Copy Link
Add to Bookmark
Report
Chaos IL Issue 06
< The Israeli Underground Information eXchage >
.________. . _ .
| | ._//.___/\ _/______
.______|___ _ -|-/__ _ : | // \/ __/___ _
._\_ | .:::. | _/_/// /
| : .___:_ .:::::::. | |
| ._\ | .::::.::::::. | |
: | | ::::: | |
.__________ | | :.::: | _ ___|_________.
/ .________/_|___ | ::::: | | |
/ l/ /_|______::::: : | |
/________________/ \____ _/_ .____________. _ _|_________|_
rOMAN! |____|/ .______/____\______ | : |
. /_____\ _________/ .___|________
. : . \________________/ __ _____\_____
| : ::::: /_________\ _____/________
_ _\___________|_ _ | `:::: : ____\_____________ /
. \ | / | c h a o s`: | / l/ /
-/- \_________|_ | i l: | /____________________/
/___ | | :...: | |
/ _|_ | h/p information | ________\
-/----- - /____|_ _ ezine |______________\_
. : :.... \
::: : .
: ::
. :
.
Chaos IL - Issue #6, 24/Dec/1998
~If freedom is outlawed, only outlaws will have freedom~
[ http://www.chaos-il.org ]
Chaos IL Issue Six Index:
~~~~~~~~~~~~~~~~~~~~~~~~~
01. ISSUE#6: Intro & News by morgoth
02. The "thruth" about Bezeq's extenders by The Inspector
03. Cellular Phreaking guide - PART II by phederal
04. Motorola-israel universal phreaking by mr_jones
05. ISDN NET: 64k to 128k by asi
06. Hacking the TRILOG VoiceMail systems by morgoth
07. How to set up 1800 #s (free toll) by morgoth
08. Novell Netware Exploits (SCHOOL) - PART II by phederal
09. Israeli cellular phreaking - volume 1 by toxid rage
10. Greetings *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
***
01. ISSUE#6: Intro & News
###### ## ## ###### ####### ######## #### ##
## ## ## ## ## ## ## ## ## ##
## ####### ###### ## ## ######## ## ##
## ## ## ## ## ## ## ## ## ##
###### ## ## ## ## ####### ######## #### ########
" Spreading H/P on the 972 scene "
! Issue #6 !
(c) Chaos-IL Foundation 1998
word up. a massive issue this time, with informative data from the high class
as always. as you know, I hate intros so lets just skip over to the important
shit and get along. I hope you'll find this issue useful for your knowladge
and vandalism, dont fuck with stuff you dont know.
Chaos-IL has been re upgraded and we are up to some new projects,
here is a part of our upcoming plan:
[ Project I ]
- The Chaos-IL FAQ 1997-98 -
----------------------------
Release note: Chaos-IL FAQ will include all the Frequently Asked Questions
regarding to hack/phreak material that were pointed to Chaos-IL
in the last two year. including thier answers, ofcourse.
Comment: If you have some sort of a question regarding to any Chaos-IL
material or beyond, mail your questions to morgoth@chaos-il.org
and they will be answered in a short while. plus, they will be
published on the FAQ.
Status: Constructions.
Release: Public
[ Project II ]
- The Chaos-IL Scanning issue -
-------------------------------
Release note: Chaos-IL Scanning issue will contain a detailed scanning results
of specific bezeq free-toll ranges (177-xxx-xxx, 1800-xxx-xxx).
the scanning results will include PBX/VMB/TONE/LOOP/ETC numbers
without thier codes/passwords. this issue will be an internal
release to Chaos-IL members only.
Comment: People who will scan, and donate us with new #s will get the
full issue after it is done.
Status: Half time constructions.
Release: Internal / private
NEWS! NEWS! NEWS! NEWS! NEWS! NEWS! NEWS! NEWS! NEWS! NEWS! NEWS! NEWS! NEWS!
* A new skilled soldier is joining the chaos, greetings to phederal.
* Some members have been removed due to inactivity for a long period of time.
if you become active again, please contact us asap.
- ANNOUNCEMENTS -
We are open for applications.
If you have any interesting information for us, and you are
* ARTICLES * willing to write an article about it or just to share the
information with us and let us handle it, contact the staff.
* MEMBERSHIP * currently, membership will be considered by the amount of
articles. if we want you to our membership, WE will get
in touch with YOU.
:
9
: n$X :
?L $$B :X
$B<: U$$$X :X!
7$$N$ <R$$$@ :W$E
T$$$i: @$$$& :u$$$$
C H A O S M$$$$: @$$$R :t$$$$* C H A O S
^%$_ 7"$$$:7$$$R:!@$$$*! _$%^
I L ~$$$N$*%_\9$$$/R$$!$$$*:/_%$$$$*~ I L
*$$$$$*WX!$N~$FtW#Xd$$$$$*
_ ^^^%$$$%%%%$$$%^^^ _
^^%%##%%#$$$%%%$%%$$$%^^
~~~~^:$$:^~~~~
X#
||
GROW MORE POT!
