Years before we had home computers or the internet, there was the analog telephone network. Many people have the misconception that computer hackers didn't exist prior to the World Wide Web. The telephone system, however, is not much different than the modern internet. Wall phones functioned as input devices much like a computer keyboard and the tones generated by the keypad (or rotary dials of earlier phones) sent tones to the equipment that put the calls through. If you've ever wanted to portray a tech-savvy character in a pre-internet world, discover how these early hackers manipulated the phone network in the way their modern-day counterparts break into computer networks today.
Prior to the 1960s, human workers known as telephone operators connected calls through manual switchboards known as "cord boards". By the late 1960s, automated machines began to connect phone calls, partially automating the telephone networks. Human operators worked alongside these automated machines for several decades. By the 1990s, much of the telephone network was digital, and as smartphones became commonplace, payphones began to be phased out in the 21st century, largely eliminating telephone operators as they had once existed. The analog phone network from the 20th century no longer exists. what follows is now obsolete and no longer applicable to the modern digital telephone network.
In the late 1960s, hobbyists interested in technology began experimenting with and manipulating the telephone network. They called themselves Phone Phreakers and were in many ways the original computer hackers. People often associate Phone Phreakers as people who manipulated telephones, often specifically payphones, by bypassing tolls and making free phone calls. The majority of people that participated in phone phreaking were more interested in learning about how the system worked as opposed to exploiting it to avoid paying for calls. They even had in-person meetings and conventions to exchange information.
Manipulating the network was accomplished in several ways. One was a device known as a "blue box". The network used special audible tones that controlled the relays in the computer equipment that put calls through. The equipment that ran the network were located in buildings known as Call Offices or COs. Phone Phreakers would often document their "telephone adventures" and learned to identify different brands and types of equipment by listening to the tones and other noises in the background of phone calls.
Other means of manipulating the network were using analog synthesizers to emulate these tones. A famous phone phreaker, named John Draper who was known as Captain Crunch used a whistle from a box of Captain Crunch cereal to reproduce some of the tones needed to switch calls through. Although it was omitted from the movie, the book "Ready Player One" had an entire chapter about Captain Crunch that played a major role as one of the clues in the story.
Another phenomenon that came from phone phreaking was "conference calls". Telephone repairmen had special codes they would use to access the phone network to diagnose problems and test the line equipment. Also, there were leftover "party lines" or shared connections between homes dating back to the 1960s that could be manipulated. Phreakers figured out some of these test codes and party lines and realized they could talk over the busy signal. If someone else dialed in at the same time, they could literally talk to that other person. Conferences became a popular way to meet people by those that knew of their existence at the time. It was not uncommon for groups of people to have group chats over these test and party lines and they became a sort of secret virtual meeting place, much like an online chatroom today on the internet.
For more information about Captain Crunch, please see this wikepedia article: https://en.wikipedia.org/wiki/John_Draper
There is also an excellent documentary on YouTube about him: Captain Crunch Documentary
For a complete understanding of phone phreaking, check out Evan Doorbell. His website has an entire library filled with details about Phone Phreaking. Evan documented his "phone adventures" for years back in the 1960s through the mid-80s and has shared his tapes with the public. His work is available in part on YouTube and he maintains an active Twitter account and is always happy to answer questions. Among his recordings are a complete explanation of how he discovered and got involved in phone phreaking, how the network works, the unique sounds and nuances of various phone companies and regions in the US and abroad, and severalal in-depth explanations of "party lines" and phone conferences. Check out Evan's site here.
Prior to the 1960s, human workers known as telephone operators connected calls through manual switchboards known as "cord boards". By the late 1960s, automated machines began to connect phone calls, partially automating the telephone networks. Human operators worked alongside these automated machines for several decades. By the 1990s, much of the telephone network was digital, and as smartphones became commonplace, payphones began to be phased out in the 21st century, largely eliminating telephone operators as they had once existed. The analog phone network from the 20th century no longer exists. what follows is now obsolete and no longer applicable to the modern digital telephone network.
In the late 1960s, hobbyists interested in technology began experimenting with and manipulating the telephone network. They called themselves Phone Phreakers and were in many ways the original computer hackers. People often associate Phone Phreakers as people who manipulated telephones, often specifically payphones, by bypassing tolls and making free phone calls. The majority of people that participated in phone phreaking were more interested in learning about how the system worked as opposed to exploiting it to avoid paying for calls. They even had in-person meetings and conventions to exchange information.
Manipulating the network was accomplished in several ways. One was a device known as a "blue box". The network used special audible tones that controlled the relays in the computer equipment that put calls through. The equipment that ran the network were located in buildings known as Call Offices or COs. Phone Phreakers would often document their "telephone adventures" and learned to identify different brands and types of equipment by listening to the tones and other noises in the background of phone calls.
Other means of manipulating the network were using analog synthesizers to emulate these tones. A famous phone phreaker, named John Draper who was known as Captain Crunch used a whistle from a box of Captain Crunch cereal to reproduce some of the tones needed to switch calls through. Although it was omitted from the movie, the book "Ready Player One" had an entire chapter about Captain Crunch that played a major role as one of the clues in the story.
Another phenomenon that came from phone phreaking was "conference calls". Telephone repairmen had special codes they would use to access the phone network to diagnose problems and test the line equipment. Also, there were leftover "party lines" or shared connections between homes dating back to the 1960s that could be manipulated. Phreakers figured out some of these test codes and party lines and realized they could talk over the busy signal. If someone else dialed in at the same time, they could literally talk to that other person. Conferences became a popular way to meet people by those that knew of their existence at the time. It was not uncommon for groups of people to have group chats over these test and party lines and they became a sort of secret virtual meeting place, much like an online chatroom today on the internet.
