Blue box
Encyclopedia
An early phreaking
Phreaking
Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. As telephone networks have become computerized, phreaking has become closely...

 tool, the blue box is an electronic device
Electronics
Electronics is the branch of science, engineering and technology that deals with electrical circuits involving active electrical components such as vacuum tubes, transistors, diodes and integrated circuits, and associated passive interconnection technologies...

 that simulates a telephone operator
Telephone operator
A telephone operator is either* a person who provides assistance to a telephone caller, usually in the placing of operator assisted telephone calls such as calls from a pay phone, collect calls , calls which are billed to a credit card, station-to-station and person-to-person calls, and certain...

's dialing console. It functioned by replicating the tones used to switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls - inversely, the Black Box
Black box (phreaking)
The black box , was a small electronic circuit added to a telephone which provided the caller with a free call...

 enabled one to receive calls which were free to the caller. The blue box no longer works in most western nations, as modern switching systems
Telephone exchange
In the field of telecommunications, a telephone exchange or telephone switch is a system of electronic components that connects telephone calls...

 are now digital and no longer use the in-band signaling
In-band signaling
In telecommunications, in-band signaling is the sending of metadata and control information in the same band or channel used for data.-Telephone:...

 which the blue box emulates. Instead, signaling occurs on an out-of-band channel which cannot be accessed from the line the caller is using (called Common Channel Interoffice Signaling (CCIS)).

The blue box got its name because the first such device confiscated by Bell System security was in a blue plastic case.

History

In November, 1954, the Bell System Technical Journal
Bell System Technical Journal
The Bell System Technical Journal was the in-house scientific journal of Bell Labs that was published from 1922 to 1983.- Notable papers :...

published an article which described the process used for routing telephone calls over trunk lines
Trunking
In modern communications, trunking is a concept by which a communications system can provide network access to many clients by sharing a set of lines or frequencies instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches. Examples of...

 with the then-current signaling system, R1. The article described the basics of the inter-office trunking system and the signalling used. This, while handy, could not be used in and of itself, as the frequencies used for the Multi-Frequency
Multi-frequency
In telephony, multi-frequency signaling is an outdated, in-band signaling technique. Numbers were represented in a two-out-of-five code for transmission from a multi-frequency sender, to be received by a multi-frequency receiver in a distant telephone exchange...

, or "MF", tones were not published in this article.

In November, 1960, the other half of the equation was revealed by the Bell System Technical Journal: another article entitled "Signaling Systems for Control of Telephone Switching" was published containing the frequencies
Frequency
Frequency is the number of occurrences of a repeating event per unit time. It is also referred to as temporal frequency.The period is the duration of one cycle in a repeating event, so the period is the reciprocal of the frequency...

 used for the digits that were used for the actual routing codes With these two items of information, the phone system was at the disposal of anyone with a cursory knowledge of electronics.

However, contrary to numerous stories, before finding the articles in the Bell System Technical Journal it was discovered by many, some very unintentionally and to their annoyance, that a 2600 Hz tone, used by AT&T
AT&T
AT&T Inc. is an American multinational telecommunications corporation headquartered in Whitacre Tower, Dallas, Texas, United States. It is the largest provider of mobile telephony and fixed telephony in the United States, and is also a provider of broadband and subscription television services...

 as a steady signal to mark currently unused long-distance telephone line
Telephone line
A telephone line or telephone circuit is a single-user circuit on a telephone communication system...

s, or "trunk lines", would reset those lines. Joe Engressia
Joybubbles
Joybubbles , born Josef Carl Engressia, Jr. in Richmond, Virginia, USA, was an early phone phreak. Born blind, he became interested in telephones at age four. Gifted with absolute pitch, he was able to whistle 2600 hertz into a telephone . Joybubbles said that he had an IQ of “172 or something.” ...

 (known as Joybubbles) accidentally discovered it at the age of 7 by whistling
Whistle
A whistle or call is a simple aerophone, an instrument which produces sound from a stream of forced air. It may be mouth-operated, or powered by air pressure, steam, or other means...

