United Phone Losers
UNITED PHONE LOSERS E-ZINE
issue no. 30 - October 8, 2008
this issue edited by linear

INTRODUCTION

Oh, hello there.

It seems this issue is a little late - uh, my bad. It's been over three years since the last release, and over six years since the last "authorized" release. Issue number 28 was taken over by our very own Rob T Firefly, whom I have given a stern talking to, and rbcp of Phone Losers of America took over issue number 29. In retaliation, the UPL infiltrated PLA headquarters  and sabotaged PLA Radio #18.  Impressed? I bet.

Those of you reading along in HTML, be sure to take a glance at the .txt version of the issue, for nostalgia's sake. We gave the ASCII format a new look, and changed the 80-character max to a 125-character max, since no one in the whole fucking world still has their monitor set to 640x480. Those of you already reading the .txt version... what the shit are you doing?! It's 2008!

Anyway, We're all old as fuck now, and somehow we know even less than we used to. You kids with your crazy "eyepods" and "USB" ports and "TouchFlo technology" and computer monitors that DON'T give you cancer... it's all a bit too much to take in. But not knowing anything has never stopped the UPL before, so we're back, friends, for you. And I, linear, am here once more to serve as your rightful editor. It feels good, doesn't it? Like the first time you participated in an illegal teleconference or redboxed a paypho... wait, shit, you're all 14. You fuckers use Skype to have legal conferences and none of you even know what a payphone is. Fuck it... just... fuck it.

--- linear

TABLE OF CONTENTS

Introduction

ARTICLES

COLUMNS

PHRESH WAREZ

Announcements
Disclaimer


SHOUT OUTZ
jaded, bikr, murd0c, bex0, s1acker, Altalp, nova, graphix, SQ, jago, the phonelosers forum users, and the old school UPL and f0ur0ne0ne (RIP) crew. Free nawleed!

"...And again, the Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes. And if you don't understand, those tubes can be filled and if they are filled, when you put your message in, it gets in line and it's going to be delayed by anyone that puts into that tube enormous amounts of material, enormous amounts of material."

- United States Senator Ted Stevens (R-Alaska),
attempting to describe... something.

Cellular Phreaking in the 21st Century
Written by Phractal
File Under: Old Skool

Cellular Phreaking is alive and well in 2008. What exactly am I referring to? I'm talking about the ability to modify otherwise un-activated cellular handsets so they are operational on the Cellular networks and able to  make and recieve telephone calls. I would also consider Unlocking features normally disabled on the handset to  also be part of cell phreaking. Cellular phones each have hardware identifiers that act like logins and  passwords. For CDMA handsets, your login/pw is equivlant to your MIN/ESN. On GSM handsets, its equivlant to your SIM/IMEI. For this article I will only really talk about ESN/MIN based phones on CDMA 2G/2.5G protocols.

If you can modify the ESN/MIN or SIM/IMEI data on a handset to match a a valid account on a cellular network, the idea is that the Cell towers can't tell the difference between the handsets,ie cellular cloning. This has changed a little bit since the days of the Motorola MicroTAC and the OKI-900.

You often used to have to burn your own chips and replace them in the cell phones in order to achieve cloning, but that isn't really necessary today.

 I. Materials
  -] Cellular handsets
  -] Data Cables for handsets
  -] Microsoft Windows Computer
  -] Reprogramming software
  -] Linux installation (optional)
 II. CDMA Authentication
  -] Key Data Elements
  -] Authentication Calculation
 III. Cellular Hacking
  -] Cellular Carrier Wardialing
  -] Unlocking Features/Firmware Hacking
  -] Resources

 Cellular Handsets

If you're a real phreak you should have old cell phones lying around. But if you don't start collecting  as many old cell phones as you can, just for education purposes. But here are some brands you will want to pay attention to:
  • Audiovox
  • Motorola
  • Nokia
  • LG
  • Kyocera
  • Samsung
  • Sanyo

Get your hands on older models if you can, just make sure they aren't analogue only phones, as they won't  work. Try to get some cellular handsets that DO NOT have LCD screens, and have just monochrome displays. These phones hold their own in terms of battery life and operational life. They are also much less likely to have GPS built into them. More modern phones can work, but you must understand that the newer the phone is, the less likely some haxor has reverse engineered the hell out of it. Newer phones are also always equipped with GPS in them.