For more information about Captain Crunch, please see this wikepedia article: https://en.wikipedia.org/wiki/John_Draper
There is also an excellent documentary on YouTube about him: Captain Crunch Documentary
For a complete understanding of phone phreaking, check out Evan Doorbell. His website has an entire library filled with details about Phone Phreaking. Evan documented his "phone adventures" for years back in the 1960s through the mid-80s and has shared his tapes with the public. His work is available in part on YouTube and he maintains an active Twitter account and is always happy to answer questions. Among his recordings are a complete explanation of how he discovered and got involved in phone phreaking, how the network works, the unique sounds and nuances of various phone companies and regions in the US and abroad, and severalal in-depth explanations of "party lines" and phone conferences. Check out Evan's site here.
Oh my gawd... Captain Crunch! Yes! I had a few of those Captain crunch cereal box whistles and I did tinker with phone phreaking in my teenage years (around the same time I volunteered for a radio station as mentioned in MissPixie's AMA). Radio Shack was a great parts house in the early 70's and I built a few homebrew tone generators in an effort to mimick the telephone touch-tone sounds. They were what is called 'dual-tone-multi-frequency' tones, or 'DTMF' and were really hard to hack. I also discovered by accident at that time a Ma Bell worker left his key in a remote switchbox, and inside there was a handset that was used to tap into phonelines on poles for testing. It was indeed like exploring the secretive Ma Bell system and having some fun in the process, like climbing telephone poles to get to block-junctions. I should probably shush as it was highly illegal to do. I did read that Steve Jobs and Steve Wozniak were Phreakers around the same time. Apparently after Captain Crunch did time for his Phreaking adventures, he went to work for Apple...
I am familiar with Evan Dorbell. This was a rush of nostalgia! Thanks much for bringing this up!
I am familiar with Evan Dorbell. This was a rush of nostalgia! Thanks much for bringing this up!
Here is a short history of Phreaking as told by a Phreak
A Short History of Phreaking courtesy of Exodus
Well now we know a little vocabulary, and now its into history, Phreak history.
Back at MIT in 1964 arrived a student by the name of Stewart Nelson, who was extremely interested in the telephone. Before entering MIT, he had built autodialers, cheese boxes, and many more gadgets. But when he came to MIT he became even more interested in "fone-hacking" as they called it. After a little while he naturally started using the PDP-1, the schools computer at that time, and from there he decided that it would be interesting to see whether the computer could generate the frequencies required for blue boxing. The hackers at MIT were not interested in ripping off Ma Bell, but just exploring the telephone network. Stew (as he was called) wrote a program to generate all the tones and set off into the vast network.
Now there were more people phreaking than the ones at MIT. Most people have heard of Captain Crunch (No not the cereal), he also discovered how to take rides through the fone system, with the aid of a small whistle found in a cereal box (can we guess which one?). By blowing this whistle, he generated the magical 2600hz and into the mouthpiece it sailed, giving him complete control over the system. I have heard rumors that at one time he made about 1/4 of the calls coming out of San Francisco. He got famous fast. He made the cover of people magazine and was interviewed several times (as you'll soon see). Well he finally got caught after a long adventurous career. After he was caught he was put in jail and was beaten up quite badly because he would not teach other inmates how to box calls. After getting out, he joined Apple computer and is still out there somewhere.
Then there was Joe the Whistler, blind form the day he was born. He could whistle a perfect 2600hz tone. It was rumored phreaks used to call him to tune their boxes. Well that was up to about 1970...
From 1970 to 1979, phreaking was mainly done by college students, businessmen and anyone who knew enough about electronics and the fone company to make a 555 IC chip to generate those magic tones. Businessmen and a few college students mainly just blue boxed to get free calls. The others were still there, exploring 800#'s and the new ESS systems. ESS posed a big problem for phreaks then and even a bigger one now. ESS was not widespread, but where it was, blue boxing was next to impossible except for the most experienced phreak. Today ESS is installed in almost all major cities and blue boxing is getting harder and harder.
1978 marked a change in phreaking, the Apple II, now a computer that was affordable, could be programmed, and could save all that precious work on a cassette. Then just a short while later came the Apple Cat modem. With this modem, generating all blue box tones was easy as writing a program to count from one to ten (a little exaggerated). Pretty soon programs that could imitate an operator just as good as the real thing were hitting the community, TSPS and Cat's Meow, are the standard now and are the best.
1982-1986: LD services were starting to appear in mass numbers. People now had programs to hack LD services, telephone exchanges, and even passwords. By now many phreaks were getting extremely good and BBS's started to spring up everywhere, each having many documentations on phreaking for the novice. Then it happened, the movie War Games was released and mass numbers of sixth grade to all ages flocked to see it. The problem wasn't that the movie was bad, it was that now EVERYONE wanted to be a hacker/phreak. Novices came out in such mass numbers, that bulletin boards started to be busy 24 hours a day. To this day, they still have not recovered. Other problems started to occur, novices guessed easy passwords on large government computers and started to play around... Well it wasn't long before they were caught, I think that many people remember the 414-hackers. They were so stupid as to say "yes" when the computer asked them whether they'd like to play games. Well at least it takes the heat off the real phreaks/hacker/krackers.
(from the Official Phreaker's Manual)
A Short History of Phreaking courtesy of Exodus
Well now we know a little vocabulary, and now its into history, Phreak history.
Back at MIT in 1964 arrived a student by the name of Stewart Nelson, who was extremely interested in the telephone. Before entering MIT, he had built autodialers, cheese boxes, and many more gadgets. But when he came to MIT he became even more interested in "fone-hacking" as they called it. After a little while he naturally started using the PDP-1, the schools computer at that time, and from there he decided that it would be interesting to see whether the computer could generate the frequencies required for blue boxing. The hackers at MIT were not interested in ripping off Ma Bell, but just exploring the telephone network. Stew (as he was called) wrote a program to generate all the tones and set off into the vast network.