 (with his mouth). He and other famous phone phreaks such as "Bill from New York" and "The Glitch", trained themselves to whistle 2600 Hz to reset a trunk line. They also learned how to route phone calls by causing trunks to flash in certain patterns. At one point in the 1960s, packets of the Cap'n Crunch
Cap'n Crunch
Cap'n Crunch is a product line of sweetened corn and oat breakfast cereals introduced in 1963 and manufactured by Quaker Oats Company. Quaker Oats has been a division of PepsiCo since 2001. The product line is heralded by a cartoon mascot named Cap'n Crunch, a sea captain .-Development:Pamela Low,...

 breakfast cereal
Breakfast cereal
A breakfast cereal is a food made from processed grains that is often, but not always, eaten with the first meal of the day. It is often eaten cold, usually mixed with milk , water, or yogurt, and sometimes fruit but sometimes eaten dry. Some cereals, such as oatmeal, may be served hot as porridge...

 included a free gift: a small whistle that (by coincidence) generated a 2600 Hz tone when one of the whistle's two holes was covered. The phreaker John Draper
John Draper
John Thomas Draper , also known as Captain Crunch, Crunch or Crunchman , is an American computer programmer and former phone phreak. He is a legendary figure within the computer programming world.- Background :Draper is the son of a U.S...

 adopted his nickname
Nickname
A nickname is "a usually familiar or humorous but sometimes pointed or cruel name given to a person or place, as a supposedly appropriate replacement for or addition to the proper name.", or a name similar in origin and pronunciation from the original name....

 "Captain Crunch" from this whistle. Others would utilize exotic birds such as canaries which are able to hit the 2600 Hz tone to the same effect.

With the ability to blue box, what was once individuals exploring the telephone network started to develop into a whole sub-culture. Famous phone phreaks such as John "Captain Crunch" Draper
John Draper
John Thomas Draper , also known as Captain Crunch, Crunch or Crunchman , is an American computer programmer and former phone phreak. He is a legendary figure within the computer programming world.- Background :Draper is the son of a U.S...

, Mark Bernay, and Al Bernay used blue boxes to explore the various 'hidden codes' that were not dialable from a regular phone line.

Some of the more famous pranksters were Steve Wozniak
Steve Wozniak
Stephen Gary "Woz" Wozniak is an American computer engineer and programmer who founded Apple Computer, Co. with Steve Jobs and Ronald Wayne...

 and Steve Jobs
Steve Jobs
Steven Paul Jobs was an American businessman and inventor widely recognized as a charismatic pioneer of the personal computer revolution. He was co-founder, chairman, and chief executive officer of Apple Inc...

, founders of Apple Computer
Apple Computer
Apple Inc. is an American multinational corporation that designs and markets consumer electronics, computer software, and personal computers. The company's best-known hardware products include the Macintosh line of computers, the iPod, the iPhone and the iPad...

. On one occasion Wozniak dialed Vatican City
Vatican City
Vatican City , or Vatican City State, in Italian officially Stato della Città del Vaticano , which translates literally as State of the City of the Vatican, is a landlocked sovereign city-state whose territory consists of a walled enclave within the city of Rome, Italy. It has an area of...

 and identified himself as Henry Kissinger
Henry Kissinger
Heinz Alfred "Henry" Kissinger is a German-born American academic, political scientist, diplomat, and businessman. He is a recipient of the Nobel Peace Prize. He served as National Security Advisor and later concurrently as Secretary of State in the administrations of Presidents Richard Nixon and...

 (imitating Kissinger's German accent) and asked to speak to the Pope
Pope
The Pope is the Bishop of Rome, a position that makes him the leader of the worldwide Catholic Church . In the Catholic Church, the Pope is regarded as the successor of Saint Peter, the Apostle...

 (who was sleeping at the time).

Blue boxes were primarily the domain of "pranksters" and "explorers", but others used blue boxes solely to make free phone calls.