 Qualcomm note*

Look for a sticker on the phone that display "Qualcomm" or "CDMA by Qualcomm". With the exception of Nokia, all American CDMA phones use Qualcomm chips inside of them, which makes me think many inherent CDMA security vulnerabilities are linked to the way Qualcomm designed it's CDMA authentication.

 Data Cables

For alot of Motorolas, you can use just a simple USB cable, but for other manufacturers you will need to acquire data cables for the phone somehow. You may have to buy them from the manufactuerer. Just make sure that you can connect the phone to your computer via serial port or USB port. Often for older phones, you will need to use  the serial port. I know many of you haxors out there have leet new laptops that do not have serial ports. In that case you will need to pick up a USB/Serial adaptor. I use a Keyspan 19H and it works fine.

Sometimes data cables are very hard to come by, especially when they aren't being produced anymore. You can often cannibilze car charger cables, which for some reason usually have all pins present for data, while wall chargers usually do not. It is up to you to determine which pins correspond to serial pins. I've successfully done this with an old Motorola MicroTAC phone, but it's useless today since its an AMPS-only phone. I am currently working on this process with an Audiovox 9935 AMPS/CDMA phone, and if successful, I will publish more details.
   
 Reprogramming Software
   
Almost every piece of Cellular Repgrogramming software I've seen was written for Microsoft Windows.  There's a plethora of software out there for reprogramming all aspects of the cell phone, including the ESN.  The software ranges from Professional to looking like it was made in vb3. There is no universal place to download this software. They are like warez codes. You have to find those proggies yourself. The only places I can point you to are Usenet newsgroups and Cellular phone web BBSes. Best way to get it tho is probably thru trade with other phreaks, or write your own.


II. CDMA Authentication

 The key elements:
   
    -ESN
    -NAM1 MIN
    -NAM2 MIN
    -NAM1 SID
    -NAM2 SID
    -AKEY

NAM1/2 MIN and SID information can be reprogrammed from the handset or with reprogramming software, but usually will require an SPC and/or Field Service codes. The ESN can ONLY be be reprogrammed with software, and NEVER from the handset. The OKI 900 is the only phone I ever heard of that could be ESN reprogrammed from the  handset without a computer, but this was after replacing a chip on the phones circuit board. This can most likely still be accomplished with more modern phones, but its absolutely beyond the scope of this article.

The SID I have found reprogrammed to all zeros works just fine in almost all circumstances. The SID is  used to determine the home system of the handset, but in most circumstances, this is not required for  authentication. The next section will describe how the MIN, ESN and AKEY are used in a calculation that  validates the phone and allows access to make and recieve calls. Today, this can include access also for text messaging and mobile Web/Email etc.

 Authentication Calculation:

    At the Cellular tower, and on the handset, there is a mathmatical calculation that is performed using these pieces of data:

    MIN
    ESN
    AKEY
    SSD_A
    SSD_B
   
The AKEY is a 26 digit number that stands for "Authentication Key". This is an extra security measure  that was first introduced in AMPS systems to combat cloning.

There is a unique checksum that the Akey must follow that is related to the ESN. The Akey can be  displayed and changed with the right reprogramming software. The AKey must match the original phone if you wish to clone a handset on the same tower. Otherwise, to clone without changing the Akey you must roam out of the home system of the handset.

The two pieces of data SSD_A and SSD_B stand for "Shared Secret Data" and can be manually changed with software also, but these peices of data are automatically calculated from the Akey, so they are changed automatically when the Akey is changed. The Authentication calculation takes the MIN, ESN, Akey, SSD_A and SSD_B and comes up with an answer, which is compared to the answer of the same calculation done at the tower. If the two answers are the same, Authentication is successful.

 LEETER stuff.

Cell phones are like tiny computers these days, with an operating system and a file structure. The ESN is stored somewhere on all cellphones, as a file or in files. Common to most phones is a folder called NVM, this stores the NV Ram of the phone, which contains all kinds of goodies, namely the SPC/unlock codes.

 Linux Installation

For the ultra paranoid, I would reccomend that Linux be used in conjunction with an older CDMA v1 phone that has NO GPS built into it. As I said, ESN changing software is almost always written for Microsoft Windows, so you have to try your luck with Windows Emulators such as WINE, which work more than 50% of the time, especialy for the simpler hardware-brand specific ESN changers, but not so much for the broader "Universal" CDMA software.

