_________ SWAT MAGAZINE ISSUE FIFTEEN: MARCH 1999 __________ / \___________________________________________/ \ / LOCAL EXCHANGE PHREAKING \ / By =The-Doh-Boy= \ ----------------------------------------------------------------------- Engineer Line Testing --------------------- This is info I stole from a guide sheet for BT Engineers. It basically gives them a list of numbers which they can use for testing lines/recording line activity e.t.c. This can come in useful for the phreak intent on controlling certain aspects of someones line. Some of this may have been covered in other artices, but I think the stuff on ASU's is relatively new. Testing On System X ------------------- Subscriber Automatic Line Test (SALT) 175 - Voice read out of number, follow prompts 01 Dial test 02 Power down line (shuts line down for 3 min. also wipes ANI) 6 Partial recall 7 Full recall, returns adiministrative DT 06 Power down exchange (I've never seen it happen btw!) No response - New DT Cable Pair Identification 176 Followed by Full area code and number of line on which tone is placed. Should get NU Tone, this means succesful placing of tone on on line. Testing On System Y ------------------- Subscriber Automatic Line Test 175 - Fast engaged tone/interrupted dial tone Commands same as System X BT Linetest Facility This is a doosie of a number, it was covered in last months issue of SWAT so I am technically repeating this but........ 17070 - Read out number (if no CLI no readout) 1 For ringback, 2 for quiet line, 3 for fasttest, 4 for fasttrans, or clear down. 1 Rings back upon clear down 2 Gives quiet line for testing LN 3 Gives ring back line test, Line test, Cable Pair Identification e.t.c. 4 Recodring of test results Clear Down = Hang Up ASU's ----- OK so your asking what the hell an ASU is. Its basically the main control point for that local area code. Not all exchanges keep these in the range I am specifying but do some scanning and you should find them. ASU's allow switching engineers to control the main features of the switch from a remote fone. I don't have to spell out what this means for the phreak. ASU's in most exchanges are found at 9999 They should present you with a message requesting a pin. You may need to sleep with a BT employee to get one of these. You could war dial one, but for gods sake NOT FROM YOUR HOME FONE. Once inside you can check the volume of calls coming through the exchange, perform house cleaning tasks on the switch, mess around with lines. You name it. Hack one of these and you will become 31337. An interesting point I might like to make about these numbers is that they automatically step you up to or STD level. This means if you dial your local ASU you will be stepped up to National level. Find a break signal like on 175 (after ring back flash hook) then you can mess around on national lines for local rates. Fiddles ------- These are fixes put in the circuit by fraudulent engineers wishing to exploit their position. They hide these in the 17x range and they are unique to each exchange. There are only 10 numbers to look through. They are usually hidden behind NU tones or "sorry........" messages. Mess around on each number till you find a fiddle. You should be able to make free calls off these, or possibly access looped lines. Either way, corruption in a powerful organisation is inevtiable, ABUSE IT. If you find a fiddle and want to use it outwith your own exchange your going to have to either find a PBX in your area in the 0800 range or hook a black/beige/gold box combo and dial through that. CSS's ----- The Holy Grail of numbers. If you find this you will become more 'leet than Captain Crunch, Whistlin' Joe, Onkel Deitmeyer, and Alexander Graham Bell put together. You can do SHIT LOADS with this number. You can even check up on line records of any number in that area and see the caller log. There are dial ups on PSTN and over the net through a special BT server. I also believe there are dial ups on PSS/Featurenet. To find a CSS you may have to know a BT employee or if you don't it'll take LOADS of scanning, hacking, and heart attacks over your local exchange. Scanning in your local prefix is always a good bet. Exchange Dial Ups ----------------- Your local exchange WILL have a modem dial up on PSTN or PSS/Featurenet. Once you have found this you can access fun things. Tracing calls is rather easy from these. Changing Line status and so on is also easy. Weeuurd Stuff!!! ---------------- I found a severely weird number on a 373 scan I did myself. Its . Its exactly the same as 17070!!! Whats weird is that I can dial it from non-BT fones (including my Orange JustTalk) and use it to test lines (great for bieging) It'll probably die now that its in the Public Domain but hey! why not share. Wrap up ------- Thats all I know on the subject of local exchange phreaking at the moment. Maybe I'll learn more and update you on it!!!