Blue boxing hit the mainstream media when an article by Ron Rosenbaum
Ron Rosenbaum
-Life and career:Rosenbaum was born into a Jewish family in New York City, New York and grew up in Bay Shore, New York. He graduated from Yale University in 1968 and won a Carnegie Fellowship to attend Yale's graduate program in English Literature, though he dropped out after taking one course...

 entitled Secrets of the Little Blue Box was published in the October 1971 issue of Esquire
Esquire (magazine)
Esquire is a men's magazine, published in the U.S. by the Hearst Corporation. Founded in 1932, it flourished during the Great Depression under the guidance of founder and editor Arnold Gingrich.-History:...

magazine. Suddenly, many more people wanted to get into the phone phreaking culture spawned by the blue box, and it furthered the fame of Captain Crunch
John Draper
John Thomas Draper , also known as Captain Crunch, Crunch or Crunchman , is an American computer programmer and former phone phreak. He is a legendary figure within the computer programming world.- Background :Draper is the son of a U.S...

 and groups, like the Legion of Doom
Legion of Doom (hacking)
The Legion of Doom was a hacker group active from the 1980s to the late 1990s and early 2000. Their name appears to be a reference to the antagonists of Challenge of the Superfriends...

.

In November 1988, the CCITT (now known as ITU-T
ITU-T
The ITU Telecommunication Standardization Sector is one of the three sectors of the International Telecommunication Union ; it coordinates standards for telecommunications....

) published recommendation Q.140, which goes over Signaling System No. 5
Signaling System No. 5
CCITT5 was a multi-frequency telephone signalling system in use from the 1970s for International Direct Distance Dialing . It was sometimes nicknamed "Atlantic Code" because the first IDD connections between Europe and North America used it....

's international functions, once again giving away the 'secret' frequencies of the system. This caused a resurgence of blue boxing incidents with a new generation.

During the early 1990s, blue boxing became popular with the international warez
Warez
Warez refers primarily to copyrighted works distributed without fees or royalties, and may be traded, in general violation of copyright law. The term generally refers to unauthorized releases by organized groups, as opposed to file sharing between friends or large groups of people with similar...

 scene, especially in Europe. Software was made to facilitate blue boxing using a computer to generate the signalling tones and play them into the phone. For the PC there were BlueBEEP
BlueBEEP
BlueBEEP was a popular blue boxing computer program for MS-DOS written between 1993-1995 by a young German programmer known by the pseudonym Onkel Dittmeyer. Used correctly, it could be used to exploit vulnerabilities in the CCITT Signaling System No. 5, used by international telephone switches of...

, TLO, and others, and blue boxes for other platforms such as Amiga
Amiga
The Amiga is a family of personal computers that was sold by Commodore in the 1980s and 1990s. The first model was launched in 1985 as a high-end home computer and became popular for its graphical, audio and multi-tasking abilities...

 were available as well.

In the 1970s and 80s some trunks were modified to filter out SF tone
Single-frequency signaling
Single-frequency signaling is line signaling in which dial pulses or supervisory signals are conveyed by a single voice-frequency tone in each direction...

 arriving from a caller. The death of blueboxing came in the mid to late 1990s when telcos, becoming aware of the problem, eventually moved to out-of-band signaling systems with separate data and signalling channels (such as CCIS and SS7). These systems separated the voice and signaling channel
Channel (communications)
In telecommunications and computer networking, a communication channel, or channel, refers either to a physical transmission medium such as a wire, or to a logical connection over a multiplexed medium such as a radio channel...

s, making it impossible to generate these signals from an ordinary phone line. It is rumored that some international trunks still utilize in-band signaling and are susceptible to tones, although often it's 2600+2400Hz then 2400 Hz to seize. Sometimes the initial tone is a composition of three frequencies. A given country may have inband signalling on trunks from a specific country but not others.

Operation

The operation of a blue box is simple: First, the user places a long distance telephone call, usually to an 800 number or some other non-supervising phone number. For the most part, anything going beyond 50 miles would go over a trunk type susceptible to this technique.

When the call starts to ring, the caller uses the blue box to send a 2600 Hz tone (or 2600+2400Hz on many international trunks followed by a 2400 Hz tone). The 2600 Hz is a supervisory signal, because it indicates the status of a trunk; on hook (tone) or off-hook (no tone). By playing this tone, you are convincing the far end of the connection that you've hung up and it should wait. When the tone stops, the trunk will go off-hook and on-hook (known as a supervision flash), making a "Ka-Cheep" noise, followed by silence. This is the far end of the connection signalling to the near end that it is now waiting for routing digits.