Now there were more people phreaking than the ones at MIT. Most people have heard of Captain Crunch (No not the cereal), he also discovered how to take rides through the fone system, with the aid of a small whistle found in a cereal box (can we guess which one?). By blowing this whistle, he generated the magical 2600hz and into the mouthpiece it sailed, giving him complete control over the system. I have heard rumors that at one time he made about 1/4 of the calls coming out of San Francisco. He got famous fast. He made the cover of people magazine and was interviewed several times (as you'll soon see). Well he finally got caught after a long adventurous career. After he was caught he was put in jail and was beaten up quite badly because he would not teach other inmates how to box calls. After getting out, he joined Apple computer and is still out there somewhere.
Then there was Joe the Whistler, blind form the day he was born. He could whistle a perfect 2600hz tone. It was rumored phreaks used to call him to tune their boxes. Well that was up to about 1970...
From 1970 to 1979, phreaking was mainly done by college students, businessmen and anyone who knew enough about electronics and the fone company to make a 555 IC chip to generate those magic tones. Businessmen and a few college students mainly just blue boxed to get free calls. The others were still there, exploring 800#'s and the new ESS systems. ESS posed a big problem for phreaks then and even a bigger one now. ESS was not widespread, but where it was, blue boxing was next to impossible except for the most experienced phreak. Today ESS is installed in almost all major cities and blue boxing is getting harder and harder.
1978 marked a change in phreaking, the Apple II, now a computer that was affordable, could be programmed, and could save all that precious work on a cassette. Then just a short while later came the Apple Cat modem. With this modem, generating all blue box tones was easy as writing a program to count from one to ten (a little exaggerated). Pretty soon programs that could imitate an operator just as good as the real thing were hitting the community, TSPS and Cat's Meow, are the standard now and are the best.
1982-1986: LD services were starting to appear in mass numbers. People now had programs to hack LD services, telephone exchanges, and even passwords. By now many phreaks were getting extremely good and BBS's started to spring up everywhere, each having many documentations on phreaking for the novice. Then it happened, the movie War Games was released and mass numbers of sixth grade to all ages flocked to see it. The problem wasn't that the movie was bad, it was that now EVERYONE wanted to be a hacker/phreak. Novices came out in such mass numbers, that bulletin boards started to be busy 24 hours a day. To this day, they still have not recovered. Other problems started to occur, novices guessed easy passwords on large government computers and started to play around... Well it wasn't long before they were caught, I think that many people remember the 414-hackers. They were so stupid as to say "yes" when the computer asked them whether they'd like to play games. Well at least it takes the heat off the real phreaks/hacker/krackers.
(from the Official Phreaker's Manual)
That's awesome! Those whistles are collector's items now. And the two Steve's from Apple were both phone phreakers and that is how they got interested in computers and inspired them to start their company. Their names come up in the documentary I posted the link to. It's cool someone else knows about this. One of my characters in one of my games on here is a phone phreaker. While that doesn't really have anything to do with the main plot, it's one of his little quirks. I was a bit too young to ever do any real phone phreaking, but my dad is an electrical engineer and one of his colleagues told me the story about Captain Crunch at the dinner table back when I was about 7 years old and I was fascinated with the telephone network from that moment on. I've spent hours listening to Evan Doorbell's tapes. If anyone who was new to this topic was interested in learning more, his site would give them a complete understanding of what it was all about.
Those Cap'n Crunch whistles were cheap cereal-box toys and they got pretty disgusting from endless blasts of saliva, and they broke really easily. More than a few were stomped on by irritated parents. Since the 2600Hz tone was the achilles heel of the Public Telephone Switched Network (PTSN), the coloured boxes soon followed the whistles as AT&T tried to put the genie back in the bottle.
A couple other books to read on the whole scene is Exploding the Phone by Phil Lapsley and Hacking Ma Bell by the YIPL (Youth International Party Line aka Yippies). There are a few different stories on how it all got started. Some who say the nascent phreaking scene took off with the discovery of a Bell System Technical Manual in a library at Washington State University in Pullman Washington.
I also read in some book a while back that the Weather Underground used phreaking for some of their communications across the USA.
This USENIX Security Forum Talk is quite an interesting watch as it covers the whole history really well.
Thanks again for bringing this up AgentMilkShake!
A couple other books to read on the whole scene is Exploding the Phone by Phil Lapsley and Hacking Ma Bell by the YIPL (Youth International Party Line aka Yippies). There are a few different stories on how it all got started. Some who say the nascent phreaking scene took off with the discovery of a Bell System Technical Manual in a library at Washington State University in Pullman Washington.
I also read in some book a while back that the Weather Underground used phreaking for some of their communications across the USA.
This USENIX Security Forum Talk is quite an interesting watch as it covers the whole history really well.
Thanks again for bringing this up AgentMilkShake!
Very cool additional resources. I will have to check these out. I'm glad to find someone else on here that understands and is interested in this stuff!
I still think it’ a trip that this was brought up!
A further note on those Captain Crunch whistles... being they were such a super-cheap kids cereal-box toy, their wide tolerances of the plastic mold were not all that accurate. Henceforth the tone of some, maybe up to half of them, were over or under 2600Hz by a few Hertz and would not work to switch in the long distance network. That is why the blue-box was created, and why MaBell eventually replaced the 2600Hz tone with a DTMF switching trigger. It’s funny it all had to do with long-distance tolls and people like John Draper found guilty of toll-evasion and fraud. Nowadays calls are made freely across North America, and with some phone plans like the one I have, between many countries of the world!
A further note on those Captain Crunch whistles... being they were such a super-cheap kids cereal-box toy, their wide tolerances of the plastic mold were not all that accurate. Henceforth the tone of some, maybe up to half of them, were over or under 2600Hz by a few Hertz and would not work to switch in the long distance network. That is why the blue-box was created, and why MaBell eventually replaced the 2600Hz tone with a DTMF switching trigger. It’s funny it all had to do with long-distance tolls and people like John Draper found guilty of toll-evasion and fraud. Nowadays calls are made freely across North America, and with some phone plans like the one I have, between many countries of the world!
Here's another interesting video I found related to the topic: YouTube: https://www.youtube.com/watch?v=4tHyZdtXULw
There are a few minutes of a vintage video game convention in which this talk was given. That in itself is unrelated but very interesting.
