Jump to content


Photo
- - - - -

Blue Boxing, anyone?


  • Please log in to reply
56 replies to this topic

#41 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 26 September 2007 - 03:58 PM

Pictures of my Asterisk and ProjectMF setup....

Notice my newly converted Wyse thin client, now running my exchange full-time. The back panel shot shows the 24 MF/SF "trunks" - a loopback cable plugged into a dual Ethernet card. This is what a call gets looped through when blue boxing a call.

The Smart-1 is used as a simple DP to DTMF converter for the WE 211, my "operator" phone (KP-121-ST). I figured out how to program the Smart-1 to do digit-at-a-time pulse-tone conversion.

Best,

df99

Attached Files


Edited by df99, 26 September 2007 - 09:42 PM.


#42 PhreakerD7

PhreakerD7

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 375 posts
  • Location:Using your phone line

Posted 26 September 2007 - 05:16 PM

That... is a way cool setup. xD

Nice pics, man. Keep up the cool Asterisk box!

#43 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 18 December 2007 - 10:08 AM

Added direct Telephreak access with KP + 777 + ST, DISA dialtone at KP + 2602 + ST for DTMF access and stacking experiments, and KP + 199 + ST for a 2600 Hz supervision test. Also documented a few alternate ways to access the system, including the Collector's Net, Free World Dialup, and direct Asterisk connection. See the first post in this thread for an updated listing.

Please do not abuse the Telephreak link.

For stacking, apply and remove 2600 Hz for at least 1 second, wait for the wink, then MF dial KP + 2602 + ST. When you hear the dialtone, dial DTMF 2602, wait for another dialtone and dial 2602, etc. up to 24 loops. On the last dialtone dial a PSTN number (10 digits only). Press a DTMF key on the originating phone to "flash forward". You can hear a click for each link in the stack on the terminating end. Hang up the originating end while listening to the terminating end. Hear a cheep of 2600 for each link in the stack as the call disconnects. Works only from originating end to terminating end.

You can also DTMF dial any of the other codes listed at the DISA dialtone, without the KP and ST, of course.

The 2600 supervision test places 2600 Hz into the SF trunk from the terminating end at busy signal and reorder timings. You can hear the action of the SF notch filter as it creates a beep for each application and removal of 2600. If dialed through a non-SF trunk, you would here a steady 2600 for each flash. The Asterisk DSP notch filter gives a brief 2600 chirp when 2600 is applied or removed. The reverse 2600 will not "blow off" or disconnect the call, as I have the supervision in that direction disabled to "goody" the arrangement (allow multiple call attempts, using 2600 Hz to reset the trunk without having to redial trunk access). The notch filter is still active, though.

df99

Edited by df99, 18 December 2007 - 10:36 AM.


#44 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 12 January 2008 - 09:12 AM

I just added direct SIP access to the system. Just call 17622600@projectmf.homelinux.com from your SIP softphone or SIP hardware phone.

Comments on how this works are welcome.

Edited by df99, 12 January 2008 - 09:26 AM.


#45 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 13 January 2008 - 12:42 AM

I just added a three part Haxor interview with Joybubbles (famous and recently deceased phone phreak Joe Engressia). Each part is an hour long! It contains lots of great technical trivia from the old days of phone phreaking. The recordings sound like you're evesdropping on an old hacker conference line, rather than a straight interview.

2600+KP+125+ST
2600+KP+126+ST
2600+KP+127+ST

See the first post in this thread for ProjectMF access details.

Enjoy!

df99

Edited by df99, 13 January 2008 - 07:07 AM.


#46 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 08 February 2008 - 12:05 PM

Added Goog411 access at the old Directory Assistance code 131:

Dial ProjectMF via the instructions in the first post in this thread, then:

2600, then KP+131+ST
or
2600, then KP+xxx131+ST, where xxx is any area code.

Edited by df99, 08 February 2008 - 12:06 PM.


#47 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 27 February 2009 - 02:25 PM

I added all 16 "Sounds of Long Distance" recordings by Evan Doorbell from the Phonetrips web site to my ProjectMF server.

They are available via blue box by whistling off the connection and routing to the recordings with KP+NNN+ST, where NNN is 128-130 and 132-144 You can prefix the three digits with any area code and it will route just the same.

See the updated first post in this thread for details.

#48 B1NAR13D3V1L

B1NAR13D3V1L

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 11 posts

Posted 04 March 2009 - 01:43 AM

Very nice job, I assume you are the operator that I talked to? Enjoyed the recordings, I wasn't around for "back in the glory days" but, this is very fun, and I wish I had been. I'll continue playing around with it.. I assume there are easter eggs?

#49 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 18 March 2009 - 09:14 AM

Yes, some Easter Eggs are in there! The easiest to find are the old intercept recordings I have been adding. KP+NPA+ST (NPA=one of the original area codes, with a 0 or 1 for the second digit) will play an authentic intercept from that NPA,if I have added it. KP+NPA+xx+ST will play a specific numerical recording from that NPA, using the original switching center ID. A list of these IDs is on the Phonetrips FTP web site.