Linux doesn't stamp software and its programs the way Windows does, or the way I suspect it does. If you plan to use Linux with the phone, you can add alot of the simpler older phones as regular modems as a /dev/ttySX device, requiring to special drivers. The phone sometimes does need to be plugged in depending on the brand, in order for it to be recognized as a modem, operating on battery power sometimes isn't enough. In order to further "de-brand" your computer, I would use

    # ifconfig hw ether <NEW MAC ADDRESS>

 from a root prompt to change all your MAC addresses, even though you won't be using any Ethernet cards, they could still identify the hardware on your computer.

III. Cellular Hacking

 Cellular Carrier Wardialing


One of the most useful things you can do with haxed cell phones is carrier wardialing. It is pretty  pointless to handscan unless you dial the numbers by hand each time, because any automating dialing done with computer software will put the phones into data mode, which sets up the call to be a carrier call, and mutes  the cellular speaker, you cannot hear the modem activity the way you can with an old-fashioned POTS modem,  so you won't hear any of the phone calls during any kind of automated dialing or wardialing. Therefore,  the only kind of useful wardialing with a cellphone is carrier scanning.

Because Cellphone wardialing isn't historically common in the hacking/phreaking world, there isn't  really any adequite wardialing software that works with cellphones. Cellphones I have found will usually  data connect at 14.4 or 19.2kps Some models I believe will connect at higher speeds, but the way most cell phones work as modems is that they are actually emulated as POTS modems, which usually creates dynamic pauses that cause wardialers like THC or ToneLOC to hiccup and get caught up a few numbers into a scan. It can often take up to a full minute to dial each number.

I have had very limited success with the Windows wardialer PhoneTag, but I am working on a Linux  wardialer written specifically for scanning with a cellphone. While wardialing in this manner will probably take longer, it offers the privacy of being able to scan from any number of locations, or even even in motion,  versus carrier scanning on a POTS line, which weather its yours or not, you probably wouldn't want it traced back to your location.

 Unlocking Features/Firmware Hacking

Many carriers lock features put in by the hardware manufacturers in America. This is usually done with the intention of having you "pay" to have these features be unlocked, or pay EACH TIME you would want to use these features. One of the most common features that is locked are inbuilt Mp3 players and the ability to use your own custom ringtones at highly encoded mp3 bitrates. There are a variety of ways of circumventing these features, and I will refer you to the resources section to find information specifically for your handset brand.

Carrieras also feature specific software and firmware versions for certain networks (e.g. Verizon phones have Verizon specifig splash screens and Verizon software, Spring has sprint software on their phones, etc etc. Just because your handset has one specific carrier's firmware version does not mean that you cannot use the  handset on other carriers, especially since you can often flash the firmware to a different version. Again, a the resources referenced at the end will be your guiding light. Flashing carrier specific firmware generally helps when using features like mobile web applications and whatnot. Verizon uses BREW for their apps. Sprint uses Java. Correct me if this is no longer true. A lot of firmware images are haxed already for the cell kiddies.

I would heavily reccomend exploring the filesystem of cellular handsets using Hex Editors and SEEM  editors. This is delving more into hacking the phone itself and not so much the PSTN, but it is still very interesting. Look out for any folders such as /nvm/security or /nvm/secret and the $SYS.ESN file to get you started in dabbling into the software that makes up a cellular handset.

--- phractal

Network Neutrality Simplified
Written by linear
File Under: Team Activism

onE: Intro.
Over the past few years, the media attention that network neutrality once garnered has all but faded away. However, the threats to net neutrality are still very real, and those threats are putting the future of the internet as we know it in danger. Since it is important that we don’t let this issue (along with the beloved internetz) fade away, I wanted to offer this quick, very basic primer on net neutrality, where we currently stand, and where we go from here.