Once the far end sends the supervision flash, the user would use the blue box to dial a "Key Pulse" or "KP", the tone that starts a routing digit sequence, followed by either a telephone number or one of the numerous special codes that were used internally by the telephone company, then finished up with a "Start" or "ST" tone. At this point, the far end of the connection would route the call the way you told it, while the users end would think you were still ringing at the original number. KP1 is generally used for domestic dialing where KP2 would be for international calls.

The blue box consisted of a set of audio oscillators, a telephone keypad
Telephone keypad
A telephone keypad is a keypad that appears on a "Touch Tone" telephone. It was standardised when the dual-tone multi-frequency system in the new push-button telephone was introduced in the 1960s, which gradually replaced the rotary dial....

, an audio amplifier
Audio amplifier
An audio amplifier is an electronic amplifier that amplifies low-power audio signals to a level suitable for driving loudspeakers and is the final stage in a typical audio playback chain.The preceding stages in such a chain are low power audio amplifiers which perform tasks like pre-amplification,...

 and speaker
Loudspeaker
A loudspeaker is an electroacoustic transducer that produces sound in response to an electrical audio signal input. Non-electrical loudspeakers were developed as accessories to telephone systems, but electronic amplification by vacuum tube made loudspeakers more generally useful...

. Its use relied, like much of the telephone hacking methodology of the time, on the use of a constant tone of 2600 Hz
HZ
Hz is the International Standard symbol for Hertz, the unit of frequencyHZ may also stand for:* Habitable zone, the distance from a star where a planet can maintain Earth-like life* Hamilton Zoo, in New Zealand...

 to indicate an unused telephone line
Telephone line
A telephone line or telephone circuit is a single-user circuit on a telephone communication system...

. A free long distance telephone call (such as the information operator from another area code) was made using a regular telephone, and when the line was connected, a 2600 Hz tone from the blue box was fed into the mouthpiece of the telephone, causing the operator to be disconnected and a free long distance line to be available to the blue box user. The keyboard was then used to place the desired call, using touch tone frequencies specific for telephone operators. These frequencies are different from the normal touch tone frequencies used by telephone subscribers, which is why the telephone keypad could not be used and the blue box was necessary.

Development and use of the blue box was largely enabled by Bell Telephone
Bell Telephone
Bell Telephone may refer to:* Bell Telephone Company, several telephone companies with similar names* Bell Telephone Building , various* The Bell Telephone Hour, a long-running radio and television concert program...

's policy of publishing all technical documentation regarding its equipment. In response to the development of this and other means of telephone hacking, the company began to develop other means of securing its system, without publicly disclosing the details
Security through obscurity
Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security...

. This, plus the investigation and prosecution of several hackers
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...

 by the FBI, finally made the blue box and other phreaking equipment obsolete. The hacking community evolved into other endeavors, however, and there currently exists a commercially published hacking magazine, titled 2600
2600: The Hacker Quarterly
2600: The Hacker Quarterly is an American publication that specializes in publishing technical information on a variety of subjects including telephone switching systems, Internet protocols and services, as well as general news concerning the computer "underground" and left wing, and sometimes ,...

, a reference to the 2600 Hz tone that was central to so much of telephone hacking.

Frequencies and timings

Each MF tone consists of two frequencies, shown in the table on the left. Note that these are not the same as customer dialed Touch Tone, which is shown by the table on the right:


Normally, the tone durations are on for 60ms, with 60ms of silence between digits. The 'KP' and 'KP2' tones are sent for 100ms. KP2 (ST2 in the R1 standard) was used for dialing internal Bell System telephone numbers. However, actual frequency durations can vary depending on location, switch type, and the machine status.

Special codes

Some of the special codes a person could get onto are in the chart below. "NPA" is a U.S. telephone company term for 'area code'.
  • NPA+100 – Plant Test – Balance termination
  • NPA+101 – Plant Test – Toll Testing Board
  • NPA+102 – Plant Test – Milliwatt tone (1004 Hz)
  • NPA+103 – Plant Test – Signaling test termination
  • NPA+104 – Plant Test – 2-way transmission and noise test
  • NPA+105 – Plant Test – Automatic Transmission Measuring System
  • NPA+106 – Plant Test – CCSA loop transmission test
  • NPA+107 – Plant Test – Par meter generator
  • NPA+108 – Plant Test – CCSA loop echo support maintenance
  • NPA+109 – Plant Test – Echo canceler test line
  • NPA+121 – Inward Operator
  • NPA+131 – Operator Directory assistance
  • NPA+141 – Rate and Route Information
  • 914+151 – Overseas incoming (White Plains, NY)
  • 212+151 – Overseas incoming (New York, NY)
  • NPA+161 – trouble reporting operator (defunct)
  • NPA+181 – Coin Refund Operator
  • 914+182 – International Sender (White Plains, NY)
  • 212+183 – International Sender (New York, NY)
  • 412+184 – International Sender (Pittsburgh, PA)
  • 407+185 – International Sender (Orlando, FL)
  • 510+186 – International Sender (Oakland, CA)
  • 303+187 – International Sender (Denver, CO)
  • 212+188 – International Sender (New York, NY)


