Blue box: Difference between revisions
Content deleted Content added
ClueBot NG (talk | contribs) m Reverting possible vandalism by 204.10.219.33 to version by Hello71. False positive? Report it. Thanks, ClueBot NG. (1238689) (Bot) |
←Replaced content with 'Blue Box was a creative idea by Mr.Ankur (Lal),but unfortunately it was captured by some other MNC. Better luck next time buddy,think creative be smart :vic...' Tag: blanking |
||
| Line 1: | Line 1: | ||
Blue Box was a creative idea by Mr.Ankur (Lal),but unfortunately it was captured by some other MNC. |
|||
{{about|the phone phreaking tool}} |
|||
{{Multiple issues|confusing = October 2011|more footnotes = December 2009|refimprove = December 2007}} |
|||
Better luck next time buddy,think creative be smart :vice-versa . |
|||
[[Image:Blue Box in museum.jpg|right|thumb|280px|The blue box built by [[Steve Wozniak]], on display at the [[Computer History Museum]], gift of [[Rick Prelinger]]]] |
|||
A '''blue box''' is an unauthorized [[electronics|electronic device]] that generates the same tones employed by a [[telephone operator]]'s dialing console to switch long-distance calls. <ref name="sterling">{{cite book |title=[[The Hacker Crackdown]] |first=Bruce |last=Sterling |authorlink=Bruce Sterling |chapter=2 }}</ref> A blue box is a tool that emerged in the 1960s and 70s, it allowed users to route their own calls by emulating the [[in-band signaling]] mechanism that then controlled switching in long distance dialing systems. The most typical use of a blue box was to place free telephone calls. A related device, the [[Black box (phreaking)|black box]] enabled one to receive calls which were free to the caller. The blue box no longer works in most western nations, as modern [[telephone exchange|switching systems]] are now digital and do not use in-band signaling. Instead, signaling occurs on an [[out-of-band signaling|out-of-band]] channel which cannot be accessed from the line the caller is using, a system called [[Common Channel Interoffice Signaling]] or CCIS. |
|||
==History== |
|||
{{Listen|filename=2600 Hz.ogg|title=2600 Hz|description=A tone of 2600 Hz ('''LOUD''')|format=[[Ogg]]}} |
|||
In November, 1954, the ''[[Bell System Technical Journal]]'' published an article which described the process used for routing telephone calls over [[Trunking|trunk lines]] with the then-current signaling system, R1.<ref>{{Citation |last=Weaver |first=A. |last2=Newell |first2=N. A. |title=In-Band Single-Frequency Signaling|journal=Bell System Technical Journal |volume= |issue= |pages= |url=http://www.historyofphonephreaking.com/docs/weaver1954.pdf }}.</ref> The article described the basics of the inter-office trunking system and the signalling used. This, while handy, could not be used in and of itself, as the frequencies used for the [[Multi-frequency|Multi-Frequency]], or "MF", tones were not published in this article. |
|||
In November, 1960, the other half of the equation was revealed by the Bell System Technical Journal: another article titled "Signaling Systems for Control of Telephone Switching" was published containing the [[frequency|frequencies]] used for the digits that were used for the actual routing codes <ref>{{Citation |last=Breen|first=C.|last2=Dahlbom|first2=C. A.|title=Signaling Systems for Control of Telephone Switching|journal=Bell System Technical Journal|volume=XXXIX|issue=6|pages=1381–1444|url=http://www.historyofphonephreaking.org/docs/breen1960.pdf}}.</ref> With these two items of information, the phone system was at the disposal of anyone with a cursory knowledge of electronics. Once Bell realized what they had done, company representatives visited most college campuses and physically cut out the pages that had the tone frequencies, but the information had already been made public and the error was irreversible. |
|||