t0o: What It Is.
So one day in the not-so-distant future, you fire up your DSL connection, open your web browser (well, the browser of choice as determined by your ISP) and start browsing the net. But unfortunately, there’s not much browsing to be done. Your ISP, acting as a gatekeeper to the internet, has determined which sites and services are going to be available to you. Maybe you want to catch-up on the latest news and find out what’s happening around the world. Well, Fox Entertainment Group has paid a hefty sum to your ISP, making Fox News the exclusive provider of news available to all subscribers to your ISP. Don’t want your news delivered by Fox? Better shop around for a new ISP that has been paid off by a different news organization. Of course, there’s probably only one telephone company in your area to offer DSL, and the cable internet alternative doesn’t have much better service plans either (or maybe offers much worse!). And it doesn’t stop at just news, but every potential service you’re looking for. The search engine you use, your email provider, image/multimedia sharing community, social network, etc. will all be determined by your ISP. Or maybe your ISP has set up a tiered pricing plan, and based on how much you’re willing/able to pay each month determines what you have access to (similar to cable/satellite television – the more you pay, the more channels you get). What about those private, independent, and/or personal websites (like phonelosers.net)? Well, those websites can’t afford to pay big money to your ISP, so they’ll be served to you a little more slowly. Well, that is, if your ISP decides to serve them to you at all. Sounds like a terrible vision of internet-future, doesn’t it? Well, the concept of network neutrality is what prevents this sort of scenario from happening.

The phrase “network neutrality” is a (relatively) new term for an old concept: no one should be able to regulate, control, or discriminate against content or traffic. The internet user should decide what sites he or she visits, what services are used, what applications they want, and how the user is able to connect. And when I say the concept is old, I mean it predates the internet itself, as far back as the late 1800’s. The concept was applied (and federally mandated) to the telegraph service. This made it so, regardless of where a telegraph came from, who it was going to, or what its contents were, all telegraphs were sent impartially and in the order they were received. This also applies to parcel shipping services, the telephone network, and all common carriers and public utilities.


tr3: Where We Stand.
Since DSL and dialup internet connections operate through the phone lines, they were initially subject to the federally mandated net neutrality concept that the rest of the telephone network was subject to (cable-modem internet services have oddly enough been exempt all along since they did not operate via the phone network). In 2005, the FCC changed the classification of DSL and internet services connected through the phone network, effectively making these networks exempt from network neutrality. This opened the door for telecommunications companies and broadband providers to start scheming about how they can provide service to their users in a way that benefits them the most (primarily in the financial sense), but in turn negatively impacts the consumer and the function of the internet as a whole. Not only is this sleazy, but it is a direct betrayal to these companies’ obligation to the consumer.

The issue has become a highly politicized one. Since the reclassification, numerous congressional proposals to enforce network neutrality have been made, most of them being defeated. Meanwhile, the telecommunications lobby, cable internet companies, and telecommunications providers in general are busy feeding misinformation to anyone who will listen. They’re going so far as to set up fake “grassroots” organizations to oppose net neutrality, such as Hands Off The Internet and NetCompetition. Both of these are conveniently funded by those companies that stand to benefit/profit the most from a lack of neutrality, are anything but grassroots, and serve solely to misrepresent what net neutrality is and what its proponents are trying to accomplish. Their intent is to prevent any attempt that would write network neutrality back into law, as it had been prior to 2005.

The debate rages on, and we are certainly not in the clear.


f0’: Is This REALY A Threat?
Certainly. Service providers’ and the FCC’s legal roles still have not been clearly defined, but already we are seeing big business taking advantage of the consumer. As a very real example, consider the fairly recent (October 2007) attempts of Comcast to prevent traffic generated by its customers through BitTorrent. This restriction was not limited to material thought to be in violation of copyright laws, but all BitTorrent traffic (including legal use). Customers were not informed of these attempts. Not only does this violate network neutrality, but without providing a means for the consumer to be aware of what to expect when purchasing services, it also subverts the notion of a free market (a free market can not regulate itself without an informed consumer – especially when they're uninformed against their will). And this certainly is not the only example of an ISP abusing its power.

Not surprisingly, Comcast is one of the major, most vocal opponents of network neutrality. The company has gone so far as to (admittedly) underhandedly block members of the general public (many of whom had gathered to speak against the company) from FCC hearings regarding Comcast's actions against its users. Comcast understands what the general public wants, but is trying to make sure that the decision-makers don't hear the public voice.


fi': Now What?
It might be a hard battle, but it's a battle we can win. The numbers are clearly in favor of an internet that is free and open. Here are just a few examples of what we can do to help ensure that we win the fight...

  • Contact your elected officials and make sure they support legislation in favor of network neutrality, such as the "Internet Freedom Preservation Act 2008” (H.R. 5353)

  • Sign petitions in order to ensure those making decisions understand public opinion on net neutrality, like the one found on the SavetheInternet.com Coalition's website

  • Spread the word about network neutrality and counteract the misinformation campaigns of big business!


