p0d

Jesus Christ guys I need some help/info

9 posts in this topic

Where the hell can I get some good docs? Simple as that, I don't want to be spoon-fed, I just need a compass (so to speak) that points in the right direction. It's all so clandestine (or at least to me it is), a million different acronyms and colloquialisms, and no reliable text or dox, I mean damn... I'm getting the to think that pretty much everything that is known/learned in this area is from perilous experimentation. Not that I have a problem with that, but as a total and complete noob, it is a little overwhelming, and at times, downright frightening.

I have been on a tyraid looking for info for about a year now... and I am not much farther than where I was 12 months ago. (Well, I know a shit ton about electronics now but I have not applied it).

Bottom line I am not making much headway and I would really like some insider tips.

Basically, here's what I would like to know:

Interesting places to look

How to NOT get busted

Some docs, fairly recent, on 5ESS and DMS-100 or DMS-10

How to tell what kind of switch I am on when dialing a # (that's porlly more to do with experiance)

How calls are handled and processed and how to manipulate that (to some extent)

What NOT to do, what NOT to ask for

I'm sorry if that is a tall order.

Maybe it should go into newbie HQ but what'evs... I do not want the key to the kingdom... I do not even want the map, just some paper and pencil would be nice. ;-)

0

Share this post


Link to post
Share on other sites

Try http://textfiles.com/

Also, you may want to structure your request more like this:

Hi, where would be a good place to find good hacking related documents? I don’t want straight tutorials, I actually enjoy learning, but I’m not sure where to look. I’m particularly have troubles with the acronyms and vernacular. I’ve learned a lot through experimentation but there are some specific things I’m interested in.

How to avoid getting in trouble with the law and good Ethical Practices to follow

Recent information on 5ESS and DMS-100 (or DMS-10)

How to determine switch variety (although that probably comes with experience)

The handling and processing of telephony calls

I'm sorry if it sounds like I’m demanding information, I’m just unsure where to look.

0

Share this post


Link to post
Share on other sites

OK, I understand that it can be daunting to read through dozens of pages of text files from the 1980's only to find that most of the information is so outdated as to be obsolete.

First off the Acronyms. There are hundreds of them. Here is a bit of a glossary:

http://www.virtualpbx.com/support/telco-acronyms.asp#A

Here is a dictionary of telephone terminology:

http://glossary.setel.com/index.php?a=list...mp;p=1&w1=1

As for determining what switch you are on, it varries depending on where you are, but here in NY I'm in Verizon territory, and there is a surefire way to check that. I just dial NPA-NXX-9901. For instance 845-452-9901 will get you a recording with a woman stating: "Poughkeepsie 5ESS". Some of these numbers will also state what other exchanges are served by that switch. Another way to determine what type of switch an exchange is on would be to do a number lookup on Bells Mind: http://www.bellsmind.net/net.bellsmind.fro...d/frontend.html

I also use this site: http://www.quentinsagerconsulting.com/util...ennd_online.php

It gives more information including the address of the central office or switch. I also find that the info is more recent.

For recent information I enjoy many of the text file at Old School Phreak: http://www.oldskoolphreak.com/tfiles/

Also:

http://www.dualisanoob.com/phreak/

http://www.phreaksandgeeks.com/

As for Switch information:

DMS-100:

http://callpath.genesyslab.com/docs62/html...ms/GALL6M07.HTM

http://ieeexplore.ieee.org/iel5/8159/23929/01094797.pdf

DMS-10:

http://www.stromcarlson.com/docs/dms10/nn105362-091603.pdf

5ESS:

http://www.artofhacking.com/tucops/phreak/GENERAL/5ESS.PDF

http://qwest.ettp.net/reference/Fuhitsu%20...ser%20Guide.pdf

http://stage-project.jp/kanri/data/ronbun/20080402100107.pdf

http://www.dualisanoob.com/phreak/articles...escriptions.pdf

Also looking into the Asterisk PBX, or Freeswitch may be a good way to begin learning about VoIP, the new frontier of phreaking.

http://10nix.hackervoice.co.uk

Edited by 10nix
0

Share this post


Link to post
Share on other sites
Interesting places to look

I guess it all just depends on what you're looking for. If you're looking for interesting switches, I guess the best thing to do first would be to hit your local network. There's usually some oddity or whatnot in there, and it's only, say, a ten minute drive, or a walk across the street to see it firsthand. Some of the most interesting things I've found have been just by going to telcodata.us, doing an NPA lookup, and browsing through the exchanges.