However, contrary to numerous stories, before finding the articles in the Bell System Technical Journal it was discovered by many, some very unintentionally and to their annoyance, that a 2600 Hz tone, used by [[AT&T]] as a steady [[Signaling (telecommunication)|signal]] to mark currently unused [[Long distance calling|long-distance]] [[telephone line]]s, or "[[trunk line]]s", would reset those lines. [[Joybubbles|Joe Engressia]] (known as Joybubbles) accidentally discovered it at the age of 7 by [[whistle|whistling]] (with his mouth).<ref name="price">{{Citation |first=David |last=Price |url=http://www.counterpunch.org/price06302008.html |title=Blind Whistling Phreaks and the FBI's Historical Reliance on Phone Tap Criminality |work=[[CounterPunch]] |date=June 30, 2008 }}.</ref> He and other famous [[phone phreak]]s such as "[[Bill from New York]]" and "The Glitch", trained themselves to whistle 2600 Hz to reset a trunk line. They also learned how to route phone calls by causing trunks to flash in certain patterns. At one point in the 1960s, packets of the [[Cap'n Crunch]] [[breakfast cereal]] included a free gift: a small whistle that (by coincidence) generated a 2600 Hz tone when one of the whistle's two holes was covered. The [[phreaker]] [[John Draper]] adopted his [[nickname]] "Captain Crunch" from this whistle. Others would utilize exotic birds such as canaries which are able to hit the 2600 Hz tone to the same effect. |
|||
With the ability to blue box, what was once individuals exploring the telephone network started to develop into a whole sub-culture. Famous phone phreaks such as [[John Draper|John "Captain Crunch" Draper]], [[Mark Bernay]], and [[Al Bernay]] used blue boxes to explore the various 'hidden codes' that were not dialable from a regular phone line. |
|||
Some of the more famous pranksters were [[Steve Wozniak]] and [[Steve Jobs]], founders of [[Apple Computer]]. On one occasion Wozniak dialed [[Vatican City]] and identified himself as [[Henry Kissinger]] (imitating Kissinger's German accent) and asked to speak to the [[Pope]] (who was sleeping at the time).<ref name="iwoz">{{Citation |last=Wozniak |first=S. G. |last2=Smith |first2=G. |year=2006 |title=[[iWoz|iWoz: From Computer Geek to Cult Icon: How I Invented the Personal Computer, Co-Founded Apple, and Had Fun Doing It]] |location=New York |publisher=[[W. W. Norton & Company]] |isbn=0-393-06143-4 }}.</ref> |
|||
Blue boxes were primarily the domain of "pranksters" and "explorers"{{citation needed|date=October 2011}}, but others used blue boxes solely to make free phone calls. They were also popular with drug dealers and other criminals, because calls were not only free, but were virtually impossible to trace with the technology available at the time. |
|||
Blue boxing hit the mainstream media when an article by [[Ron Rosenbaum]] titled ''Secrets of the Little Blue Box'' was published in the October 1971 issue of ''[[Esquire (magazine)|Esquire]]'' magazine.<ref name="price"/> Suddenly, many more people wanted to get into the [[phone phreaking]] culture spawned by the blue box, and it furthered the fame of [[John Draper|Captain Crunch]] and groups, like the [[Legion of Doom (hacking)|Legion of Doom]]. CQ Magazine also published details on phone phreaking, including the tone frequencies and several working blue box schematics in 1974. |
|||
In November 1988, the [[CCITT]] (now known as [[ITU-T]]) published recommendation Q.140, which goes over [[Signaling System No. 5]]'s international functions, once again giving away the 'secret' frequencies of the system. This caused a resurgence of blue boxing incidents with a new generation.{{Citation needed|date=July 2008}} |
|||
