Mirrors/Zines
1
0
Fork 0
mirror of https://github.com/fdiskyou/Zines.git synced 2025-03-09 00:00:00 +01:00
Code Issues Releases Wiki Activity
Zines/phrack/16/6.txt

198 lines
8.8 KiB
Text
Raw Permalink Normal View History

1st import into tree
2016-12-14 22:07:35 +00:00
===== Phrack Magazine presents Phrack 16 =====
===== File 6 of 12 =====
******************************************************************************
* *
* Tapping Telephone Lines *
* *
* Voice or Data *
* *
* For Phun, Money, and Passwords *
* *
* Or How to Go to Jail for a Long Time. *
* *
******************************************************************************
Written by Agent Steal 08/87
Included in this file is...
* Equipment needed
* Where to buy it
* How to connect it
* How to read recorded data
But wait!! There's more!!
* How I found a Tymnet node
* How I got in
*************
THE EQUIPMENT
*************
First thing you need is an audio tape recorder. What you will be
recording, whether it be voice or data, will be in an analog audio format.
>From now on, most references will be towards data recording. Most standard
cassette recorders will work just fine. However, you are limited to 1 hour
recording time per side. This can present a problem in some situations. A
reel to reel can also be used. The limitations here are size and availability
of A.C. Also, some reel to reels lack a remote jack that will be used to
start and stop the recorder while the line is being used. This may not
present a problem. More later. The two types of recorders I would advise
staying away from (for data) are the micro cassette recorders and the standard
cassette recorders that have been modified for 8 to 10 hour record time. The
speed of these units is too unstable. The next item you need, oddly enough,
is sold by Radio Shack under the name "Telephone recording control" part
# 43-236 $24.95. See page 153 of the 1987 Radio Shack catalog.
*****************
HOW TO CONNECT IT
*****************
The Telephone recording control (TRC) has 3 wires coming out of it.
#1 Telco wire with modular jack. Cut this and replace with alligator clips.
#2 Audio wire with miniature phone jack (not telephone). This plugs
into the microphone level input jack of the tape recorder.
#3 Audio wire with sub miniature phone jack. This plugs into the "REM"
or remote control jack of the tape recorder.
Now all you need to do is find the telephone line, connect the alligator
clips, turn the recorder on, and come back later. Whenever the line goes off
hook, the recorder starts. It's that simple.
****************
READING THE DATA
****************
This is the tricky part. Different modems and different software respond
differently but there are basics. The modem should be connected as usual to
the telco line and computer. Now connect the speaker output of the tape
player directly to the telephone line. Pick up the phone and dial the high
side of a loop so your line doesn't make a lot of noise and garble up your
data. Now, command your modem into the answer mode and press play. The tape
should be lined up at the beginning of the recorded phone call, naturally, so
you can see the login. Only one side of the transmission between the host and
terminal can be monitored at a time. Going to the originate mode you will see
what the host transmitted. This will include the echoes of the terminal. Of
course the password will be echoed as ####### for example, but going to the
answer mode will display exactly what the terminal typed. You'll understand
when you see it. A couple of problems you might run into will be hum and
garbage characters on the screen. Try connecting the speaker output to the
microphone of the hand set in your phone. Use a 1 to 1 coupling transformer
between the tape player input and the TRC audio output. These problems are
usually caused when using A.C. powered equipment. The common ground of this
equipment interferes with the telco ground which is D.C. based.
I was a little reluctant to write this file because I have been
unsuccessful in reading any of the 1200 baud data I have recorded. I have
spoke with engineers and techs. Even one of the engineers who designs modems.
All of them agree that it IS possible, but can't tell me why I am unable to do
this. I believe that the problems is in my cheap ass modem. One tech told me
I needed a modem with phase equalization circuitry which is found in most
expensive 2400 baud modems. Well one of these days I'll find $500 lying on
the street and I'll have nothing better to spend it on! Ha! Actually, I have
a plan and that's another file.....
