df99

Members
  • Content count

    198
  • Joined

  • Last visited

  • Days Won

    8

Everything posted by df99

  1. Back in 2007, I designed a blue box for use with my ProjectMF server, a telephone PBX switch that allows phone phreaking in a manner similar to the old days of in-band signalling - MF and SF audio tones. That blue box was based upon the PIC 12F683 8-pin DIP microcontroller. Phil Lapsley ("Exploding the Phone") designed a PCB board for it and many aspiring phreaks have built the circuit over the years. One issue with the original code was that it was written in PicBASIC Pro. PicBASIC had a "tone" command that could produce two simultaneous tones if a 20MHz oscillator was used. However, the tone generation never sounded quite right. David Griffith, a vintage telephony and computer buff, decided to re-write my code in C. He followed the same general design principles as I used in my 2007 box, but added some very impressive features and - most importantly - the tones sound great! The code now runs on a modern 8-bin ATTINY85 microcontroller. Dave has also designed circuit boards for the chip and circuit. However, I found the circuit is straightforward enough to build on protoboard, which allowed me to produce this replica of the blue box featured on the first page of the famous October, 1971 Esquire magazine article which popularized phone phreaking. Dave's code may be found at: https://gitlab.com/DavidGriffith/blue... Manual, schematic and and precompiled .hex files at: https://661.org/proj/bluebox/ df99
  2. Back in 2007, I designed a blue box for use with my ProjectMF server, a telephone PBX switch that allows phone phreaking in a manner similar to the old days of in-band signalling - MF and SF audio tones. That blue box was based upon the PIC 12F683 8-pin DIP microcontroller. Phil Lapsley ("Exploding the Phone") designed a PCB board for it and many aspiring phreaks have built the circuit over the years. One issue with the original code was that it was written in PicBASIC Pro. PicBASIC had a "tone" command that could produce two simultaneous tones if a 20MHz oscillator was used. However, the tone generation never sounded quite right. David Griffith, a vintage telephony and computer buff, decided to re-write my code in C. He followed the same general design principles as I used in my 2007 box, but added some very impressive features and - most importantly - the tones sound great! The code now runs on a modern 8-bin ATTINY85 microcontroller. Dave has also designed circuit boards for the chip and circuit. However, I found the circuit is straightforward enough to build on protoboard, which allowed me to produce this replica of the blue box featured on the first page of the famous October, 1971 Esquire magazine article which popularized phone phreaking. Dave's code may be found at: https://gitlab.com/DavidGriffith/blue... Manual, schematic and and precompiled .hex files at: https://661.org/proj/bluebox/ df99
  3. I recently purchased an Ernest single-slot payphone on Ebay. I have all the keys. I have been unable to find any information about programming the phone from the keypad. There is a slide switch on the main board marked "Program/Run". In the "Program" position, the keypad is active and plays tones, but no voice prompts or any other feedback is heard. The board revision is "D3". I've done a thorough Google search and come up empty. Any help out there?
  4. FYI, I never offered a kit, just my Arduino software (runs on Leonardo-style Arduino's only - Micro and Pro Micro preferred) and the drop-dead simple plans. I built one in about 45 minutes yesterday for a demo on the system I'm doing next week. You should try building one - Works great, and you can leave off the LCD for an even easier build. Best, df99
  5. Check out some exciting new collaborative Blue Box developments on YouTube: https://www.youtube.com/user/hh89hh89/videos http://weaknetlabs.com/main/ https://www.youtube.com/user/df9999999999/videos Code and documentation packages at: http://projectmf.homelinux.com/Arduino/ Best, df99
  6. Hi, guys.....Still out here, keeping ProjectMF running. No new developments on my Arduino blue box, except a minor code change to increase the audio quality with a faster sampling rate. I have been working with a person or two who would like to replicate my switch with its patches. It is getting more difficult as the required Debian Etch installation files and build environment packages are getting harder to find. I'll try to jump on the irc channel some evening this week. Best regards, df99