There are a few minutes of a vintage video game convention in which this talk was given. That in itself is unrelated but very interesting.
I was digging around among some 5¼" floppy archives and finishing my saving the stuff on my cloud (a painful process). I'm such a digital packrat... anyway, this subject got me searching for what all I had saved on it (I blame you AgentMilkshake for reawakening that slightly-damaged deep-state phone-phreaking brain cell in me that had gone dormant long ago) and among the schematics and technical notes for various gear, another Phreaker name came up ... Jolly Roger.
There was a Fax I had gotten way back in the day. I had converted the sheets to WPS back in the late 90's, and now I've converted it to Word... Here it is in its entirety, complete with original typos. The original fax sheet was typwritten letter size pages, and I'll be darned if I can remember the software I used that managed to convert a scan to a word document. Anyway, for historical and informational purposes only...
There was a Fax I had gotten way back in the day. I had converted the sheets to WPS back in the late 90's, and now I've converted it to Word... Here it is in its entirety, complete with original typos. The original fax sheet was typwritten letter size pages, and I'll be darned if I can remember the software I used that managed to convert a scan to a word document. Anyway, for historical and informational purposes only...
How Ma Bell Works
I returned this as it is on the WWW
The information is pretty much out of date so is presented here for historical reference into what Phone Phreaking was all about....
How Ma Bell Works by the Jolly Roger
In this article, I will first describe the termination, wiring, and terminal hardware most commonly used in the Bell system, and I will include section on methods of using them.
LOCAL NETWORK
The local telephone network between the central office/exchange and the telephone subscribers can be briefly described as follows:
From the central office (or local exchange) of a certain prefix(es), underground area trunks go to each area that has that prefix (Usually more than one prefix per area.) At every few streets or tract areas, the underground cables surface. They then go to the telephone pole (or back underground, depending on the area) and then to the subsribers house (or in the case of an apartment building or mutliline business, to a splitter or dis- tribution box/panel). Now that we have the basics, I'll try and go in-depth on the subject.
UNDERGROUND CABLES
These are sometimes inter-office trunks, but usually in a residential area they are trunk lines that go to bridging heads or distribution cases. The cables are about 2-3 inches thick (varies), and are either in a metal or pvc-type pipe (or similiar). Rarely (maybe not in some remote rural areas) are the cables just 'alone' in the ground. Instead they are usually in an underground cement tunnel (resembles a small sewer or stormdrain.)
The manholes are >heavy< and will say 'Bell system' on them. they can be opened with a 1/2 inch wide crowbar (Hookside) inserted in the top rectangular hole. There are ladder rungs to help you climb down. You will see the cable pipes on the wall, with the blue and white striped one being the inter-office trunk (at least in my area). The others are local lines, and are usually marked or color coded. There is almost always a posted color code chart on the wall, not to mention Telco manuals describing the cables and terminals, so I need not get into detail. Also, there is usually some kind of test equipment, and often Bell test sets are left in there.
BRIDGING HEADS
The innocent-looking grayish-green boxes. These can be either trunk bridges or bridging for residences. The major trunk bridging heads are usually larger, and they have the 'Western Electric' logo at the bottom, whereas the normal bridging heads (which may be different in some areas-depending on the company you are served by. GTE B.H.'s look slightly different. Also, do not be fooled by sprinkler boxes!) They can be found in just about every city.
To open a bridging head: if it is locked (and you're feeling destructive), put a hammer or crowbar (the same one you used on the manhole) in the slot above the top hinge of the right door. Pull hard, and the door will rip off. Very effective! If it isn't locked (as usual), take a 7/8 inch hex socket and with it, turn the bolt about 1/8 of a turn to the right (you should hear a spring release inside). Holding the bolt, turn the handle all the way to the left and pull out.
To Check for a test-set (which are often left by Bell employees), go inside - First check for a test-set (which are often left by Bell employees). There should be a panel of terminals and wires. Push the panel back about an inch or so, and rotate the top latch (round with a flat section) downward. Release the panel and it will fall all the way forward. There is usually a large amount of wire and extra terminals. The test-sets are often hidden here, so don't overlook it (Manuals, as well, are sometimes placed in the head). On the right door is a metal box of alligator clips. Take a few (Compliments of Bell.). On each door is a useful little round metal device. (Says 'insert gently' or' clamp gently - do not overtighten' etc..) On the front of the disc, you should find two terminals. These are for your test set. (If you dont have one, dont despair -I'll show you ways to make basic test sets later in this article).
Hook the ring (-) wire to the 'r' terminal; and the tip (+) wire to the other. (By the way, an easy way to determine the correct polarity is with a 1.5v LED. Tap it to the term. pair, if it doesnt light, switch the poles until it does. When it lights,find the longer of the two LED poles: This one will be on the tip wire (+). Behind the disc is a coiled up cord. This should have two alligator clips on it.. Its very useful, because you dont have to keep connecting and disconnecting the fone (test set) itself, and the clips work nicely.
On the terminal board, there should be about 10 screw terminals per side. Follow the wires, and you can see which cable pairs are active. Hook the clips to the terminal pair, and you're set! Dial out if you want, or just listen (If someone's on theline). Later, I'll show you a way to set up a true 'tap' that will let the person dial out on his line and receive calls as normal, and you can listen in the whole time. More about this later...
On major prefix-area bridging heads, you can see 'local loops' ,which are two cable pairs (cable pair = ring+tip, a fone line) that are directly connected to each other on the terminal board. These 'cheap loops' as they are called, do not work nearLy as well as the existing ones set up in the switching hardware at the exchange office. (Try scanning your prefixes' 00xx to 99xx #'s.) The tone sides will announce themselves with the 1008 hz loop tone, and the hang side will give no response. The first person should dial the 'hang' side, and the other person dial the tone side, and the tone should stop if you have got the right loop.)