If you want to scan, here's a few good places to start off looking;

Oregon - 00xx

Washington - 00xx

California - 00xx

Mid-Western Qwest territory - 99xx, but don't be sure about it

GTE territory - 00xx

DC/Maryland/Northern Virginia - 99xx

Delaware - 00xx

New York - 99xx

AT&T Connecticut - 09xx

Pennsylvania - 00xx

If you're looking to find test numbers in an independent, the best place to look is actually their website. On it, they'll usually list a number for voicemail access, or remote call forwarding, or something like that. Let's say the number for voicemail is 217-555-1214. So you look around 12xx, and half the time, lo and behold, the numbers wil be sitting there waiting for you! If all else fails, try the 10xx and 11xx range. For some reason, a lot of independents I find seem to like them.

How to NOT get busted

In short, just don't be stupid. If you're going to be trying to break into someone's voicemail box, don't try more then eight times without at least diverting, toll-free or not. Extenders are fun, but if you find one, don't abuse it. Just use common sense when you're dealing with things.

How to tell what kind of switch I am on when dialing a # (that's porlly more to do with experiance)

It's best just to start by looking your switch type up on a lookup site, and getting a feel for it sounds and reacts, I think. Check some of my old posts on telling switches apart by ring, and if you dig back, some of the different ways switches act. Listen to Strom Carlson's socal trips, too, he covers a few basic ways to tell the difference between switches.

http://stromcarlson.com/audio/socal-04-2004-part1.mp3

http://stromcarlson.com/audio/socal-04-2004-part2.mp3

How calls are handled and processed and how to manipulate that (to some extent)

Call routings is a pretty complex topic, I really don't know how to explain that one best :/ . I guess one way is to know what your tandem recordings sound like. In Massacheusetts, the New York Telephone tandems will have a recording ID of 128-Ax, and I think Verizon Long Distance tandems will have IDs of CM-0xx.

0

Share this post


Link to post
Share on other sites

Wow, thanks for info guys... I thought for a bit I was going to get flamed into haites. Please, if other people want to add stuff continue to post!

Thanks a bushel.

--p0d

0

Share this post


Link to post
Share on other sites

May I recommend the old Bell System "Notes on Distance Dialing"? This book gives a fairly readable overview of the toll network as it existed back in the 50s-80s. Lots of the information is obsolete, but it gives a good overview of some of the basis for the phreaking movement. Lots of the information still applies to this day.

Copies of several editions at:

http://www.historyofphonephreaking.org/docs.php

Edited by df99
0

Share this post


Link to post
Share on other sites
How calls are handled and processed

You could always start here:

SS7 Tutorial used by for training:

http://www.mediafire.com/?kytcsmtjrgy

And For TEH LuLz:

This is a list of supported SS7 messages commonly seen

when monitoring SS7 call processing or maintenance

events on the SS7 network.

#######ISUP Capability Related Messages########

IAM - Initial Address Message. This message is sent by a

switch to seize a trunk to setup a new call. It contains all

of the necessary information required for the receiving

switch to process, route and bill the call.

COT - Continuity Message. This message is sent in the

forward direction at the end of a per call continuity

test or when the continuity test timer expires. Used to

report the results.

ACM - Address Complete. This message is sent in the backward

direction as a response to an IAM. This is an acknowledgment

that the call address information has been received and

is being processed.

ANM - Answer Message. This message is sent in the backward

direction whenever the called party answers the call or

goes off hook.

CPG - Call Progress Message. This message is sent in the

backward or forward direction and is used to pass

information about call processing events to the originating

or terminating agencies.

CRM - Circuit Reservation Message. This message is sent

in the forward direction to reserve a circuit and initiate

any required continuity test. It is used only when

inerworking (inband trunks) are encountered on the

call path.

CRA - Circuit Reservation Acknowledge. This message

acknowledges a CRM.