Contact info:
------------
* WEB: http://www.chaos-il.org
* IRC: #chaos-il, #972 @ efnet
* EMAIL: morgoth@chaos-il.org / main@chaos-il.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.0.3
mQFCBDZ80dQRAwDSr0IcD19T8AcXWx6iKKY7qjQ4ogulbsdXnRUaz828N9MH2MZJ
kipsGQqcTi5u/l0bXTZz2lb0JPJ5/b3kcwV5V7BOrDp9XPyRnq5drcXZhKAewzAC
87GI+KTeeFPHNVMAoP8iXYXre6f5eN5AEGcNpXT/E7eFAv99rLrFLKvu5Nmev1Iu
AZBm7EARNDQTEfOzUHe43SauYNwij0tePlJpAS7ILJmLiYGkG9RFdj6XTC1JWO3V
Inr6S3UbX8c2tQELXkrrwOSn9aIOyfBzEBuLvrbckVn2giEC/0hEf1+KBcVTB7UX
Ia77qAev3CLJ1Yu8Vuw2XdrGxQoDpwocRhRo35VdKnDVjngN/OrZ+WIcAmAcfgGI
LzpG/VDf4cJslL57cIYtUrBzGjv3GSW9BpK2NIQAT2Ys5f91zLQebW9yZ290aCA8
bWFnYXpuaWtAaXNkbi5uZXQuaWw+iQBLBBARAgALBQI2fNHUBAsDAQIACgkQYpqJ
41Z5CHnnkACdH6yxvh24CLpXhjtFn1PgXghKHKUAoJdlAjTxLRREcGB1Xupm4BcW
xZwQuQDNBDZ80dwQAwD7LARGMrQ6jeYzp80xqBeRI8k8ZTdLdZTZvkfUaYNrTs4t
2jrdQBnlpCZ5h4lxBYVfPsbIo0PVZXU4QJHpbOF0mtpvwV8mtH0B0pQIjpCfT5og
CW/jdbKpG4mAhW+FgYsAAgIDANc+eVBI0cFIDsnHZWJ8QMmrXnZXyGNmbMYWJqIc
jwFS5tIkbNBsz/QlqHlAvoZR54IfXYI6DtxZ4rTpLTzFW+naPRoDDAJ6jmyAQKw2
vi/hAZAgMyLjBCA456saC8SJ/4kAPwMFGDZ80dximonjVnkIeREC3kMAoId2h4rS
NMikZmc5I2fsY1MJdWeyAJ9jfPPA0RJ6IyUZGNveBEi1eAwN4g==
=qVSL
-----END PGP PUBLIC KEY BLOCK-----
_____________________________________________________________________________
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
[ THE MEMBERSHIP ]
[ -- Chaos IL Foundation 1997-1998 -- ]
* Primary Memberlist as of 01/11/98 *
morgoth......... < morgoth > ... founder/chief ..... morgoth@chaos-il.org
mota boy........ < m0ta_boy > .. staff ............. mota-boy@mindless.com
wackie.......... < wackie > .... staff ............. wackie@newmail.com
dr. jekyll...... < jekyll > .... staff ............. jekyll@acid.org
blue grass...... < bG > ........ member ............ shine-@usa.net
molotov......... < Molotov > ... member/webadmin ... molotov@dabronx.com
mr jones........ < mr_jones > .. member ............ mr_jones@hell.com
fourth horseman. < _4thm > ..... member ............ 4thm@<encrypted>
skade........... < skade > ..... member ............ skade@mindless.com
the errormaker.. < Emaker > .... member ............ emaker@the-pentagon.com
the trick....... < trick > ..... member ............ ttrick@yahoo.com
easy............ < Easy > ...... member ............ easy@<encrypted>
terminal man.... < termi > ..... member ............ terman@netlane.com
phederal........ < phederal > .. member ............ phederal@pbx.org
send applications/submissions to: morgoth@chaos-il.org
---
[ DISTRIBUTION ]
** Chaos IL Issues will be regulary available once released in the following
distribution boards and sites:
Section X +972-X-XXXXXXX X Nodes ILHQ *on hold*
Liquid Underground +972-3-XXXXXXX X Nodes MEMBER
ftp.mag.co.il /chaos_il/
ftp.fc.net /pub/phrack/underground/chaos-il/
ftp.auscert.org.au /pub/emags/chaos_il/
_______ ______ :_____ :___.___:
___\ / ____ _\___ \_______ | __/__ |___| |
| |__/_| /____/ _ _/ ___/_|____ | | _ |____
| | _ | | | | | | | | | | /_
| ____/| | |___|___| | |______| | |________|
= =|____|====|___|____|=======|_______|========|___|======== =
Chaos-IL Foundation 1998
***
02. The thruth about PBXs/Extenders
[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]][]
[] []
[] The thruth about PBXs/Extenders []
[] []
[] by []
[] []
[] The_Inspector []
[] []
[] ( the_inspector@usa.net ) []
[] []
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]
\\ (c) Chaos-IL Foundation 1998! \\
____________________________________________________________________________
NOTE! NOTE! NOTE! NOTE! NOTE! NOTE!
This article includes material regarding to PBXing and Bezeq, all of the
above information is *CURRENTLY* nothing more then an OPINION of a person.
which means, the information can't be judged as false or true.
____________________________________________________________________________
This article was written by The_Inspector, in order to help
all the PBX users ('PBXers') understand why Bezeq haven't
done a thing even though they're aware to the large
number of people PBXing.
DO NOT EMAIL ME ABOUT PBX NUMBERS OR PROGRAMS - I WILL
NOT REPLY!!!
= What is PBX?
= What Bezeq knows...
= Why haven't they done any thing
What is PBX?
PBX is a protocol used by some of "Nezeq"s computerized
services. It lets you "Connect" to another phone
number("Target") in certain Area Codes by dialing the
number at a certain point of the connection. Since the
PBX protocol is used on "Free" numbers - when you connect
to the target, the call is free.
What Bezeq knows
A whole lot actually. Since the protocol IS used by Bezeq
AND since it's the only phone company (which I wana say
Monopolises ALL telecomunication through-out Israel and
tries to do the same in the International area (Good Work
Kavey Zahav / Barak!!)) they have no problem tracing the
origin of the call and chargeing him for the call. Bezeq
IS AWARE of the PBX usage and they HAVE called some
houses demanding the immediate stop of PBX but still,
they have decided not to change protocols and/or remove
the PBX "exploit" (it isn't a bug actually...)
You might ask yourself "WHY?"
Why haven't they done any thing
The answer to that is very simple actually and includes
some real easy math that all of you can do:
When you call to a City-to-City call ("Bein-Eroni"), that
IS what PBX is doing EVEN if you're in the same area
code..., at the highest prices (08:00-18:00 Sun-Thurs.)
the counter ("Peima") changes every 12 secs. Each one is
30 agorot. So in "ONE MINUTE" you already have 5 Peimot =
1.5 NIS. Now since most people don't connect for one
minute, in ONE HOUR you have 300 Peimot = 90 NIS now lets
say you connect for ONLY 1 Hour everyday for a whole
month that gives you 2,700 NIS PER MONTH!!!
Now some of you might say "Hey, I'm not stupid - I
connect when it's much cheaper
(22:00+) I made the same math and got to some smaller
numbers BUT STILL in the thousands!!! (Remember either
way it IS City-to-City...)
Now with prices like this - Why should bezeq go and stop
this "Gold-Mine"?
Ofcourse they don't take any money for it now(atleast
when this page was published...) but we're forgeting IT
IS BEZEQ !!!! and if they know about it (and when they
called people it proved they do) it's just a matter of
time till they go and start traceing and sueing the
PBXers for Bezeq's "rightfully money". Now I made some
research and found out that legaly if they sue they
deserve ATLEAST the +/- 3000 NIS per month(and thats if
they're unusually nice and don't ask for a fine too...).
Now I got a friend that was connected for 2 months
none-stop except for a few-hours when he had to reboot,
re-connect etc.