  7. I have a few chapters of Evan Doorbell reading Exploding the Phone on ProjectMF as well. +1 630-485-2995, seize trunk with 2600Hz, then KP-200-ST. Subsequent chapters at 201 - 206. df99
  8. Heavens no! I'm an old dude!
  9. Authoritative answer......sort of....
  10. The AC9 UK trunk signalling system used 2280Hz for line supervision and tone dialing. The trunk was cleared by sending 2280Hz for 1 second. After the "clear forward" tone and a 1-second pause, the trunk was re-seized by sending an additional 95ms of 2280Hz. After an additional 1 second delay, the dial pulses were then sent just like US 2600Hz but with 2280Hz - 66ms of tone, followed by 34ms of silence for each pulse, with a 500ms silence between digits. The older AC1 UK trunk signalling system used a two-tone system: The line was cleared with 2 seconds of 750Hz, followed immediately by 800ms of 600Hz (no delay between the two tones, followed by 2 seconds of silence. Then, the line was re-seized with 100ms of 750Hz, followed by 3 seconds of silence. Then dial pulses were sent with 750Hz, on for 66ms, off for 34ms. Timing between digits was a full 1 second. CCITT #4 used two single tones (2400Hz and 2040Hz) for clearing the line, re-seizing, and sending 4-bit binary codes for the digits and other routing codes. Details are a bit too complicated to describe here. My Arduino blue box documentation has a table with the particulars: http://www.instructables.com/files/orig/FI5/VREN/I2AQTKSE/FI5VRENI2AQTKSE.zip D.
  11. Since you can't easily do MF, why not modify the code to pulse out 2600 when you push the digit keys, like the old pre-MF step tandems used? Timing should be 66 milliseconds of 2600 Hz, followed by 34 milliseconds of silence for each pulse, with about 500 milliseconds between each digit: Digit zero would be 10 sequences of 66ms/34ms 2600, with a 500ms pause before the next digit, for example. You still need to define a key to play 2600 for about 1.5 seconds for trunk seizure. You could also write the code to accept a number, then outpulse the entire number with the correct timings. There is a number on CNET that this can be used to dial with. This is essentially the method used by Cap'n Crunch and Joe Engressia to phreak step tandems or switches that accepted older SF trunks from step tandems. Routes that used this method of tone signalling were already pretty rare back in the late 60's and early 70s when they used this technique. You had to discover a number that routed through a step tandem from your dialing location, usually by trial and error. Vancouver, BC in Canada had one such switch. D.
  12. Too many features to mention on the Sage, but a few I use are the ability to decode DTMF and MF, measurement of make/break ratio and pulse rate on a dial telephone, programmed repeat dialing on a trunk or phone line, direct interface to individual channels on a T1 line... https://www.ntecusa.com/Test-Equipment-Sales/Test-Set/Sage-930A/CC1917EC75EC771B7810BE1E6BCC617E D.
  13. I seem to recall the TELCOM dialer worked only by doing dial pulsing (loop interrupt) on the phone line connected to the jack. No DTMF dialing at all!
  14. On my Ernest D3 COCOT, you can check the current and cumulative coin box totals by letting the phone auto-answer after the set number of rings and entering a DTMF code before the internal modem tone plays. I have the phone on CNET, accessible through one of the CNET gateways. 1-762-0001 After 1 ring, the phone auto-answers. To check coin box totals, press *123456 after beep but before modem tone. Press * again for cumulative total. May or may not work over VOIP due to poor Asterisk 1.2 DTMF handling. D.
  15. On my Ernest D3 COCOT, you can check the current and cumulative coin box totals by letting the phone auto-answer after the set number of rings and entering a DTMF code before the internal modem tone plays. I have the phone on CNET, accessible through one of the CNET gateways. 1-762-0001 After 1 ring, the phone auto-answers. To check coin box totals, press *123456 after beep but before modem tone. Press * again for cumulative total. May or may not work over VOIP due to poor Asterisk 1.2 DTMF handling. D.
