• Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by hairball

  1. I am coordinating a worldwide volunteer-based exchange scanning project. This ongoing project intends to catalog all telephone numbers in the world, one exchange at a time. Volunteers are needed to manually hand-scan exchanges and input data into publicly-accessible spreadsheets. This is strictly a philanthropic endeavour, and all information acquired will be freely available to the general public, void of any advertisements or hindrances, on a permanent basis. Volunteers are expected to: Call each telephone number within the assigned exchangeAccurately record detailed notes to the provided spreadsheetComplete their exchange survey within one year of assignmentObey all applicable laws For maximum accessibility and compatibility, the Google Docs platform has been chosen for data entry and organization. Because of this, all volunteers are required to have access to a Google Account. To volunteer, please complete the volunteer exchange request form. Volunteers may request any exchange not already assigned. If you would like to volunteer, but are unable to place phone calls yourself, please contact me, as we have technology available that may make it possible to still contribute. Spreadsheets available @ Michael R. Wally, Coordinator World Wide Wardial Project Michael.R.Wally [at]
  2. UPDATE: Select Raw Audio now available. An anonymous benefactor has been supplying me with a large number of prerecorded phone calls to NANPA toll-free numbers. I've toyed around with the idea of releasing these publicly, and decided that, because I'm not the one actually making the recordings, no harm should come of it. (crosses fingers) I am not sure of the quality or accuracy of this data, but it appears to be legit. The 7zip compressed files are available under the "Raw Audio" section at These files are publicly available to all, with no obligation, but I would encourage everyone to adopt an exchange. I'm kind of disappointed at the low level of participation in this project, so hopefully these new audio files will help encourage people to jump in. I will continue to add recordings to the site if/as the benefactor continues to provide them to me.
  3. Introducing the Toll-Free Anonymizer Due to concerns of blowback from participants of the World Wide Wardial Project, I decided to make a "telephone condom" for those who wish to explore the depths of in-WATS. The Anonymizer is a very simple diverter service, which provides dialtone for placing US toll-free calls. What makes this service special is that every call is automatically placed with a completely random Caller*ID. The Anonymizer takes an exhaustive list of valid US npa-nxx pairs, and couples them with a random 4-digit subscriber number, to create a valid-looking Caller*ID associated with a random city somewhere in America. Only valid in-service exchanges from the 50 US states are used. This service combines a free DID from IPKall with Toll-Free termination from Alcazar Networks. Because of these free services, this system does not cost me anything to operate, and I invite anyone to use it, as much as you like. By using this system, you agree to obey all applicable laws. To use this service, simply dial: 1-425-606-3712 At the dialtone, enter your US toll-free number, including the country code (1): 1-8xx-nxx-xxxx Your anonymous call will then immediately connect. Once the dial-sequence has been completed, my server will remove itself from the data-stream by remotely bridging the SIP connections between IPKall and Alcazar, providing a crystal-clear call experience. If you have access to an Anonymous SIP client such as Ekiga, you can use this service by placing calls directly to my server, using a SIP URI such as: This entire system is beautifully simplistic, and the pertinent parts of the source code are as follows: ; Toll-Free Anonymizerexten => 14256063712,1,Goto(tollfree,disa,1)exten => _1800NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1822NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1833NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1844NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1855NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1866NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1877NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1880NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1881NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1882NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1883NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1884NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1885NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1886NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1887NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1888NXXXXXX,1,Goto(tollfree,${EXTEN},1)exten => _1889NXXXXXX,1,Goto(tollfree,${EXTEN},1)[tollfree]exten => disa,1,Answer()exten => disa,n,DISA(no-password,tollfree)exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=${CURL(})exten => _1NXXNXXXXXX,n,Dial(SIP/${EXTEN} The Random Caller*ID number is generated by a PHP script located at: The source code for this script is available at: If you find this service useful, I would encourage you to contribute back to the community by adopting an exchange for the World Wide Wardial project.
  4. This will be available eventually.
  5. Does that randomize the callerid?
  6. I'm working on a regular spoofer that will allow this, but I cannot afford to eat the costs. I plan on charging very tiny bitcoin amounts (under cost in most cases) for access. I will post here when it is operational.