Now one month = 720 hours... Lets say he was offline for
+/- one day and lets say he was online 700 hours each
month. Now, Just calculating the HIGHEST prices (without
the cheaper hours) gave me 10 hours a day = 3000 Peimot =
900 NIS PER DAY!!!!! Multiply that by 30 days and you get
a grand total of 27,000 NIS PER MONTH! And I was talking
about 2 months... =)
So as you can see the second Bezeq decides to sue for
ONLY what they deserve in Peimot - we're in big shit.
I ask another question: If Bezeq DOES know about it -
Isn't it misleading the public by not closeing this
breach? But that question is for the courts to prove...
Thats about all I had to say - If you have any
questions/comments - email me:
the_inspector@usa.net
_____________________________________________________________________________
03. Cellular Phreaking guide - PART II
********************************************
CELLULAR PHREAKING GUIDE - PART II
by: phederal
********************************************
(c) Chaos-IL Foundation 1998!
Introduction
~~~~~~~~~~~~
Greetings all, this is the second part of my Cellular guide book. PART I has
been first released on Chaos IL #3. This part will mainly deal around the
basics of the Cellular programming and the Cellular Digital System.
I hope you find it useful, this way or another.
== Basics ==
The main thing to remember about a cellular phone is that it is a
radio. It is basically like a hand held walkie talkie except with a cellular
phone you have alot more capabilities and can talk and listen at the same
time. Remember though that when you are talking on a cellular phone what you
say may and possibly will be monitored very easily. There are two main types
of Cellular Phones Analog and Digital.
1) Analog: On this the audio is modulated directly onto a carrier
2) Digital: On Digital, these are converted to digitized samples.
These are transmitted as 1's and 0's. Then it is converted
back to voltage so you get the audio signal.
Each Cellular Phone has to identify itself to its cell site before
service is allowed. They are identified by what is known as an ESN and a MIN.
1) ESN: This stands for Electronic Serial Number. This is a 32-bit
Binary Number if I am not mistaken.
2) MIN: Mobile Identification Number. This is the phone number of the
Cellular Phone. 10 digits including area code and all.
== Review of the Cellular System ==
The main system operating in the United States is the AMPS, Advanced
Mobile Phone System. The AMPS are composed of two different things:
1) EAMPS: This system has 832 channels.
2) NAMPS: This system has three times the amount with very clear
signals.
All these have 42 channels that are used to setup calls the rest are
for talking over the Cellular Phone.
4) What goes on during Cellular Calling.
Just imagine if you are stranded somewhere or possibly just want to
use your cellular phone to call someone. Have you ever wondered how it worked?
Why it worked? If so then I will explain how and why in this section here.
Enjoy!
1) Scan Channels: In this step the cellular phone scans for the
closest cell site near you so that you can get
the strongest signals possible due to your location
at the moment.
2) Choose Strongest: As stated above the cellular phone finds the
closest site to give you the best performance.
3) Send Message: The phone sends a short message to the cell site
verifying the MIN, ESN, and the number that you
have just entered to call.
4) Assign Channel: After verifying the above information and they
know that you are a legal paying customer, the
base assigns a mesage to your phone, telling it
where the conversation is.
5) Talk: Phone then gets on that channel and begins to ring. Then
you begin to talk like normal. The easiest step of them all.
== Cellular Cloning and Other Features ==
Cellular Cloning is one of the newest and more popular things going
on now a days. What you are basically doing is programming someone else's
MIN and ESN into your phone in the process of fooling your cellsite into
thinking that you are actually them. Is this legal? Well it depends on which
way you use it. If you use it to clone one of your own phones where you can
have two phones exactly the same then no, but if you are cloning someone
else's then yes it is very illegal. The philosophy of a cellular phone phreak
is to push the machines as far as they would go. The possibilites with a
cellular phone are practically endless. You can make one into a scanner as
well as many other things.
The first step of being able to do ANY of this is getting the cellular
phone into what people call test mode. This is where you can practically change
the whole phone's features. The main way to get into this is to crack the access
code. There is a good site that deals with that at the following URL:
http://www.radiophone.com They have great information. Another way to get a
cellular phone is by taking the battery pack off of the back and look in the
lower corner. Here you will see some little prongs, you can get a small piece
of tin foil and place it in the center of the prong like so: |*|
then put the battery pack back on the back of the phone. Then turn the phone
on and when you turn it on you should see an array of flashing numbers. If
so you are in luck because you are in test mode! :)
== Basic Test Mode Programming ==
This section will tell you what to do once you get into the test mode.
This part comes from 1996 Cellular Subscriber Technical Training Manual,
that was published by Cellcom-Israel.
I give full credit to them for this information. I am not going to include all
of it because it would take forever. Here are some of the basics. Enjoy!
32# = clear the phone
38# = displays the ESN
55# = test mode programming
01# = restart
13# = power off
16# = setup
18# = send NAM
34# = turn DTMF off
61# ESN transfer
That is jsut some of the very basics. Of course there is alot more
and if I ever write another article with Cellular Phones I will include some
more. Don't want to get very much ahead of ourselves. :)
== What kind of Cellular is Best? ==
There are different kinds of cellular phones for different kind of
people. Me personally I have experience so far with only Motorola. I plan to
get a Nokia soon. Nokia are very advanced and have many options. There is also
the OKI those have been stated to be good. The one that interests me at the
moment are these new ones that are Java based. If you would like to read more
about these go to the following URL:
http://www.nortel.com/cool/norteledge/edge298/N._IP_N.html
But as stated above many people like many different things, there is
also a new Motorla that is the IDEN I10000. These have two-way radio and
alphanumeric pager in one. These weigh in at around 5 oz. as well.
They also include: One touch call back, a speakerphone, and a multilanguage
operation that displays prompts in one to four different languages. For more
information on this you can call: 177-022-6099
(c) phederal [ phederal@pbx.org ]
EOF
_____________________________________________________________________________
04. Motorola-IL Universal phreaking
######################################################
## ##
## Motorola(IL) universal phreaking ##
## ##
######################################################
by mr_jones (mr_jones@dhp.com)
-> (c) Chaos-IL Foundation 1997-98 <-
One of the things I do when I get bored and cant find anything better to do
is play with my motorolas. As im sure you know, you can take a motorola
phone, and if its old enough, dump it into testmode, and listen in on
people. Hell, if the signal strength is high enough, you can cut into their
conversations and mess with them. That is allways fun. But what do you do
when the phone switches towers? How do you know what channel the phone was
handed off to?
"so how DO i mess with people's cell phones?" you may be asking yourself.
well... im gonna tall ya.
