Encyclopedia > Phreaking

  Article Content

Phreaking

Phreaking is a slang term for the action of making a telephone system do something that it normally should not allow. It is an illegal activity, but one formerly pursued by a large number of computer and electronics hobbyists out of curiosity. Most of the techniques formerly used in phreaking no longer function due to changes in the telephone system—some evolutionary, and some designed specifically to disallow such access.

A phreak or phreaker is a person who engages in the act of hacking phones. Phreaks often make tools called boxes. Such as the red box, beige box[?] and clear box[?]. The culture started in the early 60's by blind kids who taught themselves to imitate tones made when coin were dropped in the coin slot.

Table of contents
1 External links

The Crossbar System

In the 1960s the US phone system used a mechanical device for call switching known as the crossbar. The crossbar system could control phone switching by watching the voltage on the lines connected to the user's phones. When the user picked up the phone, the voltage suddenly dropped from about 48V to about 10V, so the crossbar knew you wanted to place a call. It would then play a dial tone and wait for you to dial. When someone called you the crossbar switched in an intermitent ring voltage of about 120VAC at 10Hz, to make the hammer repeatedly strike the bell inside the phone, thus making the phone ring. It could also tell when you hung up when it saw the voltage increase back to about 48V again.

Dialing worked in a similar fashion by quickly picking up and hanging up the line, that is, connecting and disconnecting the line. The lines were connected to a series of mechanical disks that rotated one position for every "click", so seven such clicks would turn the disk seven positions. After dialling several numbers in this way, the line would eventually be connected to another phone, which would start ringing.

This only worked for "local" calls however, where everyone involved was connected to the same crossbar and the voltages could all be measured. Long distance calls were routed through long lines and internationally through transatlantic telephone cables. Domestically in the US long distance calls might not be connected physically; even in the 1960s an increasing number were being carried by microwave links and even satellite relays. To handle these sorts of calls, the crossbar connected all calls that started specific three digit codes that were not used for local exchange codes to an outbound long line. These three digit codes always had a one or a zero in the second digit. Later this system was replaced with the 1 (universal North American long distance code) as it became necessary to use all the possible combinations for exchange codes. These outbound long lines converted the various voltages or Touch Tone signals into special multi-frequency sounds that were only used by the long lines and by special outbound routing operators. These signals were sent along the long lines to the remote crossbar or electronic switching system. Another set of sounds (such as the 2600Hz sine wave discussed below) signalled things like "user has hung up". After all, the phone system transmits sound, so it took no extra lines to transmit these particular codes that had been converted into sounds, saving lots of money on infrastructure.

The Origins of Phreaking

One version of the origins of freaking is as follows: One day a student was playing with the phones in his local university when he whistled into it, and the phone suddenly hung up. After some experimentation and a few calls to local technicians, he learned that he had stumbled across the "user had hung up" tone, 2600Hz. When the system heard it, it hung up the phone, thinking the call was ended. Another version is that Captain Crunch had a whistle that he had found in a box of cereal by the same name. One day he discovered that this whistle cause the phone to suddenly hang up. He tested the whistle and discovered that it created a relatively pure 2600 Hz sine wave tone.

At that point the call was not completely disconnected. Although the long distance hardware thought the call was disconnected, the local user was still physically connected to their local crossbar – it knew he was still connected because the voltage never dropped. This left the system in a weird state. The dialer was still connected to a long distance trunk line and switch at the remote switching center that was perfectly willing to complete or further route calls.

A number of people in the 1960s discovered a loophole that resulted from this combination of features. The trick to was to call a toll free number or long distance directory number and then play the 2600Hz tone into the line before the call was answered on the other side of the toll line. Then you simply dialed the number you actually wanted on a blue box, and the remote crossbar happily connected you – for free. Of course when you were connected to the diverted call your local central office would be alert and the technicians began searching for inordinately long directory calls or excessive dialing to particular toll free numbers. Many phone phreaks were forced to use pay telephones as the telephone company technicians regularly tracked long distance toll free calls in an elaborate cat and mouse game.

As the knowledge spread the growing number of phone phreaks became a minor culture onto their own. They were able to train their ears to determine how the long lines routed their calls. Sympathetic telephone employees gave them the various routing codes to use international satellites and various trunk lines like expert operators. The phone companies quickly caught on to the scheme and slowly deployed a number of systems to defeat it. However, the phreaks felt that a true solution would be impossible because it would require adding hardware (a filter) to every line on every crossbar in the world. Unless the phone company replaced all their hardware, phreaking would be impossible to stop. May of these phreaks were caught by the FBI and the telephone company would routinely offer employment to the phreaks as they often knew more about telephone systems that the engineers who had designed them.

Of course, the phone companies in North America did, in fact, replace all their hardware. They didn't do it to stop the phreakers, but simply as a matter of course as they moved to fully digital switching systems. Unlike the crossbar, where the switching signals were carried on the same lines, the new systems used separate lines for signalling that the phreakers couldn't get to.

One Box, Two Box, Red Box, Blue Box

The key to phreaking was the in-band signaling[?] used by Ma Bell (or AT&T) on their long lines. Many phreaking techniques can be implemented with small electronic circuits, easily made by hobbyists once the secret of their operation is known. The 2600Hz tone generator was also called a Captain Crunch whistle. The first such circuit to encorporate the MF switching tones needed to reroute long distance calls was nicknamed the blue box by an early phreak who had built one in a blue enclosure. Soon, other types of phreaking circuits were given similar names.

At one point, pay telephones used specific DTMF tones to signal the deposit of a nickel, dime, or quarter into the coin slot. Phreaks learned the frequencies used, and produced circuits to spoof them. Such a device became known as a red box. Though it was also possible to call one pay phone from another and then simply record the sounds as coins were deposited in the first pay telephone. The phreaked call was then completed and when the operator asked for payment the phreak would play back the recording of the sounds (including the physical sound of the coins being deposited into the coin box) into mouthpeice of the telephone for the benefit of the operator. Red-boxing (the act of using red boxes) ceased working in most areas in the 1980s as the phone companies installed an extra sensor that actually detected the coin falling into the box. Finally they moved this signaling out of band[?] completely. However, in some areas where telephone equipment was not upgraded until later, it remained effective into the 1990s.

Dozens of other types of "boxes" were invented. In the BBS scene of the late 1980s and early 1990s, crude ASCII art diagrams of phreaking box schematics circulated on electronic bulletin boards. Many of these designs simply cloned particular telephone features not usually accessible on residential phones, such as a hold button or the letter keys used in Autovon (the silver box). Many were useless, some were faulty, and some were pure hoaxes: for instance, a "blotto box" which supposedly could use high-frequency signals to cause a remote telephone to explode.

External links



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
Digital Rights Management

... Felten's freedom-to-tinker Web site for information and pointers. An early example of a DRM system is the Content Scrambling System (CSS) employed by the DVD ...

 
 
 
This page was created in 29 ms