|
|||||||
|
|
|
|||||
|
|
|||||||
|
|||||||
|
|
|
|||||
|
|
|||||||
|
|
41. Phone Systems Tutorial III by The Jolly Roger
Preface: This article will focus primarily on the standard western electric single- Slot coin telephone (aka fortress fone) which can be divided into 3 types:
dial-tone first (dtf) coin-first (cf): (i.e., it wants your $ before you receive a dial tone) dial post-pay service (pp): you payafter the party answers
Depositing coins (slugs): Once you have deposited your slug into a fortress, it is subjected to a Gamut of tests. The first obstacle for a slug is the magnetic trap. This will stop any light-weight magnetic slugs and coins. If it passes this, the slug is then classified as a nickel, dime, or Quarter. Each slug is then checked for appropriate size and weight. If These tests are passed, it will then travel through a nickel, dime, or quarter Magnet as appropriate. These magnets set up an eddy current effect which Causes coins of the appropriate characteristics to slow down so they Will follow the correct trajectory. If all goes well, the coin will follow the Correct path (such as bouncing off of the nickel anvil) where it will Hopefully fall into the narrow accepted coin channel. The rather elaborate tests that are performed as the coin travels down the Coin chute will stop most slugs and other undesirable coins, such as Pennies, which must then be retrieved using the coin release lever. If the slug miraculously survives the gamut, it will then strike the Appropriate totalizer arm causing a ratchet wheel to rotate once for every 5-cent increment (e.g., a quarter will cause it to rotate 5 times). The totalizer then causes the coin signal oscillator to readout a dual-frequency signal indicating the value deposited to acts (a computer) or the Tsps operator. These are the same tones used by phreaks in the infamous red boxes. For a quarter, 5 beep tones are outpulsed at 12-17 pulses per second (pps). A dime causes 2 beep tones at 5 - 8« pps while a nickel causes one beep tone at 5 - 8« pps. A beep consists of 2 tones: 2200 + 1700 hz. A relay in the fortress called the "B Relay" (yes, there is also an 'a relay') places a capacitor across the speech circuit during totalizer readout to prevent the "customer" from hearing the red box tones. In older 3 slot phones: one bell (1050-1100 hz) for a nickel, two bells for a dime, and one gong (800 hz) for a quarter are used instead of the modern dual-frequency tones.
TSPS & ACTS While fortresses are connected to the co of the area, all transactions are handled via the traffic service position system (tsps). In areas that do not have acts, all calls that require operator assistance, such as calling card and collect, are automatically routed to a tsps operator position. In an effort to automate fortress service, a computer system known as automated coin toll service (acts) has been implemented in many areas. Acts listens to the red box signals from the fones and takes appropriate action. It is acts which says, "two dollars please (pause) please deposit two dollars for the next ten seconds" (and other variations). Also, if you talk for more than three minutes and then hang-up, acts will call back and demand your money. Acts is also responsible for automated calling card service. Acts also provide trouble diagnosis for craftspeople (repairmen specializing in fortresses). For example, there is a coin test which is great for tuning up red boxes. In many areas this test can be activated by dialing 09591230 at a fortress (thanks to karl marx for this information). Once activated it will request that you deposit various coins. It will then identify the coin and outpulse the appropriate red box signal. The coins are usually returned when you hang up. To make sure that there is actually money in the fone, the co initiates a "ground test" at various times to determine if a coin is actually in the fone. This is why you must deposit at least a nickel in order to use a red box!
Green Boxes: Paying the initial rate in order to use a red box (on certain fortresses) left a sour taste in many red boxer's mouths thus the green box was invented. The green box generates useful tones such as coin collect, coin return, and ringback. These are the tones that acts or the tsps operator would send to The co when appropriate. Unfortunately, the green box cannot be used at a fortress station but it must be used by the called party.
Here are the tones: Coin Collect 700 + 1100 Hz Coin Return1100 + 1700 Hz Ringback 700 + 1700 Hz
Before the called party sends any of these tones, an operator released signal should be sent to alert the MF detectors at the co. This can be accomplished by sending 900 + 1500 hz or a single 2600 hz wink (90 ms) followed by a 60 ms gap and then the appropriate signal for at least 900 Ms.
Also, do not forget that the initial rate is collected shortly before the 3 minute period is up. Incidentally, once the above MF tones for collecting and returning coins reach the co, they are converted into an appropriate dc pulse (-130 volts for return & +130 volts for collect). This pulse is then sent down the tip to the fortress. This causes the coin relay to either return or collect the coins. The alleged "t-network" takes advantage of this information. When a pulse for coin collect (+130 vdc) is sent down the line, it must be grounded somewhere. This is usually either the yellow or black wire. Thus, if the wires are exposed, these wires can be cut to prevent the pulse from being grounded. When the three minute initial period is almost up, make sure that the black & yellow wires are severed; then hang up, wait about 15 seconds in case of a second pulse, reconnect the wires, pick up the fone, hang up again, and if all goes well it should be "jackpot" time.
Physical Attack: A typical fortress weighs roughly 50 lbs. With an empty coin box. Most of this is accounted for in the armor plating. Why all the security? Well, Bell contributes it to the following: "social changes during the 1960's made the multislot coin station a prime target for: vandalism, strong arm robbery, fraud, and theft of service. This brought about the introduction of the more rugged single slot coin station and a new environment for coin service." As for picking the lock, I will quote Mr. Phelps: "We often fantasize about 'picking the lock' or 'getting a master key.' Well, you can forget about it. I don't like to discourage people, but it will save you from wasting a lot of our time--time which can be put to better use (heh, heh)." As for physical attack, the coin plate is secured on all four side by hardened steel bolts which pass through two slots each. These bolts are in turn interlocked by the main lock. One phreak I know did manage to take one of the 'mothers' home (which was attached to a piece of plywood at a construction site; otherwise, the permanent ones are a bitch to detach from the wall!). It took him almost ten hours to open the coin box using a power drill, sledge hammers, and crowbars (which was empty -- perhaps next time, he will deposit a coin first to hear if it slushes down nicely or hits the empty bottom with a clunk.)
Taking the fone offers a higher margin of success. Although this may be difficult often requiring brute force and there has been several cases of back axles being lost trying to take down a fone! A quick and dirty way to open the coin box is by using a shotgun. In Detroit, after ecologists cleaned out a municipal pond, they found 168 coin phones rifled. In colder areas, such as Canada, some shrewd people tape up the fones using duct tape, pour in water, and come back the next day when the water will have froze thus expanding and cracking the fone open. In one case, "unauthorized coin collectors" where caught when they brought $6,000 in change to a bank and the bank became suspicious... At any rate, the main lock is an eight level tumbler located on the right side of the coin box. This lock has 390,625 possible positions (5 ^ 8, since there are 8 tumblers each with 5 possible positions) thus it is highly pick resistant! The lock is held in place by 4 screws. If there is sufficient clearance to the right of the fone, it is conceivable to punch out the screws using the drilling pattern below (provided by Alexander Muddy in tap #32):
!! ^ !! ! ! 1- 3/16 " !! ! !<--- --->!! 1-«" -------------------- ! ! ! !! ! ! ! (+) (+)-! ----------- ---! !! ! ^ ! ! !! ! ! ! ! (Z) !! ! ! ! ! !! ! 2-3/16" ---! !! ! ! ! (+) (+) ! ! ! !! ! ! -------------------- ----------- !! !! (Z) KEYHOLE (+) SCREWS !!
After this is accomplished, the lock can be pushed backwards disengaging the lock from the cover plate. The four bolts of the cover plate can then be retracted by turning the bolt works with a simple key in the shape of the hole on the coin plate (see diagram below). Of course, there are other methods and drilling patterns.
_ ! ! ( ) !_! [ROUGHLY] DIAGRAM OF COVER PLATE KEYHOLE
The top cover uses a similar, but not as strong locking method with the keyhole depicted above on the top left hide and a regular lock (probably tumbler also) on the top right-hand side. It is interesting to experiment with the coin chute and the fortresses own "red box" which bell didn't have the balls to color red.
Miscellaneous: In a few areas (rural & Canada), post-pay service exists. With this type of service, the mouthpiece is cut off until the caller deposits money when the called party answers. This also allows for free calls to weather and other dial-it services! Recently, 2600 magazine announced the clear box which consists of a telephone pickup coil and a small amp. It is based on the principal that the receiver is also a weak transmitter and that by amplifying your signal you can talk via the transmitter thus avoiding costly telephone charges! Most fortresses are found in the 9xxx area. Under former bell areas, they usually start at 98xx (right below the 99xx official series) and move downward.
Since the line, not the fone, determines whether or not a deposit must be made, dtf & charge-a-call fones make great extensions! Finally, fortress fones allow for a new hobby--instruction plate collecting. All that is required is a flat-head screwdriver and a pair of needle-nose pliers. Simply use the screwdriver to lift underneath the plate so that you can grab it with the pliers and yank downwards. I would suggest covering the tips of the pliers with electrical tape to prevent scratching. Ten cent plates are definitely becoming a "rarity!"
Fortress security: While a lonely fortress may seem the perfect target, beware! The gestapo has been known to stake out fortresses for as long as 6 years according to the grass roots quarterly. To avoid any problems, do not use the same fones repeatedly for boxing, calling cards, & other experiments. The Telco knows how much money should be in the coin box and when its not there they tend to get perturbed (Read: Pissed Off).
