ThoughtPhreaker

Members
  • Content count

    1,712
  • Joined

  • Last visited

  • Days Won

    114

ThoughtPhreaker last won the day on November 7

ThoughtPhreaker had the most liked content!

Community Reputation

132 Expert

6 Followers

About ThoughtPhreaker

  • Rank
    Dangerous free thinker
  • Birthday 11/02/1991

Profile Information

  • Gender
    Male

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Recent Profile Visitors

31,279 profile views
  1. 904-266-9604 - Nortel key system owned by MCI/Verizon; Mister Rogers works here. +800-6669-5588 - China Telecom NIS rec, mildly weird stuff happens afterwards 416-591-0105 - One of many numbers that goes to a Octel VMS owned by Bell Canada, tells you you don't have access to the advanced intelligent network 800-483-0015 - Verizon office with Rolm PBX 603-746-0125 - Weird thingie on analog line, picks up with square wave beep 603-746-9911 - IVR, "Thank you for calling. Enter your user ID and press pound to continue." 480-792-3996 - PCAnywhere modem on Nortel PBX 307-782-9997 - "The number you have dialed is not authorized to receive incoming calls." <Nortel EDRAM digits> "085501" 307-782-0000 - <480 hertz beep in background> "Union Telephone operator, how can I help you?" - TOPS position, will dial local numbers for you. 360-985-1902 - Weird sounding dialtone
  2. This is a placeholder post. Whenever I try to make anything reasonably long, the forum gives me a 403.
  3. Sure! https://openload.co/f/oQnm-Rx-i08/AUDIX_LX_app_soft.nrg https://openload.co/f/_Zs_lgNFWds/IALXR2.0.SP2.sp As I mentioned towards the beginning of the thread, it'll format your hard drive without asking when the installer boots. Once you boot it, aside from the steps I talked about a couple posts before this, it'll set everything up.
  4. I dunno. To be honest, I've mostly stopped associating the age of equipment with any sort of relative interest; it's more about uniqueness. Superficially speaking, I guess the DMS-10 and the 4E are the oldest switches in the network when you think about design age. But the hardware has gone through a lot of revisions since it was first put in; a DMS-10 from 1977 isn't going to use PowerPC processors, SDRAM, or DSPs. The trunk cards are bound to be a lot smaller, larger capacity, and all that. One of my current theories is that DMS-10s with an Expanded Network configuration (if I understand correctly, Nortel underwent a project to revise the DMS-10's internal TDM network in the nineties, and significantly expand it's capacity in the process) may generate it's tones in a different way from the classic configuration, so for example the offhook tone won't have that characteristic weird modulation, and the ring will be a bit different. At some point, I'd like to make an up close and personal visit to a phone line served off two switches I know for sure are/aren't using this new configuration; I've seen some DMS-10s do some weird things, like bring you right to reorder if you flash from a payphone (and then to permanent signal if you do it again) that I'd like to compare side by side. Getting back to my point though, there's some stuff like older code (albeit maybe ported to a more recent OS depending on the switch) you're probably never going to get away from, but it's a bit superficial to say a switch is more or less old just because it's a certain model. That's a good question; there's a guy in IRC who was looking into C5 trunking not too long ago. I haven't been making that many international calls recently to be honest. But IRC and the conference are where most of the goings on are these days. At least judging by the regulars we get there, that's partly why the forums have been a bit empty. To be honest, I feel like I've been stretched thin for content at the moment between the rising numbers in the other two and some sudden shifts in real life circumstances. Anyway, I'd be surprised if everybody there wouldn't be down to help you with this. I definitely would be . I'm not exactly sure what you mean by old fashioned here, but I'm going to take a wild guess and throw this your way: ais_xtalk.flac This came as a complete surprise to me calling the Onancock, Virginia 5ESS a while ago. I'm going to go out on a limb here, and guess the recording I'm