mirror of
https://github.com/fdiskyou/Zines.git
synced 2025-03-09 00:00:00 +01:00
195 lines
11 KiB
Text
195 lines
11 KiB
Text
==Phrack Inc.==
|
||
Volume One, Issue Three, Phile 2 of 10
|
||
|
||
The purpose of this file is to tell you what you would be dealing with if
|
||
you stumble across this system, or if you know of a company that is using this
|
||
system. It doesn't go into incredible detail, and is lacking in areas. It is
|
||
not a guide to hacking into it, just letting you know what you would be dealing
|
||
with. This is to pique your interest in the system.
|
||
|
||
So What the Hell is ROLM?
|
||
-------------------------
|
||
ROLM is a "Business Communications System" bought by IBM a few months ago,
|
||
in an effort to compete effectively with AT&T, and get a larger share of the
|
||
market, in a grand master plan to become "Big Daddy Blue" as opposed to "Ma
|
||
Bell". It is a very complex system, with features such as PhoneMail, A
|
||
Super-PBX, Local Area Networks, Public and Private Data Networks, Desktop
|
||
Communications, and Call Management.
|
||
The heart of the system is the Controller, called the CBX <Computerized
|
||
Business Exchange>. This controls the entire network accessible through ROLM.
|
||
Since 1983, the CBX was redesigned and upgraded to the CBX II. It is a PBX with
|
||
much much more <See 'Introduction to PBX's' available on your local bbs> to
|
||
offer, and that is ROLM's claim to fame. It is light years ahead of the regular
|
||
PBX system.
|
||
|
||
|
||
The CBX II
|
||
----------
|
||
|
||
The CBX II is the core of the ROLM network. It is computer driven and
|
||
expandable from one node, with 165 channels, to 15 nodes providing 11,5200
|
||
2-way channels. The smaller business could have a model with a 16 user maximum
|
||
limit, but it can go up to 10,000 users, though this would be quite rare <and
|
||
quite God Damn expensive!>. It can be accessed from outside lines <like you> as
|
||
well as HardWired units, with a switching system to prevent busy signals on a
|
||
port. Speed depends on the system in place, either the newer, faster ROLMbus
|
||
295, or the older standard ROLMbus 74. <see Service manuals for exact details>
|
||
The larger the system, the faster as well. It is adjustable to accept different
|
||
bandwidths for the various components, such as Telex, Voice, Data, Mainframe,
|
||
LAN, Video <ta-da! Picturefones in reality!>, and anything hooked up to the
|
||
system. Similar tasks can be bunched onto one channel as well, at high or low
|
||
speeds. If multiplexing is used <above>, the maximum speed is 192,000 bps, and
|
||
if using a single interface, the top possible rate is a mindboggling 37,000,000
|
||
bps, which if you ask me, if just fluff and not too practical, so they are
|
||
usually multiplexed. <Now, what a difference that is from 300 baud!>. Using
|
||
the CBX II network, you might find just about any kind of mainframe, from HP,
|
||
to DEC, to VAX, to the IBM 327 series.
|
||
Note : There is a smaller version of this called the VSCBX.
|
||
|
||
|
||
Phone Mail
|
||
----------
|
||
|
||
This is one of the little beauties of the system, something truly fun to
|
||
fuck with. I called ROLM Headquarters in California to ask specific questions
|
||
about ROLM, posing as a researcher, and I got the big runaround, transferred
|
||
from department to department. Maybe you can get further than I. Their is
|
||
408-986-1000. The to PhoneMail from the outside is 800-345-7355. A nice
|
||
computer-generated voice comes on asking you to enter your Extension number
|
||
<which each employee has>, and then enter the "" sign. Then enter your
|
||
password. If you make around 3 or 4 bad attempts at an Extension of Password,
|
||
it will automatically ring another number, assistance I assume, to find out why
|
||
there has been an unsuccessful entry attempt. I haven't played around with this
|
||
that much, so leave mail to Monty Python with whatever you find. Once entering
|
||
an authorization with correct password, you will be presented with more
|
||
options, leave messages to other people, and whatnot. You can hear your
|
||
messages, forward them to another person, leave the same message to more than
|
||
one person, change your welcome message, etcetera. The service is for those
|
||
business-type pigs who never sit still for one minute, like they are
|
||
permanently on speed.
|
||
|
||
A Phone Mail Scenario
|
||
---------------------
|
||
|
||
Let's say if Mr. Greed goes out to meet his secretary at a motel, but
|
||
definitely has to get that important message from Mr. Rasta, who's bringing in
|
||
$3 mil in Flake, and can't trust it to the person who would handle it <ie: the
|
||
person filling in for his sec with the tremendous tits who is getting balled by
|
||
the dirty old fat man>. Mr. Greed would have given Mr. Rasta his phone and he
|
||
would be forwarded to the Phone Mail network, where he would hear a message
|
||
left my Mr. Greed, to anyone who would call. Mr. Rasta would leave his message
|
||
and hang up. Then Mr. Greed could call up the 800-345-7355 , punch in his
|
||
extension authorization number, and password. Or, if he was back at the office,
|
||
he could get it there through DeskTop communications. Messages can be delivered
|
||
without error, in the person's own voice, without other people knowing about
|
||
it. Therefore, someone with enough knowledge could use an unused account and
|
||
use it as his own service, without the knowledge of others.