42. Black Box Plans by The Jolly Roger
Introduction:
At any given time, the voltage running through your phone is about 20 Volts. When someone calls you, this voltage goes up to 48 Volts and rings the bell. When you answer, the voltage goes down to about 10 Volts. The phone company pays attention to this. When the voltage drops to 10, they start billing the person who called you.
Function:
The Black Box keeps the voltage going through your phone at 36 Volts, so that it never reaches 10 Volts. The phone company is thus fooled into thinking you never answered the phone and does not bill the caller. However, after about a half hour the phone company will get suspicious and disconnect your line for about 10 seconds.
Materials:
1 1.8K « Watt Resistor 1 1«V LED 1 SPST Switch
Procedure:
1.Open your phone by loosening the two screws on the bottom and lifting the case off. 2.There should be three wires: Red, Green, and Yellow. We'll be working with the Red Wire. 3.Connect the following in parallel: The Resistor and LED. The SPST Switch.
In other words, you should end up with this: (Red Wire) !---/\/\/\--O--! (Line)-----! !-----(Phone) !-----_/_------! /\/\/\ = Resistor O = LED _/_ = SPST
Use:
The SPST Switch is the On/Off Switch of the Black Box. When the box is off, your phone behaves normally. When the box is on and your phone rings, the LED flashes. When you answer, the LED stays on and the voltage is kept at 36V, so the calling party doesn't get charged. When the box is on, you will not get a dial tone and thus cannot make calls. Also remember that calls are limited to half an hour.
PS Due to new Fone Company switching systems & the like, this may or may not work in your area. If you live in Bumfuck Kentucky, then try this out. I make no guarantees! (I never do...)
43. The Infamous Blotto Box!! by The Jolly Roger
(I bet that no one has the balls to build this one!)
Finally, it is here! What was first conceived as a joke to fool the innocent phreakers around America has finally been conceived! Well, for you people who are unenlightened about the Blotto Box, here is a brief summery of a legend.
The Blotto Box For years now every pirate has dreamed of the Blotto Box. It was at first made as a joke to mock more ignorant people into thinking that the function of it actually was possible. Well, if you are The Voltage Master, it is possible. Originally conceived by King Blotto of much fame, the Blotto Box is finally available to the public.
NOTE: Jolly Roger can not be responsible for the information disclosed in the file! This file is strictly for informational purposes and should not be actually built and used! Usage of this electronical impulse machine could have the severe results listed below and could result in high federal prosecution! Again, I TAKE NO RESPONSIBILITY! All right, now that that is cleared up, here is the basis of the box and it's function.
The Blotto Box is every phreaks dream... you could hold AT&T down on its knee's with this device. Because, quite simply, it can turn off the phone lines everywhere. Nothing. Blotto. No calls will be allowed out of an area code, and no calls will be allowed in. No calls can be made inside it for that matter. As long as the switching system stays the same, this box will not stop at a mere area code. It will stop at nothing. The electrical impulses that emit from this box will open every line. Every line will ring and ring and ring... the voltage will never be cut off until the box/generator is stopped. This is no 200 volt job, here. We are talking GENERATOR. Every phone line will continue to ring, and people close to the box may be electrocuted if they pick up the phone. But, the Blotto Box can be stopped by merely cutting of the line or generator. If they are cut off then nothing will emit any longer. It will take a while for the box to calm back down again, but that is merely a superficial aftereffect. Once again: Construction and use of this box is not advised! The Blotto Box will continue as long as there is electricity to continue with. OK, that is what it does, now, here are some interesting things for you to do with it...
Blotto Functions/Installing Once you have installed your Blotto, there is no turning back. The following are the instructions for construction and use of this box. Please read and heed all warnings in the above section before you attempt to construct this box.
Materials: A Honda portable generator or a main power outlet like in a stadium or some such place. 400 volt rated coupler that splices a female plug into a phone line jack. A meter of voltage to attach to the box itself. A green base (i.e. one of the nice boxes about 3' by 4' that you see around in your neighborhood. They are the main switch boards and would be a more effective line to start with or a regular phone jack (not your own, and not in your area code!) A soldering iron and much solder. A remote control or long wooden pole.
Now. You must have guessed the construction from that. If not, here goes, I will explain in detail. Take the Honda Portable Generator and all of the other listed equipment and go out and hunt for a green base. Make sure it is one on the ground or hanging at head level from a pole, not the huge ones at the top of telephone poles. Open it up with anything convenient, if you are two feeble then fuck, don't try this. Take a look inside... you are hunting for color-coordinating lines of green and red. Now, take out your radio shack cord and rip the meter thing off. Replace it with the voltage meter about. A good level to set the voltage to is about 1000 volts. Now, attach the voltage meter to the cord and set the limit for one thousand. Plug the other end of the cord into the generator. Take the phone jack and splice the jack part off. Open it up and match the red and green wires with the other red and green wires.
NOTE: If you just had the generator on and have done this in the correct order, you will be a crispy critter. Keep the generator off until you plan to start it up. Now, solder those lines together carefully. Wrap duck tape or insulation tape around all of the wires. Now, place the remote control right on to the startup of the generator. If you have the long pole, make sure it is very long and stand back as far away as you can get and reach the pole over.
NOTICE: If you are going right along with this without reading the file first, you still realize now that your area code is about to become null! Then, getting back, twitch the pole/remote control and run for your damn life. Anywhere, just get away from it. It will be generating so much electricity that if you stand to close you will kill yourself. The generator will smoke, etc. but will not stop. You are now killing your area code, because all of that energy is spreading through all of the phone lines around you in every direction.
Have a nice day!
The Blotto Box: Aftermath Well, that is the plans for the most devastating and ultimately deadly box ever created. My hat goes off to: King Blotto (for the original idea).
44. Blowgun by The Jolly Roger
In this article I shall attempt to explain the use and manufacture of a powerful blow-gun and making darts for the gun. The possession of the blow gun described in this article IS a felony. So be careful where you use it. I don't want to get you all busted.
Needed:
1.Several strands of yarn (About 2 inches a-piece). 2.A regular pencil. 3.A 2 ¬ inch long needle (hopefully with a beaded head. If not obtainable, wrap tape around end of needle. 4.¬ foot pipe. (PVC or Aluminum) Half a inch in diameter.
Constructing the dart:
1.Carefully twist and pull the metal part (Along with eraser) of the pencil till it comes off. 2.Take Pin and start putting about 5-7 Strands of yarn on the pin. Then push them up to the top of the pin. But not over the head of the pin (or the tape). 3.Push pin through the hollow part of the head where the pencil was before. 4.That should for a nice looking dart. (see illustration)
##### >>>>>-----/ # is the yarn > is the head of the pencil - is the pin it-self / is the head of the pin
Using the Darts:
1.Now take the finished dart and insert it in the tube (if it is too small put on more yarn.) 2.Aim the tube at a door, wall, sister, ect. 3.Blow on the end of the pipe. 4.Sometimes the end of the pipe may be sharp. When this happens I suggest you wrap it with some black electrician tape. It should feel a lot better.
45. Brown Box Plans by The Jolly Roger
This is a fairly simple mod that can be made to any phone. All it does is allow you to take any two lines in your house and create a party line. So far I have not heard of anyone who has any problems with it. There is one thing that you will notice when you are one of the two people who is called by a person with a brown box. The other person will sound a little bit faint. I could overcome this with some amplifiers but then there wouldn't be very many of these made [Why not?]. I think the convenience of having two people on the line at once will make up for any minor volume loss.
Here is the diagram: KEY:___________________________________ | PART | SYMBOL | |---------------------------------| | BLACK WIRE | * | | YELLOW WIRE | = | | RED WIRE | + | | GREEN WIRE | - | | SPDT SWITCH | _/_ | | _/_ | | VERTICAL WIRE | | | | HORIZONTAL WIRE | _ | ----------------------------------- * = - + * = - + * = - + * = - + * = - + * ==_/_- + *******_/_++++++ | | | | | | | | | | | | |_____PHONE____|
46. Calcium Carbide Bomb by The Jolly Roger
This is EXTREMELY DANGEROUS. Exercise extreme caution.... Obtain some calcium carbide. This is the stuff that is used in carbide lamps and can be found at nearly any hardware store. Take a few pieces of this stuff (it looks like gravel) and put it in a glass jar with some water. Put a lid on tightly. The carbide will react with the water to produce acetylene carbonate which is similar to the gas used in cutting torches. Eventually the glass with explode from internal pressure. If you leave a burning rag nearby, you will get a nice fireball!
47. More Ways to Send a Car to Hell by The Jolly Roger
Due to a lot of compliments, I have written an update to file #14. I have left the original intact. This expands upon the original idea, and could be well called a sequel.
How to have phun with someone else's car. If you really detest someone, and I mean detest, here's a few tips on what to do in your spare time. Move the windshield wiper blades, and insert and glue tacks. The tacks make lovely designs. If your "friend" goes to school with you, Just before he comes out of school. Light a lighter and then put it directly underneath his car door handle. Wait...Leave...Listen. When you hear a loud "shit!", you know he made it to his car in time. Remove his muffler and pour approximately 1 Cup of gas in it. Put the muffler back, then wait till their car starts. Then you have a cigarette lighter. A 30 foot long cigarette lighter. This one is effective, and any fool can do it. Remove the top air filter. That's it! Or a oldie but goodie: sugar in the gas tank. Stuff rags soaked in gas up the exhaust pipe. Then you wonder why your "friend" has trouble with his/her lungs. Here's one that takes time and many friends. Take his/her car then break into their house and reassemble it, in their living or bedroom. Phun eh? If you're into engines, say eeni mine moe and point to something and remove it. They wonder why something doesn't work. There are so many others, but the real good juicy ones come by thinking hard.
