STATION ID - 7091/6.411 9x Datakit Network FOR OFFICIAL USE ONLY This is a 9x system, restricted to authorized persons and for official 9x business only. Anyone using this system, network or data is subject to being monitored at any time for system administration and for identifying unauthorized users or system misuse. Anyone using this system expressly consents to such monitoring and is advised that any evidence of criminal activity revealed through such monitoring may be provided to law enforcement for prosecution. Flygu's (flygu=lordofpain) Cellular Phreaking Guide For 96' ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ about flygu: well flyGu, is just my IRC nick, i am Lord Of Pain from San Diego ..i wrote dis cause Substance wanted me to write something cool about cellular for his group 9x. dis file will be released as a 9x release. thank you very much. disclaimer: read this for learning. knowledge is power over those whom opress our mind and soul. however, do not get arrested for doing this. if you are gonna go down, go down as a fighter for free thinking and our pathetic species. they want us to go down for shit like this, so watch yourself. thankx to: most thanx to the old school 619 people. they were around and ran boards and supported the scene. (cj, bones, kludge, doctor disector, mrfab, ,dr.who, g, tck, tem, iron reeper). special thanx to : Vigilante,digitalorgasm,coolddude,mrfab, bobdobbs,satan,emp,diabolus,sliver,and everyone else in 619. thanx guys NOW FOR THE MANUAL. . Cellular Phreaking Manual By FlyGU (lordofpain) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Cellular phones are great tools for any hacker/phreaker. They can NOT be traced, they are mobile, and you can easily modify them. Although CID for cellz is in the making (i am sure) al you have to do is modify the cell over and over, and you wont get caught. Before I teach you how to modify a cell phone. Let me teach you the basics of how it works. Cellular companies have stations which have honeycomb like structures called cells. Each cell is capable of having certain number of calls and usually handles an area. The phone sends its into to the tower, and it gets acess so it can place the call. The phone actually sends and recieves at the same time. So there are 2 channels involved. If you know one, you know the other because they are 45 appart. (simple math, if you gonna be a phreaker/hacker you can atleast figure this out. :} )... ESN- electronic serial number MIN- mobile identification number NAM- numeric assignment module FOVC- forward voice channel FOCC- forward control channel ROVC- reverse voice channel RECC- reverse control channel Your phone also has software in it. IT has a chip with actuall sofware written to control its functions. Each make and brand name has a different software. Software can be modified to your advantage. You will learn more about this leater in this text. Now that you know how it works you should know "how not to get caught". Basically if you are doing a major hacking project, change your physical location and the esn.min pair every 2 hours or so. If you just call some LD boardz, then you can change it like ATLEAST once a day. This is because of 3 simple things. The 1st is that the cellular company has clonning detection. For example you are 20 miles away from the actuall owner of a cellular phone. If he makes a call, then you make a call within 5 minutes a clonning flag goes off, because they know where you are located! and since there is no way for him to get to where you are in 5 minutes a security flag goes off on his account. Second reason is that they know approximately what area you are in when you use the phone, so if they want to catch you thell use directional antena and catch you. Thats why if you move around alot and change pairs alot they cant catch you! and third reason is the owner of the phone might get charged for your calls, so switch pairs around so that you dont ruin someones life! (have morals in all that you do, your morals dont have to be what society wants them to be, just set them for yourself.) The company that makes the cell puts a permanet ESN on your phone which is not made to be changed. It is permanently burned into a chip. Your phone also has software thats in it. Its kinda like a cellular operation system. Each type and brand of phone has different software. All phones allow you to change the NAM and other features. So here lets assume you already got a pair you want to put into the phone (ill teach you how to snag pairs later in this manual). There are several ways you can do that. On some phones you can make a cable and use software on your computer to change the esn.min pair. This software is readily available to you on the internet. There is a second way which is 100% better then the first. You can burn new software into your phone that will alow you to change the ESN and store it at a different location. You can make this software if get the original software (you gonna have to read the chip, then work your way to the origian software) and add some minor adjustments to it. If you do not have programming skills you can go to your web browser and go to www.l0pht.com and go to drwho's radiophone (its in archives) and you will find what you need there. So now you that you have that, can now change the esn, and you can change the min. Thats it! you just now clonned a cellular phone. But dont think that is it, hundreds of other fun things you can do with your cellular phone. Ok. You now have a phone that allows you to change the ESN and the NAM. But what fucking good is that gonna do you if you cant get (snarf) the ESN.MIN pair. There are alot of ways to get pairs i will present some methods to you that already work and at the end of this manual i will include some ideas you can try that no one else has tried before. Method 1 _____________________________________________________________________________ the simplest way is this. tzanger wrote this little segment on irc the other day so method one is his three components make the hardware: comparator, PLL and XOR gate. take the discriminator's output from the scanner tuned on ROVC and feed it to the op amp, tune the PLL for 10khz and run its output and the incoming datastream thrugh the xor. dats it, after you do this you should have a bunch of ddi info. SIMPLE! ______________________________________________________________________________ Method 2 _____________________________________________________________________________ There is software available that you can use with your modified scanner to recieve pairs using your computer. look for it on the net. i suggest trying all the web search engines. i have seen that stuff on alot of pages i visited...i used tzanger's text that he wrote it in a way that you guys can easily understand. ____________________________________________________________________________ Thats it. Its that simple. This works very easily, your scanner picks up the RECC (reverse channels where the pairs are transmitted) then you just convert them to readable format. simple! But clonning is not all you can do with your cellular phone. You can monitor other calls with your cellular phone also. The only problem is handoffs. They occur because a person moves out of range from a cell, and a handoff occurs. He gets transported to another cell. But this can also be easily conquered. If you have a Motorola all you have to do is put it into test mode, and unmute the audio, and go to a channel and listen! So your cellular phone can also be a tracking and spying device. The posibilities are unlimmited. have lots of cellular phun! ---experimental ideaz for your hungry mind to munch on---------------- i have personally seen with my own eyes a cellular phone pick up the channel where ESN.MIN's are transmited (yes i heard it, the transmition of the pairs makes the most annoying noise i have ever heard. hehehe). so now all you gotz to do is convert them and store them.. i believe that someday someone will create a phone that can do that. you can also convert somehow (think hard, i wont give you this one) and store in your computer.......i even heard rumors that someone had a phone that works like this: you put the number you want to call, push send, then the phone snarfs a pair, and uses it just for that one call! i also heard rumors of phones having 1000 esn.min's in them, and they use them up slowly. I AM NOT SURE IF THESE RUMORS ARE TRUE, THEY CAN BE LIES.. but we can make them true. cause H/P is all about learning and trying. __________________________________________________________________________ # end. i made this manual short and complete. i am lazy. if you want to learn more i suggest asking someone who cares because i do not. i wrote this to help those who are motivated enough to get off there ass and learn more. _____________________________________________________________________________ _ |*| Author: flygu (a.k.a Lord Of Pain) |*| _______|*| /*12345678#\ <---- :-) |__________| | | FLYGU thinks that OKI | 1 2 3 | is da SHITZ! | 4 5 6 | | 7 8 9 | <--------- hail da oki! | * 0 # | |RclStoAlMe| btw: did i forget to |Snd Cl End| say that oki's rule! |-+oki900__| |__________| <---oki900. da best phone! find me on IRC as flygu, or on a BBS as Lord Of Pain..talk to me if you wish ______________________________________________________________________________