If you want to find the number of the line that you're on, you can either try to decipher the 'bridging log' (or whatever), which is on the left door. If that doesnt work, you can use the follwing:
ANI # (Automatic Number ID)
This is a Telco test number that reports to you the number that youre calling from (It's the same, choppy 'Bell bitch' voice that you get when you reach a disconnected #)
For the 213 NPA - Dial 1223
408 NPA - Dial 760
914 NPA - Dial 990
These are extremely useful when messing with any kind of line terminals, house boxes, etc.
Now that we have bridging heads wired, we can go on... (don't forget to close and latch the box after all... Wouldnt want GE and Telco people mad, now, would we?)
"CANS" - Telephone Distribution Boxes
Basically, two types:
1> Large, rectangular silver box at the end of each street.
2> Black, round, or rectangular thing at every telephone pole.
Type 1 - This is the case that takes the underground cable from the bridge and runs it to the telephone pole cable (The lowest, largest one on the telephone pole.) The box is always on the pole nearest the briging head, where the line comes up. Look for the 'Call before you Dig - Underground cable' stickers.. The case box is hinged, so if you want to climb the pole, you can open it with no problems. These usually have 2 rows of terminal sets.
You could try to impersonate a Telco technician and report the number as 'new active' (giving a fake name and fake report, etc.) I dont recommend this, and it probably won't (almost positively won't) work, but this is basically what Telco linemen do).
Type 2 - This is the splitter box for the group of houses around the pole (Usually 4 or 5 houses). Use it like I mentioned before. The terminals (8 or so) will be in 2 horizontal rows of sets. The extra wires that are just 'hanging there' are provisions for extra lines to residences (1 extra line per house, thats why the insane charge for line #3!) If its the box for your house also, have fun and swap lines with your neighbor! 'Piggyback' them and wreak havoc on the neighborhood (It's eavesdropping time...) Again, I don't recommend this, and its difficult to do it correctly. Moving right along...
APARTMENT / BUSINESS MULTILINE
DISTRIBUTION BOXES
Found outside the buliding (most often on the right side, but not always... Just follow the wire from the telephone pole) or in the basement. It has a terminal for all the lines in the building. Use it just like any other termination box as before. Usually says 'Bell system' or similar. Has up to 20 terminals on it (usually.) the middle ones are grounds (forget these). The wires come from the cable to one row (usually the left one), with the other row of terminals for the other row of terminals for the building fone wire pairs. The ring (-) wire is usually the top terminal if the set in the row (1 of 10 or more), and the tip is in the clamp/screw below it. This can be reversed, but the cable pair is always terminated one-on-top-of-each- other, not on the one next to it. (I'm not sure why the other one is there, probably as aprovision for extra lines) Don't use it though, it is usually to close to the other terminals, and in my experiences you get a noisy connection.
Final note: Almost every apartment, business, hotel, or anywhere there is more than 2 lines this termination lines this termination method is used. If you can master this type, you can be in control of many things... Look around in your area for a building that uses this type, and practice hooking up to the line, etc.
As an added help,here is the basic 'standard' color-code for multiline terminals/wiring/etc...
Single line: Red = Ring
Green = Tip
Yellow = Ground *
* (Connected to the ringer coil in individual and bridged
ringer phones (Bell only) Usually connected to the green
(Tip)
Ring (-) = Red
White/Red Stripe
Brown
White/Orange Stripe
Black/Yellow Stripe
Tip (+) = Green (Sometimes
yellow, see above.)
White/Green Stripe
White/Blue Stripe
Blue
Black/White Stripe
Ground = Black
Yellow
RESIDENCE TERMINAL BOX
Small, gray (can be either a rubber (Pacific Telephone) or hard plastic (AT & T) housing deal that connects the cable pair from the splitter box (See type 2, above) on the pole to your house wiring. Only 2 (or 4, the 2 top terminals are hooked in parallel with the same line) terminals, and is very easy to use. This can be used to add more lines to your house or add an external line outside the house.
TEST SETS
Well, now you can consider yourself a minor expert on the terminals and wiring of the local telephone network. Now you can apply it to whatever you want to do.. Here's another helpful item:
How to make a Basic Test-Set and how to use it to dial out, eavsdrop, or seriously tap and record line activity. These are the (usually) orange hand set fones used by Telco technicians to test lines. To make a very simple one, take any Bell (or other, but I recommend a good Bell fone like a princess or a trimline. gte flip fones work excllently, though..) fone and follow the instructions below.
Note: A 'black box' type fone mod will let you tap into their line, and with the box o, it's as if you werent there. they can recieve calls and dial out, and you can be listening the whole time! very useful. With the box off, you have a normal fone test set.
Instructions:
A basic black box works well with good results. Take the cover off the fone to expose the network box (Bell type fones only). The terminal should have a green wire going to it (orange or different if touch tone - doesnt matter, its the same thing). Disconnect the wire and connect it to one pole of an SPST switch. Connect a piece of wire to the other pole of the switch and connect it to the terminal. Now take a 10k hm 1/2 watt 10% resistor and put it between the terminal ad the terminal, which should have a blue and a white wire going to it (different for touch tone). It should look like this:
Blue wire
<F>
!
----White wire
!
!
10k Resistor
!
!
--Green wire-- !----<RR>
! !
SPST
What this does in effect is keep the hookswitch / dial pulse switch (F to RR loop) open while holding the line high with the resistor. This gives the same voltage effect as if the fone was 'on-hook', while the 10k ohms holds the voltage right above the 'off hook' threshold (around 22 volts or so, as compared to 15-17 or normal off hook 48 volts for normal 'on-hook'), giving Test Set Version 2. Another design is similar to the 'type 1' test set (above), but has some added features:
From >
Tip
<To Test
Alligator set
Clip >
Ring
<phone
! !
x !
! !
o !
! x---RRRRR---!
! x !