48. Ripping off Change Machines by The Jolly Roger
Have you ever seen one of those really big changer machines in airports Laundromats or arcades that dispense change when you put in your 1 or 5 dollar bill? Well then, here is an article for you.
1.Find the type of change machine that you slide in your bill length wise, not the type where you put the bill in a tray and then slide the tray in!!!
2.After finding the right machine, get a $1 or $5 bill. Start crumpling up into a ball. Then smooth out the bill, now it should have a very wrinkly surface.
3.Now the hard part. You must tear a notch in the bill on the left side about « inch below the little 1 dollar symbol (See Figure).
4.If you have done all of this right then take the bill and go out the machine. Put the bill in the machine and wait. What should happen is: when you put your bill in the machine it thinks everything is fine. When it gets to the part of the bill with the notch cut out, the machine will reject the bill and (if you have done it right) give you the change at the same time!!! So, you end up getting your bill back, plus the change!! It might take a little practice, but once you get the hang of it, you can get a lot of money!
\-----Make notch here. About «" down from the 1.
49. Clear Box Plans by The Jolly Roger
The clear box is a new device which has just been invented that can be used throughout Canada and rural United States. The clear box works on "PostPay" payphones (fortress fones). Those are the payphones that don't require payment until after the connection is established. You pick up the fone, get a dial tone, dial your number, and then insert your money after the person answers. If you don't deposit the money then you can not speak to the person on the other end because your mouth piece is cut off but not the ear-piece. (obviously these phones are nice for free calls to weather or time or other such recordings). All you must do is to go to your nearby Radio Shack, or electronics store, and get a four-transistor amplifier and a telephone suction cup induction pick-up. The induction pick-up would be hooked up as it normally would to record a conversation, except that it would be plugged into the output of the amplifier and a microphone would be hooked to the input. So when the party that is being called answers, the caller could speak through the little microphone instead. His voice then goes through the amplifier and out the induction coil, and into the back of the receiver where it would then be broadcast through the phone lines and the other party would be able to hear the caller. The Clear Box thus 'clears up' the problem of not being heard. Luckily, the line will not be cut-off after a certain amount of time because it will wait forever for the coins to be put in. The biggest advantage for all of us about this new clear box is the fact that this type of payphone will most likely become very common. Due to a few things: 1st, it is a cheap way of getting the DTF, dial-tone-first service, 2nd, it doesn't require any special equipment, (for the phone company) This payphone will work on any phone line. Usually a payphone line is different, but this is a regular phone line and it is set up so the phone does all the charging, not the company.
50. CNA List by The Jolly Roger
NPATEL NUMBERNPATEL NUMBERNPATEL NUMBER 201201-676-7070415415-543-6374709*** NONE *** 202304-343-7016416416-443-0542712402-580-2255 203203-789-6815417314-721-6626713713-861-7194 204204-949-0900418514-725-2491714818-501-7251 205205-988-7000419614-464-0123715608-252-6932 206206-382-5124501405-236-6121716518-471-8111 207617-787-5300502502-583-2861717412-633-5600 208303-293-8777503206-382-5124718518-471-8111 209415-543-2861504504-245-5330801303-293-8777 212518-471-8111505303-293-8777802617-787-5300 213415-781-5271506506-648-3041803912-784-0440 214214-464-7400507402-580-2255804304-344-7935 215412-633-5600509206-382-5124805415-543-2861 216614-464-0123512512-828-2501806512-828-2501 217217-525-5800513614-464-0123807416-443-0542 218402-580-2255514514-725-2491808212-334-4336 219317-265-4834515402-580-2255809212-334-4336 301304-343-1401516518-471-8111812317-265-4834 302412-633-5600517313-223-8690813813-228-7871 303303-293-8777518518-471-8111814412-633-5600 304304-344-8041519416-443-0542815217-525-5800 305912-784-0440601601-961-8139816816-275-2782 306306-347-2878602303-293-8777817214-464-7400 307303-293-8777603617-787-5300818415-781-5271 308402-580-2255604604-432-2996819514-725-2491 309217-525-5800605402-580-2255901615-373-5791 312312-796-9600606502-583-2861902902-421-4110 313313-223-8690607518-471-8111904912-784-0440 314314-721-6626608608-252-6932906313-223-8690 315518-471-8111609201-676-7070907*** NONE *** 316816-275-2782612402-580-2255912912-784-0440 317317-265-4834613416-443-0542913816-275-2782 318504-245-5330614614-464-0123914518-471-8111 319402-580-2255615615-373-5791915512-828-2501 401617-787-5300616313-223-8690916415-543-2861 402402-580-2255617617-787-5300918405-236-6121 403403-425-2652618217-525-5800919912-784-0440 404912-784-0440619818-501-7251900201-676-7070 405405-236-6121701402-580-2255 406303-293-8777702415-543-2861 408415-543-6374703304-344-7935 409713-861-7194704912-784-0440 412413-633-5600705416-979-3469 413617-787-5300706*** NONE *** 414608-252-6932707415-543-6374
50. CNA List by The Jolly Roger
NPATEL NUMBERNPATEL NUMBERNPATEL NUMBER 201201-676-7070415415-543-6374709*** NONE *** 202304-343-7016416416-443-0542712402-580-2255 203203-789-6815417314-721-6626713713-861-7194 204204-949-0900418514-725-2491714818-501-7251 205205-988-7000419614-464-0123715608-252-6932 206206-382-5124501405-236-6121716518-471-8111 207617-787-5300502502-583-2861717412-633-5600 208303-293-8777503206-382-5124718518-471-8111 209415-543-2861504504-245-5330801303-293-8777 212518-471-8111505303-293-8777802617-787-5300 213415-781-5271506506-648-3041803912-784-0440 214214-464-7400507402-580-2255804304-344-7935 215412-633-5600509206-382-5124805415-543-2861 216614-464-0123512512-828-2501806512-828-2501 217217-525-5800513614-464-0123807416-443-0542 218402-580-2255514514-725-2491808212-334-4336 219317-265-4834515402-580-2255809212-334-4336 301304-343-1401516518-471-8111812317-265-4834 302412-633-5600517313-223-8690813813-228-7871 303303-293-8777518518-471-8111814412-633-5600 304304-344-8041519416-443-0542815217-525-5800 305912-784-0440601601-961-8139816816-275-2782 306306-347-2878602303-293-8777817214-464-7400 307303-293-8777603617-787-5300818415-781-5271 308402-580-2255604604-432-2996819514-725-2491 309217-525-5800605402-580-2255901615-373-5791 312312-796-9600606502-583-2861902902-421-4110 313313-223-8690607518-471-8111904912-784-0440 314314-721-6626608608-252-6932906313-223-8690 315518-471-8111609201-676-7070907*** NONE *** 316816-275-2782612402-580-2255912912-784-0440 317317-265-4834613416-443-0542913816-275-2782 318504-245-5330614614-464-0123914518-471-8111 319402-580-2255615615-373-5791915512-828-2501 401617-787-5300616313-223-8690916415-543-2861 402402-580-2255617617-787-5300918405-236-6121 403403-425-2652618217-525-5800919912-784-0440 404912-784-0440619818-501-7251900201-676-7070 405405-236-6121701402-580-2255 406303-293-8777702415-543-2861 408415-543-6374703304-344-7935 409713-861-7194704912-784-0440 412413-633-5600705416-979-3469 413617-787-5300706*** NONE *** 414608-252-6932707415-543-6374
51. Electronic Terrorism by The Jolly Roger
1.It starts when a big, dumb lummox rudely insults you. Being of a rational, intelligent disposition, you wisely choose to avoid a (direct) confrontation. But as he laughs in your face, you smile inwardly---your revenge is already planned.
2.Follow your victim to his locker, car, or house. Once you have chosen your target site, lay low for a week or more, letting your anger boil.
3.In the mean time, assemble your versatile terrorist kit(details below.)
4.Plant your kit at the designated target site on a Monday morning between the hours of 4:00 am and 6:00 am. Include a calm, suggestive note that quietly hints at the possibility of another attack. Do not write it by hand! An example of an effective note: "don't be such a jerk, or the next one will take off your hand. Have a nice day." Notice how the calm tone instills fear. As if written by a homicidal psychopath.
5.Choose a strategic location overlooking the target site. Try to position yourself in such a way that you can see his facial contortions.
6.Sit back and enjoy the fireworks! Assembly of the versatile, economic, and effective terrorist kit #1: the parts you'll need are: 4 AA batteries 1 9-volt battery 1 SPDT mini relay (radio shack) 1 rocket engine(smoke bomb or m-80) 1 solar igniter (any hobby store) 1 9-volt battery connector
1.Take the 9-volt battery and wire it through the relay's coil. This circuit should also include a pair of contacts that when separated cut off this circuit. These contacts should be held together by trapping them between the locker, mailbox, or car door. Once the door is opened, the contacts fall apart and the 9-volt circuit is broken, allowing the relay to fall to the closed position thus closing the ignition circuit. (If all this is confusing take a look at the schematic below.)