trying to dial is one you've heard about a million times if you've called any place Verizon hasn't sold off to another company yet. But more importantly, it shows that wherever there's robbed bit trunking, some circuit switches, and a situation where you really don't need more than just a destination and possibly ANI associated with a call, some switch engineer not wanting to chew up STP resources will throw everything up over a trunk with MF. At one point, I talked to someone who worked at a tiny, middle of nowhere telco about this particular scenario. From what he said, it sounds like it's common to reuse older T-carrier equipment occasionally that breaks channels out to 4-wire E&M instead of offering any sort of digital interface. They had some really old Lenkurt carrier system for 911 that did just this. Anyway, at some point, he thought the transmit and receive leads on one of the channels must've shorted. If you're looking to play with trunks, a lot of this stuff is hiding in plain view; for example, I learned from a reliable source that a certain large company's private T-carrier network (hint: it's one with lots of Rolms, and it isn't Macys) uses DTMF for inter-office signaling. I know this is possibly getting away from the premise of being oldschool, but getting back to the whole thing about DMS-10s, someone I know is served out of one from an independent telco. Being the good sport that they are, they were nice enough to let me play with the dialout feature on their APMax voicemail, (why almost literally every independent DMS-10 has one of these boxes, I may never know. Though aside from that ridiculous voice they have, they're not bad) since they noticed it was a bit...off. Sure enough, there's a bunch of six digit codes that terminate straight to a 5ESS tandem - I think an operator service one a long ways away from the switch. Several seven digit codes leave you stuck on a completely different tandem switch - I think for local stuff. Anyway, one of my pseudo-long term projects has been trying to figure out what exactly this is going to, why, and if it can be used to make some odd things happen. I'm optimistic to say the least. I'm not going to tell you the phone network is extremely relevant to every part of everyone's life. With the FCC stuff going on right now (long story short, same culprits as the net neutrality mess, same characteristic 180 on previous policies/ignoring of all objecting input, even from the industry. PM me if you want more info on what's going on/who is challenging the decision; the forum really isn't the place for this), it could potentially be in problematic shape down the road. But what I will say is when you explain what phreaking is all about to anybody in any technical circle - even when you get into tiny dry details, people listen. You wouldn't necessarily know it by the forums, but the community is growing too; I routinely hear new voices on the conference, something we could barely pitch up for two hours with four people when it started. Now we're entering territory where five hours isn't unusual, and it occasionally gets too crowded to get a word in. Here's my personal take on it: as the decade progresses, we've been sliding into a period where the internet is increasingly compulsory for things like work, but also the platform for an increasingly narrow set of companies, an increasingly politicized medium, and increasingly less anonymous. When you tell people there's a worldwide network that's can still be anonymous, as challenging as it is detailed and unique, and free of much of the drama from current events, the ideas behind being an 31337 phr34kz0r start to make some sense. The more creating, the more exploring and above all, the more inspiring that can be done... well, it can't hurt.
  5. The old version of Redhat comes with the software; when you boot the Audix installer, it'll write that to the hard drive. All the software you need to get it going is on there.