  7. I'm going to be working on a free anonymizer service that will allow people to call toll-free numbers with a randomly-assigned caller-id value. This should help with people who are concerned about callbacks or other blowback from this project. UPDATE: I've setup a toll-free anonymizer service. See this thread for more information. Also, I setup a simple form for volunteers to complete. From now on, anyone can just fill out the form to request an exchange. Volunteer Exchange Request Form
  8. I've added the three exchanges: 1-405-222-xxxx: Chickasha, OK1-405-297-xxxx: Oklahoma City, OK1-906-524-xxxx: L'Anse, MIThese are now in the public directory available at Please PM or email me with the google account you would like me to provide edit-access to. Be sure to register a new account in an alias if you do not want your name attached to the project. Michael.R.Wally [at]
  9. Choose ANY exchange, worldwide. Just let me know what you want. and I will set it up.
  10. I thought about this very thing for a long time before I announced this project. I've been planning this forever -- since the late 90's -- but the needed technology, to do it right, was never (practically) available until recently. The most-recent plan was the aforementioned database-backed site, where volunteers would enter the information into the SQL database directly (using the editor of their choice.) The site would then use a simple set of scripts to display this information, in friendly concise rows, on the site. Export functions would exist (to CSV and others.) This would allow integration into various other projects, and a public API would eventually be developed. After much back-and-forth indecision, I ultimately concluded that I need not reinvent the wheel. Google Docs has a fantastic, robust set of tools that run on pretty much anything. I decided to just make the entire project an organized set of spreadsheets, and invite people to contribute directly using Docs. Because Docs supports fine-grained user-access-controls, live multi-person collaboration, anonymous comments, multi-format exporting, exhaustive revision history, and everything else, it is vastly superior to anything I could hope to ever write. Plus, the spreadsheets display beautifully across any device, are fully searchable & sort-able, and just plain work. As Docs evolves, everything will just continue to work. By using the Google Cloud, we will never face any scaling or compatibility issues. Continuing to support a (hopefully) vast database, as technology advances in ways we have yet to imagine, is just not something I'm interested in doing manually, especially when Google has it all taken care of already. Plus, Docs is free. (That always helps too) Glitch, which exchange would you like to adopt?
  11. We'll take any help we can get. What exchange would you like?
  12. I can create the spreadsheets and provide write access to them, but someone else would need to actually input the data.
  13. The legalities start to get tricky when audio recording comes into play. Also, there are literally billions upon billions of phone numbers in the world, and audio recordings can get out-of-hand quickly. Ultimately, how the volunteers choose to run their scans is really up to them, but I feel that this project is best kept as simple as possible. Most hand-scans of yesteryear were simply short descriptions of what was found for each number, with additional notes where necessary. I feel it is probably best to emulate this method, a tried-and-true tradition. The spreadsheets are setup in such a way as to allow comments from anyone, but edits from assigned people only. I suspect that this comments feature will be very helpful for this project. Should the behavior of a phone number change, commenters can make note of it, but only the assigned volunteer can actually change the main sheet: this should make vandalism and other unruly behavior easier to handle. If volunteers choose to record call audio, this is something I cannot control. However, because of the complex legal implications this raises, this is something I cannot endorse. If this project gathers as much support as I hope it will, we need to take extra special care to do things completely legally, lest we ire those with the ability to shut us down. Please request an exchange assignment. The more people who jump in at the beginning, the more legitimize this project will appear for those who consider joining later.
  14. Cable companies often have things hiding on undocumented channels, and I sometimes scan around to see what I can find. Typically these are just everyday things such as subscriber's onDemand movies or otherwise uninteresting Wildfeeds. Occasionally more juicy things pop up, like supposedly-private video-conference sessions and other things thought to be unavailable to anyone except their intended recipient(s). A few weeks ago, while alone in a 24-hour Daytona Beach Gym at 4:30am, I stumbled onto a Fedora Login prompt hiding on a very high sub-channel. The quality was awful, as if the signal had been converted from digital to analog, then back to digital. While this could be any number of Linux-based video servers, the sub-channel was 911, a curious number not often used for things of little importance. The only 3 sub channels for 86 were 1, 2, and 911. Until this discovery, I was not even aware that DTV sub-channels went that high. I have no idea what this is, but did find a mention of a similar discovery in Arizona. Does anyone know what this is for? Any speculation?
  15. I tried it from a ReadySIM account, which exclusively uses T-Mobile towers, and I got an error recording, so this may be only for contract customers. Have you any luck decoding the outpulse?
  16. will be back online, in it's full glory, soon. The site is undergoing a large backend rewrite and complete database change.