2.Take the 4 AA batteries and wire them in succession. Wire the positive terminal of one to the negative terminal of another, until all four are connected except one positive terminal and one negative terminal. Even though the four AA batteries only combine to create 6 volts, the increase in amperage is necessary to activate the solar igniter quickly and effectively.
3.Take the battery pack (made in step 2) and wire one end of it to the relay's single pole and the other end to one prong of the solar igniter. Then wire the other prong of the solar igniter back to the open position on the relay.
4.Using double sided carpet tape mount the kit in his locker, mailbox, or car door. And last, insert the solar igniter into the rocket engine (smoke bomb or m-80).
Your kit is now complete!
---------><--------- I (CONTACTS) I I I I - (BATTERY) I --- I I I (COIL) I ------///////------- /----------- / I / I / I (SWITCH) I I I I I --- (BATTERY) I - ( PACK ) I --- I I I I ---- ----- I I * (SOLAR IGNITER)
52. How to Start A Conference w/o 2600hz or M-F by The Jolly Roger
This method of starting the conf. Depends on your ability to bullshit the operator into dialing a number which can only be reached with an operator's M-F tones. When bullshitting the operator remember operator's are not hired to think but to do.
Here is a step-by-step way to the conf.:
Call the operator through a pbx or extender, you could just call one Through your line but I wouldn't recommend it.
Say to the operator: TSPS maintenance engineer, ring-forward to 213+080+1100, position release, thank you.(she will probably ask you for the number again) Definitions: Ring-forward instructs her to dial the number. Position release instructs her to release the trunk after she has dialed the number. + - remember to say 213plus080 plus1100.
3. When you are connected with the conf. You will here a whistle blow twice and a recording asking you for your operator number. Dial in any five digits and hit the pounds sign a couple of times. Simply dial in the number of the billing line ect. When the recording ask for it. When in the control mode of the conf. Hit '6' to transfer control. Hit '001' to reenter the number of conferee's and time amount which you gave when you stared the conf. Remember the size can be from 2-59 conferee's. I have not found out the 'lengths' limits.
53. How to Make Dynamite by The Jolly Roger
Dynamite is nothing more than just nitroglycerin and a stabilizing agent to make it much safer to use. The numbers are percentages, be sure to mix these carefully and be sure to use the exact amounts. These percentages are in weight ratio, not volume.
NumberIngredientsAmount 1stNitroglycerin32% Sodium Nitrate28% Woodmeal10% Ammonium Oxalate29% Guncotton1% 2ndNitroglycerin24% Potassium Nitrate9% Sodium Nitrate56% Woodmeal9% Ammonium Oxalate2% 3rdNitroglycerin35«% Potassium Nitrate44«% Woodmeal6% Guncotton2«% Vaseline5«% Powdered Charcoal6% 4thNitroglycerin25% Potassium Nitrate26% Woodmeal34% Barium Nitrate5% Starch10% 5thNitroglycerin57% Potassium Nitrate19% Woodmeal9% Ammonium Oxalate12% Guncotton3% 6thNitroglycerin18% Sodium Nitrate70% Woodmeal5«% Potassium Chloride4«% Chalk2% 7thNitroglycerin26% Woodmeal40% Barium Nitrate32% Sodium Carbonate2% 8thNitroglycerin44% Woodmeal12% Anhydrous Sodium Sulfate44% 9thNitroglycerin24% Potassium Nitrate32«% Woodmeal33«% Ammonium Oxalate10% 10thNitroglycerin26% Potassium Nitrate33% Woodmeal41% 11thNitroglycerin15% Sodium Nitrate62.9% Woodmeal21.2% Sodium Carbonate.9% 12thNitroglycerin35% Sodium Nitrate27% Woodmeal10% Ammonium Oxalate1% 13thNitroglycerin32% Potassium Nitrate27% Woodmeal10% Ammonium Oxalate30% Guncotton1% 14thNitroglycerin33% Woodmeal10.3% Ammonium Oxalate29% Guncotton.7% Potassium Perchloride27% 15thNitroglycerin40% Sodium Nitrate45% Woodmeal15% 16thNitroglycerin47% Starch50% Guncotton3% 17thNitroglycerin30% Sodium Nitrate22.3% Woodmeal40«% Potassium Chloride7.2% 18thNitroglycerin50% Sodium Nitrate32.6% Woodmeal17% Ammonium Oxalate.4% 19thNitroglycerin23% Potassium Nitrate27«% Woodmeal37% Ammonium Oxalate8% Barium Nitrate4% Calcium Carbonate«%
If you can't seem to get one or more of the ingredients try another one. If you still can't, you can always buy small amounts from your school, or maybe from various chemical companies. When you do that, be sure to say as little as possible, if during the school year, and they ask, say it's for a experiment for school.
54. Auto Exhaust Flame Thrower by The Jolly Roger
For this one, all you need is a car, a spark plug, ignition wire and a switch. Install the spark plug into the last four or five inches of the tail pipe by drilling a hole that the plug can screw into easily. Attach the wire (this is regular insulated wire) to one side of the switch and to the spark plug. The other side of the switch is attached to the positive terminal on the battery. With the car running, simply hit the switch and watch the flames fly!!! Again be careful that no one is behind you! I have seen some of these flames go 20 feet!!!
55. Breaking into BBS Express by The Jolly Roger
If you have high enough access on any BBS Express BBS you can get the Sysop's password without any problems and be able to log on as him and do whatever you like. Download the Pass file, delete the whole BBS, anything. Its all a matter of uploading a text file and downloading it from the BBS. You must have high enough access to see new uploads to do this. If you can see a file you just uploaded you have the ability to break into the BBS in a few easy steps. Why am I telling everyone this when I run BBS Express myself? Well there is one way to stop this from happening and I want other Sysops to be aware of it and not have it happen to them. Breaking in is all based on the MENU function of BBS Express. Express will let you create a menu to display different text files by putting the word MENU at the top of any text file and stating what files are to be displayed. But due to a major screw up by Mr. Ledbetter you can use this MENU option to display the USERLOG and the Sysop's Passwords or anything else you like. I will show you how to get the Sysop's pass and therefore log on as the Sysop. BBs Express Sysop's have 2 passwords. One like everyone else gets in the form of X1XXX, and a Secondary password to make it harder to hack out the Sysops pass. The Secondary pass is found in a file called SYSDATA.DAT. This file must be on drive 1 and is therefore easy to get.
All you have to do is upload this simple Text file:
MENU 1 D1:SYSDATA.DAT
Rip-off time!
After you upload this file you download it non-Xmodem. Stupid Express thinks it is displaying a menu and you will see this:
Rip-off time!
Selection [0]:
Just hit 1 and Express will display the SYSDATA.DAT file. OPPASS is where the Sysop's Secondary pass will be. D1:USERLOG.DAT is where you will find the name and Drive number of the USERLOG.DAT file. The Sysop might have renamed this file or put it in a Subdirectory or even on a different drive. I Will Assume he left it as D1:USERLOG.DAT. The other parts of this file tell you where the .HLP screens are and where the LOG is saved and all the Download path names.
Now to get the Sysop's primary pass you upload a text file like this:
MENU 1 D1:USERLOG.DAT
Breaking into Bedwetter's BBS
Again you then download this file non-Xmodem and you will see:
Breaking into Bedwetter's BBS
Selection [0]:
You then hit 1 and the long USERLOG.DAT file comes flying at you. The Sysop is the first entry in this very long file so it is easy. You will see:
SYSOP'S NAME X1XXX You should now have his 2 passwords.
There is only one easy way out of this that I can think of, and that is to make all new uploads go to SYSOP level (Level 9) access only. This way nobody can pull off what I just explained. I feel this is a major Bug on Mr. Ledbetter's part. I just don't know why no one had thought of it before. I would like to give credit to Redline for the message he left on Modem Hell telling about this problem, and also to Unka for his ideas and input about correcting it.
56. Firebombs by The Jolly Roger
Most fire bombs are simply gasoline filled bottles with a fuel soaked rag in the mouth (the bottle's mouth, not yours). The original Molotov cocktail, and still about the best, was a mixture of one part gasoline and one part motor oil. The oil helps it to cling to what it splatters on. Some use one part roofing tar and one part gasoline. Fire bombs have been found which were made by pouring melted wax into gasoline.
57. Fuse Ignition Bomb by The Jolly Roger
A four strand homemade fuse is used for this. It burns like fury. It is held down and concealed by a strip of bent tin cut from a can. The exposed end of the fuse is dipped into the flare igniter. To use this one, you light the fuse and hold the fire bomb until the fuse has burned out of sight under the tin. Then throw it and when it breaks, the burning fuse will ignite the contents.
58. Generic Bomb by The Jolly Roger
1.Acquire a glass container. 2.Put in a few drops of gasoline. 3.Cap the top. 4.Now turn the container around to coat the inner surfaces and then evaporates. 5.Add a few drops of potassium permanganate (Get this stuff from a snake bite kit) 6.The bomb is detonated by throwing against a solid object.
After throwing this thing, run like hell. This thing packs about « stick of dynamite.
59. Green Box Plans by the Jolly Roger
Paying the initial rate in order to use a red box (on certain fortresses) left a sour taste in many red boxers mouths, thus the green box was invented. The green box generates useful tones such as COIN COLLECT, COIN RETURN, AND RINGBACK. These are the tones that ACTS or the TSPS operator would send to the CO when appropriate. Unfortunately, the green box cannot be used at the fortress station but must be used by the CALLED party.