During the early 1990s, blue boxing became popular with the international [[warez scene]], especially in Europe. Software was made to facilitate blue boxing using a computer to generate the signalling tones and play them into the phone. For the PC there were [[BlueBEEP]], TLO, and others, and blue boxes for other platforms such as [[Amiga]] were available as well. |
|||
In the 1970s and 80s some trunks were modified to filter out [[Single-frequency signaling|SF tone]] arriving from a caller. The death of blueboxing came in the mid to late 1990s when telcos, becoming aware of the problem, eventually moved to [[out-of-band signaling]] systems with separate data and signalling channels (such as [[Common Channel Interoffice Signaling|CCIS]] and [[Signaling System 7|SS7]]). These systems separated the voice and signaling [[Channel (communications)|channel]]s, making it impossible to generate these signals from an ordinary phone line. It is rumored that some international trunks still utilize in-band signaling and are susceptible to tones, although often it's 2600+2400 Hz then 2400 Hz to seize. Sometimes the initial tone is a composition of three frequencies. A given country may have inband signalling on trunks from a specific country but not others. |
|||
==Operation== |
|||
The operation of a blue box is simple: First, the user places a [[long distance telephone call]], usually to an 800 number or some other non-supervising phone number. For the most part, anything going beyond 50 miles would go over a trunk type susceptible to this technique. |
|||
When the call starts to ring, the caller uses the blue box to send a [[Media:Tone 2600Hz.ogg|2600 Hz]] tone (or 2600+2400 Hz on many international trunks followed by a 2400 Hz tone). The 2600 Hz is a supervisory signal, because it indicates the status of a trunk; on hook (tone) or off-hook (no tone). By playing this tone, you are convincing the far end of the connection that you've hung up and it should wait. When the tone stops, the trunk will go off-hook and on-hook (known as a ''supervision flash''), making a "Ka-Cheep" noise, followed by silence. This is the far end of the connection signalling to the near end that it is now waiting for routing digits. |
|||
Once the far end sends the supervision flash, the user would use the blue box to dial a "Key Pulse" or "KP", the tone that starts a routing digit sequence, followed by either a telephone number or one of the numerous special codes that were used internally by the telephone company, then finished up with a "Start" or "ST" tone. At this point, the far end of the connection would route the call the way you told it, while the users end would think you were still ringing at the original number. KP1 is generally used for domestic dialing where KP2 would be for international calls. |
|||
The blue box consisted of a set of [[audio oscillators]], a [[telephone keypad]], an [[audio amplifier]] and [[Loudspeaker|speaker]]. Its use relied, like much of the [[telephone hacking]] methodology of the time, on the use of a constant tone of 2600 [[Hz]] to indicate an unused [[telephone line]]. A free long distance telephone call (such as the [[information operator]] from another [[area code]]) was made using a regular telephone, and when the line was connected, a 2600 Hz tone from the blue box was fed into the mouthpiece of the telephone, causing the operator to be disconnected and a free long distance line to be available to the blue box user. The keyboard was then used to place the desired call, using [[touch tone frequencies]] specific for [[telephone operators]]. These frequencies are different from the normal touch tone frequencies used by telephone subscribers, which is why the telephone keypad could not be used and the blue box was necessary. |
|||
