ENCYCLOPEDIA 4U .com



Encyclopedia Home Page
Google
  Web Encyclopedia4u.com

 

Phreaking

Phreaking is a slang term for the action of making a telephone system do something that it normally should not allow. It is an illegal activity, but one formerly pursued by a large number of computer and electronics hobbyists out of curiosity. Other reasons why many people attempted (or succeeded in) phone phreaking during the 1960s and 1970s included the (then) very high cost of long-distance telephone service, and a desire to rebel against the AT&T telephone monopoly.

A phreak or phreaker is a person who engages in the act of manipulating phones in this way. The tools of the phone phreak are electronic devices known as boxes, such as the black box, red box, beige box and clear box.

Most of the techniques formerly used in phreaking are no longer effective due to changes in the telephone system. Some of these changes were evolutionary, and some were designed specifically to disallow such access. Moreover, the cost of telephone calls has diminished to the point where few would find it worthwhile to engage in toll fraud; and there are numerous competing providers of telephone service (except for most wired local service which remains controlled by regional Bell operating companies—remnants of the former AT&T monopoly).

The Crossbar System

In the 1960s the US phone system used a mechanical device for call switching known as the crossbar. The crossbar system could control phone switching by watching the voltage on the lines connected to the user's phones. When the user picked up the handset, the voltage dropped from about 48 V to about 10 V, so the crossbar knew that person wanted to place a call. It would then play a dial tone and wait for the user to dial. When a call was received, the crossbar would switch to an intermitent ring voltage of about 90 VAC at 20 Hz to make the hammer repeatedly strike the bell inside the phone and cause the phone to ring. It could also tell when the user had hung up when it saw the voltage increase back to about 48 V again.

Dialing worked in a similar fashion; the mechanical, spring-loaded rotary dial found on older telephones functioned by quickly connecting and disconnecting the line. At the phone company central office, the lines were connected to a series of mechanical disks (stepping relays) that rotated one position for every "click", so seven such clicks would turn the disk seven positions. After dialing several numbers in this way, the line would eventually be connected to another phone, which would start ringing. (Anyone, with some practice, may to this day dial a telephone by repeatedly clicking the receiver, one click for a "1", two clicks in rapid succession for a "2", ten clicks in rapid succession for a "zero".)

Switching through the use of electromechanical stepping relays only worked for "local" calls. Telephones connected to the same central office shared a common crossbar. Long-distance calls, however, required a method of switching telephone calls that did not require a physical electrical connection.

Between central offices, long lines were employed which at first required the intervention of a human operator. During the 1960s, an increasing number of calls were being carried by microwave links and even satellite relays. In order to reduce or eliminate the need for operator assistance, AT&T began a system of "direct distance dialing" which relied on the use of area codes, special three-digit prefixes containing either "1" or "0" as the second digit. No local telephone number could begin with any of the three-digit area codes. To handle long-distance calls, the crossbar connected all calls to numbers beginning with area codes to an outbound long line.

Upon detecting an area code, central offices converted the various dial "click" voltage differentials into special multi-frequency sounds that were only used by the long lines and by special outbound routing operators. These blue box signals were sent along the long lines to the remote crossbar or electronic switching system. Another set of sounds (such as the 2600 Hz sine wave discussed below) signalled things like "user has hung up". After all, the phone system transmits sound, so it took no extra lines to transmit these particular codes that had been converted into sounds, saving lots of money on infrastructure.

In the 1980s, the area code system was augmented by requiring callers to dial "1" before the area code. This enabled all the former area codes to be used as local exchange prefixes, and enabled any three-digit combination to be used as an area code. The prefix "011" was later implemented to permit overseas calls to be dialed without operator assistance.

The Origins of Phreaking

The precise origin of phone phreaking is disputed.

In one account, one day a student was playing with the phones in his local university when he whistled into it, and the phone suddenly hung up. After some experimentation and a few calls to local technicians, he learned that he had stumbled across the "user had hung up" tone, 2600 Hz. When the system heard it, it hung up the phone, thinking the call was ended.

Another version of the story is that famous phreak John Draper, alias Captain Crunch, had a whistle that he had found in a box of Cap'n Crunch cereal. One day he discovered that this whistle cause the phone to suddenly hang up. He tested the whistle and discovered that it created a relatively pure 2600 Hz tone. Just as one may still dial a telephone by repeatedly clicking the receiver, Draper discovered that one could dial using a series of rapidly pulsed 2600 Hz tones on a Cap'n Crunch whistle.