  17. I've decided to abandon the idea of hosting a voice bridge on real copper. The costs are just too excessive. I do not reasonably expect people to donate over $20/day for the use of a bridge, when much cheaper (or free) alternatives exist. While true TDM over copper is superior to current VoIP offerings, as VoIP technology continues to progress, this will not always be the case. Imagine a 128kbps bridge? That would be sweet! Anyhow, I am proceeding with the PRI cancellation. My company ( ) may still sponsor a voice bridge in the future, but it will almost certainly use VoIP as a transport, due to the vast cost savings. I will post on this forum if we decide to proceed with the project. Thank you all for your support.
  18. I have a full 23+1 PRI over real T1, that my consulting company used to use. It's currently sitting idle, and I have a cancellation order scheduled for mid this week. It's real TDM, copper directly to the Verizon Switch, with a Sangoma T1 card, dedicated Ubuntu/Asterisk server with an 8-hour APC UPS attached. It is capable of being a voice bridge of the highest quality. The problem is that it costs about $700/month for the PRI circuit alone. I was planning on cancelling it, but, if some people were willing to make donations to (help) cover the bill, I would consider turning it into a private voice bridge. I know that a lot of VoIP solutions exist to do this on the cheap, but with real PRI the quality is perfect. Do you think members of the hacker/phreak community would be willing to donate to keep a super-high-quality bridge running? (Anonymous Bitcoin would be accepted)
  19. A fun oldschool telnet system, the National Capital FreeNet, is still online and accepting guest logins. This old text-based ghost-town is a real joy to play with. Although it is pretty broken, many of the menu options still work, and it is a cool glimpse of the past. $ telnet login as guest: there is a seemingly endless tree of menu options. Enter "go" at the main prompt for a complete list of available commands. Your Choice ==> system 9:02am up 937 day(s), 18:57, 3 users, load average: 0.04, 0.04, 0.05 More info @
  20. The Free CNAM Project (Powered by tnID) is at My company, Telephony Research Services, is providing a free CNAM API for non-commercial Open Source PBX users. This API queries our private CNAM database, and returns standard 15-Character CNAM results. Any entry not already in the database will be queued for investigation, and added to the database as soon as information is located. This system has access to several CNAM backends, and is not a party to any use-limiting or no-caching agreements. The API is: You can monitor the stats, including the current queue size, at API Results will continually improve as the database grows, so please be patient with limited results at this early stage.
  21. Haxor Radio is returning as "Haxor/2011." The first episode will be released on April 1, 2009. The last episode will be recorded on December 31, 2011. The shows will be in the style of Haxor Radio, with some new twists and some better technology. We are currently seeking eager volunteers to help co-ordinate various aspects of this project. Please PM me if you are interested.
  22. Disclaimer: Below are speculations only. I have no hard evidence to back up my suspicious and conclusion. I am not an expert. I have been wrong many times before. --- As some of you know, I have extensive experience with this system, and I've been musing about this for some time now. When I first noticed PIC 10288+0 down, I assumed it was some temporary condition. That was years ago. Furthermore, I've been told by some people at AT&T that it was killed on purpose. (There was even some speculation as to whether or not I was partly responsible.) So, it begs the question, why does it act like it's trying? Why are we getting a "Thank you for using AT&T" when we could be hearing a "We're sorry..." message. And why does it still allow many AT&T toll-free numbers to route without a hitch? If we look back and research, we find that years ago 10288+0 would only send 'fails' to non-AT&T numbers. If you called something like 800-CALL-ATT or 800-OPERATOR, your CPN/ANI would pass correctly; but if you dialed anything else, what you ended up with was a 23+NPA. [That is, the NPA your closest class-1 switch, with the ANI II indicating an unknown/failure condition.] Having researched the effects of setting CID/CPN/ANI/ANI-II on PRI and other circuits, I noticed some time ago, that, depending on the point of origin, toll-free calls often refused to route (at all) if you did not specify at least a minimum amount of information about the origin. I suspect this is due to the large number of various routing systems that depend heavily on the ANI. (See US Patent #7072454 for examples.) In my personal observations, when placing calls via 10288+0 to non-AT&T INWATS numbers, the ANI would not necessarily be 23 and your immediate NPA, but would nearly always be 23 and the NPA of your closest Class-1. This, in and of itself, raises some very interesting question as to just exactly how these calls were being routed. [The ongoing speculation was that AT&T equipment, upon experiencing a total-ani-failure (23 with no ANI), would set the ANI to the NPA of whatever area the equipment making the change was located in. Because it's a near impossibility to place any