EXM - Exit Message. This message is sent in the backward direction

by an access tandem to indicate that the call setup information

has successfully progressed to another network. Not supported

by MCI long distance switches.

FAR - Facility Request Message. This message is sent by

an ACD switch only to a bridging switch to initiate

Release Line Trunk Capability.

FAA - Facility Accept Message. This message is sent only

by a bridging switch and indicates acceptance of a previously

sent FAR. This message indicates successful performance

of the bridging function or retranslation.

FRJ - Facility Reject Message. Sent only by a bridging

switch to indicate the occurrence of certain conditions

which prevented the bridging function to take place.

PAM - Pass Along Message. A message sent in either direction

to transfer information between two signalling points along

the same signalling path as that used to establish a physical

connection between those points.

REL - Release Message. This message functions to disconnect

or tear down a call.

RES - Resume. This message is sent in the backward direction

to indicate the called party has reconnected. The RES informs

the network that a call that was suspended (SUS) has resumed.

RLC - Release Complete. This message serves to acknowledge

that a call has been successfully released and all trunks

or call processing functions involved in the call have been

idled.

SUS - Suspend Message. This message is sent in the backward

direction when a called party hangs up before the call is released.

#######ISUP Non-Capability Related Messages#########

BLO - Blocking message. Used to block transmission of calls

on a specific circuit as identified by the CIC code.

BLA - Blocking acknowledge. Acknowledgment to a BLO message.

CCR - Continuity Check Request. This is sent to a distant

end switch to request a loop for a continuity check (COT test).

It can be generated either manually or automatically after a per

call COT test failure

CVT - Circuit Validation Test. A manually initiated message

that is sent to request info regarding distant end parameters

such as glare control method and matching, carrier alarming,

cot test method and CLLI.

CVR - This is the response to the CVT. The CVR contains

the information described in the CVT description above.

CQM - Circuit Query Message. Sent to request the state of

a single circuit or group of circuits.

CQR - Circuit Query Response. Sent as the response to a

CQM. The response will have a circuit state indicator.

CGB - Circuit Group Block. Used to block transmission of calls

on a group of trunks (such as a span). The group is identified

by starting CIC + number of trunks. Must be sent twice to block

the trunks.

CGBA - Circuit Group Block Acknowledge. This is an

acknowledgment to the CGB.

CGBU - Circuit Group UN-Block. Used to un-block a group

of trunks (such as a span). The group is identified

by starting CIC + number of trunks.

CGBUA - Circuit Group Un-Block Acknowledge. This is an

acknowledgment to the CGBU.

GRS - Circuit Group Reset Message. Sent to reset a group of

circuits for which the status is not known or confused. This

may occur where an unexpected message or event occurs. This

resets the group of circuits to an idle condition.

GRA - Circuit Group Reset Acknowledgment Message. Sent

to acknowledge the GRS.

LPA - Loop Acknowledge. This is sent in response to a CCR

message to inform the originator of the CCR message that a loop

has been connected.

RSC - Reset Circuit Message. Sent to reset a circuit for

which the status is not known or confused. This may occur

where an unexpected message or event occurs. This resets

the circuit to an idle condition.

UBL - Unblocking message. Used to unblock trunks to allow

transmission of calls on a specific circuit as identified

by the CIC code.

UBA - Unblocking acknowledge. Acknowledgment to a UBL message.

UCIC - Unequipped Circuit Identification Code. This message

is sent as a response when a message is sent with a Circuit

Identification Code that is not equipped.

Edited by 10nix
0

Share this post


Link to post
Share on other sites

what the heck? people are still interested in becoming "phone phreaks?" amazing! fraud on the telephone system! that's leet.

if you care, reply here about the status of your search, please. i'm interested to talk to you, if youre interested.

0

Share this post


Link to post
Share on other sites
what the heck? people are still interested in becoming "phone phreaks?" amazing! fraud on the telephone system! that's leet.

if you care, reply here about the status of your search, please. i'm interested to talk to you, if youre interested.

Dude you got me all wrong... phones have fascinated me for a long time now; I am finally getting into it and understanding it.

I have an unshakable creed: I cannot use that which I do not understand to its fullest capacity.

I have to bend the rules quite a bit, but I still believe in it.

PS: HOW DOES A HACK GIBSON?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now