|
||
|
||
DeskTop communications
|
||
----------------------
|
||
|
||
ROLM has developed a Computer/Telephone integrated device for use with the
|
||
Desktop communications. It is linked with the CBX II through fone lines, thus
|
||
accessible by you and me from the outside. It is not hardwired, though it can
|
||
approach hardwired speed. If you could get your hands on one of these
|
||
computer/fones then I think you would have found something very useful at home,
|
||
in your general life. But you could access the network without the special
|
||
features of the fone, like one touch dialing, which is designed for the stupid
|
||
lazy businessman. You can access company databases through the network,
|
||
mainframes, other people, just about anything as if you were right there and
|
||
told your secretary to do it for you. There is special software used by the
|
||
computers or computer/fone but it can be improvised and is just an aid. It uses
|
||
a special protocol <Don't know what, try to get your hands on one by trashing a
|
||
sales office>. What is great is that everything is tied together through
|
||
telefone lines, and not RS-232C! Thus, there is an access port....somewhere.
|
||
Scan the 's around the office using ROLM. How do you know if it is using
|
||
ROLM one way or the other. Compile a list of local businesses, call them up
|
||
saying "This is ROLM Customer Support. We have a report of a complaint in your
|
||
CBX II network, let me speak to your supervisor please." If they say "ROLM? CBX
|
||
II? We don't use that" then just apologize and go elsewhere. Or say that you
|
||
are from ROLM corp and would like to know if the company is interested in using
|
||
it to network its system. Like, if they have it already, they would say that
|
||
they had it. And if they didn't, you would just give them a fake <or if
|
||
you're nice the for the local sales office obtainable in the list below>.
|
||
|
||
But you know what's REALLY Great? They have made the network link in mind
|
||
for the person with a Computer IQ of about 0. Commands are in plain English.
|
||
Here is a demonstration screen as seen in their brochure:
|
||
CALL, DISPLAY or MODIFY
|
||
|
||
Display groups
|
||
|
||
ACCESSIBLE GROUPS:
|
||
[00] PAYROLL [01] MODEM [02] IBMHOST
|
||
[03] DOWJONES [04] DECSYSTM [05] MIS-SYSTM
|
||
[06] DALLAS [07] SALES
|
||
|
||
CALL, DISPLAY OR MODIFY?
|
||
Call Payroll
|
||
|
||
CALLING 7717 <which would be the ID code for the PAYROLL file>
|
||
CALL COMPLETE
|
||
|
||
**PAYROLL SYSTEM** <or whatever they want to call it>
|
||
ENTER ACCOUNT CODE:
|
||
|
||
See, nothing is confusing, everything pretty self-explanatory. There may be
|
||
more than one person wanting to do the same thing you are, so if there is, you
|
||
would be put on a queue for the task. It seems that those with an IBM would be
|
||
best suited for ROLM hacking, because ROLM is owned by IBM, and the PC's used
|
||
by the network are IBM. A person with a simpler fone/Terminal couldn't access
|
||
something like their DEC mainframe, or something like that. By calling in, you
|
||
could not run an application, unless you had a special interface, but you could
|
||
access the database, which any dumb terminal could do.
|
||
However, there are security levels. Thus one with a privileged account
|
||
could access more things than one without it. Like Joe Schmoe in Sales couldn't
|
||
get to Payroll . It seems that for non-IBM's to access some of the parts of the
|
||
network, you would need an interface to become the same thing as a RolmPhone.
|
||
Excessive 's of bad logon attempts, which would be construed as a linking
|
||
error would notify the network manager, And if they saw that there was no
|
||
hardware error, eventually, they would think of if they were somewhat
|
||
experienced, you guessed it, hackers.
|
||
|
||
The PBX
|
||
-------
|
||
|
||
ROLM has something called Integrated Call Management <from here on known as
|
||
ICM>. Now, when designing ICM, they must have taken into account the abuse
|
||
possible in plain ol' PBX's. So they put in something called Call Screening.
|
||
This will enable the company to restrict calls to certain 's and prefixes.
|
||
Calls to non-business 's or certain areas can be screened out <"No personal
|
||
calls on my time, Johnson!">, with the exception of 1 specific that you want.
|
||
There is a choice of having a codeless, screened PBX, or a PBX where
|
||
accounts are assigned to each employee, and the 's they call get recorded to
|
||
that account. There can be privileged accounts where a large volume of calls
|
||
would go relatively un-noticed. But I don't think that large-scale abuse of
|
||
this system would be easy or practical. Calls are routed AUTOMATICALLY through
|
||
the service where the rates are cheaper to the location dialed, which is pretty
|
||
fucking cool. And, the PBX is accessible from the outside, using Direct Inward
|
||
System Access, making it AB-useable.
|
||
But what about if there is Equal Access in that area? It doesn't matter,
|
||
the CBX will automatically access the service without you having to worry about
|
||
it <hell, this is totally unnecessary for a hack/phreak, cause we ain't paying
|
||
for the damn call anyhow!>
|
||
BUT!: There is a use of Call Detail Recording, where information on all
|
||
ingoing and outgoing calls are recorded.
|
||
|
||
Conclusion
|
||
----------
|
||
|
||
Not a lot of research went into this file, but it did take a little while
|
||
to type up, and all of the information is correct, to my knowledge. Anyone is
|
||
free to expand on this file into a Part II. It was written to enlighten people
|
||
about this system, and I hope this has helped a little bit.
|
||
Sysops: You are free to put this file up as long as NONE of the credits
|
||
are changed! <this means the Phrack, Inc. AND Personal credits>. Please give us
|
||
a chance.
|
||
|
||
Coming soon, to a telephone near you: The Return of The Flying Circus. Look
|
||
for it.
|
||
--Later On
|
||
Monty Python <01/11/86>
|
||
|
||
|
||
|
||
|