidence will the pigs have
besides that fact that you have BlueBeep on your computer? Have BlueBeep questions?
Check out BlueBeep's ueber-leeto help files! Dont forget to read the cool stories in its HoHoCon release and V1.0!
BlueBeep drawbacks: It's scripting language is rather general, which stops users from getting specific with it (clear_screen doesn't clear
the screen!). "Flight through space" should of been put as a DOS "screen-saver", but I guess thats just Mr. Deitmeyer's personal preference as to not
crash a DOS screen in Windows[tm]. It can only handle 3 simultaneous tones, which is good for guard tones but makes it unable to utilize c4 dialing.
At faster speeds, BlueBeep skips tones (c5 dialing) and causes calls to be hung up or reordered - this often kills me when I finally get two pleeps
from a line I've been playing with for days. Besides, that - BlueBeep is the WORLD's BEST software bluebox, EVER!
Blue-Dial v6.2 by Casanova
This program is fairly popular. Its been through 3+ versions, and each time, its GUI changed. I'd like
to thank Casanova for confusing me like that. It was a blast finding a new interface each time. I like this program
because it allows you to CHOOSE what kind of sound card you're using, which really makes support better than others.
Another good thing about it is, its one of the few that actually (by default) has a working break-tone with perfect,
CCITT5 standard timings. As you can see, I tried this on Venezuela to see if it works and it does (at times) when you dial in
direct. It supports multiple dial-sets/trunks and has a well thought-out help
menu system. The phonebook lay-out isn't that bad either, ie: you can dial a number by just hitting a key on your keyboard, *BUT* one
big drawback is that the display on this program is really distracting ("it flashes Blue-Dial v6.2" -then- "Please help me to improve BlueDial").
Its a good program, though - its just distracting. Now, all of you LYNX/command-line people; dont download BlueDial v6.2 *JUST* to find out the numbers for Venezuela CompuServe carriers (*hint* *hint*).
WhiteBox v11 by Quasar/Liberty
You didn't think I'd forget the loyal Amiga users, right?
I decided to throw up some of the old Amiga programmes that I had hiding on disks; since the only
"popularly" distributed Amiga phreaking progs on the net are either HellsHacker (*NOT* a phreaking
prog - why are there tons of people distributing this as a "kick-ass phreaking program for the amiga"?), or
those stupid DTMF-only dialers. I recommend using this with older Amiga OS's because it looks fucked up
on mine. It supports manual dialing of both DTMF and CCITT5, has a decent phonebook, and has premade break tones.
I personally dont like it, the layout looks cluttered.
Dial-o-Mat by Jolly Roger
I dont think you'll find this program on the internet anymore. I got this off of Innuendo BBS, which
I doubt is still running. It supports 8 tones played at once (Amiga, remember?) Has the option to show the tones in plain text, has 20 phonebooks, comes with pre-made dialsets (c5, dtmf, c4, and
"B-Netz"?), has a WORKING spectrum analysis tool, and it even works well with modems (*cough*
Venezuela compuserve *cough*) - allowing you to configure your own baud rate, pickup, hangup and answer modem commands. Just like
above, I haven't gotten around to trying this out - seeing that I dont want to lug my Amiga across the street *just* to see if it'll
work on China Direct.
Note: These are all the Amiga dialers that I have right now, if you still have copies of Arrested Dialer Workshop, Cdial or the like -
send 'em on over to me @ firstname.lastname@example.org.
Conferencing, BLV/EMER-INT, and other "tricks"
Now, common knowledge: CCITT5 signalling cannot send CLID, ANI, or DNIS information because
it wasn't ment to use the ISDN "D" channel or rather ISDN via international. So, this in general causes an ANI-Failure upon calling US operators or anyone able to
read/forward ANI. So, this will allow you to fake out AT&T once again - and spoof your ANI. By requesting
an op-divert to a non-WATS conference setup operator (Iam not giving out numbers, fool!) - you'd be able
to bill the call to an enemy and also have them catch the bill for the conference (only if they dont do call-backs, if they do
you'll have to use the next method). OR, if you're really good at social
engineering - you could ring up the "local" line that gives you the AT&T conference operator and set it up that way (as an operator).