Here are the tones: COIN COLLECT 700+1100hz COIN RETURN 1100+1700hz RINGBACK 700+1700hz
Before the called party sends any of these tones, an operator release signal should be sent to alert the MF detectors at the CO. This can be done by sending 900hz + 1500hz or a single 2600 wink (90 ms.) Also do not forget that the initial rate is collected shortly before the 3 minute period is up. Incidentally, once the above MF tones for collecting and returning coins reach the CO, they are converted into an appropriate DC pulse (-130 volts for return and +130 for collect). This pulse is then sent down the tip to the fortress. This causes the coin relay to either return or collect the coins. The alleged "T-network" takes advantage of this information. When a pulse for coin collect (+130 VDC) is sent down the line, it must be grounded somewhere. This is usually the yellow or black wire. Thus, if the wires are exposed, these wires can be cut to prevent the pulse from being grounded. When the three minute initial period is almost up, make sure that the black and yellow wires are severed, then hang up, wait about 15 seconds in case of a second pulse, reconnect the wires, pick up the phone, and if all goes well, it should be "JACKPOT" time.
60. Portable Grenade Launcher by The Jolly Roger
If you have a bow, this one is for you. Remove the ferrule from an aluminum arrow, and fill the arrow with black powder (I use grade FFFF, it burns easy)and then glue a shotshell primer into the hole left where the ferrule went. Next, glue a BB on the primer, and you are ready to go! Make sure no one is nearby.... Little shreds of aluminum go all over the place!!
61. Hacking Tutorial by The Jolly Roger
What is hacking? According to popular belief the term hacker and hacking was founded at MIT it comes from the root of a hack writer, someone who keeps "hacking" at the typewriter until he finishes the story. A computer hacker would be hacking at the keyboard or password works.
What you need: To hack you need a computer equipped with a modem (a device that lets you transmit data over phone lines) which should cost you from $100 to $1200.
How do you hack? Hacking requires two things: 1.The phone number. 2.Answer to identity elements.
How do you find the phone number? There are three basic ways to find a computers phone number: 1.Scanning 2.Directory 3.Inside info
What is scanning? Scanning is the process of having a computer search for a carrier tone. For example, the computer would start at (800) 111-1111 and wait for carrier if there is none it will go on to 111-1112 etc. If there is a carrier it will record it for future use and continue looking for more.
What is directory assistance? This way can only be used if you know where your target computer is. For this example say it is in menlo park, CA and the company name is Sri.
1.Dial 411 (or 415-555-1212) 2.Say "Menlo park" 3.Say "Sri" 4.Write down number 5.Ask if there are any more numbers 6.If so write them down. 7.Hang up on operator 8.Dial all numbers you were given 9.Listen for carrier tone 10.If you hear carrier tone write down number, call it on your modem and your set to hack!
62. The Basics of Hacking II by The Jolly Roger
Basics to know before doing anything, essential to your continuing career as one of the elite in the country... This article, "The introduction to the world of hacking." is meant to help you by telling you how not to get caught, what not to do on a computer system, what type of equipment should I know about now, and just a little on the history, past present future, of the hacker.
Welcome to the world of hacking! We, the people who live outside of the normal rules, and have been scorned and even arrested by those from the 'civilized world', are becoming scarcer every day. This is due to the greater fear of what a good hacker (skill wise, no moral judgments here) can do nowadays, thus causing anti- hacker sentiment in the masses. Also, few hackers seem to actually know about the computer systems they hack, or what equipment they will run into on the front end, or what they could do wrong on a system to alert the 'higher' authorities who monitor the system. This article is intended to tell you about some things not to do, even before you get on the system. I will tell you about the new wave of front end security devices that are beginning to be used on computers. I will attempt to instill in you a second identity, to be brought up at time of great need, to pull you out of trouble. And, by the way, I take no, repeat, no, responsibility for what we say in this and the forthcoming articles. Enough of the bullshit, on to the fun: after logging on your favorite bbs, you see on the high access board a phone number! It says it's a great system to "fuck around with!" This may be true, but how many other people are going to call the same number? So: try to avoid calling a number given to the public. This is because there are at least every other user calling, and how many other boards will that number spread to? If you call a number far, far away, and you plan on going through an extender or a re-seller, don't keep calling the same access number (I.E. As you would if you had a hacker running), this looks very suspicious and can make life miserable when the phone bill comes in the mail. Most cities have a variety of access numbers and services, so use as many as you can. Never trust a change in the system... The 414's, the assholes, were caught for this reason: when one of them connected to the system, there was nothing good there. The next time, there was a trek game stuck right in their way! They proceeded to play said game for two, say two and a half hours, while telenet was tracing them! Nice job, don't you think? If anything looks suspicious, drop the line immediately!! As in, yesterday!! The point we're trying to get across is: if you use a little common sense, you won't get busted. Let the little kids who aren't smart enough to recognize a trap get busted, it will take the heat off of the real hackers. Now, let's say you get on a computer system... It looks great, checks out, everything seems fine. OK, now is when it gets more dangerous. You have to know the computer system to know what not to do. Basically, keep away from any command something, copy a new file into the account, or whatever! Always leave the account in the same status you logged in with. Change *nothing*... If it isn't an account with priv's, then don't try any commands that require them! All, yes all, systems are going to be keeping log files of what users are doing, and that will show up. It is just like dropping a trouble-card in an ESS system, after sending that nice operator a pretty tone. Spend no excessive amounts of time on the account in one stretch. Keep your calling to the very late night if possible, or during business hours (believe it or not!). It so happens that there are more users on during business hours, and it is very difficult to read a log file with 60 users doing many commands every minute. Try to avoid systems where everyone knows each other, don't try to bluff. And above all: never act like you own the system, or are the best there is. They always grab the people who's heads swell... There is some very interesting front end equipment around nowadays, but first let's define terms... By front end, we mean any device that you must pass through to get at the real computer. There are devices that are made to defeat hacker programs, and just plain old multiplexers. To defeat hacker programs, there are now devices that pick up the phone and just sit there... This means that your device gets no carrier, thus you think there isn't a computer on the other end. The only way around it is to detect when it was picked up. If it picks up after the same number ring, then you know it is a hacker-defeater. These devices take a multi-digit code to let you into the system. Some are, in fact, quite sophisticated to the point where it will also limit the user name's down, so only one name or set of names can be valid logins after they input the code... Other devices input a number code, and then they dial back a pre-programmed number for that code. These systems are best to leave alone, because they know someone is playing with their phone. You may think "but I'll just reprogram the dial-back." Think again, how stupid that is... Then they have your number, or a test loop if you were just a little smarter. If it's your number, they have your balls (if male...), if its a loop, then you are screwed again, since those loops are *monitored*. As for multiplexers... What a plexer is supposed to do is this: The system can accept multiple users. We have to time share, so we'll let the front-end processor do it... Well, this is what a multiplexer does. Usually they will ask for something like "enter class" or "line:". Usually it is programmed for a double digit number, or a four to five letter word. There are usually a few sets of numbers it accepts, but those numbers also set your 300/1200/2400 baud data type. These multiplexers are inconvenient at best, so not to worry. A little about the history of hacking: hacking, by my definition, means a great knowledge of some special area. Doctors and lawyers are hackers of a sort, by this definition. But most often, it is being used in the computer context, and thus we have a definition of "anyone who has a great amount of computer or telecommunications knowledge." You are not a hacker because you have a list of codes... Hacking, by my definition, has then been around only about 15 years. It started, where else but, MIT and colleges where they had computer science or electrical engineering departments. Hackers have created some of the best computer languages, the most awesome operating systems, and even gone on to make millions. Hacking used to have a good name, when we could honestly say "we know what we are doing". Now it means (in the public eye): the 414's, Ron Austin, the NASA hackers, the arpanet hackers... All the people who have been caught, have done damage, and are now going to have to face fines and sentences. Thus we come past the moralistic crap, and to our purpose: educate the hacker community, return to the days when people actually knew something...
63. Hacking DEC's by The Jolly Roger
In this article you will learn how to log in to dec's, logging out, and all the fun stuff to do in-between. All of this information is based on a standard dec system. Since there are dec systems 10 and 20, and I favor, the dec 20, there will be more info on them in this article. It just so happens that the dec 20 is also the more common of the two, and is used by much more interesting people (if you know what I mean...) OK, the first thing you want to do when you are receiving carrier from a dec system is to find out the format of login names. You can do this by looking at who is on the system.