!---x !
x----0
!
x = Spst Switch
o = Red LOD 0 = Green LED
RRRRR= 1.8k 1/2 watt xxxx= Dpst switch
resistor
When the SPST switch in on, the LED will light, and the fone will become active. The green light should be on. If it isn't, switch the dpst. If it still isnt, check the polarity of the line and the LEDs. With both lights on, hang up the fone. They should all be off now. Now flip the dpst and pick up the fone. The red LED shold be on, but the green shouldnt. If it is, something is wrong with the circuit. You wont get a dial tone if all is correct.
When you hook up to the line with the alligator clips (Assuming you have put this circuit inside our fona and have put alligator clips on the ring and tip wires (As we did before)) you should have the spst #1 in the off posistion. This will greatly reduce the static noise involved in hooking up to a line. The red LED can also be used to check if you have the correct polarity. With this fone you will have the ability to listen in on >all< audible line activity, and the people (the 'eavesdropees') can use their fone as normal. Note that test sets #1 and #2 have true 'black boxes', and can be used for free calls (see an article about black boxes).
Test Set Version 3
To do test set 3: Using a trimline (or similar) phone, remove the base and cut all of the wire leads off except for the red (ring -) and the green (tip +). Solder alligator clips to the lug. The wire itself is 'tinsel' wrapped in rayon, and doesnt solder well. Inside the one handset, remove the light socket (if it has one) and install a small slide or toggle switch (Radio Shack's micro- miniature spst works well). Locate the connection of the ring and the tip wires on the pc board near where the jack is located at the bottom of the handset. (The wires are sometimes black or brow instead of red and green, respectively). Cut the foil and run 2 pieces of wire to your switch. In parallel with the switch add a .25 uf 200 VDC capacitor (mylar, silvered mica, ceramic, not an electrolytic). When the switch is closed, the handset functions normally. With the switch in the other position, you can listen without being heard.
Note: To reduce the noise involved in connecting the clips to a line, add a switch selectable 1000 ohm 1/2 watt resistor in series with the tip wire. Flip it in circuit when connecting, and once on the line, flip it off again. (or just use the 'line disc- onect' type switch as in the type 2 test set (above)). Also avoid touching the alligator clips to any metal parts or other terminals, for i causes static on the line and raises poeple's suspicions.
RECORDING
If you would like to record any activity, use test set 1 or 2 above (for unattended recording of >all< line activity), or just any test set if you are going to be there to monitor when they are dialing, talking, etc.
Place a telephone pickup coil (I recommend the Becoton T-5 TP coil or equivalent) onto the test set, and put the TP plug into the mic. jack of any standard tape recorder. Hit play, rec, and pause. Alternate pause when you want to record (I dont think anyone should have any difficulty with this at all...) Well, if you still can't make a test set or you dont have the parts, there's still hope. Alternate methods:
Find a bell test set in a manhole or a bridging head and 'Borrow it indefinately...
Test sets can be purchased from:
Techni-Tool
5 Apollo Road
Box 368
Plymouth Meeting PA., 19462
Ask for catalog #28
They are usually $300 - $600, and are supposed to have MF dialing capability as well as TT dialing. They are also of much higher quality than the standard bell test sets. If you would like to learn more about the subjects covered here, I suggest:
Follow Bell trucks and linemen or technicians and ask subtle questions. also try 611 (repair service) and ask questions..
Explore your area for any Bell hardware, and experiment with it. Don't try something if you are not sure what youre doing, because you wouldnt want to cause problems, would you?
Exodus
How Ma Bell Works by the Jolly Roger
In this article, I will first describe the termination, wiring, and terminal hardware most commonly used in the Bell system, and I will include section on methods of using them.
LOCAL NETWORK
The local telephone network between the central office/exchange and the telephone subscribers can be briefly described as follows:
From the central office (or local exchange) of a certain prefix(es), underground area trunks go to each area that has that prefix (Usually more than one prefix per area.) At every few streets or tract areas, the underground cables surface. They then go to the telephone pole (or back underground, depending on the area) and then to the subsribers house (or in the case of an apartment building or mutliline business, to a splitter or dis- tribution box/panel). Now that we have the basics, I'll try and go in-depth on the subject.
UNDERGROUND CABLES
These are sometimes inter-office trunks, but usually in a residential area they are trunk lines that go to bridging heads or distribution cases. The cables are about 2-3 inches thick (varies), and are either in a metal or pvc-type pipe (or similiar). Rarely (maybe not in some remote rural areas) are the cables just 'alone' in the ground. Instead they are usually in an underground cement tunnel (resembles a small sewer or stormdrain.)
The manholes are >heavy< and will say 'Bell system' on them. they can be opened with a 1/2 inch wide crowbar (Hookside) inserted in the top rectangular hole. There are ladder rungs to help you climb down. You will see the cable pipes on the wall, with the blue and white striped one being the inter-office trunk (at least in my area). The others are local lines, and are usually marked or color coded. There is almost always a posted color code chart on the wall, not to mention Telco manuals describing the cables and terminals, so I need not get into detail. Also, there is usually some kind of test equipment, and often Bell test sets are left in there.
BRIDGING HEADS
The innocent-looking grayish-green boxes. These can be either trunk bridges or bridging for residences. The major trunk bridging heads are usually larger, and they have the 'Western Electric' logo at the bottom, whereas the normal bridging heads (which may be different in some areas-depending on the company you are served by. GTE B.H.'s look slightly different. Also, do not be fooled by sprinkler boxes!) They can be found in just about every city.
To open a bridging head: if it is locked (and you're feeling destructive), put a hammer or crowbar (the same one you used on the manhole) in the slot above the top hinge of the right door. Pull hard, and the door will rip off. Very effective! If it isn't locked (as usual), take a 7/8 inch hex socket and with it, turn the bolt about 1/8 of a turn to the right (you should hear a spring release inside). Holding the bolt, turn the handle all the way to the left and pull out.
To Check for a test-set (which are often left by Bell employees), go inside - First check for a test-set (which are often left by Bell employees). There should be a panel of terminals and wires. Push the panel back about an inch or so, and rotate the top latch (round with a flat section) downward. Release the panel and it will fall all the way forward. There is usually a large amount of wire and extra terminals. The test-sets are often hidden here, so don't overlook it (Manuals, as well, are sometimes placed in the head). On the right door is a metal box of alligator clips. Take a few (Compliments of Bell.). On each door is a useful little round metal device. (Says 'insert gently' or' clamp gently - do not overtighten' etc..) On the front of the disc, you should find two terminals. These are for your test set. (If you dont have one, dont despair -I'll show you ways to make basic test sets later in this article).
Hook the ring (-) wire to the 'r' terminal; and the tip (+) wire to the other. (By the way, an easy way to determine the correct polarity is with a 1.5v LED. Tap it to the term. pair, if it doesnt light, switch the poles until it does. When it lights,find the longer of the two LED poles: This one will be on the tip wire (+). Behind the disc is a coiled up cord. This should have two alligator clips on it.. Its very useful, because you dont have to keep connecting and disconnecting the fone (test set) itself, and the clips work nicely.
On the terminal board, there should be about 10 screw terminals per side. Follow the wires, and you can see which cable pairs are active. Hook the clips to the terminal pair, and you're set! Dial out if you want, or just listen (If someone's on theline). Later, I'll show you a way to set up a true 'tap' that will let the person dial out on his line and receive calls as normal, and you can listen in the whole time. More about this later...
On major prefix-area bridging heads, you can see 'local loops' ,which are two cable pairs (cable pair = ring+tip, a fone line) that are directly connected to each other on the terminal board. These 'cheap loops' as they are called, do not work nearLy as well as the existing ones set up in the switching hardware at the exchange office. (Try scanning your prefixes' 00xx to 99xx #'s.) The tone sides will announce themselves with the 1008 hz loop tone, and the hang side will give no response. The first person should dial the 'hang' side, and the other person dial the tone side, and the tone should stop if you have got the right loop.)
If you want to find the number of the line that you're on, you can either try to decipher the 'bridging log' (or whatever), which is on the left door. If that doesnt work, you can use the follwing:
ANI # (Automatic Number ID)
This is a Telco test number that reports to you the number that youre calling from (It's the same, choppy 'Bell bitch' voice that you get when you reach a disconnected #)
For the 213 NPA - Dial 1223
408 NPA - Dial 760
914 NPA - Dial 990
These are extremely useful when messing with any kind of line terminals, house boxes, etc.
Now that we have bridging heads wired, we can go on... (don't forget to close and latch the box after all... Wouldnt want GE and Telco people mad, now, would we?)
"CANS" - Telephone Distribution Boxes
Basically, two types:
1> Large, rectangular silver box at the end of each street.
2> Black, round, or rectangular thing at every telephone pole.
Type 1 - This is the case that takes the underground cable from the bridge and runs it to the telephone pole cable (The lowest, largest one on the telephone pole.) The box is always on the pole nearest the briging head, where the line comes up. Look for the 'Call before you Dig - Underground cable' stickers.. The case box is hinged, so if you want to climb the pole, you can open it with no problems. These usually have 2 rows of terminal sets.
You could try to impersonate a Telco technician and report the number as 'new active' (giving a fake name and fake report, etc.) I dont recommend this, and it probably won't (almost positively won't) work, but this is basically what Telco linemen do).
Type 2 - This is the splitter box for the group of houses around the pole (Usually 4 or 5 houses). Use it like I mentioned before. The terminals (8 or so) will be in 2 horizontal rows of sets. The extra wires that are just 'hanging there' are provisions for extra lines to residences (1 extra line per house, thats why the insane charge for line #3!) If its the box for your house also, have fun and swap lines with your neighbor! 'Piggyback' them and wreak havoc on the neighborhood (It's eavesdropping time...) Again, I don't recommend this, and its difficult to do it correctly. Moving right along...
APARTMENT / BUSINESS MULTILINE
DISTRIBUTION BOXES
Found outside the buliding (most often on the right side, but not always... Just follow the wire from the telephone pole) or in the basement. It has a terminal for all the lines in the building. Use it just like any other termination box as before. Usually says 'Bell system' or similar. Has up to 20 terminals on it (usually.) the middle ones are grounds (forget these). The wires come from the cable to one row (usually the left one), with the other row of terminals for the other row of terminals for the building fone wire pairs. The ring (-) wire is usually the top terminal if the set in the row (1 of 10 or more), and the tip is in the clamp/screw below it. This can be reversed, but the cable pair is always terminated one-on-top-of-each- other, not on the one next to it. (I'm not sure why the other one is there, probably as aprovision for extra lines) Don't use it though, it is usually to close to the other terminals, and in my experiences you get a noisy connection.
Final note: Almost every apartment, business, hotel, or anywhere there is more than 2 lines this termination lines this termination method is used. If you can master this type, you can be in control of many things... Look around in your area for a building that uses this type, and practice hooking up to the line, etc.
As an added help,here is the basic 'standard' color-code for multiline terminals/wiring/etc...
Single line: Red = Ring
Green = Tip
Yellow = Ground *
* (Connected to the ringer coil in individual and bridged
ringer phones (Bell only) Usually connected to the green
(Tip)
Ring (-) = Red
White/Red Stripe
Brown
White/Orange Stripe
Black/Yellow Stripe
Tip (+) = Green (Sometimes
yellow, see above.)
White/Green Stripe
White/Blue Stripe
Blue
Black/White Stripe
Ground = Black
Yellow
RESIDENCE TERMINAL BOX
Small, gray (can be either a rubber (Pacific Telephone) or hard plastic (AT & T) housing deal that connects the cable pair from the splitter box (See type 2, above) on the pole to your house wiring. Only 2 (or 4, the 2 top terminals are hooked in parallel with the same line) terminals, and is very easy to use. This can be used to add more lines to your house or add an external line outside the house.
TEST SETS
Well, now you can consider yourself a minor expert on the terminals and wiring of the local telephone network. Now you can apply it to whatever you want to do.. Here's another helpful item:
How to make a Basic Test-Set and how to use it to dial out, eavsdrop, or seriously tap and record line activity. These are the (usually) orange hand set fones used by Telco technicians to test lines. To make a very simple one, take any Bell (or other, but I recommend a good Bell fone like a princess or a trimline. gte flip fones work excllently, though..) fone and follow the instructions below.
Note: A 'black box' type fone mod will let you tap into their line, and with the box o, it's as if you werent there. they can recieve calls and dial out, and you can be listening the whole time! very useful. With the box off, you have a normal fone test set.
Instructions:
A basic black box works well with good results. Take the cover off the fone to expose the network box (Bell type fones only). The terminal should have a green wire going to it (orange or different if touch tone - doesnt matter, its the same thing). Disconnect the wire and connect it to one pole of an SPST switch. Connect a piece of wire to the other pole of the switch and connect it to the terminal. Now take a 10k hm 1/2 watt 10% resistor and put it between the terminal ad the terminal, which should have a blue and a white wire going to it (different for touch tone). It should look like this:
Blue wire
<F>
!
----White wire
!
!
10k Resistor
!
!
--Green wire-- !----<RR>
! !
SPST
What this does in effect is keep the hookswitch / dial pulse switch (F to RR loop) open while holding the line high with the resistor. This gives the same voltage effect as if the fone was 'on-hook', while the 10k ohms holds the voltage right above the 'off hook' threshold (around 22 volts or so, as compared to 15-17 or normal off hook 48 volts for normal 'on-hook'), giving Test Set Version 2. Another design is similar to the 'type 1' test set (above), but has some added features:
From >
Tip
<To Test
Alligator set
Clip >
Ring
<phone
! !
x !
! !
o !
! x---RRRRR---!
! x !
!---x !
x----0
!
x = Spst Switch
o = Red LOD 0 = Green LED
RRRRR= 1.8k 1/2 watt xxxx= Dpst switch
resistor
When the SPST switch in on, the LED will light, and the fone will become active. The green light should be on. If it isn't, switch the dpst. If it still isnt, check the polarity of the line and the LEDs. With both lights on, hang up the fone. They should all be off now. Now flip the dpst and pick up the fone. The red LED shold be on, but the green shouldnt. If it is, something is wrong with the circuit. You wont get a dial tone if all is correct.
When you hook up to the line with the alligator clips (Assuming you have put this circuit inside our fona and have put alligator clips on the ring and tip wires (As we did before)) you should have the spst #1 in the off posistion. This will greatly reduce the static noise involved in hooking up to a line. The red LED can also be used to check if you have the correct polarity. With this fone you will have the ability to listen in on >all< audible line activity, and the people (the 'eavesdropees') can use their fone as normal. Note that test sets #1 and #2 have true 'black boxes', and can be used for free calls (see an article about black boxes).
Test Set Version 3
To do test set 3: Using a trimline (or similar) phone, remove the base and cut all of the wire leads off except for the red (ring -) and the green (tip +). Solder alligator clips to the lug. The wire itself is 'tinsel' wrapped in rayon, and doesnt solder well. Inside the one handset, remove the light socket (if it has one) and install a small slide or toggle switch (Radio Shack's micro- miniature spst works well). Locate the connection of the ring and the tip wires on the pc board near where the jack is located at the bottom of the handset. (The wires are sometimes black or brow instead of red and green, respectively). Cut the foil and run 2 pieces of wire to your switch. In parallel with the switch add a .25 uf 200 VDC capacitor (mylar, silvered mica, ceramic, not an electrolytic). When the switch is closed, the handset functions normally. With the switch in the other position, you can listen without being heard.
Note: To reduce the noise involved in connecting the clips to a line, add a switch selectable 1000 ohm 1/2 watt resistor in series with the tip wire. Flip it in circuit when connecting, and once on the line, flip it off again. (or just use the 'line disc- onect' type switch as in the type 2 test set (above)). Also avoid touching the alligator clips to any metal parts or other terminals, for i causes static on the line and raises poeple's suspicions.
RECORDING
If you would like to record any activity, use test set 1 or 2 above (for unattended recording of >all< line activity), or just any test set if you are going to be there to monitor when they are dialing, talking, etc.
Place a telephone pickup coil (I recommend the Becoton T-5 TP coil or equivalent) onto the test set, and put the TP plug into the mic. jack of any standard tape recorder. Hit play, rec, and pause. Alternate pause when you want to record (I dont think anyone should have any difficulty with this at all...) Well, if you still can't make a test set or you dont have the parts, there's still hope. Alternate methods:
Find a bell test set in a manhole or a bridging head and 'Borrow it indefinately...
Test sets can be purchased from:
Techni-Tool
5 Apollo Road
Box 368
Plymouth Meeting PA., 19462
Ask for catalog #28
They are usually $300 - $600, and are supposed to have MF dialing capability as well as TT dialing. They are also of much higher quality than the standard bell test sets. If you would like to learn more about the subjects covered here, I suggest:
Follow Bell trucks and linemen or technicians and ask subtle questions. also try 611 (repair service) and ask questions..
Explore your area for any Bell hardware, and experiment with it. Don't try something if you are not sure what youre doing, because you wouldnt want to cause problems, would you?
Exodus
I re-envisioned this character of old from my Feds & Heads days and found out they are making an animated series of the Fabulous Furry Freak Brothers! This is the craziest thing since Zippy the Pinhead climbed out of the underground and went legit in mainstream newspapers!
Anyway, I went through the whole Cookbook and that bit of Jolly Roger Ma Bell stuff isn’t actually in it.
Anyway, I went through the whole Cookbook and that bit of Jolly Roger Ma Bell stuff isn’t actually in it.
A bit of a retro post here, but I came across this 311 & 660 Phone Phreaking clip on YouTube today...
I love Evan Doorbell's site and programs!
You are on: Forums » Smalltalk » AMA: Phone Hacking (aka Phone Phreaking)
Moderators: Mina, Keke, Cass, Auberon, Claine, Ilmarinen, Ben, Darth_Angelus