Yet another story involves a group of blind children who discovered how to whistle the tones used to signal that a coin had been deposited in a pay phone. These frequencies were later used in the device known as a red box.

2600 Hz

2600 Hz, the key to early phreaking, was a signal sent to the long-distance switch to indicate that the user had hung up the phone. At that point the call was not completely disconnected. Although the long-distance hardware thought the call was disconnected, the local user was still physically connected to their local crossbar — it knew that the user was still connected because the voltage never dropped. This left the system in an inconsistent state. The dialer was still connected to a long-distance trunk line and switch at the remote switching center that was perfectly willing to complete or further route calls.

A number of people in the 1960s discovered a loophole that resulted from this combination of features. The trick to was to call a toll free number or long-distance directory number and then play the 2600 Hz tone into the line before the call was answered on the other side of the toll line. Then they simply dialed the number they actually wanted on a blue box, and the remote crossbar happily connected them for free. Of course when they were connected to the diverted call their local central office would be alert and the technicians began searching for inordinately long directory calls or excessive dialing to particular toll free numbers. Many phone phreaks were forced to use pay telephones as the telephone company technicians regularly tracked long-distance toll free calls in an elaborate cat-and-mouse game.

As the knowledge spread, the growing number of phone phreaks became a minor culture onto their own. They were able to train their ears to determine how the long lines routed their calls. Sympathetic (or easily social-engineered) telephone company employees gave them the various routing codes to use international satellites and various trunk lines like expert operators. The phone companies quickly caught on to the scheme and slowly deployed a number of systems to defeat it. However, the phreaks felt that a true solution would be impossible because it would require adding hardware (a filter) to every line on every crossbar in the world. Unless the phone company replaced all their hardware, phreaking would be impossible to stop. Many of these phreaks were caught by the FBI.

Eventually, the phone companies in North America did, in fact, replace all their hardware. They didn't do it to stop the phreakers, but simply as a matter of course as they moved to fully digital switching systems. Unlike the crossbar, where the switching signals were carried on the same lines, the new systems used separate lines for signalling that the phreakers couldn't get to. This system is known as Common Channel Interoffice Signaling.

One Box, Two Box, Red Box, Blue Box

Many phreaking techniques can be implemented with small electronic circuits, easily made by hobbyists once the secret of their operation is known. The first circuit to generate the switching tones needed to reroute long-distance calls was nicknamed the blue box by an early phreak who had built one in a blue enclosure. Soon, other types of phreaking circuits were given similar names.

At one point, pay telephones used specific DTMF tones to signal the deposit of a nickel, dime, or quarter into the coin slot. Phreaks learned the frequencies used, and produced circuits to spoof them. Such a device became known as a red box. Though it was also possible to call one pay phone from another and then simply record the sounds as coins were deposited in the first pay telephone. The phreaked call was then completed and when the operator asked for payment the phreak would play back the recording of the sounds (including the physical sound of the coins being deposited into the coin box) into mouthpeice of the telephone for the benefit of the operator. Red-boxing (the act of using red boxes) ceased working in most areas in the 1980s as the phone companies installed an extra sensor that actually detected the coin falling into the box. Finally they moved this signaling out of band completely. However, in some areas where telephone equipment was not upgraded until later, it remained effective into the 1990s.

Dozens of other types of "boxes" were invented. In the BBS scene of the late 1980s and early 1990s, crude ASCII art diagrams of phreaking box schematics circulated on electronic bulletin boards. Many of these designs simply cloned particular telephone features not usually accessible on residential phones, such as a hold button or the letter keys used in Autovon (the silver box). Many were useless, some were faulty, and some were pure hoaxes: for instance, a "blotto box" which supposedly could use high-frequency signals to cause a remote telephone to explode.

Modern Day Phreaking

To some extent, phreaking continues to the modern-day. Because the point for many was not simply to gain free long-distance access but to learn how the systems worked, the telephone companies have not been able to completely kill the art. Modern-day phreaking activities are mostly comprised of scanning, or using the DTMF tones to dial various numbers looking for tests. Others include hacking the new digitally-controlled payphones, which have a number of control codes, and manipulating the various test numbers. Some pheraks also try to "scan" for tones used as control codes on systems.

External links


Content on this web site is provided for informational purposes only. We accept no responsibility for any loss, injury or inconvenience sustained by any person resulting from information published on this site. We encourage you to verify any critical information with the relevant authorities.



Copyright © 2005 Par Web Solutions All Rights reserved.
| Privacy

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Phreaking".