SiX: Other Resources...
If you'd like to learn a little more and keep yourself up-to-date on the events surrounding the network neutrality debate, here are some websites I'd recommend as a starting point.


se7en: Closing
If you weren't already familiar with the concept of network neutrality and the threats against it, then I apologize for being the bearer of bad news. The good news is that it's not too late, and we can still help shape the outcome of the battle in a way that's favorable to the future of the internet and to us as consumers. I'll see you on the open, free, people's internet.


--- linear

Time and a Hacker
Written by Rob T Firefly
File Under: Get Off My Lawn!

Holy crap, I'm old.

As of this writing, I'm about a month away from my 31st birthday.  I'm looking at roughly a dozen years of active involvement in the public hacking, phreaking, phone-losing scene, after about four or five more lurking around in the background, quietly reading and doing.  As the chronometer flies, I've spent the vast majority of my life as a hacker.

How does one get to this point?  Gather 'round the rocking chair, kids.  Old Uncle Rufus is gonna tell you a story.

I've always been into tech, science, and related nerdery.  At seven years old I was already taking my electronic toys apart.  At eight I was even successfully putting some of them back together.  At nine, I was building my own battery-powered toys from scratch.  This is also about the time I got my own first computer, a TRS-80, on which I taught myself BASIC.

Fast-forward a number of years.  I was a teenager, clandestinely poking around on BBSes and other systems with a cranky old 286 box.  I didn't have much of a local scene to get into, so my favorite BBSes were scattered all over the country.  Long-distance phone calls were still stupidly expensive back then, but there were ways around that.  I could only tie up the phone lines when my family was asleep, so I'd spend entire nights on BBSes hoarding and reading all the text files I could, simply sucking in knowledge.  As I picked up on other skills like beige-boxing, I'd occasionally spend the nights creeping around the business districts of my town hooked to various phone lines on which I had no business.  I spent months of my life on end without sleeping through a single night; I'd pass out for a few hours in the afternoon when I got home from school, and wake up in the late evening ready to hack and phreak away until the Sun rose.

I was still a total loner, though, and not really a contributor to the scene.  It may seem strange to people who know me and my big mouth now, but I was a very quiet, shy kid.  Being a nerdy artist who loved computers and scifi and hated sports and booze was a capital offense in my townful of drunken jocks.  When I wasn't being beaten up by my classmates, I was being ignored by them entirely.  As a result, I was a pretty anti-social kid.  Even online, I almost never posted to message threads, I'd only read them in between downloading text files.  Those phone calls I was making were usually me pranking or otherwise ensuring the harassment of some of those people who made my daily life so miserable, silently exploring phone systems all over the world, or calling into underground teleconferences during which I wouldn't usually say much, just listen.

This was also about the time I discovered "Off the Hook" on my local radio airwaves.  It was strange; people whose names I'd only read in text files and magazines openly discussed stuff I knew about from my online life, and it was on the radio for anyone to listen to.  You didn't need a modem or even a computer, and it was more than a bit weird for me hearing such things invade the "normal" world.  Much like the teleconferences, I'd passively listen to the show, but I'd listen raptly.  Meanwhile, I'd regularly take my floppies full of text files - such as then-current PLA issues, always among my absolute favorites - to the library and print them out, binding them into loose-leaf books which eventually spanned several bookshelves.

Fast-forward some more, and I had finished school six months early by signing myself out and getting a GED, and headed into the real world.  The next couple of years saw me on an epic journey of heavy duty hermitage, rebirth, and self-discovery type stuff that doesn't really fit in a zine article like this, but which ended with me having a whole new outlook on things.  I was happier, healthier, and no longer the shy, quiet kid I had been.  In early 1997 or so, I settled into a new job and a new computer, and rediscovered some of my old favorites from the text file days, including the PLA.  Unlike the vast majority of the less fun zines, PLA was somehow still around and active, with even a website.  I noticed there was a discussion list available.  Finally, after all this time, I wanted in.

I didn't want to join up with my ISP's email address, so I needed a handle.  I had decided to leave my old handles on BBSes and online services behind and start fresh; I wasn't really that same person anymore, and had no use for the attached baggage.  I settled on "Rufus T. Firefly," the name of my favorite Groucho Marx character.  I dug using an "R" name like mine, as well as the inherent "RTF/rich text file" gag.  I grabbed a Hotmail address, and dove in with both feet.  By this point I was nearly 20 years old, and my real life was just beginning.