BLV or Busy Line Verification is a treat that system R1 phreaks had a little fun with. You'd
bluebox to an area's INWARDS op and tell her you need a busy line interrupt on xxx-xxxx, she'd then punch out
VFY+kp1+[BLV screening code]+[prefix]+[suffix]+ST and then be able to hear gargled noise if the line was in
use and silence if it wasn't. It was cool, and even better when you got them to interrupt the call. The bad
thing about *that* method was that you'd have to talk to an op. You could still do it by KP2'ing into the US
as an operator, BUT thanks to NynexPhreak we're able to do TRANSIT verifies. It was found that seizing a c5 BLV
trunk was just the same as seizing any other trunk - except a third tone was to be sent with your clear forward (280hz, 240hz are norm)
that would elavate you to VFY status. Routing would then go Kp2-CC-0-[npa-prefix-suffix]-ST with Kp2 and STart being
sent at 115ms and each digit being sent at 95ms. If the line is busy you'll hear "rubbish-noise" and if its not, you'll hear silence.
Emergency Interrupt on system R1 would still have to be done through an INWARDS/TSPS op, which was cool
when you got it to work. On c5 trunks, you'd BY-VFY a line then use 440hz to "call intercept".
Route a call around the world (reorder several trunks) to the payphone next to you. Thats right! This was
last done in the 60s - and now you can do it just like the Captain. Please note that I dont recommend that you do
this because you'll really piss people off. This was known as "trunk stacking", which is really just seizing multiple
lines and stringing them together. This is pretty cool, because this'll allow you to be totally anonymous when hitting
the last "link" (*hint* *hint* it'll take the pentagon a while to find you). You'd start off by calling a country,
seizing a trunk, then calling another country with a different duration seize. You could do this forever and then
finally kp2 to the payphone next to you. The voice-delay time should sound pretty interesting (ie: say "who0t" into one payphone
and wait for it to reach you on the other one as "*static* ........... *static* who0t").
Note: My buddy NynexPhreak first PUBLICLY released information on c5 BLV trunk seizing in '99 (though
it was rumoured through the underground for months before); so he deserves the credit.
Area code / Prefix changes
Within the past two years, there have been area code and area prefix changes that usually screwed up
someone trying to kp1 calls into the country or trying to get an international sender. Two
countries of which this has happened are Slovakia and Honduras. Here's how everythings setup now:
|Spisska Nova ves
| San Juan Del Sur
| San Marcos
|August Pine Ridge
|Benque Viejo Del Carmen
|Hattieville/ Tropical Park
| Orange Walk
| Punta Gorda
| San Ignacio
|San Jose/ San Pablo
| Stan Creek
Honduras Prefix change
* Note: Added Belize and Nicaragua area codes for further reference, more will be posted when asked.
Why is my HCD call routed SS7, through VA or MO?
Iam assuming you're talking about all AT&T country direct routes, which as of '98 (actually it only RECENTLY started becoming
a pain in the ass) are routed via AT&T's International Call Services. This little bastard was created to have WATS numbers terminating in other countries
monitored 24/7, as along with setting up better connections (ie: SS7) to international countries. So, all countries joined into this
alliance (*ahem* I mean, subscribed to this service) will 99% of the time be switched off to SS7. Who's signed up? KDD (Japan), Singapore Telecom, AT&T-Unisource,
Telstra (australia), NZ Telecom, Alestra of Mexico, HongKong telecom, AT&T Canada, Korea Telecom, Philipines PLDT, Bezeq International (Israel), CHT-I (Taiwan),
CAT (Thailand), Telekom Malaysia, Indosat (indonesia), Telebras of Brazil and VSNL (india). Does this mean bye bye, c5 philipines? Uh huh :(
Want proof? By looking up Philpines direct in AT&T's anywho database, you'll notice that you'll get "Philipines Country Direct via Philco -
Reston, VA 20190 TF", TF meaning Toll Free. Hrrrm. Its located in Virginia, but yet when calling it at 2am, the ringback isn't US standard (420Hz modulated by a sine wave of 25Hz played
for 2 seconds - 4second silence - then recycle). Why? AT&T's International Call Service Summit is located in Reston, VA - so; all calls go through this
gateway for monitoring, then via SS7, its sent off over seas. In MO, Iam not 100% sure where its call service summit is located, so I've narrowed it down a possibiliy.
A CLEC in Blue Springs run by SW Bell (Verizon) located at 300 S 15th st
Other lines that route
through VA (besides the obvious mentioned above) are Belize (still c5?), Hungary, and Turkey. Lines that route through Montana
are calls going to Croatia, Czech, Baharain, and Fiji. Of all these lines, the only one that gives a c5 route is
Belize. If anyone has a real, CONFIRMED answer as to whats up with the MO route, email me about it
- because Iam really curious here.
Why do you care about routing?