long-distance call without touching something AT&T, the assumption is that the call could not go very far without the empty-ani being noticed, so the NPA being inserted was likely to be, theoretically, rather close to the actual point of origin. (It is unclear whether this was ever the case.)] So, when placing a toll-free call from within the AT&T Automated Operator, to a Non-AT&T number, for whatever reason, the ANI was not set, and a 23+NULL was transmitted along SS7, at which point, the NPA of your local Class-1 was attached and the call was sent on it's way. This, again, raises another interesting point: Why the Class-1? Was the call-routing so convoluted that it bounced off of the switch-of-last-resort before being set back on track with a mere 3-digit ANI? Anyhow, as far fetched as this sounds, it was, at the time, the best working hypothesis. So... What happened? Your guess is as good as mine. A company with the reputation of AT&T would, more likely than not, provide a recorded message if they choose to no longer process toll-free calls from their automated system. Telling the end-user "Thank you" followed by a true telco reorder is simply something that should never happen. Reorders, by strict definition, are what you get when there's an error that's not caught; where no recording is available to explain what happened. Here are some of my speculations as to 10288+0: * Because of the non-local NPA given previously by using 10288+0, it can be assumed that some non-ideal routing was involved in placing the call. This non-ideal routing may have even made it all the way to the Class-1 switches. Perhaps a change was made in how these Class-1's responded to such traffic. Perhaps the "OK, lets do our best to make this work. Give the call a ANI and pass it on its way" was changed to "Throw that call away and hope the next try routes correctly." Kind of like your security-minded firewall rules. Do we keep trying to get a seemingly-misguided packet home or drop it like a potential threat? (What did routers do with misrouted packets 10 years ago? What do they do today?) * Because it appears that AT&T equipment was the only players actually changing ANI to add the NPA, perhaps this behaviour was changed, and the ANI-failure was left intact. If this were the case, and the calls were routing through one of the more picky variety of switches, the calls could now be being simply rejected out of the gate. That is, no sooner does that call being to route then it is discarded because of the inability to route. Remember, so much routing is done based on the call origin. (I again reference the aforementioned US Patent.) * Because of the large amount of possible legacy systems running the automated operator system, and the speculation of systems written around it, it may not have been feasible to remove the toll-free out-dial feature. Or, for that matter, to add a new recording explaining the situation. If we were to assume that AT&T itself used some functions from their automated operator for certain call processing, it would be reasonable to expect them to be forced to keep the feature, but limit it to their own numbers. I have a few, more radical, suspicions of what happened, but I will spare you all the details. Here is my conclusion. The toll-free number dialing from 10288+0 was weird to begin with. It was because of this very strange behaviour that it even became a topic of study to begin with. As with all Black-Betty systems, adding on additional equipment and functionality to an existing infrastructure, over time, often leads to such oddities. Because 10288+0 always has reacted differently to AT&T vs non-AT&T numbers, and because of the unusual way it handled ANI for outbound calls to non-AT&T numbers, I am led to believe that the automated operator system was broken by accident. It is very believable that a security/policy change, again perhaps involving the handling of misrouted or unidentified calls at the Class-2 or Class-1 level, could break the near antique Automated Operator system. Should such a change be made, and such a system break, who would notice? Who would fix it? How would it be fixed? A system that was so mismanaged that, when placing outbound telephone calls from what was a PIC coded call to ZERO, they were somehow not able to send your correct ANI, which, of course, they would absolutely have on such a call. A system so old, a mishmash of technology with many years of changes and upgrades, no-doubt worked on by dozens (if not hundreds) of different engineers over the years, possibly written in languages no longer well-known. Well, what if something someone does breaks it? Then what? The bottom line: Your system's calls barely routed before; no one was quite sure why this was. The phreakers were abusing it quite badly, but you were not able to fix it. Your company, AT&T, was made the fool in many a'radio show and convention conference, but, for some reason, you couldn't figure out how to fix it. Then, one day, it stops working altogether. Not sure why. Non-AT&T calls barely routed before, having to bounce off of the Class-1's for some reason. Now all you get is a reorder. What do you do? What do you say? If you're AT&T, you simply say "I meant to do that!"
  23. pondering the future...

  24. Stranger things have happened...
  25. Haxor Radio was a fun project. Perhaps it will be back again some day.