19 replies to this topic

[unknown_entity]

i know a little bit about phreaking but not much. Ive read some files about 4 years and thought that using Colored Boxes was dead. But now some of the stuff im reading im not so sure. i know some things like cheating cocots will be around for a while but what about Blue and Red boxes do they still work?

I am an EE major my local college so i can build pretty much any tone emitting box. It's just a question of if the tones still work today?

[inverse_arp]

one place you could check out is 2600 magazine's article by Lucky225, "the end of on era" in the summer 2002 issue, you could also check out :

www.phonelosers.org/red_box.html

[unknown_entity]

Do you know of a url that would have "the end of an era"
.
.
.
(EDIT)
Never mind i found it, it was only about 2 pages long.
If i have the right one?

But that answers part of my question. If i were to go send tones thru a line today blue or red tones will it do anything. Besides waste an evening constructing and tuning a tone emitter? Or is it all now useless knowedge?

[ntheory]

On modern switching equipment a blue box won't do anything. The trunks don't respond to 2600hz anymore because all the signaling is out-of-band.

Red boxes still work in places. Not sure how worth it it is to build one nowadays though. At least around me I'd have to search pretty hard to find a payphone that worked with it.

The only tone emitting colored box that I know of that still works is the orange box. Unfortunately all of them are done in software because it's a lot more than just a few simple tones. It's essentially a Bell 202 (correct me if I'm wrong here) modem-ish device to spoof caller ID. It's probably better left to software so you don't have to create a real world interface for it.

If you really wanted to try blue boxing you could go to Nantes, Quebec though. They still have an old crossbar or step switch. But I think it's the last in North America. Check out Evan Doorbell's recordings to see what he says about Nantes. He's a famous phone phreak and has lots of recordings of what he calls "phone trips". They're definitely a must listen if you're a phreak.

[dual]

For the lowdown on blue boxing, read this:

http://cal.phonelose...isplay&num=1650

And to red box, you'll probably have to go through an op. But remember, red boxing is not the end all be all of phreaking. Lots of boxes still work, and, better yet, you can create new boxes.

[ic0n]

unknown_entity, i replyed to your private message you sent. If i would of seen this i would of copy pasted it here.

[Dox]

im just checking out the Nantes recordings, this is some beautiful stuff.

[ntheory]

Cool. Glad you like them. Personally my favorite is part 1 of "How I Became a Phone Phreak". He hasn't released the rest of it yet but it's just so well done I can't hold it against him.

Evan Doorbell is really well spoken and so damned funny. If you have the time listen to all of his recordings and you won't be sorry. You'll also get to hear all of the tricks they used to blue box (guard banding, juicing, etc). It's an amazing piece of history.

[Dox]

i've gotten through a good portion of them, they're really amazing. and that bit about the operators voice enticing him onto the phone,
defenetly entertaining.

[unknown_entity]

ok one last thing. DTMF tones are
1=700+900
2=700+1100
3=900+1100
4=700+1300
5=900+1300
6=1100+1300
7=700+1500
8=900+1500
9=1100+1500
0=1300+1500
and so on... (or maybe these are old tones.)

But then why does The Spec sheet of this DTMF encoder list a different combination of Freqs for the same digits?
Encoder: DTMF Chip

Spec sheet

Decoder chip

[ntheory]

The DTMF freqs are specified in rows and columns with row numbers increasing from top to bottom and column numbers increasing left to right. They are as follows:

Column 1 = 1209
Column 2 = 1336
Column 3 = 1477
Column 4 = 1633
Row 1 = 697
Row 2 = 770
Row 3 = 852
Row 4 = 941

So if you're looking for digit 1 you use column 1 and row 1 frequencies yielding 1209 + 697, 2 yields 1336 + 697, etc.

The data sheet looks good. Your tones might be blue box tones or something but I haven't looked them up.

[unknown_entity]

yes those tones i posted were from an old text on blue boxes. But i thought the 0-9 * # tones that a normal phone put out and the 0-9 * # that a blue box put out were the same freqs. And the only diff was the addition of KP, ST, ST2p, ST3p, and STp.


So it's a 4x4 grid.
............1...1...1...1
............2...3...4...2
............0...3...7...0
............9...6...7...9
............h...h...h...h
............z...z...z...z
--------------------
697hz..1...2...3...A
770hz..4...5...6...B
852hz..7...8...9...C
941hz..*...0...#...D

But the blue box only works if u live in the middle of nowhere so i guess its of no use.

But actually what im planning to do is use that encoder/decoder chip set to turn on and off lights in my house from the phone. Just leave a message of a few digits and that will trigger whatever i hook up to it.

[ntheory]

Yep, that's exactly the layout.

Make sure you throw some kind of 4 or 5 digit password on it otherwise you'll end up with wise asses like me trying to turn on and off all your stuff.

Blue boxing works on old equipment that uses in-band signalling. The phone company tried valiantly to stop people by installing filters on subscribers lines to block pure 2600Hz (since this should never be coming from the subscribers equipment).

This, of course, didn't work. The problem was that both the switches and the filters looked for pure 2600Hz. Sending 2600Hz and a higher freq (I forget the exact frequency) was called guard banding and defeated the first type of filters. How? Here's how...

The filters were between the subscribers line and the switching equipment. They had a pretty clear channel to the subscriber so both frequencies would reach them. The filters would not engage because they weren't seeing pure 2600Hz and they'd just pass both frequencies down the line. That second frequency was just high enough so that it didn't really pass through the rest of the phone system very well. By the time it had arrived at a switch that could be reset by 2600Hz the higher frequency was attenuated so much that it was so low that the switch wouldn't hear it. Now the switch sees pure 2600Hz and resets. Finally you can blast it with blue box tones.

Unfortunately electronic switches don't really care about 2600Hz anymore so you can't do this coll stuff anymore in most places. :-/

BTW, this information is all from a combination of lots of reading, Evan Doorbell recordings, and other assorted stories from over the years. If anything looks fishy or outright wrong please post and let me know.

[unknown_entity]

thats why i plan on running a seperate single digit decoder seperate from the chip to use as an enable, kinda like a send button. Prbably easier to make it single freq, so it's not something on the standard dtmf keypad.

Ex type "8421" the chip decoder sees it but does not pass it to the final output. Send "8421" and the enable tone. It sees "8421" and cause of the enable it acts upon the 8421.

So whats the difference between the blue box tones 0-9 i posted and the tones made by a regualr phone. Does this mean that the 0-9 tones used on customer loops differ from the 0-9 ones that control trunk lines?

[White_Raven]

Yes, different freq. for different uses.. although now adays everything newer has detecters for blue boxes, although I also hear that a 3000hz tone , sent down the line at the same time as the master, may allow you to throw them off.. never tried it myself though, so its just hypothetical to me.

[lokey]

apparently the nantes exchange was recently(2002 )switched over to dms

[ntheory]

So I guess that leaves Mexico as the last place to possibly find an electromechanical switch in North America. Anyone know of any down there?

[unknown_entity]

ill just build what i can and if it doesn't work then to hell with it.

[ntheory]

But actually what im planning to do is use that encoder/decoder chip set to turn on and off lights in my house from the phone. Just leave a message of a few digits and that will trigger whatever i hook up to it.

Just got back from the bookstore and noticed that the May 2003 Circuit Cellar (#24 I think) has a DTMF decoder project in it (page 36). It looked like it had support for a password and everything. If you're still interested in doing this project I'd check it out.

Good luck!

[unknown_entity]

Hey thanks for pointing that ariticle out. Much apperciated.