What im not gonna do is give you alot of unessicary information about cellular
that has nothing to do with the task at hand. =)
first, you need a motorola phone that was made before 1995.
it took them from the time they started making phones all the way up to 1995
to realize that people were eaves-dropping using their phones. so, they
changed the firmware in the phones to only work on certain channels, which
have no conversation on them... they use these channels for testing signal
strength god knows what else. just find yourself a phone made before 95,
okay?
for the purposes of this article, i will be speaking specifially about flip
phones. if you have a brik or a bag, consult the motorola bible on how to
get it to testmode.
- in order to tell if it was made before 1995 you need to know the firmware
version.
- in order to get the firmware version, you need to put it in testmode.
"how do i put it in testmode, siezer?"
- how you put it in testmode depends on the firmware version. (see step 1)
this means you have to do a few trial and errors..
on phones with firmware versions of 95xx (1995... xx'th week) or higher, the
code fcn 00**83786633 sto (spells TESTMODE) will put you in testmode.
95xx's basically have anything cool disabled, which means you cant clone it,
use it as a scanner, or anything of that nature. Therefore, if that code puts
you in testmode it is generally a bad thing. although, I have seen exceptions,
for example my 9449 brick uses that code....
if fcn 00**83786633 sto gives you nothing, its time to go find yourself a
peice of tin-foil. Take the battery off your flip, and there will be three
pins for the battery on the back of the phone.
in order from left to right, we shall call these pins pin 1 2 and 3.
take your foil and find and connect pins 2 and 3. slide the battery back on
and power up. you should see some flashing numbers...
you are now in test mode.
this is rather difficult at first, but you will get the hang of it.
what i like to do is fold the foil so that there is a little peice that
acually fits in the hole of pin2 and squeezes between the pin and the
plastic. the rest of the foil is long enough to hang out the back of the
phone when you put the battery back on, and wide enough to touch pin3.
I can pretty much do it on the first try now.
after you have fumbled with getting your phone into testmode, i suggest you
go download the motorola bible. there is soooo much more that you can fiddle
with than what im about to tell you.
Once in testmode, there are alot of things you can do, from identity
transfers, to messing with the battery indicator. let me list the relevant
ones for messing with people.
08# -- Rx audio on. turns on the receiver audio. all a cell phone is is a
ham radio with a computer attached to it.
07# --Rx audio off.
11xxxx# -- this lets you switch channels. every frequency has a channel
assigned to it. for example, you wanted to listen to what people
were saying on 880.86 Mhz... you would turn on your Rx audio and
enter 110362#. this command ignores preceding zeros, so hitting
111# is the same as 110001#.
1153# is the same as 110053#. you get the idea.
45# -- tells you the signal strength of the channel/freq you are
listening to. on most phones, this is a range from 0-100+.
On some flips, however, its a range from 0-50+. you figure out
which one your phone is. the highest ive ever got it is 110 on my
brick with a car antenna attached to it.
47x# -- sets Rx audio level to x. basically volume control. usually the max
is 15... see the motorola bible for more details.
-- 4716# ive found, keeps it at the last audio level... but makes it
so you cant hear the buttons when you press them. dtmf tones can
get irratating.
10# -- Tx audio. turns on the transmitter audio. You need this on to
turn on the Tx carrier.
09# -- Tx audio off.
05# -- Tx carrier on. If the signal strength is closeish to 100, you can
say things to people. the lowest ive ever been able to jump in
on is 75. i dont know how that worked. when your tx carrier is
on, all they can hear is you, not the person they are talking to,
so when you are finished talking, remember to turn the carrier off
so you can hear them go "who the fuck was that?!?"
06# -- Tx carrier off.
40# -- receive one voice channel word.... ill explain this and its uses
later.
so here we go...
--------------------------------* begin fucking with people *---
turn your phone on.... in testmode....
hit # to get you to the ' prompt
enter in:
08# to turn your Rx audio on.
10# to enable your transmitter.
11632# (or any other channel you would like)
4716# to turn off the button noise.. (optional)
sometimes them hearing the beepy noises are good, if you are
pretending to be an alien or somthething.
45# to check the signal strength
if its close to 100.... you can fuck with em.
if not, you can still listen.
pick some more channels if you'd like...
once you've found a stong enough signal...
05# "Fuck you bitch."
06#
... "did you hear that?"
... "yeah.... who was that?"
05# "we are CHAOS IL"
06#
..."what the fuck?!"
05# "i thought i should warn you...."
06#
..."how the fuck is he talking on my phone?"
05# "We are watching you"
06#
--------------------------------* end fucking with people *---
shit like that... sometimes it gets interesting if you pretend you are god..
or whatever... ive recorded some examples of me messing with people, but
those are on a super-secret URL.
what i like to do when recording is have 4 phones going. a flip to listen, a
brick to transmit,(makes it easier to hit buttons -- so i dont miss anything)
one just listening with the volume all the way up and a microphone over the
speaker, and one collecting 40# data.
in the course of eaves-dropping/messing with people you may encounter some
things that you might wonder about. for example, you can hear one person
talking, but not the other.... or you'll hear these wierd noises then all
of the sudden extrememly loud static.
ill go over the static one first.
when you talking on your phone, you are using a cell tower. (if you need
more info, go consult somewhere else). Anyway, when your phone moves about,
it switches you to the closest tower. when this happens, the channel you are
on is switched, too.
well.. the cell tower has to tell your phone what channel to switch to,
right? otherwise your call would be cutoff. How it goes about doing this, is
embedding data in the audio that tells your phone do stuff like adjust the
power level, or to switch channels.
well.... that's where 40# comes in handy.
in a nutshell, 40# listens for this data, and then displays it in hex
you hit 40#, and it waits for the data. You can get back to the ' prompt by
pressing the # key. when it gets it, it scrolls it across the display.
Truthfully, i have no idea what it means, but there's a way to extract the
new channel number out of it.
when you hear the wierd noise... and if the conversation is still there..
the phone you are listening to was sent a power adjustment command.
if you hear the strange noise, and the conversation is gone (loud static)
it was sent a channel switching command.
well... what you do now is take the number left on the display (3 digits
sould have scrolled by.) and write em down.
you should have something like this: 54e30c4
the first digit is junk. only the next 3 are important. disregard the rest.
so now you have 4e3.
take each of the digits, and convert them into binary.
4 0100
e (14) 1110
3 0011
next, concatenate (big word!) the 3 binary words: 010011100011
drop the first 2 bits 0011100011
take that whole thing, and convert is into a decimal. 227.
w00t! your new channel number.
dont ask me why that works, i have not the slightest idea, but it works.
well... at least most of the time.
unless you can do all that stuff up there in your head, you might want to
check out the program attached to the end of this file. (dont laugh at the
code, please)
Next up, is what to do when you can only hear one person on a line.