  6. I know this is a little overdue, but for anybody not too familiar with Linux, installing Audix is pretty straightforward. Before you start whatever machine will be running this, make sure the rotary switch on the card is set to zero; this helps identify the card ID to the software. Apparently, this matters a little less with the Windows drivers. Anyway, after booting the install CD, it'll copy all the install packages and reboot the system. Once it's booted, you'll get a login prompt. Type root at it, and you should get a command line. At there, type: mkdir /mnt/cdrom mount /dev/cdrom /mnt/cdrom vi /vs/bin/start_vs_now (there will be a single line in this script that tries to verify the hard drive serial before allowing the system to start. Press 'i' to input data using the text editor, and then put a '#' in front of the command. This will comment out the command, making the system skip the step. Press escape when you're done, and then ':w'. It should say it wrote the file. ':q' will get you out of there. Finally, type: ./mnt/cdrom/autoinstall This should get everything off the ground. Once it's done installing, barring any Dialogic software conflicts, it should Just Work. Anything else can be administered from the web interface. As I said before though, keeping a machine like this exposed to anything near the open internet is likely an extreme liability. Anyway, typing 'dmesg | more' should give insight into any additional conflicts. Use space and enter to scroll down; all the Dialogic messages will be at the very end. Also, when the system boots, it'll attempt to check for loop current on the phone line. If it can't find it or just feels like being annoying, sometimes it'll put the line in a state where it's permanently offhook, and stop paying attention to it. To get it to behave, tell it to run a diagnostic on the line and it'll check again. To do this, you may have to busy it out (MANOOS) before testing, and release when you're through. One final note - for anybody thinking about a D/41EPCI (also called a D/41ESC-PCI) card - if you know you're only ever going to use it for Audix - and just this version, there's a slight chance you may be able to get it to work; the old Dialogic 5.x system releases support the card, and a lot of the other weird odds and ends like ISA cards. I found an E locally for like, five bucks, shrugged and picked it up. So far, the system seems to turn it's nose up at it (though it was a little beat up to be fair. There's definitely a component that'll have to be resoldered, and possibly a cut trace). The current releases, however, won't work with it, so the development potential (or just the not running it on a really old OS potential) for them is quite limited. According to random people on the internet, they're half duplex anyway, The long and the short of it though, is it's probably not worth the $3 or whatever you'll save. If you do have one however, you'll have to avoid the pre-written config files the Avaya people put on there. There'll be some utilities you can use in the /usr/dialogic/bin folder to write a new one for this specific card; I think mkcfg and config.sh . Make sure it writes it to the /usr/dialogic/avaya/cfg/ directory (the path may not be exact on that one; I'm not in front of Audix, and the system I ran it on for like, a day was quickly repurposed for ISDN things). EDIT: Sorry. The start_vs_now script is copied after the autoinstall script does it's thing. Do it after ./mnt/cdrom/autoinstall
  7. I've been doing some digging lately. Nothing too impressive quite yet; these appear to be the ranges where they keep mostly just recordings: 580-251 9199 - ACB via SS7 9198 - Business w/T1? Ported to MCIMetro, allows dialing "eleven digit extensions". 9197 - Ringout 9196 - Ringout 9195 - Ringout 9193 - Ringout 9191 - Ringout 9182 - Ringout 9181 - Ringout 9177 - Subscriber 9175 - Several rings, hangs up 9164 - Ringout 9162 - Business 9161 - Business w/PBX 9159 - Ringout 9144 - Anonymous call rejection off rec 9143 - rec, "We're sorry, your call cannot be completed from the phone you are using. This telephone number will only accept select incoming calls." 9142 - Same as 9139 9141 - Network difficulties rec 9140 - CBCAD/CAC error rec 9139 - Dialing LD CAC not necessary rec 9138 - LD CAC required rec 9137 - rec, Dialing 950 before CAC not necessary 9136 - rec, "We're sorry, this telephone line is currently arranged for local calls only. The number you have called is not a local call." 9135 - Weirdly split up rec, dial 950 before CAC 9134 - Weirdly split up rec, # cannot be reached from calling area 9133 - Weirdly split up rec, 911 reserved for future emergencies? 