Some times, you'll encounter problems and wonder why. You'll start to realise that blueboxing is much
like hacking "blindly". You dont know the location of this switch (well, except what country its in), and you dont know how you got from point A
to point B. Cable and sattelite routing is an essential lesson that you'll slowly learn by reading, and talking to other phreaks. When traveling
through these intercontinental connections, its important you know how it all stacks up. Below is a map out of sattelite and cable links.
World map, up to date as of '99 (this is a map *just* to start you off, some things have changed)
Africa One cable map, for those of you who kept asking for it
Questions and answers
Whats TASI clipping?
T.A.S.I was made to clear up intercontinental idle trunks when voice isn't passing through. So, lets say that you
call up your friend in China where TASI clipping is enabled and you stop talking for about 4 minutes, it
uses "your" trunk to route another call and when you start talking again, it reassigns you another trunk. This results
in about half a second of missing voice, thus it being "clipped" off.
Whats international sender?
This is mostly found on R1/c5 hybrid systems. Where you CANNOT kp2 out! So, to make international calls, they'd
use international senders to specify what country they'd be calling - the format went kp1+011+country code+ST, you'd then hear one pleep
then you could proceed to punch out the AreaCode and Phone Number to go international (without country code, because you already specified it), routing went
something like: kp1+dd+AreaCode+PhoneNumber+ST.
I want free long distance, is blueboxing the way to go?
To make it simple. No. If you want free long distance; stick to k0dez. BlueBoxing was ment for explorers. People who find
telephone signalling absolutely the most remarkable thing in the world. Stop killing our lines with your abusive intentions and BlueBeep'ing joy-sticks.
Can I bluebox with Verizon country directs?
Yes, but maybe not for long. I got a hold of a 15mb .ra
recording of a MeetingPlace conference that sounded relivent to these "recent" changes.
The attendees went over GSI's responsibility to setup Level 3 comm gateways for Verizon's
new network. From what I heard, as of late 2001; there's two new gateways in Los Angeles. One which will
act as a hub for connecting customers to Western Canada, Asia and Mexico, and another *private*
gateway that'll connect LA with the inernational gateway in New York (Eastern Canada and Europe route).
Then, I rang up my contact in Miami and he let me know that the Miami
international gateway will now be a hub for connections to the Caribbean, and South America. These changes
are said to save Verizon close to 300 million US dollars over a period of 5 years. Iam not 100% sure if
this will effect anything when it comes to c5 calls. I dont think so, but I could be wrong.
How do I get US ops?
LOD and Phrack covered this tons of times, but I guess I'll go
over it once again. To get INWARDS, you'd punch out kp2+1+2+NPA+121+ST, to
get the toll test board you'd do kp2+1+2+NPA+101+ST, Oversea's completion
goes kp2+1+2+NPA+151+ST, and Directory Assist. goes kp2+1+2+NPA+131+ST.
Why dont you give out c5 #s anymore?
Please note that everytime you bluebox off a HCD - you're bringing the line one step closer to being shut down.
No, they wont know that YOU'RE doing it, but ... okay, here's how it goes. Most US HCD's belong to calling card companies
that are offering their services to tourists visiting the US, wanting to call home with their international calling card.
THEY'RE TRYING TO DO A GOOD DEED HERE! Now, here you come tricking their system into thinking you called them and hung up.
While the US is still billing THEM for this call. Now, they'll report to AT&T that they only used about 300 hours of call time (which they believe is true) -
then AT&T would have on their print-outs that it was closer to 900 hours; AT&T would accuse the foreign telecom of trying to rip
them off and shut-down the line. THAT is why Honduras directo doesn't work anymore, THAT is why China found it cheaper to
switch off to SS7. So, when I find a line being heavily abused - AT&t will get a call from a helpful phone phreak who WANTS SS7 used! bey0tch!
What references do you recommend I read?
I *did* do several write-ups on the subject of blueboxing - of which all Iam pretty
embarrased of (I used to be into abusing them). I dont recommend that you read the files I've
written on it if you're looking for rock-solid, responsible information. I DO have ITU-T recomm. CCITT5
related "Q" files for your reading, along with a list of international area codes for China, Belize, and
Nicaragua (Slovakia and Honduras area codes and code changes are listed above). Read them @ /files/bluebox.
Note: This file isn't far from done. Iam currently re-doing the old Jolly-Box writeup, testing out linux blueboxing software, and I'll be adding more international exchange stuff when the time is right.
"Stop the distr0 of HellsHacker; you sons of bitches!"
If you want to download any of the programs featured (and more), click here.