This happens when two people are talking on two cell phones.
im not going to go into this, simply because this file is long enough, and
is starting to stray off topic. but the basic gist of it is that you are
hearing one person's tx audio... and not their rx... to listen to the other
side, find the conversion tables and do some math.
either that, or there is a digital phone involved. if this is the case,
you'll have to wait for somebody with an analog phone to jump on the
channel. damn technology.
well thats about it. experiment. piss people off. make people laugh. do what
you'd like.
mr_jones
greets
------
emperor, morgoth, G0D, phederal and all of Chaos-IL !
_____________________________________________________________________________
05. ISDNnet: 64k to 128k
*------------------------------------------------------------*
ISDN-NET: 64k to 128k
by asi
asi@4u.net
*------------------------------------------------------------*
(( Introduction ))
ISDN net, first isp to provide ISDN services in Israel.
well, this is how it goes..
you order ISDN from ISDN net (process is about 1 month), you get:
(1) ISDN line
(2) ISDN modem
(3) ISDN account
as much as they can say that if you've ordered ISDN 64 you'll be able to use
only 64, it's not true. the line is 128k no matter what. so is the modem,
and the account, can't say for sure, but the way I've figured it,
they can't ban the option for you to log twice (or more).
ISDN net are way too stupid for an isp. :)
(( Usage ))
Well, in order to use ISDN 64k you enter inXX/yourusername and password as your
password. so I did a little research, and found out how to use 128k :)
follow these steps:
(1) Create a new Connection, choose one of the ISDN devices.
(2) Find the Multilink option, add the second ISDN device.
(3) Use Username: in128/yourusername, Password: yourpassword.
yes, that's it.. easy eh? :)
(( Risks ))
Well, a lot of ISDN net's users knows this 'trick' and use it..
nobody got over charged or anything, so I allow myself to say that there are no risks.
Enjoy. :)
done by asi / Chaos IL 1998.
(( END ))
_____________________________________________________________________________
06. Hacking the TRILOG VoiceMail systems
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! !!!
!!! HACKING THE TRILOG VOICEMAIL SYSTEMS !!!
!!!! !!!!
!!! by morgoth !!!
!!!! !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
÷÷ (c) Chaos-IL Foundation 1998 ÷÷
werd up y0. this document is more or less a nice little guide to acquiring
a voice mail box (VMB) on the computerized system called TRILOG.
unfortunately, I don't know too much about the company, but it may be
possible to order an official instruction system for this software if you
were to contact the company itself.
please excuse the "how-to" format I wrote this in. it was really the only
way I could write a text like this. not too much real theory in this, but
hopefully this will help revive VMBs in the scene.
ok. this article will deal with breaking into TRILOD voicemail systems.
I have been working with this particular type of voicemail for almost one
year now. after reading this file, I hope that you will be able to get into
your own VMB (Voice Mail Box) on a TRILOG system.
I am assuming that you all know what 'scanning' is. if not, this is
the basic concept: call as many numbers as you can think of, random or
sequential, to find interesting or useful numbers.
the first step to identifying a TRILOG is to listen for an automated
menu. this is usually just a recording of some lady in a noisy office telling
you what to press. if the message mentions a directory of names, you *MIGHT*
be dealing with a TRILOG. if you are asked to press [1] for the directory, it
is a pretty good chance you're at one. to be absolutely certain, press the
[#] key on your phone. if it says "Please enter your mailbox" you've found a
TRILOG. plus, some of the TRILOG boxes are greeting with a "WELCOME TO TRILOG"
so you'll be able to recognize them. (check the buttom for scanning notes)
so, once you find a TRILOG, write the number down and keep scanning until
you're satisfied. now it's time to get working. dial up your favorite TRILOG
number. enter [1] for the names directory. it will ask for a name of the
person you'd like to talk to. key in a common name like 'Smith' or 'Jones.'
It *SHOULD* give you a name and extension. if the system can't find the name
specified, just enter two or three numbers and keep doing this until you find
a name.
now, assuming that you have name and extension (the name isn't really
important), get back to the menu you got when you called. there is a nice
option in TRILOG systems that makes our jobs a hell of a lot easier. it's
called QuickMessage. at the greeting message, hit the [*] key to enter this
mode. now, lets say the extension you got for Aviv Cohen was 5593.
You may wish to check that you got his extension right. simply enter his
extension at the voice prompt and it will play his recorded name (uhm...
h'llo... This is Aviv Cohen.) and a nice lady's voice will say
'Recording...' followed by a short beep.
ok. you're sure that's him. now hit [#] followed by [*] to enter a new
extension. the reason for getting Aviv's extension was to get a general idea
of where the boxes are. so, at the voice prompt, enter in, perhaps, 5594. if
you hear a person's name, keep repeating the process until you find one
without a name. after entering, say, 5652, you hear nothing except for a
'Recording...' then you've found one of two things:
(1). a stupid gay ass who doesn't know how to record his name on
the system.
(2). an empty box! (wtf!?@#)
now, we're really hoping that you've found the latter. be absolutely to
write down all numbers you find like this. once again, keep scanning until
you think you've got enough.
you may think that hacking the box will be a problem, but that's where
you're wrong. the hard part is pretty much over. TRILOG's are fairly
consistant with their default passwords for empty boxes. hit the [#] key and
listen for the 'Please enter your mailbox' prompt. say you have a list of
possible empty boxes - 5632, 5633, and 5634. enter 5632 at the prompt. when
it asks for the security code, try one of the following:
1111 - very common default code on TRILOG systems.
1234 - used sometimes, not as common as the former.
9876 - about the same as 1234.
0000 - if all else fails.
if none of these work, the problem could be one of the two: the system
has a nasty default code set for their boxes (NOT likely), or the box belongs
to someone, but they were too stupid to record their name. if you believe
that your problem is of the former, try another TRILOG. the latter, keep
scanning for empty boxes.
well, let's move on now assuming you've gotten into a box. grEEtings!
TRILOG systems are menu-driven and easy to understand from the inside of the
box. below are a few functions that you can do when inside a box:
[5] - play new messages, skip to next msg
[3] - delete current message
[6] - send a message
[9] - exit the box
there are other functions, but as I can't remember ALL of them offhand,
once you're in a box, wait for the 'Ready' prompt and stay on the line. it'll
read off more options.
ok. so after reading this text file, you should now be one of the two
things: one level dumber for having read this, or now fairly knowledgeable in
how to hack a TRILOG. you tell me. call my VMB at the number provided at the
top of the page, or reach me at email morgoth@gmx.net, irc - morgoth @ efnet.