Not all NPAs had all functions.

Blue boxes in other countries

Another signaling system widely used on international circuits (except those terminating in North America) was CCITT Signaling System No. 4 (specified in CCITT Recommendations Q.120 to Q.139). This was also an in-band system but, instead of using multifrequency signals for digits, it used four 35 ms pulses of tone, separated by 35 ms of silence, to represent digits in four-bit binary code, with 2400 Hz as a ‘0’ and 2040 Hz as a ‘1’. The supervisory signals used the same two frequencies, but each supervisory signal started with both tones together (for 150 ms) followed, without a gap, by a long (350 ms) or short (100 ms) period of a single tone of 2400 Hz or 2040 Hz. Phreaks in Europe built System 4 blue boxes that generated these signals. Because System 4 was used only on international circuits, the use of these blue boxes was more specialized. Typically, a phreak would gain access to international dialing at low or zero cost by some other means, make a dialed call to a country that was available via direct dialing, and then use the System 4 blue box to clear down the international connection and make a call to a destination that was available only via operator service. Thus, the System 4 blue box was used primarily as a way of setting up calls to hard-to-reach operator-only destinations, in order to impress other phreaks, rather than as a way of making free or cheap calls. A typical System 4 blue box had a keypad (for sending four-bit digit signals) plus four buttons for the four supervisory signals (clear-forward, seize-terminal, seize-transit, and transfer-to-operator). After some experimentation, nimble-fingered phreaks found that all they really needed was two buttons, one for each frequency. With practice, it was possible to generate all the signals with sufficient timing precision manually, including the digit signals. This made it possible to make the blue box quite small. A refinement added to some System 4 blue boxes was an anti-acknowledgment-echo guard tone. Because the connection between the telephone and the telephone network is two-wire, but the signaling on the international circuit operates on a four-wire basis (totally separate send and receive paths), signal-acknowledgment tones (single pulses of one of the two frequencies from the far end of the circuit after receipt of each digit) tended to be reflected back at the four-wire/two-wire conversion point. Although these reflected signals were relatively faint, they were sometimes loud enough for the digit-receiving circuits at the far end to treat them as the first bit of the next digit, messing up the phreak’s transmitted digits. What the improved blue box did was to continuously transmit a tone of some other frequency (e.g., 600 Hz) as a guard tone whenever it was not sending a System 4 signal. This guard tone drowned out the echoed acknowledgment signals, so that only the blue-box-transmitted digits were heard by the digit-receiving circuits at the far end.

See also

  • Phreaking
    Phreaking
    Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. As telephone networks have become computerized, phreaking has become closely...

    , the general term for exploiting the telephone system in unintended ways
  • Falsing
    Falsing
    In telecommunications, falsing describes a decoder assuming that it is detecting a valid input when one is not present. This is also known as a false decode...

  • Red box (phreaking)
  • Black box (phreaking)
    Black box (phreaking)
    The black box , was a small electronic circuit added to a telephone which provided the caller with a free call...

  • Single-frequency signaling
    Single-frequency signaling
    Single-frequency signaling is line signaling in which dial pulses or supervisory signals are conveyed by a single voice-frequency tone in each direction...

  • 2600: The Hacker Quarterly
    2600: The Hacker Quarterly
    2600: The Hacker Quarterly is an American publication that specializes in publishing technical information on a variety of subjects including telephone switching systems, Internet protocols and services, as well as general news concerning the computer "underground" and left wing, and sometimes ,...

    , a magazine named after the 2600 Hz tone.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK