Jackel In The Box Redboxing Millennium Payphones By Jackel Disclaimer ********************************************************************** The information contained in this document is for educational purposes only and I take no responsiblity for any actions you may take with use of knowledge. So it's not my fault if you get put behind bars. ********************************************************************** 1. Intro As long as there has been red boxing, the phone companies have always looked for ways to stop the abuse of their phones, until the millennium pay phone came out; it seemed impossible to stop red boxers. In this document I will show you how to beat the so called "smart phone" and screw Telus about of a lot of cash. So have fun reading this and I hope you learn something. Cheers. 2. What Is Red Boxing? Red Boxing is playing the tones of coins into the handset of the pay phone to get a free call. In Canada the tones are: Quarter: 2200hz 33ms on 33ms off 5times repeating Dime: 2200hz 0.06ms on 0.06ms off 2times repeating Nickel: 2200hz 0.06ms on only once I have also red boxed with 3900hz tones, but I will get into that a little later. I have always found that bringing my laptop to a pay phone to generate the tones is very effective, especially if you don't know the exact amount of cash needed for the call (be careful, while using a live operator I have only been caught by the op once.) If you are caught, the best thing to do is hang up and walk away. If you require further red boxing, info please go to http://www.hackcanada.com. If you still can't figure out how to redbox, your life of phreaking will be short lived indeed. 3. The Millennium Phone The Millennium pay phone is the so called "smart phone" which tries to stop abusers with many different defense strategies. You may want to stay away from opening the phone up and tearing wires apart because an alarm will sound when the main power has been mucked with. Thats why this exploit is in the handset which will not set off any alarm, and if the pay phone is not visited by a Telus tech often, it will not be nessessary to perform this operation every week or so. If you do happen to set off a alarm by doing this (it hasn't happened to me yet) the best idea is to BOOK IT AND DON'T STOP RUNNING! Run away, phreak another day, or stay and pay (I am aware of how lame that saying is but it is very true). A common mis- conception is that Nortel owns the Millennium design but infact the Quortech Corporation does (thanks to Clone for that information). Smart phone or not, don't be intimidated by this phone it may be the most "secure" phone out there but it is still built by engineers that were on a budget. An engineer makes mistakes, but an engineer on a budget is a disaster. 4. The Millennium Exploit The exploit for the Millennium is a very stupid oversight by the developers of the phone (must have had a couple blondes on the team). If you have talked to any Hack Canada members before the release of this document they may have let you in on some aspects of the exploit. Yes it has to do with the power but every time I have tried this, I have never set off a alarm. You have a better chance at getting laid by Avril than you do setting off the Millennium alarm. First off you will need some tools: Wire Cutters Flat Head Screw Driver Electrical Tape (must be black!) Super Glue (optional) Gloves Busting open the handset will be a lot easier if you remove the ear and mouth pieces first. I have been told that using a clamp works well, but I just bang it against the phone and keep trying to open it. Once you got the ear/mouth pieces off, take the flathead screwdriver, go along the side of the handset where it was glued together and hit it. It should pop open rather easily. Once you got all of that done there should be anywhere from 4-6 wires in the handset... 1. For The Ear Peice 2. For The Mouth Peice 3. The Wire To Power Ear Peice 4. The Wire To Power The Mouth Peice 5. The Mute Wire 6. Unknown (let me know if you find out) The Mute wire is what you are looking for. Everytime I have done this, it has been a standard copper wire in a clear shell (it may not always be like this). As I said before dont worry about setting off any alarms with this exploit the power suppied to the wire is minimal. To save cash you will need to clip the wire and bend it back so the ends don't connect. After that is complete, get the 2 peices of the handset (hopefully there are only 2) and super glue them together. Make sure it is a very very close fit so you can get the mouth and ear peices back on. If you have completely destroyed the handset, use the tape to patch it together. Screw the mouth and hand peices back on. Now you are ready to redbox! Gloves: make sure you have these so that you don't leave fingerprints or anything of that sort on the phone. I doubt the cops will lift prints off the phone (it would be a waste of time because so many people use the phone), but better safe than in jail next to Bruno the axe murderer. 5. Red Boxing I will not supply you with a red box program - use the tones above to make one. I have used 3900hz tones many times which blows the mind because thats 1700hz to high. Try to use the 2200hz tones. The 3900hz tones work on the operators almost 100%, and on the machines 50% of the time. To red box you play the tones of the coins into the mouthpiece (something that every phreak should know, LoL). Sometimes you will get caught doing this by the operator, and she/he might report you to the police so just hang up and walk away. With the 2200hz tones, use 33ms spacing, but with the 3900hz tones use 30ms spacing. ** Note RED BOXING IS ILLEGAL AND IS FRAUD... IT WILL MAKE YOU A CRIMINAL ** If you do get nabbed by the police, they will most likely not know what you are doing unless a Telus tech is with them to explain what you were doing. If worst comes to worst, say you felt a need to trash the phone. The worst that could happen is a fine and community service. If that seems bad, just think you could have been charged with fraud! Your best option is to do this entire procedure at 2-4am, at a phone that's out of the way so you won't be noticed. Phreaking Tips: - Never Take Your Car With You - Bring A Bike / Skateboard / RollerBlades for quick get away - Be As Quiet As Possible - Bring a Laptop If Possible - Make Sure You Have Social Engineering Skills These tips are very basic and common sense. If you aren't able to do these (apart from the laptop) you shouldn't be phreaking yet. If you don't have these skills yet they are easy to aquire....please for your own good learn these skills before you even attempt anything you read in any document on hacking/phreaking. 6. Being Cautious If you are a veteran phreaker, chances are you have become quite comfortable red boxing or ripping open pay phones. You heard it from me; THIS WILL BE YOUR DOWNFALL! The minute you relax is the moment you get caught. If you do what is said in this document, you are guilty of vandalism, fraud, and probably a couple of other things. So always keep a look out and be aware of your area; have a escape plan, plan out what you will say to the Operator. And if a cop shows up, chances are you will be able to social engineer your way out of jail time and just receive a small fine. So for good reasons ph33r everything and everyone while doing this. 7. Conclusion As long as there have been phones, there have been people who have exploited them. Although it may not have gotten media attention until the late 80's. With recent "anti-phreaking" phones like the Millennium, it has made the simple things in life (like redboxing) that much harder. But as the corporations find new ways to screw over the phreakers, as well as the average Joe on the street, there will always be people like me and you willing to make them open their eyes and see that their services could be offered dirt cheap if it weren't run by people who only care about having million dollar houses. I hope you have had as much fun reading this as I have had writing it. Now go out there and FUCK TELUS UP! -Jackel Shouts: The Clone, Kankraka, Treephrog, steelethan, port9, lattera, Natwizz, Anarchy, The Entire HC Staff And Scene, NoSleep Magazine, Nettwerked. 09/03