* Scanning notes *
to all the scanning p1mps of you, as to my experiance with scanning, TRILOG
systems can usually be found on the following ranges:
177-022-40xx
177-022-55xx
177-022-59xx
177-022-22xx
177-100-xx22
177-100-xx67
177-100-xx68
1800-022-xxxx --> this is a new range.
email: morgoth@chaos-il.org
_____________________________________________________________________________
07. How to set up 1800 (free toll) Numbers
+----------------------------------------------------+
| |
| SETTING 1800 (toll free) NUMBERS |
| |
| by morgoth |
| |
+----------------------------------------------------+
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
(c) Chaos-IL Foundation 1998!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
simple way to get an 1800 (toll free) number setup to any valid number
Intro:
------
1800's are the new toll free numbers for 1998. and since it is a new
exchange, there is a HUGE number of 1800 #'s available. if you would like
to get an 1800 ringing on any number, follow these few easy steps and if you
do it right, you'll either
A) get the new 1800 # on the phone
B) have to wait a few days (if the lady is a bitch).
now I cant gaurante that these are going to be risk free. but from my
expierences with bezeq, they will never really investigate it. I had an 177
ringing in on my home voice line for over 4 months, and after it went down,
I never heard a thing from bezeq. also, if you are setting a toll free
number up to a free internet provider, or a LD BBS, then no one is going to
know you did it anyway. just dont tell the sysop unless you know he wont
bug out.
if you set your 1800 up and sound believable to the op, chances are,
your new 1800 number will last more then 2 months. if you give it to alot
of people, and the 1800 is in use all the time, expect it to go down within
the week. a few times ive taken over a VMB system, setup tons of boxes (for
fellow h/p ppl) then setup a 1800 to the local VMB number. then i give
every h/p person im friends with a box. but they usually only last a week
or 2. its not advisible.
How to set them up:
------------------
to get the 1800 number setup you'll need the following information 1st:
(hint: its a good idea to get a valid company name, address and zip
when you are setting them up. if the company is big enough
they might just pay the 1800 bill and not notice :)
1) Valid Company Name
2) Your fake name
3) Valid Company Address (Street Address, City, ST, Zip)
4) The number you want the 1800 to ring in on
*5) (sometimes) a VMB to leave you a msg at
* = optional
call up 199, wait to hear the "Welcome to bezeq" msg
wait for a bitch to answer.
it is a good idea to setup toll free #'s Sunday morning, you will get
quickest setup time. when the op comes on (sometimes you'll have to wait a
few minz) tell her you want a READYLINE 1800. say you know all about it, (to
avoid the prices bullshit). say you need it expidieted. (which means do
it on the double) give her the company name, your fake name, address,
city/st/zip. she'll say hang on, ill try and get you a number. when she
returns, she will either say:
1> "Here is your new 1800 number . . . "
2> "Our systems are down now, can i call you back with your # later?"
if she says 1 then your in luck, ask her when it will be up. Say thanx and
bye.
if she says 2 say 'yes no problem, but i am out of town at the
moment" give her your VMB and box # (if any) tell her she can call you there.
it is good idea to ask what her name (for further abuse, or incase the 1800
doesnt go up for some reason).
morgoth@chaos-il.org
_____________________________________________________________________________
08. Novell Netware Exploits - PART II
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Novell Netware (Schoolnet) Exploits - PART II
by phederal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(c) Chaos-IL Foundation 1998!
_____________________________________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Novell Netware Exploits- How to use them to your advantage
by phederal (phederal@pbx.org)
Let's face it. Most people who own computers are idiots. software developers
make their software more "user-friendly" and easy to use. And the more
software is easy to use, the easier it is to exploit. Novell Netware is known
for being an easy-to-use platform that is very secure. I hope to show you that,
like every good program, it has its flaws. These flaws, if abused correctly,
can open up security gaps wide enough for doing whatever is it in your little
criminal minds.
-----------------------------------------------------------------------------
O v e r V i e w
1.) Why Novell Netware?
2.) The Basics
3.) Accessing Accounts
4.) Account Passwords
-----------------------------------------------------------------------------
W h y N o v e l l N e t w a r e ?
Novell Netware, owning 60% of the market share, is the most common
platform despite the tireless efforts of both Windows NT and UNIX systems.
Its extremely fast and reliable File\Print services are major strengths that
these systems are just now attaining. Netware systems are used because of
their easy-to-use but powerful environments which can tailor to the needs of
both system managers and copy-boys.
-----------------------------------------------------------------------------
T h e B a s i c s
The success of almost everything in this document depends on the way
that the network is set up. Not everything will work. In most cases, you
will need to know the version of Novell Netware that you are using. If you
don't know it, try running VERSION in the SYS:PUBLIC directory. You need
some basic knowledge on how a computer operates. Now, I know that very few,
if any of you are professional hackers. You wouldn't be reading this if you
were. This isn't the most complete Novell Netware article. I left out some
details that weren't practical either because they could only be used under
very slim circumstances or because they don't accomplish enough. This
document is centered around the intermediate or beginner hacker. Most of the
programs described in this document come with Netware. Any programs that
don't will be listed on the last page along with where to find them. I guess
what I am saying is to sit back and relax.
In Netware, there are common levels of security that are offered to
certain users. The security levels and your what you can execute within them
are listed below:
(1) Not Logged In - Very basic commands, usually programs in the
SYS:LOGIN directory
(2) Logged In - Basic commands and programs controlled by
trustee rights
(3) Operator - Basic access, control of print queues, a few
special commands such as FCONSOLE
(4) Supervisor - Full file system access, control of user
access, server configurations, and security
(5) OS Access - Console access, all NLMs and most commands
typed at the console run at this level,
partial file access, optional supervisor
access
Now, onto accessing the server. When logging in directly (a physical console),
versions 3.x and 4.x take two very secure measures. They both use packet
signiture and password encryption techniques. But, to log into the server
from a remote location using RCONSOLE (Remote Console), all thats required is
a single password. This is designed so that administrators can execute commands
as if they are actually at the server console. RCONSOLE establishes a session
with the server. This is the one major weakness of Novell Netware's security. Now, some of the techniques described in this
document won't work on 4.x versions. This isn't a problem, however, because
almost everybody still has 3.x versions. Those who do have 4.x versions
usually still have one or more 3.x servers still being used.
-----------------------------------------------------------------------------
A c c e s s i n g A c c o u n t s
As stated in the introduction, people are stupid. When Novell
Netware is installed, the platform creates a list of default accounts that
are used for a variety of different things. These accounts are can be used
as a user name and, without entering a password, provide you with access to
the server. Keep in mind, however, that smart administrators will have
disabled these accounts. The following is a list of these common accounts
and what Netware uses them for.