9132 - Network difficulties rec 9131 - Weirdly split up rec, ACB 9130 - Weirdly split up rec, CBCAD from the phone you are using 9129 - Coin deposit rec 9128 - rec, party doesn't accept calls from anonymous numbers 9127 - rec, "We're sorry, it is not necessary to dial the area code. On long distance calls, please dial 1 or 0 first, then the number." 9126 - rec, Dial 1/0 + NPA first 9125 - Dialing 1/0 not necessary rec 9124 - NIS rec 9123 - CBCAD rec 9122 - Permanent signal rec 9121 - YCDNGT rec 9120 - rec, *57 success, refers to 800-281-4088 9119 - Ringout 9118 - Ringout 9117 - rec, "We are sorry we are unable to complete your request for call return, auto-redial or call trace. The number you have dialed or attempted to trace is not available with these services, or has call forwarding activated." 9116 - rec, "We're sorry, your call forwarding and selective call forwarding features cannot be active at the same time. Please consult your instruction materials or the business office if you need more information." 9115 - rec, "Thank you. The number you are trying to reach is busy. If it becomes free in the next thirty minutes, you will receive a special ringback tone." 9114 - rec, "Thank you. Your call return or auto-redial requests have been cancelled." 9113 - Ringout 9112 - rec, "We're sorry, the party you are calling is not accepting calls at this time." 9111 - Ringout 9110 - rec, "We are sorry, the line you are using is not equipped for this service." 9109 - rec, "We're sorry, the line you are trying to reach has again become busy. You will need to reactivate your feature." 9108 - Reorder with weird pulsating noise over it 9107 - Reorder via distant end 9106 - Reorder via 5E 9105 - 105-type test 9102 - 102-type test 9101 - Ringout 9100 - 100-type test 410-256 9999 - Telco facility trouble rec 9998 - Network difficulties rec 9997 - LD CAC required rec 9996 - Same as 9999 9995 - rec, Dialing LD CAC not necessary 9994 - 105-type test 9993 - CBCAD/CAC error rec 9992 - Damaged 15A channel 9991 - rec, LD CAC must be preceeded by 950 9990 - CBCAD/check your instruction manual 9989 - ACB via SS7 9988 - Ringout 9987 - Silence, supes 9986 - Baltimore County Government centrex NIS rec 9985 - White Wash(?) Police Station centrex NIS rec 9984 - Ringout 9983 - rec, M2 - Equipment Location: 57 - Channel: 7, Spare Channel - Perry Hall 9982 - Ringout 9981 - rec, Miscellaneous Frame 2, Equipment Location: 57 - Channel: 6, Spare Channel - Perry Hall 9980 - rec, M-Frame 2, Equipment Location: 57, Channel 5, Perry Hall 9979 - Ringout 9978 - Silence to eventual reorder 9977 - Ringout 9976 - Ringout 9975 - NIS/directory assistance thing 9974 - Ringout 9973 - Ringout 9971 - Ringout 9970 - Coin deposit rec 9969 - Busy signal via 5ESS 9967 - Ringout, forward to weird AIS report for 888-468-0145 <-- This appears to be some sort of kluge; whatever plays this will respond to DTMF. My guess is it was an old NOC number or something. Toll-frees near it don't appear to go to anything related unfortunately. 9966 - CBCAD rec 9965 - Ringout 9964 - ACB via SS7 9963 - Ringout 9962 - Ringout 9961 - Ringout 9959 - Ringout 9958 - Ringout 9957 - rec, "The person you are calling is busy. Please stay on the line." 9956 - Reorder via distant end 9955 - Ringout 9954 - Ringout 9953 - Ringout 9952 - ACB via SS7 9951 - rec, "The person you are calling is busy. Please try your call again later." 9950 - Ringout 9949 - CBCAD rec 9948 - Anonymous call rejection service on rec 9947 - Anonymous call rejection service off rec 9946 - Ringout 9945 - Ringout 9944 - Busy signal via SS7 9943 - Calls w/privacy bits not accepted rec 9941 - Ringout 9940 - NIS/directory assistance thing 9939 - rec, "We're sorry, the number of the last incoming call is marked private, and cannot be returned using this service. Please hang up." 9938 - Ringout 9937 - Ringout 9936 - Ringout 9935 - Ringout 9934 - Ringout 9933 - Ringout 9931 - Ringout 9930 - Ringout 9929 - YCNDGT rec 9928 - Ringout 9927 - Permanent signal rec 9926 - Ringout 9925 - Ringout 9924 - Ringout 9923 - Dial 1 first rec 9922 - Dialing 1 not necessary rec 9920 - Ringout 9919 - Ringout 9918 - Ringout 9917 - Ringout 9915 - Ringout 9914 - Ringout 9913 - Silence? 9912 - Silence? 9911 - Ringout 9910 - ACB via SS7 9908 - Ringout 9907 - Ringout 9906 - Silence to reorder via SS7 9905 - Ringout 9904 - Busy via SS7 9903 - Ringout 9902 - Ringout 9901 - Ringout 9900 - Echo test? 301-390 9998 - YCDNGT rec 9995 - CBCAD rec 9994 - Reorder via SS7 9993 - Same as 9998 9992 - CBCAD rec 9991 - ACB via DMS-100/200 9987 - Echoey thingie? 9984 - Ringout 9982 - # cannot be reached from calling area rec 9981 - *66 fail rec - # marked private 9980 - CBCAD rec 9979 - rec, anonymous call rejection service on 9978 - rec, calls w/privacy bits not accepted 9976 - rec, anonymous call rejection service off 9975 - rec, "At this time, the party you have called is not taking calls." 9974 - rec, "We are sorry. We are unable to complete this request because the number you have called has become busy again." 9973 - rec, "You have just deactivated this feature." 9972 - rec, "This service cannot be activated because the telephone number is not in our serving area" 9971 - Repeat dial activation rec 9970 - *57 unavailable rec 9969 - rec, Dial NPA+7d for local Maryland calls 9968 - *57 success rec 9966 - LD CAC CBCAD rec 9965 - Network difficulties rec 9964 - ACB rec, unusual voice 9963 - CBCAD/CAC error rec 9962 - Dialing LD CAC not necessary rec 9961 - Dialing 950 before CAC not necessary rec 9960 - Dial 950 before CAC Rec 9959 - Same as 9964 9958 - Dial 1 first rec 9957 - Telco facility trouble rec 9956 - CBCAD from the phone you are using rec 9955 - Reorder via distant end 9954 - Permanent signal rec 9953 - YCDNGT rec 9952 - Coin deposit rec 9951 - ACB rec 9950 - CBCAD rec 9949 - Reorder via SS7 9948 - Reorder via SS7 9945 - ACB via SS7 9944 - Ringout 9939-9920 - Ported to CRC Communications, business w/wrbly Shoretel 9919 - Ringout 9918 - Ringout 9917 - Busy via SS7 9910 - Ringout 9900 - Forward to cell 360-373 0000 - Ringout 0001 - 105-type lookalike? 0002 - rec, "The number cannot be reached now. Please hang up and try again later." 0003 - ACB rec 0004 - CBCAD from the phone you are using rec 0005 - Ringout 0006 - AIS report, # in service 0007 - Ringout 0008 - rec, dial 10d for local 0009 - Ringout 0010 - ACB via SS7 0011 - Busy via ? 0012 - rec, LD company experiencing temporary service problem 0014 - Reorder via ? 0015 - Modem 0016 - NIS rec 0017 - Ringout 0018 - Reorder via distant DMS-100 0019 - Same as 0018 0020 - 100-type test 0021 - Permanent signal rec 0022 - Ringout 0023 - YCDNGT rec 0024 - CBCAD rec 0025 - 102-type test 0026 - rec, Dialing 1 not necessary 0027 - Dial 1 first rec 0028 - Coin deposit rec 0029 - CBCAD/call the business office for assistance rec 0030 - 105-type test 0031 - Repeat dial line busy rec 0032 - 100-type test 0033 - Network difficulties rec 0034 - Reorder via distant end 0035 - CBCAD w/access code dialed rec 0036 - Same as 0018 0037 - Ringout 0041 - Telco facility trouble rec 0042 - LD CAC required rec 0043 - Ringout 0044 - Ringout 0047 - Ringout 0048 - Ringout 0051 - rec, "You have reached the Bremerton DS0" 0053 - 102-type test 0059 - Subscriber, ported to Astound Broadband 0062 - Ringout 0066 - Ringout 0067 - Subscriber w/Panasonic AM (left off here; too many subscribers)
  8. That's probably coming from whatever network you used to connect; some DMSes like to send an all circuits busy cause code after they play their announcements. I haven't done this on the ex-LCI network Centurylink runs in a while, but iirc, they use MCI to terminate into Canada. 503-802-0086 - Integra Telecom NOC 0204 - DMS-100 DISA dislatone 310-581-0005,0006 - GTE thingie? Picks up and plays fourth column DTMF.
  9. It reminded me of the guy who used to be on the Atlanta airport train recordings up until quite recently, actually. It was fairly new, relatively speaking (~2000 or so?), but the voiceover guy tried to go for a oldschool, mid-20th century radio style of announcing. 206-973-5010 - Skeevy sounding psychic line 206-973-5025 - Login prompt for said skeevy sounding psychic line 402-376-0012 - Low speed modem (2400/- bps) AXE-10s seem to always have these weird, off-frequency tones just lying around. If you bothered to call the modems, you'll notice the ring is kinda off-frequency too: 402-376-0025 - Weird tone 402-376-0026 - Other weird tone 402-376-0000 - I can never figure out what this is; all Qwest AXE-10s have them. Notice there's a burst of ring that's more than likely not coming from the AXE-10. Not sure about that reorder. Maybe it's waiting for digits in that whitespace? 402-376-0065 - Coin deposit recording with a *lot* of reverb. I dunno why, but this made me laugh. 402-376-0085 - Modem