I should point out one way of reading 1200 baud data. This should work in
theory, however, I have not attempted it.
Any fully Hayes compatible modem has a command that shuts off the carrier
and allows you to monitor the phone line. The command is ATS10. You would
then type either answer or originate depending on who you wanted to monitor.
It would be possible to write a program that records the first 300 or so
characters then writes it to disk, thus allowing unattended operation.
**************
HOW CRAZY I AM
**************
PASSWORDS GALORE!!!!
After numerous calls to several Bell offices, I found the one that handled
Tymnet's account. Here's a rough transcript:
Op: Pacific Bell priority customer order dept. How may I help you?
Me: Good Morning, this is Mr. Miller with Tymnet Inc. We're interested in
adding some service to our x town location.
Op: I'll be happy to help you Mr. Miller.
Me: I need to know how many lines we have coming in on our rotary and if we
have extra pairs on our trunk. We are considering adding ten additional
lines on that rotary and maybe some FX service.
Op: Ok....What's the number this is referenced to?
Me: xxx-xxx-xxxx (local node #)
Op: Hold on a min....Ok bla, bla, bla.
Well you get the idea. Anyway, after asking her a few more unimportant
questions I asked her for the address. No problem, she didn't even hesitate.
Of course this could have been avoided if the CN/A in my area would give out
addresses, but they don't, just listings. Dressed in my best telco outfit,
Pac*Bell baseball cap, tool belt and test set, I was out the door. There it
was, just an office building, even had a computer store in it. After
exploring the building for awhile, I found it. A large steel door with a push
button lock. Back to the phone. After finding the number where the service
techs were I called it and talked to the tech manager.
Mgr: Hello this is Joe Moron.
Me: Hi this is Mr. Miller (I like that name) with Pacific Bell. I'm down
here at your x town node and we're having problems locating a gas leak
in one of our Trunks. I believe our trunk terminates pressurization in
your room.
Mgr: I'm not sure...
Me: Well could you have someone meet me down here or give me the entry code?
Mgr: Sure the code is 1234.
Me: Thanks, I'll let you know if there's any trouble.
So, I ran home, got my VCR (stereo), and picked up another TRC from Trash
Shack. I connected the VCR to the first two incoming lines on the rotary.
One went to each channel (left,right). Since the volume of calls is almost
consistent, it wasn't necessary to stop the recorder between calls. I just
let it run. I would come back the next day to change the tape. The VCR was
placed under the floor in case a tech happened to come by for maintenance.
These nodes are little computer rooms with air conditioners and raised floors.
The modems and packet switching equipment are all rack mounted behind glass.
Also, most of the nodes are unmanned. What did I get? Well a lot of the
logins were 1200, so I never found out what they were. Still have 'em on tape
though! Also a large portion of traffic on both Tymnet and Telenet is those
little credit card verification machines calling up Visa or Amex. The
transaction takes about 30 secs and there are 100's on my tapes. The rest is
as follows:
Easylink CompuServe Quantumlink 3Mmail
PeopleLink Homebanking USPS Chrysler parts order
Yamaha Ford Dow Jones
And a few other misc. systems of little interest. I'm sure if I was
persistent, I'd get something a little more interesting. I spent several
months trying to figure out my 1200 baud problem. When I went back down there
the code had been changed. Why? Well I didn't want to find out. I was out
of there! I had told a couple of people who I later found could not be
trusted. Oh well. Better safe than sorry.
**************************************
Well, if you need to reach me,try my VMS at 415-338-7000 box 8130. But no
telling how long that will last. And of course there's always P-80 systems at
304-744-2253. Probably be there forever. Thanks Scan Man, whoever you are.
Also read my file on telco local loop wiring. It will help you understand how
to find the line you are looking for. It should be called Telcowiring.Txt
<<< AGENT STEAL >>>
Reference in a new issue Copy permalink