Development and use of the blue box was largely enabled by [[Bell Telephone Company|Bell Telephone]]'s policy of publishing all technical documentation regarding its equipment. In response to the development of this and other means of telephone hacking, the company began to develop other means of securing its system, [[security through obscurity|without publicly disclosing the details]]{{Citation needed|date=April 2009}}. These included modifying telephone central offices to listen for the 2600 Hz tone coming from a subscriber telephone. This, plus the investigation and prosecution of several [[Hacker (computer security)|hackers]] by the [[FBI]], finally made the blue box and other phreaking equipment obsolete. The hacking community evolved into other endeavors, however, and there currently exists a commercially published hacking magazine, titled ''[[2600: The Hacker Quarterly|2600]]'', a reference to the 2600 Hz tone that was central to so much of telephone hacking. |
|||
The blue box no longer works in North America primarily because the phone system has converted to digital, and (analog) inband signalling is no longer used. |
|||
==Frequencies and timings== |
|||
Each MF tone consists of two frequencies, shown in the table on the left. Note that these are ''not'' the same as customer dialed [[Touch Tone]], which is shown by the table on the right: |
|||
<div style="float:left"> |
|||
{| class="wikitable" |
|||
|colspan="7" align="center"|Operator (blue box) dialed MF frequencies |
|||
|- |
|||
!align="center"| Code |
|||
!align="center"| 700 Hz |
|||
!align="center"| 900 Hz |
|||
!align="center"| 1100 Hz |
|||
!align="center"| 1300 Hz |
|||
!align="center"| 1500 Hz |
|||
!align="center"| 1700 Hz |
|||
|- |
|||
|align="center"| '''1''' |
|||
|align="center"| X |
|||
|align="center"| X |
|||
| |
|||
| |
|||
| |
|||
| |
|||
|- |
|||
|align="center"| '''2''' |
|||
|align="center"| X |
|||
| |
|||
|align="center"| X |
|||
| |
|||
| |
|||
| |
|||
|- |
|||
|align="center"| '''3''' |
|||
| |
|||
|align="center"| X |
|||
|align="center"| X |
|||
| |
|||
| |
|||
| |
|||
|- |
|||
|align="center"| '''4''' |
|||
|align="center"| X |
|||
| |
|||
| |
|||
|align="center"| X |
|||
| |
|||
| |
|||
|- |
|||
|align="center"| '''5''' |
|||
| |
|||
|align="center"| X |
|||
| |
|||
|align="center"| X |
|||
| |
|||
| |
|||
|- |
|||
|align="center"| '''6''' |
|||
| |
|||
| |
|||
|align="center"| X |
|||
|align="center"| X |
|||
| |
|||
| |
|||
|- |
|||
|align="center"| '''7''' |
|||
|align="center"| X |
|||
| |
|||
| |
|||
| |
|||
|align="center"| X |
|||
| |
|||
|- |
|||
|align="center"| '''8''' |
|||
| |
|||
|align="center"| X |
|||
| |
|||
| |
|||
|align="center"| X |
|||
| |
|||
|- |
|||
|align="center"| '''9''' |
|||
| |
|||
| |
|||
|align="center"| X |
|||
| |
|||
|align="center"| X |
|||
| |
|||
|- |
|||
|align="center"| '''0'''/10 |
|||
| |
|||
| |
|||
| |
|||
|align="center"| X |
|||
|align="center"| X |
|||
| |
|||
|- |
|||
|align="center"| 11/ST3 |
|||
|align="center"| X |
|||
| |
|||
| |
|||
| |
|||
| |
|||
|align="center"| X |
|||
|- |
|||
|align="center"| 12/ST2 |
|||
| |
|||
|align="center"| X |
|||
| |
|||
| |
|||
| |
|||
|align="center"| X |
|||
|- |
|||
|align="center"| '''KP''' |
|||
| |
|||
| |
|||
|align="center"| X |
|||
| |
|||
| |
|||
|align="center"| X |
|||
|- |
|||
|align="center"| KP/ST2 |
|||
| |
|||
| |
|||
| |
|||
|align="center"| X |
|||
| |
|||
|align="center"| X |
|||
|- |
|||
|align="center"| '''ST''' |
|||
| |
|||
| |
|||
| |
|||
| |
|||
|align="center"| X |
|||
|align="center"| X |
|||
|} |
|||
</div> |
|||
<div style="float:right"> |
|||
{| class="wikitable" |
|||
|colspan="5" align="center"|Customer-dialed Touch-Tone ([[Dual-tone multi-frequency|DTMF]]) frequencies |
|||
|- |
|||
!align=center| |
|||
!align=center| 1209 Hz |
|||
!align=center| 1336 Hz |
|||
!align=center| 1477 Hz |
|||
!align=center| 1633 Hz |
|||
|- |
|||
!align=center| 697 Hz |
|||
|align=center| 1 |
|||
|align=center| 2 |
|||
|align=center| 3 |
|||
|align=center| A |
|||
|- |
|||
!align=center| 770 Hz |
|||
|align=center| 4 |
|||
|align=center| 5 |
|||
|align=center| 6 |
|||
|align=center| B |
|||
|- |
|||
!align=center| 852 Hz |
|||
|align=center| 7 |
|||
|align=center| 8 |
|||
|align=center| 9 |
|||
|align=center| C |
|||
|- |
|||
!align=center| 941 Hz |
|||
|align=center| * |
|||
|align=center| 0 |
|||
|align=center| # |
|||
|align=center| D |
|||
|} |
|||
</div> |
|||
<br clear="both"> |
|||
Normally, the tone durations are on for 60ms, with 60ms of silence between digits. The 'KP' and 'KP2' tones are sent for 100ms. KP2 (ST2 in the [[R1 standard]]) was used for dialing internal Bell System telephone numbers. However, actual frequency durations can vary depending on location, switch type, and the machine status. |
|||
==Special codes== |
|||
Some of the special codes a person could get onto are in the chart below. "[[Numbering plan area|NPA]]" is a U.S. telephone company term for 'area code'. |
|||
*NPA+100 – Plant Test – Balance termination |
|||
*NPA+101 – Plant Test – Toll Testing Board |
|||
*NPA+102 – Plant Test – Milliwatt tone (1004 Hz) |
|||
*NPA+103 – Plant Test – Signaling test termination |
|||
*NPA+104 – Plant Test – 2-way transmission and noise test |
|||
*NPA+105 – Plant Test – Automatic Transmission Measuring System |
|||
*NPA+106 – Plant Test – CCSA loop transmission test |
|||
*NPA+107 – Plant Test – Par meter generator |
|||
*NPA+108 – Plant Test – CCSA loop echo support maintenance |
|||
*NPA+109 – Plant Test – Echo canceler test line |
|||
*NPA+121 – Inward Operator |
|||
*NPA+131 – Operator Directory assistance |
|||
*NPA+141 – Rate and Route Information |
|||
*914+151 – Overseas incoming (White Plains, NY) |
|||
*212+151 – Overseas incoming (New York, NY) |
|||
*NPA+161 – trouble reporting operator (defunct) |
|||
*NPA+181 – Coin Refund Operator |
|||
*914+182 – International Sender (White Plains, NY) |
|||
*212+183 – International Sender (New York, NY) |
|||
*412+184 – International Sender (Pittsburgh, PA) |
|||
*407+185 – International Sender (Orlando, FL) |
|||
*510+186 – International Sender (Oakland, CA) |
|||
*303+187 – International Sender (Denver, CO) |
|||
*212+188 – International Sender (New York, NY) |
|||
Not all NPAs had all functions. |
|||
==Blue boxes in other countries== |
|||
Another signaling system widely used on international circuits (except those terminating in North America) was CCITT Signaling System No. 4 (specified in CCITT Recommendations Q.120 to Q.139). This was also an in-band system but, instead of using multifrequency signals for digits, it used four 35 ms pulses of tone, separated by 35 ms of silence, to represent digits in four-bit binary code, with 2400 Hz as a ‘0’ and 2040 Hz as a ‘1’. The supervisory signals used the same two frequencies, but each supervisory signal started with both tones together (for 150 ms) followed, without a gap, by a long (350 ms) or short (100 ms) period of a single tone of 2400 Hz or 2040 Hz. Phreaks in Europe built System 4 blue boxes that generated these signals. Because System 4 was used only on international circuits, the use of these blue boxes was more specialized. Typically, a phreak would gain access to international dialing at low or zero cost by some other means, make a dialed call to a country that was available via direct dialing, and then use the System 4 blue box to clear down the international connection and make a call to a destination that was available only via operator service. Thus, the System 4 blue box was used primarily as a way of setting up calls to hard-to-reach operator-only destinations, in order to impress other phreaks, rather than as a way of making free or cheap calls. A typical System 4 blue box had a keypad (for sending four-bit digit signals) plus four buttons for the four supervisory signals (clear-forward, seize-terminal, seize-transit, and transfer-to-operator). After some experimentation, nimble-fingered phreaks