--------------------------------------------------------------------
SUPERVISOR - Default supervisor-equivilant account
GUEST - Default account for non-clients to use
ADMIN - Version 4.x uses it as a default
account with administrator eqivilance
USER_TEMPLATE - Version 4.x uses it as a default account for
testing security or client capabilities
LASERWRITER - Printing to a second server
LASER - Printing to a second server
HPLASER - Printing to a second server
PRINTER - Printing to a second server
PRINT - Printing to a second server
POST - Using a second server for e-mail
MAIL - Using a second server for e-mail
GATEWAY - Connecting the server to a gateway machine
GATE - Connecting the server to a gateway machine
ROUTER - Connecting the server to an e-mail router
BACKUP - Used to make tape backups of the server
WANGTEK - Used to make tape backups of the server
FAX - Connecting the server to a dedicated fax unit
FAXUSER - Connecting the server to a dedicated fax unit
FAXWORKS - Connecting the server to a dedicated fax unit
TEST - Temporary account usage
ARCHIVIST - Default account for Palidrome
WINDOWS_PASSTHRU- Supposably needed for sharing resources
without a password
ROOT - Default account for Shiva LanRovers that
allows for ADMINGUI command-line equivilance
CHEY_ARCHSVR - Default backup account for Arcserve
- Password WONDERLAND may be required
ALT-255 - Less common but works
NOT_LOGGED_IN - Less common but works
PC-CLAS_LOGIN_DO_NOT_REMOVE - Less common but works
--------------------------------------------------------------------
Now don't shoot yourself if none of these worked. There are other
ways to access accounts. If you want to access existing client accounts,
try going to the SYS:PUBLIC directory and running SYSCON. Go into User
Information and you will be able to view all defined accounts and their
user's full name. If this didn't work, try doing the same thing by running
USERLST.
If you are using version 4.1, you can use CX to get accounts.
When 4.1 is installed, the SYS:PUBLIC directory is added to the Root as a
Trustee. This means that the SYS:PUBLIC sirectory has browse access to the
entire tree. To utilize this, load all of the VLMs and run CX /T /A /R. You
won't even have to log in and will be given a list of almost every account on
the server.
Many accounts will use its user name as its password. This happens
when people act like idiots or when accounts are created for users that
aren't currently using them. These accounts can be view by using CHKNULL.
CHKNULL will only work if Bindery Emulation is on.
If none of the above methods have worked, don't bother guessing
accounts and passwords. Netware will ask you for a password whether the
user name you entered was valid or not. This can lead to disaster if
Inturder Detection is turned on. But, if you have a burning desire to do so,
use ATTACH to log in instead of LOGIN. At least, with ATTACH, you won't be
asked for a password if the user name wasn't valid.
-----------------------------------------------------------------------------
A c c o u n t P a s s w o r d ' s
If you've got an account, you're probably wondering how to get that
account's password. The files that store the passwords in Novell Netware
are located in different places in different versions. In versions 2.x and
3.x, every object and its properties are kept in bindery files. In 4.x,
they are stored in an NDS database. Accounts are bindery objects and their
passwords and user names are properties. The following shows where the files
are located for each version, the file names, and what attributes, or flags,
that they have. To access these files, run the Norton Disk Editor with a /M
parameter. Then, press F2 to view everything in hexadecimal format. Next,
press Ctrl-S to load the search routine. Enter the file name you're looking
for and you're done.
VERSIONS LOCATIONS FILE NAMES ATTRIBUTES
---------- ----------- ------------ ------------
2.x SYS:SYSTEM NET$BVAL.SYS Hidden System
NET$BIND.SYS Hidden System
3.x SYS:SYSTEM NET$VAL.SYS Hidden System
NET$OBJ.SYS Hidden System
NET$PROP.SYS Hidden System
--------------------------------------------------------------------
4.x In versions 4.x, the password files aren't as easily
accessible. They can only be viewed through RCONSOLE
using the Scan Directory option. They will then be
stored in SYS:_NETWARE and are as follows:
VALUE.NDS NDS Subpart
BLOCK.NDS NDS Subpart
ENTRY.NDS NDS Subpart
PARTITIO.NDS NDS Partition
MLS.000 License
VALLINCEN.DAT License Validation
done by phederal, chaos IL 1998.
-- phederal@pbx.org --
09. Israeli cellular phreaking - volume 1
-------------------------------------
--- ---
--- Israeli cellular phreaking ---
--- ---
--- volume 1 ---
--- ---
-------------------------------------
by toxid rage
-------------------
(c) Chaos-IL Foundation
What is it?
Cellular phreaking meanning is to do with the cellular things you
shouldnt be able to do usualy, such as changing esn/min.
What is esn/min and all the rest.
There are few terms on the cellular phones, here are the important ones:
1.MIN - Mobile identification number = this has two uses, one is to
identify you in the cellular Service provider's computer, and two
this is your phone number. this includes 11 digits, numbers only
in israel, pelephone(050) starts with 972, then prefix (0/1) and then
the phone number itself... 9720/1XXXXXX.
2.ESN - Electronic serial number = this is one of the most important
components of the cellular phone, because this is what identifies your
cellular phone of who he is. esn is not changable, unless you have a
burner, a device that can change the esn by sending to it specific
signals, device like that usually costs between 1000$-2000$, also
known as COPYCAT.
3.NAM - Number Allocation Module = the most basic thing on the celluar
which contains all of the information about the unit this includes the
Min, Acolc, SID, and all the rest, most of them, besides the ESN are
changable through the keypad, by entering a TEST MODE.
old cellular phones had NAM burnt on a PROM chip. today it is not.
ok enough about the terms.
what is cellular rechipping ??
cellular rechipping meanning burnt the CHIP inside the cellular unit
itself, and by that, being able to do whatever you want, such as making
a new software to it (menus, and all), some people who do rechipping also
enable in the software unlimited number of esn changes by keypad which
i will explain later why it is useful.
oh, and one more thing, a rechipping is made by a Computer mostly.
what is a copycat ?
copycat, is a device, that allows you to change only the ESN, the copycat
goes by connectors, out from its header to the socket of the cellular
and sends signals that change the HEX ESN into whatever you wish.
this thing is also based on a computer software, only that this software
is burnt on the device. ESN changing, btw, can also be made by computer
easily, depends on which model you are trying to do it.
old mobiles, 94 and so can easily be made using all kind of softwares, find
them on l0pht or something, its not a problem really.
what is ESN SNIFFER ?
a new thing came up in the last year, so i assume, it is an esn sniffer
meanning, it steals ESN and MIN numbers from cellular phones.
people who has a cellular phone nearby the device, will automaticly recieve
a NO-SERVICE led for 2-3 seconds, while the device sniff it, and than
will return to normal, and the esn/min are saved inside this device.
what is it good for?? suppose you have a old cellular you dont need, or
you just stole one or something, you rechip on it the esn/min you sniffed
and there, you have a free call device. this thing is made alot in israel
and for all i know its sold in about 150 nis or so...