  16. Great video! I had not seen that. I got mine for $20.00 from Ebay 5 years or so ago. They cost thousands back when I ordered a few for a test lab back in the 80s. Here's my second-favorite trunk tester - A Sage 930A. It is much more capable than the 314A, but it's not blue! I have two of these.....One with a T1 interface.
  17. PWM would need to be done in assembly code. One normally needs hardware timers to keep track of sampling rates and such. I'd bet the clock of the old Model 100 wouldn't be high enough to get acceptable sound quality. My old 12F683 PIC blue box needed a 20MHz CPU clock to get working tones, and the quality still was not the best. The Model 100 used an Intel 80C85 running at only 2.4MHz! Don
  18. An Arduino-based "Blue Box". It produces the "traditional" Blue Box 2600Hz tone and MF (multi-frequency) tones, but does much more. It also produces 12 tone signalling systems used by phone phreaks to hack other more exotic system in the US and overseas, including early pre-cellular mobile telephone systems from the 50s, 60s, and 70s. http://www.instructables.com/id/Arduino-12-mode-Blue-Box-Introduction/ Berry 314A Trunk Test set - Official telco blue box.
  19. I had the original Kyocera version of the Model 100. Radio Shack bought the design from Kyocera. I had the same idea for a blue box app at the time, but found it wasn't possible. The built-in BASIC had no provisions for polyphonic output. Furthermore, one could not just specify a frequency in Hz, but entered an integer in a 16-bit range that mapped to a specific frequency, followed by a tone duration. Don
  20. An Instructables write-up for my 12-mode blue box is at: http://www.instructables.com/id/Arduino-12-mode-Blue-Box-Introduction/
  21. I put the .zip file containing the Ernest COCOT manual, Telelink software, and LCD hack instructions here: http://projectmf.homelinux.com/COCOT/ There is also a .pdf with pictures of the phone with the LCD hack installed, as well as suggested programming parameters. Best, Don
  22. I have an Ernest COCOT, model ETX/D3. It uses Telelink software over a 1200 baud modem link to program the phone (I use an old modem locked to 1200 baud to program over an Asterisk PBX). The software I have is v2.61 it works on Ernest phones running ETX 40.00 firmware (possibly others). I also have instructions for adding a cheap LCD display to the phone that allows keypad programming of all parameters. The Ernest is nice in that it is completely line-powered. The coin relay works reliably even at lower line voltages supplied by some ATAs. I run mine on Asterisk from a Linksys PAP2-NA. Best, Don
  23. I have an IAX link to Telephreak from my ProjectMF machine at 630-485-2995 (2600 Hz to seize, then MF KP+777+ST). It still connects successfully to Telephreak after a long connection delay. Two voice menu options are given, one for "advanced functions", the other for the general user conference bridge. The advanced menu options selection provides a few additional options and status message. This appears to have been recently updated. I haven't tried any of the sub-menu options other than the conference option. Selecting the conference directly or through the advanced sub-menu results in a reorder after a few seconds. Best, Don
  24. That's definitely MFC/R2 forward tone signalling. There were digital versions for E1 lines and also an analog tone version. Different tone pairs were used for forward and reverse signalling. The system was "compelled" in that a corresponding "ack" tone needed to be received before the next forward tone was sent. The UK MFC variant did use in-band supervision, so it could be hacked. As used in the UK, where the mode was known as MF2, a 2280Hz tone was used to clear and then seize the trunk (the D key on my box). In the UK, a Code 14 digit (B key on my box) needed to precede each digit dialed My latest blue box design supports the forward tone pairs and in-band supervision tone used by the UK MFC/R2 system. http://www.instructables.com/id/Arduino-12-mode-Blue-Box-Introduction/ df99
  25. I completed installing the Arduino, blue back-lit LCD display, and other components in a nice custom enclosure. I added three videos showing the updated appearance and operation of the box in its new enclosure, some details of the hardware construction, and the software configuration and hookup diagrams for assembly. Overview - Hardware Details - Manual and software configuration - Code and documentation packages: http://projectmf.hom...ux.com/Arduino/ Regards, df99