gbppr

Members
  • Content count

    53
  • Joined

  • Last visited

  • Days Won

    2

gbppr last won the day on January 26 2017

gbppr had the most liked content!

Community Reputation

-64 Packet Trash

About gbppr

  • Rank
    DDP Fan club member

Profile Information

  • Gender
  • Country
  1. Probably "Regaining Privacy in a Digital World" by 6-Pack in Vol. 26, No. 2. http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/2600/index.html#134
  2. http://mirrors.easynews.com/ http://avondale.good.net/dl/bd/ http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/2600/hope/ http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/defcon/
  3. The easiest way to disable the mechanical ringer on a phone is to run the line through a bridge rectifier. Put your incoming phone line on the two AC inputs and take the + and - outputs to your phone's ring and tip. It may "clang" once during a ring cycle. Also, there will be a large capacitor in series with the ringer coil for DC blocking. You can just unsolder one side of this capacitor to disable the ringer. To disable the keypad, no matter which model phone, just unsolder the 3.58 MHz colorburst crystal used for the DTMF generator chip. You can always solder it back in.
  4. Instead of using a 1:1 (600 ohm to 600 ohm) isolation transformer, try a 600 ohm primary and 10,000 ohm secondary. The line-level input on a sound card is high-impedance and this will give you a better match, plus a little voltage gain. Put two back-to-back 1N4004 diodes on the transformer's secondary to clamp the ring voltage to 0.7 voits peak. If you hear "hum" while (direct) recording off a phone line, that means one of the lines has become unbalanced or has been grounded. A telephone pair is a balanced transmision line, so there is no ground (on your end). The loop resistance and the impedance of the AC-coupling capacitor will form a high-pass filter, so increase the value of the cap a little to improve the audio response. Always use high-quality non-polarized film capacitors for coupling to a phone line.
  5. Original YIPL/TAP and "new" TAP archives are available at: http://tap.gbppr.org
  6. It's not really the high voltages, but the sharp clock and data transistions that cause devices to "radiate." On computer monitors, you'll want to receive the pixel clock frequency. You'll also need a wide IF bandwidth, which means alot of in-band noise, especially below 30 MHz. You can eliminate some of the noise by using two antennas, one to sense the local noise sources, and a directional one aimed at the target. Use a phase-shift network and mixer to subtract the noise from the target signal. You may need to generate your own external sync signlals. You can sometimes intercept the target's own sync signals by monitoring its magnetic field with a well-placed small ferrite antenna. Modern methods use a technique called RF flooding. You flood the target with a strong CW RF carrier, say 10 GHz. You then receive and mix that signal with a phase-locked 10 GHz signal. After subtracting the 10 GHz carrier, you are left with a signal modulated by the target's clock and data transistions. This even works on analog video cameras, tape recorders, and digital telephone systems before the analog-to-digital conversion. Heh. "van Eck phreaking" is called "raster analysis" in the real world. TEMPEST was/is the program to prevent that type of eavesdropping. Here's some more info, some of it's kinda old and wrong. I'll update it someday. van Eck-style Radiation Interception Experiments: http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/mil/vaneck/ Wireless Keystroke Data Tap: http://servv89pn0aj.sn.sourcedns.com/~gbpp.../mil/keystroke/ VGA Video Monitor Transmitter: http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/mil/vga/ Passive Resonant Cavity & "Spycatcher" Technical Surveillance Devices: http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/mil/cavity/ Doppler Stethoscope for E.O.D. Applications: http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/mil/doppler/ TEMPEST 101: http://www.tscm.com/TSCM101tempest.html Kaiser RAS-515A Raster Analysis System: http://www.martykaiser.com/ras515a.htm
  7. Try a hardware descrambler. For single-mode speech inversion, the Ramsey Electronics SS70 is perfect. Ramsey Electronics SS70C - Speech Scrambler/Descrambler Kit: http://www.ramseyelectronics.com/cgi-bin/c...n&key=SS70C SS70 Manual: http://www.ramseyelectronics.com/downloads/manuals/SS70.pdf
  8. Anyone can experiment in the standard ISM bands (900 MHz, 2.4 GHz, 5.8 GHz, etc.) using the FCC Part 15 rules, which restrict RF power output. Hams can also use these bands if they stay in the proper frequency ranges and operate under FCC Part 97 rules, which allow more RF power, but restrict content and encryption use. You'll still need to I.D. every ten minutes. The ARRL website should have all the nitty-gritty details on that. Amateur packet is very inactive right now, but there are still a few people out there trying to tweak Part 15 off-the-shelf hardware for higher performance in the ham bands. AeroComm CL4490 Experiments: http://www.qsl.net/n9zia/aerocomm/ ID'ing via ICMP Echo Request Packets: http://www.qsl.net/n9zia/pingid.html Using Part 15 Wireless Ethernet Devices For Amateur Radio: http://www.qsl.net/kb9mwr/projects/wireless/plan.html Modifying Consumer Off the Shelf Wireless LAN devices for Specialized Amateur Use: http://www.qsl.net/kb9mwr/projects/wireless/modify.html Amateur Radio Allocations and Overlapping Part 15 Bands - An Overview and a Part 97 Versus Part 15 and Permissible Power Comparison: http://www.qsl.net/kb9mwr/projects/wireless/allocations.html