Rechipping also can be done with a software, published in l0pht and
in radiophone, this one goes by a program and a ROM file.
you need to burn that file, which is a software, to the cellular.
ESN sniffer, btw, can also be made on an other cellular phone, again, by
rechipping its software from the CHIP itself. this thing is sold in about
3,000$ - 5,000$ for all i know.
some of you may have heard, that there is a possibility to burnt
cellular phone manually, by keys. well that is impossible. that is just
changing the MIN, and when both cellulars are on (the original and the dup)
than it will ring in both of them, and you can not put outgoing calls from
there. motorola is stupid, but not THAT stupid.
Cellcom, israeli digital company, are more smart, for example, they toke
then Nokia 2120, which is a NONE burnable cellular, and 1-time-chip.
meanning once you got it from the cellcom company, you can only use it
and not change anything but the MIN and some lame stuff, which wont help
a bit. there for, if you have a stolen nokia, shuve it.
Now to the more active part, i will explain some more interesting things on
The motorola cellular phone.
Motorola, one of the biggest electronic companys, has a unique software on
its cellular phone unit, that can allow you to do alot of things, such as
listening to specific phone numbers (MINS), as used in IDF.
you can enter a phone number of a specific person you want, and listen to it
how to do it? dont worry...
first of all, entering the Nam programming mode , there are couple of ways:
on the microtac elite, you have two options:
short the 6th and the 9th pin of the socket, using a connector or anything
that can connect them.
another way is the keypad, most comfortable way,. you have to write this
in a row(ya, most of you already know it...) FCN-00**83786633-STO.
on the startac, the only system i know is the keypads, (ofcurse, you can
do it by pins, but i dont really recall the pinouts for startac)
on the LITE II/CLASSIC/ALPHA/ULTA mobiles, you either short the middle
connector of the battery with the middle connector on the mobile using
an iron or anything that can short it, or again, the keypad...as written
above in the elite section.
the Brick phone (huge, but strong) you remove the battery, and in the upper
section, near the antenna, you short between the sixth(row 1 last of right)
to the seventh (row 2 first of the left), and turn on the phone, it will
automatically wake up in the test mode, and you will see numbers running on
the screen.
now, after you finished the first part, depends on which mobile you have
you will see numbers running over the screen, if not, return and start
it all over again. once you see those numbers, you press #, and you
will have a US ` on the screen, or something like that...
you are now in the main command line options.
from here you can control over the cellular as you wish,.
i will now show some examples, of the main things you can do here,
the main commands you can find , as i said , in l0pht, search for the
motorola bible, it is pretty updated.
here, # is a sort of ENTER, if you dont press # it is as if you didnt
send the command at all...
08# = Audio reciever on (usefull when bugging someone)
19# = Displays the software version number. also by year.
38# = Display current ESN number.
ESN, built by 8 hex digits, showen in series of 00 XX, 01 XX...
03 XX, 04 XX. the esn numbers are in the XX. * move to next, # exit.
32# = Master reset - resets the cellular phone, including memories.
55# = the main NAM programming. do not tuch it if you like your mobile.
in this NAM programming you have 16 options, i will now mention the
main important of out of them:
* will move to next option, # will cancel in the middle, to save
what you have changed, you must run with the * until the end(16)
01: SID - system ID, prefferd not to tuch this. - 5 digits
israel default is 08465
tip = if you want to drive your friends crazy, change this
to 00019, the mobile will be able to take out calls, not to
recieve calls.
02: Programming option - do not tuch (0-no/1-yes) - 10 digits
03: MIN - this is the phone number of the unit, also identified with
the ESN, in the Service provider's computer, if one of them dont
with the ESN/MIN written in the computer , than the cellular will not
function correctly (wont work...bah).
04: Station Class mark - 2 digits.
05: Access Overload Class - 2 Digits. (ACOLC)
06: Group ID - 2 Digits
07: Security code. this code is usually used by the motorola technics
when you have a problem in your phone,they use this code to access
your cell, in case it is locked. - 6 digit.
08: Lock code - this is the code that unlocks your mobile. 3 digit.
i wont go over the rest because they shouldnt be tuched with, and doesnt
make alot of difference anyways.
t0xidrage
______________________________________________________________________________
09. Credits & greetings
crypto, Manomaker, LSD, jizm, retro, Plex_inph, skade, BelowZero, rough,
bellboy, phriend-, tabi, _jobe_, retaliator, p-wInd0Wz, route, j_aka, _v9,
spi7fire, dead_rat, FrontLine, suspekt, _char_, toxidrage, d2_rN, Kombo.
* ALL chillers of: #972, #31337, #punx, #r00t, #chaos-il
* special thanx to the brotherhoods: skillz, r0x Crew, pX 1998, NoName
ALL of Chaos-IL Members
,
Ú ,g,___.,,Úg?Pü~ g¿,,,.
g.,gd$Pü''~``'4${ ,, ,,._ __..,, _.,._}$$$$%'
'ü4$$b, ' gÚÚ,.. :} :}"üP#g,. ,yPü~"ü4Py. ,gP'~"üü"~`
'$$$b. ~ü4$$4 }$ }$ `$$b: d$} }$b,%%}
:$$$% ~$$i _.,, iiÚÚ,, `4$%%%?W, ;$$} $$; ,
.}$$$P g¿,,,. .}$$b#Pü"}: Ã$~"ü4 `$$b.`4?g,,.,g?Pü` ;?W,.,,Úg?Pü~
,dPü"' .,._}$$$$%':d$$' $}g4: `$$$b. `~}}~`` `4?~``'4${
'' ,gP'``~"üü"~` ,$$P' iiü' .'Pü~' ,d$P'
'' .d$$' $} ,g, --IL d$$P'
'' '~ü4` :4g, `ü' .,,, {$$$
.. / `ü' '?${_.,, `üPb,
jizm#@ 'ü"~``'4g, ``
''
''
-[EOI#6]----------------------------------------------------------------------
(c) Chaos-IL Foundation
December 1998
