Dial Tone

caller ID spoofing: how to?

7 posts in this topic

So I've been looking into caller ID spoofing.

Now it seems I have three options, none of which meet all my needs.

First is the orange box (IE http://artofhacking.com/files/OB-FAQ.HTM). This is of limited use since the caller ID cannot be spoofed until the person picks up the phone. Also it doesn't work if the target is on a cellular network. The link has more technical details.

Next is the vermilion box. It solves the issue of needing to have the target pick up, but adds another hurdle: you need physical access so you can clip in (it's basically an orange box to do the caller ID tones, a magenta box to emulate the ring, and a beige box to hook into the victim's line: http://artofhacking.com/files/vermbox.htm)

Finally there's spoofcard, which is just a phone card that adds the ability to specify your phone number:

SpoofCard offers the ability to change what someone sees on their caller ID display when they receive a phone call. Simply dial SpoofCard's toll free number or local access number in your country and then enter your PIN. You'll then be prompted to enter the destination number followed by the phone number to appear on caller ID. It's that easy!

Now, I'm a bit stuck. The first two options add too many problems... the orange box doesn't really allow for SE, and the vermilion box requires physical access, which is not always feasible. The spoof card in a option, but I'd rather use an open source / self made solution, both for financial reasons and so I can learn what's going on behind the scenes (rather than just entering some info and having some company do the legwork)

I suspect there must be some other way to completely fake caller ID? I've heard mentions of using Asterisk and VOIP, but nothing concrete has turned up. My background is mostly network security/cryptography, I'll admit my phreaking knowledge is a bit lacking. Does anyone know the basics of how something like this would work?

0

Share this post


Link to post
Share on other sites

If you want to use Asterisk, this post explains how to make a diverter, and I'm sure there are other posts here that flat how explain how to set it up for spoofing.

Otherwise, use Spoofcard. The Orange box and Vermilion Box are relatively useless, albeit inventive.

2

Share this post


Link to post
Share on other sites

If you want to use Asterisk, this post explains how to make a diverter, and I'm sure there are other posts here that flat how explain how to set it up for spoofing.

Otherwise, use Spoofcard. The Orange box and Vermilion Box are relatively useless, albeit inventive.

Ah, just having a name for what I want to do will make research much easier. I'm willing to bet if there's not a post here doing this, there will be somewhere on google. Thanks.

0

Share this post


Link to post
Share on other sites

I'm just going to add a couple things. The Orange Box isn't true Caller-ID spoofing. It's simply software that produces the same (audio) data that gets sent to a Caller-ID device over the telephone network. True Caller-ID spoofing changes the Calling Party Number (CPN) that gets sent from the switch, which is what Caller-ID is derived from. This allows the Caller-ID to display whatever you wish before the party answers the call.

Also, Spoofcard itself uses VoIP and the Asterisk PBX. It's just been programmed for commercial use to consumers in a calling card format. As legitimate as all of this is, common sense will tell you not to use Caller-ID spoofing for illegitimate purposes. Take extra care with Spoofcard too, because the company has been through a lot of controversy and abuse...

Edited by Royal
1

Share this post


Link to post
Share on other sites

I'm just going to add a couple things. The Orange Box isn't true Caller-ID spoofing. It's simply software that produces the same (audio) data that gets sent to a Caller-ID device over the telephone network.

:D I first met Royal when he Orange Boxed me on the Beehive Bridge. Fear! After that, when I finally got to talk to him, he started saying some shit about the Boston Raven... I was like, who's this partyline jerk??

0

Share this post


Link to post
Share on other sites

BTW, the diverter question the other day inspired me to write a blog post at Antilimit about how to create some of the more basic telco maintenance services in Asterisk. It's about half-way down the page.

http://www.antilimit.net/

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now