Eaxmple:

KP+216+ST will play recording 216-02 recording as a default, as it's the lowest numbered recording I have for the NPA.

KP+21602+ST will play the same recording.

KP+21608+ST willplay another recording from the 216 NPA.

These suffixes can be mapped to specific switches and cities using the guide I mentioned at the Phonetrips web site.

df99

#50 Br0kenKeychain

Br0kenKeychain

    Will I break 10 posts?

  • Members
  • 5 posts

Posted 24 April 2009 - 02:26 PM

In the Blue Box Bill of Materials XLS, http://projectmf.org/downloads/BOM.xls, it looks like the 1K Ohm, 1/6 watt, 5% Carbon Film Resistor model P1.0KEBK-ND is no longer being sold by DigiKey. Now, I've only just started learning about these kinds of things, and I know next to nothing, so I just wanted to check and see if I could use this a substitute, http://www.sparkfun....roducts_id=8980

~[BK]~

#51 phax

phax

    SUP3R 31337

  • Members
  • 187 posts

Posted 24 April 2009 - 06:23 PM

In the Blue Box Bill of Materials XLS, http://projectmf.org/downloads/BOM.xls, it looks like the 1K Ohm, 1/6 watt, 5% Carbon Film Resistor model P1.0KEBK-ND is no longer being sold by DigiKey. Now, I've only just started learning about these kinds of things, and I know next to nothing, so I just wanted to check and see if I could use this a substitute, http://www.sparkfun....roducts_id=8980

~[BK]~


I don't see why not

#52 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 04 May 2009 - 11:54 PM

Those resistors are fine. Just be sure they are 5% units. The firmware handles a fairly wide range of resistor tolerances for keyboard decoding.

#53 edison

edison

    H4x0r

  • Members
  • 30 posts

Posted 05 May 2009 - 11:32 AM

Hey df99,

Thanks for posting your stuff for everyone to play with. Haven't called in yet but plan to.

I'm curious, how extensive are the projectmf patches to asterisk? In poking around the code, it looks like * already has the ability to talk MF.

#54 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 06 May 2009 - 08:54 AM

We're still up 24/7, and have been for several years. Feel free to jump in.

You are correct, there is SF/MF support in the Asterisk and Zaptel code. However, it is only partially working. It also uses "spurt" signalling, where a burst of 2600 is used to indicate any supervision changes, rather than continuous tones. The ProjectMF patches and configuration settings change things to work more like the old R1 signalling system.

The patches were written for Asterisk 1.2, which is quite old now. I have never tried to apply them to a more recent build. The patches and configuration changes are documented on www.projectmf.org. Drop me a line if you have any questions.

#55 xhausted110

xhausted110

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 18 posts
  • Gender:Male

Posted 05 October 2012 - 06:54 PM

will it work if I don't have any asterisk cards?

We're still up 24/7, and have been for several years. Feel free to jump in.

You are correct, there is SF/MF support in the Asterisk and Zaptel code. However, it is only partially working. It also uses "spurt" signalling, where a burst of 2600 is used to indicate any supervision changes, rather than continuous tones. The ProjectMF patches and configuration settings change things to work more like the old R1 signalling system.

The patches were written for Asterisk 1.2, which is quite old now. I have never tried to apply them to a more recent build. The patches and configuration changes are documented on www.projectmf.org. Drop me a line if you have any questions.



#56 df99

df99

    SUP3R 31337

  • Members
  • 169 posts

Posted 12 November 2012 - 11:02 AM

To set up your own similar system, you don't need any special Asterisk/Digium card hardware, only two extra Ethernet ports, in addition to the one used for your network connection. I have only a single old PCI slot in my server. I bought a used dual-NIC card and use that for the 2600 trunks.

You need a source of timing for Asterisk, which can be supplied by a Digium card. I just use the "ztdummy" module which provides timing from the server. Works fine for the 2600 T1 trunk timing.

df99


will it work if I don't have any asterisk cards?



#57 tranx

tranx

    the 0ne

  • Members
  • 1 posts
  • Country:
  • Gender:Male

Posted 11 October 2013 - 12:26 PM

Hi all, this is my first post in this forum, so I take the opportunity to say hi to everyone.

 

This post is great, and thanks a lot for doing this, df99.

 

This bring me back to 1992 and blueboxing countries that used the old CCITT5. That was when I was living in Europe.

 

I recovered the tool that I used to use for phreaking, its called "bluebeep", it works very well under DOSBOX, either windows or macosx.

 

See some screenshots:

 

 

a79u.png

 

oz19.png

 

rbe9.png

 

I also noticed that given the frequencies, these are not DTMF as referred in the first post, but CCITT5.

 

Thanks again!






BinRev is hosted by the great people at Lunarpages!