Dec=> ` (the 'exec' level prompt) you=> sy
sy: short for sy(stat) and shows you the system status. You should see the format of login names. A systat usually comes up in this form:
Job Line Program User
Job: The job number (not important unless you want to log them off later) Line: What line they are on (used to talk to them...) These are both two or three digit numbers. Program: What program are they running under? If it says 'exec' they aren't doing anything at all... User: ahhhahhhh! This is the user name they are logged in under... Copy the format, and hack yourself outa working code... Login format is as such:
dec=> ` you=> login username password
Username is the username in the format you saw above in the systat. After you hit the space after your username, it will stop echoing characters back to your screen. This is the password you are typing in... Remember, people usually use their name, their dog's name, the name of a favorite character in a book, or something like this. A few clever people have it set to a key cluster (qwerty or asdfg). Passwords can be from 1 to 8 characters long, anything after that is ignored. You are finally in... It would be nice to have a little help, wouldn't it? Just type a ? Or the word help, and it will give you a whole list of topics... Some handy characters for you to know would be the control keys, wouldn't it? Backspace on a dec 20 is rub which is 255 on your ASCII chart. On the dec 10 it is control-H. To abort a long listing or a program, control-C works fine. Use Control-O to stop long output to the terminal. This is handy when playing a game, but you don't want to control-C out. Control-T for the time. Control-u will kill the whole line you are typing at the moment. You may accidentally run a program where the only way out is a control-X, so keep that in reserve. Control-s to stop listing, control-Q to continue on both systems. Is your terminal having trouble?? Like, it pauses for no reason, or it doesn't backspace right? This is because both systems support many terminals, and you haven't told it what yours is yet... You are using a VT05 so you need to tell it you are one.
Dec=> ` you=> information terminal -or- You=> info (This shows you what your terminal is set up as.) Dec=>all sorts of shit, then the ` you=> set ter vt05 (This sets your terminal type to VT05.) Now let's see what is in the account (here after abbreviated acct.) that you have hacked onto. Say:
=> dir (Short for directory.) It shows you what the user of the code has save to the disk. There should be a format like this: xxxxx.Oooxxxxx is the file name, from 1 to 20 characters long. Ooo is the file type, one of: exe, txt, dat, bas, cmd and a few others that are system dependant. Exe is a compiled program that can be run (just by typing its name at the `)
Txt is a text file, which you can see by typing: =>type xxxxx.Txt Do not try to: =>type xxxxx.Exe (This is very bad for your terminal and will tell you absolutely nothing.)
Dat is data they have saved. Bas is a basic program, you can have it typed out for you. Cmd is a command type file, a little too complicated to go into here. Try:
=>take xxxxx.Cmd
By the way, there are other users out there who may have files you can use. (Gee, why else am I here?)
=> dir <*.*> (Dec 20) => dir [*,*] (Dec 10)
* is a wildcard, and will allow you to access the files on other accounts if the user has it set for public access. If it isn't set for public access, then you won't see it. To run that program:
dec=> ` you=> username program-name
Username is the directory you saw the file listed under, and file name was what else but the file name? ** You are not alone ** remember, you said (at the very start) sy short for systat, and how we said this showed the other users on the system? Well, you can talk to them, or at least send a message to anyone you see listed in a systat. You can do this by:
dec=> the user list (from your systat) you=> talkusername (Dec 20) send username (Dec 10)
Talk allows you and them immediate transmission of whatever you/they type to be sent to the other. Send only allow you one message to be sent, and send, they will send back to you, with talk you can just keep going. By the way, you may be noticing with the talk command that what you type is still acted upon by the parser (control program). To avoid the constant error messages type either:
you=> ;your message you=> rem your message
the semi-colon tells the parser that what follows is just a comment. Rem is short for 'remark' and ignores you from then on until you type a control-Z or control-C, at which point it puts you back in the exec mode. To break the connection from a talk command type:
you=> break priv's:
If you happen to have privs, you can do all sorts of things. First of all, you have to activate those privs.
You=> enable
This gives you a $ prompt, and allows you to do this: whatever you can do to your own directory you can now do to any other directory. To create a new acct. Using your privs, just type:
=>build username
If username is old, you can edit it, if it is new, you can define it to be whatever you wish. Privacy means nothing to a user with privs. By the way, there are various levels of privs: operator, wheel, cia. Wheel is the most powerful, being that he can log in from anywhere and have his powers. Operators have their power because they are at a special terminal allowing them the privs. Cia is short for 'confidential information access', which allows you a low level amount of privs. Not to worry though, since you can read the system log file, which also has the passwords to all the other accounts. To de-activate your privs, type:
you=> disable
when you have played your greedy heart out, you can finally leave the system with the command:
=>logout
This logs the job you are using off the system (there may be varients of this such as kjob, or killjob.)
64. Harmless Bombs by The Jolly Roger
To all those who do not wish to inflict bodily damage on their victims but only terror. These are weapons that should be used from high places.
1.The Flour Bomb Take a wet paper towel and pour a given amount of baking flour in the center. Then wrap it up and put on a rubber band to keep it together. When thrown it will fly well but when it hits, it covers the victim with the flower or causes a big puff of flour which will put the victim in terror since as far as they are concerned, some strange white powder is all over them. This is a cheap method of terror and for only the cost of a roll of paper towels and a bag of flour you and your friends can have loads of fun watching people flee in panic. 2.Smoke Bomb Projectile All you need is a bunch of those little round smoke bombs and a wrist rocket or any sling-shot. Shoot the smoke bombs and watch the terror since they think it will blow up! 3.Rotten Eggs (Good ones) Take some eggs and get a sharp needle and poke a small hole in the top of each one. Then let them sit in a warm place for about a week. Then you've got a bunch of rotten eggs that will only smell when they hit. 4.Glow in the Dark Terror Take one of those tubes of glow in the dark stuff and pour the stuff on whatever you want to throw and when it gets on the victim, they think it's some deadly chemical or a radioactive substance so they run in total panic. This works especially well with flower bombs since a gummy, glowing substance gets all over the victim. 5.Fizzling Panic Take a baggy of a water-baking soda solution and seal it. (Make sure there is no air in it since the solution will form a gas and you don't want it to pop on you.) Then put it in a bigger plastic bag and fill it with vinegar and seal it. When thrown, the two substances will mix and cause a violently bubbling substance to go all over the victim.
65. Breaking Into Houses by The Jolly Roger
Okay You Need: 1.Tear Gas or Mace 2.A BB/Pellet Gun 3.An Ice Pick 4.Thick Gloves
What You Do Is:
1.Call the house, or ring doorbell, to find out if they're home. 2.If they're not home then... 3.Jump over the fence or walk through gate (whatever). 4.If you see a dog give him the mace or tear gas. 5.Put the gloves on!!!!!!! 6.Shoot the BB gun slightly above the window locks. 7.Push the ice-pick through the hole (made by the BB gun). 8.Enter window. 9.FIRST...Find the LIVING ROOM. (there're neat things there!). 10.Goto the bedroom to get a pillow case. Put the goodies in the pillow case. 11.Get out <-* FAST! -*>
Notes: You should have certain targets worked out (like computers, Radios, Ect.) Also <-* NEVER *-> Steal from your own neighborhood. If you think they have an alarm...<-* FORGET IT! *->.
66. A Guide to Hypnotism by The Jolly Roger
What hypnotism is? Hypnotism, contrary to common belief, is merely state when your mind and body are in a state of relaxation and your mind is open to positive, or cleverly worded negative, influences. It is not a trance where you: Are totally influenceable. Cannot lie. A sleep which you cannot wake up from without help. This may bring down your hope somewhat, but, hypnotism is a powerful for self help, and/or mischief.
Your subconscious mind Before going in further, I'd like to state that hypnotism not only is great in the way that it relaxes you and gets you (in the long run) what you want, but also that it taps a force of incredible power, believe it or not, this power is your subconscious mind. The subconscious mind always knows what is going on with every part of your body, every moment of the day. It protects you from negative influences, and retains the power to slow your heartbeat down and stuff like that. The subconscious mind holds just about all the info you would like to know About yourself, or, in this case, the person you will be hypnotizing. There are many ways to talk to your subconscious and have it talk back to you. One way is the ouja board, no its not a spirit, merely the minds of those who are using it. Another, which I will discuss here, is the pendulum method. OK, here is how it goes. First, get a ring or a washer and tie it to a thread a little longer than half of your forearm. Now, take a sheet of paper and draw a big circle in it. In the big circle you must now draw a crosshair (a big +). Now, put the sheet of paper on a table. Next, hold the thread with the ring or washer on it and place it (holding the thread so that the ring is 1 inch above the paper swinging) in the middle of the crosshair. Now, swing the thread so the washer goes up and down, say to yourself the word "Yes" now, do it side to side and say the word "no". Do it counter clockwise and say "I don't know". And lastly, do it clockwise and say "I don't want to say." Now, with the thread back in the middle of the crosshair, ask yourself questions and wait for the pendulum to swing in the direction for the answer. (yes, no, I don't know or I don't want to say...). Soon, to your amazement, it will be answering questions like anything... Let the pendulum answer, don't try.. When you try you will never get an answer. Let the answer come to you.
How to induce hypnotism Now that you know how to talk to your subconscious mind, I will now tell you how to guide someone into hypnosis. Note that I said guide, you can never, hypnotize someone, they must be willing. OK, the subject must be lying or sitting in a comfortable position, relaxed, and at a time when things aren't going to be interrupted. Tell them the following or something close to it, in a peaceful, monotonous tone (not a commanding tone of voice)
Note: Light a candle and place it somewhere where it can be easily seen.