found that all they really needed was two buttons, one for each frequency. With practice, it was possible to generate all the signals with sufficient timing precision manually, including the digit signals. This made it possible to make the blue box quite small. A refinement added to some System 4 blue boxes was an anti-acknowledgment-echo guard tone. Because the connection between the telephone and the telephone network is two-wire, but the signaling on the international circuit operates on a four-wire basis (totally separate send and receive paths), signal-acknowledgment tones (single pulses of one of the two frequencies from the far end of the circuit after receipt of each digit) tended to be reflected back at the four-wire/two-wire conversion point. Although these reflected signals were relatively faint, they were sometimes loud enough for the digit-receiving circuits at the far end to treat them as the first bit of the next digit, messing up the phreak’s transmitted digits. What the improved blue box did was to continuously transmit a tone of some other frequency (e.g., 600 Hz) as a guard tone whenever it was not sending a System 4 signal. This guard tone drowned out the echoed acknowledgment signals, so that only the blue-box-transmitted digits were heard by the digit-receiving circuits at the far end. |
|||
==See also== |
|||
*[[Phreaking]], the general term for introducing unorthodox input and manipulation of the telephone network |
|||
*[[Falsing]] |
|||
*[[Red box (phreaking)]] |
|||
*[[Black box (phreaking)]] |
|||
*[[Single-frequency signaling]] |
|||
*''[[2600: The Hacker Quarterly]]'', a magazine named after the 2600 Hz tone. |
|||
==References== |
|||
{{reflist}} |
|||
==External links== |
|||
* [http://www.nerdnetworks.org/sarts/ The SARTS technical journal] |
|||
* [http://myoldmac.net/FAQ/TheBlueBox-1.htm Secrets of the Little Blue Box - article with photos] |
|||
* [http://www.artofhacking.com/tucops/phreak/boxes/blue/index.htm All about the Blue Box and related devices] |
|||
* [http://www.textfiles.com/phreak/BLUEBOXING/ Text files about blue boxing] |
|||
* [http://www.elfqrin.com/docs/hakref/phrkbox/phreakboxes.html The definitive guide to Phreak boxes] |
|||
* [http://www.porticus.org/bell/pdf/funwithdickandjane.pdf Fun with Dick and Jane by Lewis Gum and Edward Oxford - article that appeared in the 1978 Bell Telephone Magazine about telephone fraud and Phone Phreaks] |
|||
* [http://www.historyofphonephreaking.org/ A site dedicated to the history of phone phreaking, with extensive information on blue boxing.] |
|||
* [http://www.projectmf.org A working, publicly-accessible simulation of the old telephone network that allows legal blue boxing. Also has instructions for building a basic blue box.] |
|||
* [http://www.historyofphonephreaking.org/docs/weaver1954.pdf The November, 1954, Bell System Technical Journal article titled "In-Band Single-Frequency Signaling" (A. Weaver and N. A. Newell)] |
|||
* [http://www.historyofphonephreaking.org/docs/breen1960.pdf The November, 1960, Bell System Technical Journal article titled "Signaling Systems for Control of Telephone Switching" (by C. Breen and C. A. Dahlbom)] |
|||
* [http://blog.8bitunderground.com Blog that discusses and reviews 70's and 80's software tools for phreaking - many of which produce Blue Box tones] |
|||
{{Phreaking Boxes}} |
|||
[[Category:Phreaking boxes]] |
|||
[[de:Blue Box (Phreaking)]] |
|||
[[es:Bluebox]] |
|||
[[eu:Bluebox]] |
|||
[[fr:Blue box]] |
|||
[[hy:Բլյու բոքս]] |
|||
[[it:Blue box]] |
|||
[[pt:Blue box]] |
|||
[[ru:Blue box]] |
|||
[[simple:Blue box]] |
|||
[[sv:Blue box]] |
|||
[[zh:藍盒子]] |
|||
Revision as of 12:20, 5 October 2012
Blue Box was a creative idea by Mr.Ankur (Lal),but unfortunately it was captured by some other MNC.
Better luck next time buddy,think creative be smart :vice-versa .