  10. If I remember right, this was taken at Defcon around the turn of the decade or so. Someone was playing it on the bridge, so I don't have a solid reference for where it's from. Keep in mind even that can be a problem sometimes: 304-720-9915, 863-297-9998, 707-262-0086.
  11. I'd consider options other than waiting for a call for assistance for the moment. Sorry. For a lot of reasons, including being in northern Calfornia for those wildfires last week (evacuating tends not to be fun. Not so much because of the impending doom, but because of the obligatory people driving like absolute retards you see in disasters, and having to take a long car trip when you're least in the mood for one), I've had an unusual amount of things to deal with recently. If you want to hop on the bridge one night though, that might be a good way to look into this.
  12. The N4Es specifically have media gateways, so they could just use existing TDM trunks. I don't know what they're run over, but with things that are very clearly running over IP like the 4E-APS redesigns (notice in areas like Los Angeles and New York, the 800-223-1104 ANAC has a different voice. They don't seem to be actively adding these at the moment), I just sorta assume they're at least reachable on the public internet. Occasionally they'll have the sort of staggering packet loss that would imply a bunch of people trying to attack it or something.
  13. The problem with WarVox and a lot of those other programs is it follows the mentality of people who equate this sort of dialing with a relatively menial practice, like nmapping but for phone calls (which to be fair, isn't to say that's not the case in some places. Learning to anticipate when you're going to be left with two wasted hours and a couple milliwatts is an important part of this), and are relatively inexperienced with phone networks to boot. For example, there's a video somewhere of the Warvox developer in particular getting a dialtone from some sketchy route his voip provider used, and mistaking it for something actually coming from what he was trying to call. Anyway, when you get rid of the tediousness of disconnected numbers and subscribers, it's a really enjoyable practice that helps you learn way more about the network than anything else; sort of like a huge improv exercise. Techniques like identifying switches based on the ringback sample they use never would've become a thing if there weren't people practicing hand scanning. There's also a fair number of things that automated analysis will very frequently miss. So the idea behind all this is to keep a level of automated detection for the purposes of indexing; so people know where to look and if they're in a mood for a particular sort of thing, finding them a range that has a lot of it. But also, ultimately, letting a caller be the ultimate judge of what's on the other end, and giving them maximum exposure to the network. So essentially to take the monotony out, keep all the good parts, and organize it in a way that works with a minimal amount of free time. Or to put it simply, I'm kinda tired of half the some numbers posts being mine .
  14. For anybody else interested in ASA, here's a copy: http://www87.zippyshare.com/v/5KLQq8cL/file.html https://openload.co/f/Vmg1F004bdM/siteadmin.zip I think the command to grab the translations from the Definity to a computer is 'upload translations'. I'm honestly a little confused; I've never seen it barf out something blank like that before. If you could try again, that'd be great; there's a checksum for like every block in the xmodem protocol, so there's no chance of it uploading something it shouldn't. Well, not without Hyperterminal (or the Definity) raising a huge stink anyway. No worries! It might be a while before I can get a normal machine to run this with (the machine that currently runs my Dialogic code gets pretty frequent use right now, and being headless, it's hardly a normal install