"Take a deep breath through your nose and hold it in for a count of 8. Now, through your mouth, exhale completely and slowly. Continued breathing long, deep, breaths through your nose and exhaling through your mouth. Tense up all your muscles very tight, now, counting from ten to one, release them slowly, you will find them very relaxed. Now, look at the candle, as you look at it, with every breath and passing moment, you are feeling increasingly more and more peaceful and relaxed. The candles flame is peaceful and bright. As you look at it I will count from 100 down, as a count, your eyes will become more and more relaxed, getting more and more tired with each passing moment." Now, count down from 100, about every 10 numbers say "When I reach xx your eyes (or you will find your eyes) are becoming more and more tired." Tell them they may close their eyes whenever they feel like it. If the persons eyes are still open when you get to 50 then instead of saying "your eyes will.." Say "your eyes are...". When their eyes are shut say the following. As you lie (or sit) here with your eyes comfortably close you find yourself relaxing more and more with each moment and breath. The relaxation feels pleasant and blissful so, you happily give way to this wonderful feeling. Imagine yourself on a cloud, resting peacefully, with a slight breeze caressing your body. A tingling sensation begins to work its way, within and without your toes, it slowly moves up your feet, making them warm, heavy and relaxed. The cloud is soft and supports your body with its soft texture, the scene is peaceful and absorbing, the peacefulness absorbs you completely. The tingling gently and slowly moves up your legs, relaxing them. Making them warm and heavy. The relaxation feels very good, it feels so good to relax and let go. As the tingling continues its journey up into your solar plexus, you feel your inner stomach become very relaxed. Now, it moves slowly into your chest, making your breathing relaxed as well. The feeling begins to move up your arms to your shoulders, making your arms heavy and relaxed as well. You are aware of the total relaxation you are now experiencing, and you give way to it. It is good and peaceful, the tingling now moves into your face and head, relaxing your jaws, neck, and facial muscles, making your cares and worries float away. Away into the blue sky as you rest blissfully on the cloud. If they are not responsive or you think they (he or she) is going to sleep, then add in a "...always concentrating upon my voice, ignoring all other sounds. Even though other sounds exists, they aid you in your relaxation..." They should soon let out a sigh as if they were letting go, and their face should have a "woodiness" to it, becoming featureless... Now, say the following "... You now find yourself in a hallway, the hallway is peaceful and nice. As I count from 10 to 1 you will imagine yourself walking further and further down the hall. When I reach one you will find yourself where you want to be, in another, higher state of conscious and mind. (count from ten to one)..." Do this about three or four times. Then, to test if the subject is under hypnosis or not, say "... You feel a strange sensation in your (arm they write with) arm, the feeling begins at your fingers and slowly moves up your arm, as it moves through your arm your arm becomes lighter and lighter, it will soon be so light it will ... becoming lighter and lighter which each breath and moment..." Their fingers should begin to twitch and then move up, the arm following, now my friend, you have him/her in hypnosis. The first time you do this, while he/she is under say good things, like: "Your going to feel great tomorrow" or "Every day in every way you will find yourself becoming better and better".. Or some crap like that... The more they go under, the deeper in hypnosis they will get each time you do it.
What to do when hypnotized When you have them under you must word things very carefully to get your way. You cannot simply say... Take off your clothes and fuck the pillow. No, that would not really do the trick. You must say something like.... "you find your self at home, in your room and you have to take a shower (vividly describe their room and what's happening), you begin to take off your clothes..." Now, it can't be that simple, you must know the persons house, room, and shower room. Then describe things vividly and tell them to act it out (they have to be deeply under to do this). I would just suggest that you experiment a while, and get to know how to do things.
Waking up Waking up is very easy, just say "...as I count from 1 to 5 you will find yourself becoming more and more awake, more and more lively. When you wake up you will find yourself completely alive, awake, and refreshed. Mentally and physically, remembering the pleasant sensation that hypnosis brings... Waking up feeling like a new born baby, reborn with life and vigor, feeling excellent. Remembering that next time you enter hypnosis it will become an ever increasing deeper and deeper state than before.
1.You feel energy course throughout your limbs. 2.You begin to breathe deeply, stirring. 3.Beginning to move more and more your eyes open, bringing you up to full conscious. 4.You are up, up, up and awakening more and more. 5.You are awake and feeling great.
And that's it! You now know how to hypnotize yourself and someone else. You will learn more and more as you experiment.
67. The Remote Informer Issue #1 by Tracker and Noman Bates
Introduction Welcome to the first issue of 'The Remote Informer'! This newsletter is reader supported. If the readers of this newsletter do not help support it, then it will end. We are putting this out to help out the ones that would like to read it. If you are one of those who thinks they know everything, then don't bother reading it. This newsletter is not anything like the future issues. The future issues will contain several sections, as long as reader input is obtained. Below is an outline overview of the sections in the future issues.
I/O Board (Input/Output Board)
The I/O Board is for questions you have, that we might be able to answer or at least refer you to someone or something. We will be honest if we cannot help you. We will not make up something, or to the effect, just to make it look like we answered you. There will be a section in the I/O Board for questions we cannot answer, and then the readers will have the opportunity to answer it. We will print anything that is reasonable in the newsletter, even complaints if you feel like you are better than everyone.
NewsCenter
This section will be for news around the underworld. It will talk of busts of people in the underworld and anything else that would be considered news. If you find articles in the paper, or something happens in your local area, type it up, and upload it to one of the boards listed at the end of the newsletter. Your handle will be placed in the article. If you do enter a news article, please state the date and from where you got it.
Feature Section
The Feature Section will be the largest of the sections as it will be on the topic that is featured in that issue. This will be largely reader input which will be sent in between issues. At the end of the issue at hand, it will tell the topic of the next issue, therefore, if you have something to contribute, then you will have ample time to prepare your article.
Hardware/Software Review
In this section, we will review the good and bad points of hardware and software related to the underworld. It will be an extensive review, rather than just a small paragraph.
The Tops
This section will be the area where the top underworld BBS's, hacking programs, modem scanners, etc. will be shown. This will be reader selected and will not be altered in anyway. The topics are listed below. Underworld BBS's (Hack, Phreak, Card, Anarchy, etc.) Hacking programs for Hayes compatables Hacking programs for 1030/Xm301 modems Modem scanners for Hayes compatables Modem scanners for 1030/Xm301 modems Other type illegal programs You may add topics to the list if enough will support it.
Tid Bits
This will contain tips and helpful information sent in by the users. If you have any information you wish to contribute, then put it in a text file and upload it to one of the BBS's listed at the end of the newsletter. Please, no long distance codes, mainframe passwords, etc. We may add other sections as time goes by. This newsletter will not be put out on a regular basis. It will be put out when we have enough articles and information to put in it. There may be up to 5 a month, but there will always be at least one a month. We would like you, the readers, to send us anything you feel would be of interest to others, like hacking hints, methods of hacking long distance companies, companies to card from, etc. We will maintain the newsletter as long as the readers support it. That is the end of the introduction, but take a look at this newsletter, as it does contain information that may be of value to you.
Hacking Sprint: The Easy Way If you hack US Sprint, 950-0777 (by the way it is no longer GTE Sprint), and you are frustrated at hacking several hours only to find one or two codes, then follow these tips, and it will increase your results tremendously. First, one thing that Mr. Mojo proved is that Sprint will not store more than one code in every hundred numbers. (ex: 98765400 to 98765499 may contain only one code). There may NOT be a code in that hundred, but there will never be more than one. Sprint's 9 digit codes are stored from 500000000 through 999999999. In the beginning of Sprint's 950 port, they only had 8 digit codes. Then they started converting to 9 digit codes, storing all 8 digit codes between 10000000 and 49999999 and all 9 digit codes between 500000000 and 999999999. Sprint has since canceled most 8 digit codes, although there are a few left that have been denoted as test codes. Occasionally, I hear of phreaks saying they have 8 digit codes, but when verifying them, the codes were invalid. Now, where do you start? You have already narrowed the low and high numbers in half, therefore already increasing your chances of good results by 50 percent. The next step is to find a good prefix to hack. By the way, a prefix, in hacking terms, is the first digits in a code that can be any length except the same number of digits the code is. (ex: 123456789 is a code. That means 1, 12, 123, 1234, 12345, 123456, 1234567, and 12345678 are prefixes) The way you find a good prefix to hack is to manually enter a code prefix. If when you enter the code prefix and a valid destination number and you do not hear the ringing of the recording telling you that the code is invalid until near the end of the number, then you know the prefix is valid. Here is a chart to follow when doing this:
Code - Destination Range good codes exist ------------------------------------------------- 123456789 - 6192R 123400000 - 123499999 123456789 - 619267R 123450000 - 123459999 123456789 - 61926702R 123456000 - 123456999 123456789 - 6192670293R 123456700 - 123456799 ------------------------------------------------- ( R - Denotes when ring for recording starts)
To prove this true, I ran a test using OmniHack 1.3p, written by Jolly Joe. In this test I found a prefix where the last 3 digits were all I had to hack. I tested each hundred of the 6 digit prefix finding that all but 4 had the ring start after the fourth digit was dialed in the destination number. The other four did not ring until I had finished the entire code. I set OmniHack to hack the prefix + 00 until prefix + 99. (ex: xxxxxxy00 to xxxxxxy99: where y is one of the four numbers that the ring did not start until the dialing was completed.) Using this method, I found four codes in a total of 241 attempts using ascending hacking (AKA: Sequential). Below you will see a record of my hack:
Range of hackCodes foundTries xxxxxx300 - xxxxxx399xxxxxx35050 xxxxxx500 - xxxxxx599xxxxxx56868 xxxxxx600 - xxxxxx699xxxxxx64646 xxxxxx800 - xxxxxx899xxxxxx87777 Totals4 codes241
As you see, these methods work. Follow these guidelines and tips and you should have an increase in production of codes in the future hacking Sprint. Also, if you have any hints/tips you think others could benefit from, then type them up and upload them to one of the boards at the end of the newsletter.