  9. You can perform your own GPS spoofing experiments by using only passive components. Two GPS-band antennas with a long coaxial delay line inbetween them can be used to artificially "slow" the received GPS signal, skewing the final coordinates. GPS Delay Spoofing Experiments: http://projects2.gbppr.org/mil/gps4
  10. Old K-band police doppler radars can be used as a source for 24 GHz gunnplexers. X-band ones operate in the 10.5 GHz range and the Ka-band ones around 34 GHz. Another source for X-band gunnplexers is from old automatic door openers or Solfan microwave alarm systems. To receive millimeter waves, all you really do is keep downconverting them. Use the harmonic from a 77 GHz vehicle parking radar as a local oscillator to feed a millimeter wave rated mixer. If you can get the IF down into the 11-12 GHz range, you can use an old digital satellite low-noise block converter to further downconvert that into the 1 GHz range, which you can hear on a Radio Shack scanner.
  11. For simple voice inversion decoding, get one of these from Ramsey Electronics. SS70C - Speech Scrambler/Descrambler Kit: http://www.ramseyelectronics.com/cgi-bin/c...n&key=SS70C Making your own encryption system can be a real pain. Look for some Motorola DTR radios instead. They also do frequency hopping, which increases their security. Motorola DTR Review - Gonzo Style: http://ticom.livejournal.com/104713.html
  12. Most non-military analog radio encryption techniques are just gimmicks which can be easily defeated. FIxed voice inversion is the easiest to break, and "slow" rolling-code voice inversion still allows for a good portion of the conversation to be understood. Transcrypt 410 Speech Inversion Sample Audio: http://projects2.gbppr.org/nfl/Transcrypt_410.mp3 Transcrypt 410 Speech Inversion Sample Decryption Attempt: http://projects2.gbppr.org/nfl/Transcrypt_410_Decrypt.mp3 Midian TVS-2 Speech Inversion Sample Audio: http://projects2.gbppr.org/nfl/Midian_TVS-2_Scrambling.mp3 Midian TVS-2 Speech Inversion Sample Decryption Attempt: http://projects2.gbppr.org/nfl/Midian_TVS-2_Decrypt.mp3 CMX264 Frequency Domain Split-Band Speech Inversion Sample Audio: http://projects2.gbppr.org/nfl/CML_CMX264_Scrambled.mp3 CMX264 Frequency Domain Split-Band Speech Inversion Sample Decryption Attempt: http://projects2.gbppr.org/nfl/CML_CMX264_Decode.mp3
  13. It's unlikely a Bell COSMOS system... Check for usernames or logins with references to frame, loop, mizar, march, craft, or "rc," etc. They answer with a standard Unix (SysV) login and password prompt. Then send you to a "WC?" wire center prompt (and login banner) where you'd enter a two digit identifier for which ever office you need to access. Each COSMOS system covers multiple central offices. The two digit identifier is something like "EL" or "26", etc. The system shell prompt is then the wire center ID, plus "%" for normal users or "#" for root, but it's been known for users to drop directly into the shell. The actual operating system COSMOS uses is called COSNIX. The replacement main distribution frame and OE inventory system is called SWITCH/FOMS. Telcordia SWITCH: http://www.telcordia.com/products/switch_system/index.html Dr. Who's COSMOS Series: http://projects2.gbppr.org/l0pht/drwho/cosmos.txt The Definitive COSMOS: http://www.phrack.org/issues.html?issue=31...=6&mode=txt The Fine Art of Telephony: http://www.phrack.org/issues.html?issue=40...=7&mode=txt Telephone Company Customer Applications: http://www.phrack.org/issues.html?issue=49...13&mode=txt COSMOS User Guide: Line User Transactions: http://zine.gbppr.org/misc/753-303-600.txt The New LEC Order: http://2600sucks.gbppr.org/new_lec_order.txt The Death of COSMOS?: http://2600sucks.gbppr.org/cosmos-1.jpg
  14. It should be possible. The key is to use op-amps with good ultrasonic capablilites. Something like a MAX437 or OP37. You'll also want to look into some type of sharp bandpass filter centered on the horizontal sync frequency, probably placed after the first pre-amp.
  15. Don't forget to mention "Cheesebox" Callahan, the original inventor: http://www.spybusters.com/History_1958_Cheesebox.html Phrack #50 had a similar project under the name "SS7 Base Diverter" by The MasterMiiND: http://www.phrack.org/issues.html?issue=50...=9&mode=txt Decoded GIF here: http://projects2.gbppr.org/phrack50_cheesebox.gif It has a couple errors, I'll come up with something better someday. Use a 4N33, or similar, for the optoisolater, not the slotted isolator mentioned in the article.