case) though, so let me know if you want me to just help you remotely for now. I know enough by memory to get it working for that and improvise the rest. For starts, you'll need a Dialogic card. This is the particular model I have. It's cheap and works with normal POTS stations. Occasionally you'll see them go for a little cheaper on eBay, but this is pretty good: http://www.ebay.com/itm/D41JCTLSW-Dialogic-4-Port-Analog-Loop-Start-PCI-SP-Voice-Interface-Card-/272816283916?epid=1656832384&hash=item3f851e210c:g:K98AAOSw4DJYf22m . It's about a foot long, so finding a machine it physically fits in (most off the shelf ATX machines will do) is going to be your biggest bottleneck. Any Pentium 3 (or later 2)-era thrift store/yard sale/dumpster machine with 256 or so MB RAM will run the software perfectly fine. After booting the install CD, keep in mind it'll overwrite your hard disk without asking too. Once it boots, you may need to set the root password and start up an SSH server (beware that leaving any system running a Linux distro this old on the public internet is an extreme liability. Since it was convenient, I was using a dial-up modem to run mine for a while) before installing the Audix software packages. If you need any help with that, just let me know. That's right; the formatting stuff the Definity spits out with the dump isn't part of what's in RAM. But by pasting all that in a hex editor, you're converting ASCII to hex data, though. The RAM location with the passwords changes with each build. My way of figuring out where is to just search for the string 'inads' until I find what looks like passwords. From the TCM shell (which I *think* exists in release 6. At least, there's a TCM process. I don't think you can type 'go tcm' until 7 or 8 though), you can get a fairly solid example from the Definity itself of what the location with passwords looks like: That's a good question - I don't think the keys are necessarily in the RAM, but the program that validates them definitely is. I honestly don't have any idea how to do it. EDIT: Here's some cheaper Dialogic cards. Like I said, they go for peanuts: http://www.ebay.com/itm/Dialogic-D-41JCT-LS-4-port-Combined-Media-Board-Voice-Interface-Card-/263201498830?epid=86074960&hash=item3d480826ce:g:AZoAAOSwZr9ZtxdD http://www.ebay.com/itm/DIALOGIC-4-PORT-ANALOG-VOICE-FAX-COMBINED-MEDIA-BOARD-D-41JCT-LS-/162099670042?epid=86074960&hash=item25bde4ac1a:g:PVIAAOSwbwlXCsoz http://www.ebay.com/itm/Dialogic-D-41JCT-LS-Combined-Media-Board-Voice-Interface-Card-/332385891932?epid=86074960&hash=item4d63be365c:g:sm4AAOSwo4pYCRGh It's a little strange; these go for like, $5,000 brand new, and some of them weren't even opened. From the auction descriptions, it sounds like some people are mistaking these for dial-up modems. If you're willing to go through the trouble to develop software for them, it's a ridiculously good deal. There's also another card you can occasionally find that's smaller and should be runnable using the same API. I haven't tested it, but if anybody wants to give it a try, here's one: http://www.ebay.com/itm/DIALOGIC-D-4PCIU-D4PCIUFW-44-0053-02-4-PORT-VOICE-FAS-MEDIA-PCI-E-CARD-/272741298914?epid=80086610&hash=item3f80a5f2e2:g:bPQAAOSwnK9ZVTr0
  15. So today, I was thinking about a few people I'd talked to recently - they told me they were into the idea of scanning, but because of their lack of free time/direction, it was hard to find space in their lives for this sort of thing. So I was thinking; should I build a thing with my Dialogic box that automatically dials ranges that look potentially fun, and let people review the recordings/manually make a description of what's actually on the line? There could be a rough level of signal detection using the DSP; enough to let you search by what you'd like to see most; whether it be recordings, VMBs, modems or dialtones or whatever, and let you select by region or operating company. Maybe some more powerful signal detection could be tacked on at a later point that could recognize certain manufacturers or switch types. This would be a pretty significant undertaking, so I'd like to know if anybody is interested before I actually do this. If you don't actively scan and would like to, would this help turn the tide for you a little?