Rumors: Why Spread Them? Do you ever get tired of hearing rumors? You know, someone gets an urge to impress others, so they create a rumor that some long distance company is now using tracing equipment. Why start rumors? It only scares others out of phreaking, and then makes you, the person who started the rumor, look like Mr. Big. This article is short, but it should make you aware of the rumors that people spread for personal gain. The best thing to do is to denote them as a rumor starter and then leave it at that. You should not rag on them constantly, since if the other users cannot determine if it is fact or rumor, then they should suffer the consequences.
The New Sprint FON Calling Cards US Sprint has opened up a new long distance network called the Fiber Optic Network (FON), in which subscribers are given calling cards. These calling cards are 14 digits, and though, seem randomly generated, they are actually encrypted. The rumors floating around about people getting caught using the Sprint FON calling cards are fact, not rumors. The reason people are getting caught is that they confuse the FON calling cards with the local 950 port authorization codes. If you will remember, you never use AT&T calling cards from you home phone. It has ANI capability, which is not tracing, but rather the originating phone number is placed on the bill as soon as the call is completed. They know your phone number when you call the 800 access port, but they do not record it until your call is completed. Also, through several of my hacks, I came up with some interesting information surrounding the new Sprint network. They are listed below.
800-877-0000 - This number is for information on US Sprint's 800 calling card service. I have not played around with it, but I believe it is for trouble or help with the FON calling cards. I am not sure if it is for subscribing to the FON network. 800-877-0002 - You hear a short tone, then nothing. 800-877-0003 - US Sprint Alpha Test Channel #1 800-877-(0004-0999) - When you call these numbers, you get a recording saying: "Welcome to US Sprint's 1 plus service." When the recording stops, if you hit the pound key (#) you will get the calling card dial tone.
Other related Sprint numbers 800-521-4949 - This is the number that you subscribe to US Sprint with. You may also subscribe to the FON network on this number. It will take 4 to 5 weeks for your calling card to arrive. 10777 - This is US Sprint's equal access number. When you dial this number, you then dial the number you are calling, and it will be billed through US Sprint, and you will receive their long distance line for that call. Note that you will be billed for calls made through equal access. Do not mistake it to be a method of phreaking, unless used from a remote location. If you are in US Sprint's 1+ service then call 1+700-555-1414, which will tell you which long distance company you are using. When you hear: "Thank you for choosing US Sprint's 1 plus service," hit the pound key (#), and then you will get the US Sprint dial tone. This however is just the same as if you are calling from your home phone if you dial direct, so you would be billed for calls made through that, but there are ways to use this to your advantage as in using equal access through a PBX.
Automatic Number Identification (ANI) The true definition for Automatic Number Identification has not been widely known to many. Automatic Number Identification, (AKA: ANI), is the process of the destination number knowing the originating number, which is where you are calling from. The method of achieving this is to send the phone number that you are calling from in coded form ahead of the destination number. Below is an example of this.
ANI Method Dial: 267-0293 Sent: ********2670293 * - Denotes the originating number which is coded and sent before the number
As you noticed there are 8 digits in the coded number. This is because, at least I believe, it is stored in a binary-like form. Automatic Number Identification means a limited future in phreaking. ANI does not threaten phreaking very much yet, but it will in the near future. A new switching system will soon be installed in most cities that are covered by ESS, Electronic Switching System, now. The system will have ANI capabilities which will be supplied to the owners of phone lines as an added extra. The owner's phone will have an LED read-out that will show the phone number of the people that call you. You will be able to block some numbers, so that people cannot call you. This system is in the testing stages currently, but will soon be installed across most of the country. As you see, this will end a large part of phreaking, until we, the phreakers, can come up with an alternative. As I have been told by several, usually reliable, people, this system is called ISS, which I am not sure of the meaning of this, and is being tested currently in Rhode Island. 800 in-watts lines set up by AT&T support ANI. The equipment to decode an ANI coded origination number does not costs as much as you would expect. 950 ports do not offer ANI capability, no matter what you have been told. The 950 ports will only give the city in which they are based, this usually being the largest in the state, sometimes the capitol. One last thing that I should tell you is that ANI is not related to tracing. Tracing can be done on any number whether local, 950, etc. One way around this, especially when dialing Alliance TeleConferencing, is to dial through several extenders or ports. ANI will only cover the number that is calling it, and if you call through a number that does not support ANI, then your number will never be known.
68. Jackpotting ATM Machines by The Jolly Roger
JACKPOTTING was done rather successfully a while back in (you guessed it) New York. What the culprits did was sever (actually cross over) the line between the ATM and the host. Insert a microcomputer between the ATM and the host. Insert a fraudulent card into the ATM. (By card I mean cash card, not hardware.) What the ATM did was: send a signal to the host, saying "Hey! Can I give this guy money, or is he broke, or is his card invalid?" What the microcomputer did was: intercept the signal from the host, discard it, send "there's no one using the ATM" signal. What the host did was: get the "no one using" signal, send back "okay, then for God's sake don't spit out any money!" signal to ATM. What the microcomputer did was intercept the signal (again), throw it away (again), send "Wow! That guy is like TOO rich! Give him as much money as he wants. In fact, he's so loaded, give him ALL the cash we have! He is really a valued customer." signal. What the ATM did: what else? Obediently dispense cash till the cows came home (or very nearly so). What the crooks got was well in excess of $120,000 (for one weekend's work), and several years when they were caught. This story was used at a CRYPTOGRAPHY conference I attended a while ago to demonstrate the need for better information security. The lines between ATM's & their hosts are usually 'weak' in the sense that the information transmitted on them is generally not encrypted in any way. One of the ways that JACKPOTTING can be defeated is to encrypt the information passing between the ATM and the host. As long as the key cannot be determined from the ciphertext, the transmission (and hence the transaction) is secure. A more believable, technically accurate story might concern a person who uses a computer between the ATM and the host to determine the key before actually fooling the host. As everyone knows, people find cryptanalysis a very exciting and engrossing subject..don't they? (Hee-Hee)
_____ ______ | |-<<-| |-<<-| | |ATM| micro |Host| |___|->>-| |->>-|____|
The B of A ATM's are connected through dedicated lines to a host computer as the Bishop said. However, for maintenance purposes, there is at least one separate dial-up line also going to that same host computer. This guy basically BS'ed his way over the phone till he found someone stupid enough to give him the number. After finding that, he had has Apple hack at the code. Simple.
Next, he had a friend go to an ATM with any B of A ATM card. He stayed at home with the Apple connected to the host. When his friend inserted the card, the host displayed it. The guy with the Apple modified the status & number of the card directly in the host's memory. He turned the card into a security card, used for testing purposes. At that point, the ATM did whatever it's operator told it to do.
The next day, he went into the bank with the $2000 he received, talked to the manager and told him every detail of what he'd done. The manager gave him his business card and told him that he had a job waiting for him when he got out of school.
Now, B of A has been warned, they might have changed the system. On the other hand, it'd be awful expensive to do that over the whole country when only a handful of people have the resources and even less have the intelligence to duplicate the feat. Who knows?
69. Jug Bomb by The Jolly Roger
Take a glass jug, and put 3 to 4 drops of gasoline into it. Then put the cap on, and swish the gas around so the inner surface of the jug is coated. Then add a few drops of potassium permanganate solution into it and cap it. To blow it up, either throw it at something, or roll it at something.
70. Fun at K-Mart by The Jolly Roger
Well, first off, one must realize the importance of K-Marts in society today. First off, K-Marts provide things cheaper to those who can't afford to shop at higher quality stores. Although, all I ever see in there is minorities and Senior Citizens, and the poor people in our city. Personally, I wouldn't be caught dead in there. But, once, I did. You see, once, after The Moon Roach and Havoc Chaos (Dear friends of mine) and I were exploring such fun things as rooftops, we came along a K-Mart. Amused, and cold for that matter, we wandered in. The Tension mounts. As we walked up to the entrance, we were nearly attacked by Youth Groups selling cheap cookies, and wheelchair sticken people selling American Flags. After laughing at these people, we entered. This is where the real fun begins... First, we wandered around the store, and turned on all the blue lights we could find. That really distracts and confuses the attendents...Fun to do... The first neat thing, is to go to the section of the store where they sell computers. Darkness engulfs the earth the day they find Apple Computers being sold there. Instead, lesser computers like the laughable C-64 can be found there...Turn it on, and make sure nobody's looking...Then, once in Basic, type...
]10 PRINT "Fuck the world! Anarchy Rules!" (or something to that effect.) ]20 GOTO 10 and walk away.
Also, set the sample radios in the store to a satanic rock station, and turn the radio off. Then, set the alarm for two minutes ahead of the time displayed there. Turn the volume up all the way, and walk away. After about two minutes, you will see the clerk feebly attempt to turn the radio down or off. It's really neat to set ten or more radios to different stations, and walk away. One of my favorite things to do, is to get onto the intercom system of the store. Easier typed then done. First, check out the garden department. You say there's no attendent there? Good. Sneak carefully over to the phone behind the cheap counter there, and pick it up. Dial the number corresponding to the item that says 'PAGE'... And talk. You will note that your voice will echo all over the bowels of K-Mart. I would suggest announcing something on the lines of: "Anarchy rules!!"
|
|||||||||||||||||||||||||||||||||