Before eventually being killed off by failing listserv providers and the rise of web forums, that PLA_discussion list would give birth to a bunch of weirdness and greatness, including this very zine you hold in your virtual hands.  It would also provide me the wherewithal to start attending my local hacker meetings and hacker cons, extending my life as a hacker fully into the real world.  I eventually substituted my real first name into my handle, and dropped the period after the "T," to have a name that was much more "me."

I sound like a real cane-rattler when I say stuff like this, but here goes anyway; it still bends my mind that there are now adults in the world who've actually grown up with the Internet as part of mundane life from the start; from my point of view, it's the Internet that's grown up with me!  As I have spent the past decade-plus as a contributing part of the hacker community, both online and offline, I've seen things grow and change in ways and directions I could never have imagined, and have loved every moment. In the world of technology, as with so many other worlds, the only real constant is change, and every new generation of hackers gets to hone their skills in a new and exciting environment.

The original phone phreaks of the 1960s were exploring unknown and forbidden aspects of the telephone system, something which the average people had always seen as "just there" and nothing to get all that excited about.  "What could be so interesting about the phone?" the average person might have asked. "People might as well be exploring and manipulating their household plumbing."  While society remained ignorant of their existence, the pioneers were interacting with massive switching systems, early computers, actual communications satellites in space, and each other in new and exciting ways.

The hackers of the 1980s were embracing the oncoming revolution of personal computing and all the new and wonderful possibilities and potential thereof, which average people saw as new, mysterious, and intimidating as all hell.  Computers were starting to pop up at major workplaces, doing things most people didn't fully understand.  People started acquiring home computers despite not knowing quite what they were for.  Hollywood catered to and illustrated the public's fear and uncertainty with films about computers destroying the world, computers fighting superheroes, even computers that fell in love with your girlfriend.  While hackers knew those sorts of things weren't likely to happen, part of the excitement lay in the fact that even the hackers couldn't be sure what *was* likely to happen.  It was great just being at the front of the ride.

One Internet revolution later, the hackers of the 21st century are once again dealing with something that is ubiquitous, mundane, and "just there" for most people, with the difference that we are no longer all that "underground."  The average person knows that there are things going on at many subtle levels that let their mundane computers do their job, and they are also acutely aware that there are those of us who not only know how it works, but know how it could be made to stop working, work better, or just work differently.  Nearly every running computer connects someone to the world beyond, and connects the world back to them in return.  People are using the Internet to conduct their most private business and communications, while making more of their lives public and open to scrutiny than ever before.  And nowadays, it's the hackers themselves that get to do unrealistic things in Hollywood films which ride the wave of public fear and uncertainty about what mysterious powers we may or may not possess over the things that surround us all.

Through it all, the basic elements of the hacker mindset have never changed.  The desire to explore, to learn about, to push the boundaries of, to make the best of, to explore the possibilities of, and to determine the future of the world around us has always been there, looking for the next exciting thing to play with.

On a personal level, things have certainly changed in my life.  I was intimidated as hell stepping into my first 2600 meeting, nowadays I run the official website for it.  I was awed and amazed listening to hackers discuss issues on talk radio, and now I'm one of those hackers discussing those things on that talk radio show.  I was overwhelmed by my first hacker convention, and now I speak at and work behind the scenes of the things.

At one time in my life, hacker zines were something I hoarded obsessively and absorbed every bit of data I could from while wondering about the adventurous lives their brilliant authors must lead.

Nowadays, at least occasionally, I'm one of those authors.

Thanks for reading!

-- Rob T Firefly
10-7-08
http://www.robvincent.net

Mobular IRC (IRC on your Mobile Phone)
Written by vixen
File Under: efnet #phonelosers

You all should be familiar with the ever-so-popular internet relay chat (or "IRC," as the cool kids call it). Most of us, in our years of IRC'ing, have experimented with the many IRC clients and the scripts that the kiddies have so kindly released to us for our enjoyment, but IRC'ing from your cell phone? As if IRC has not deteriorated our social lives enough as it is and shattered any chance we had at normalcy, but now we can take IRC wherever we go and get our fix on the run. Oh yes, it is a new generation of geekdom, boys and girls.

There are a few ways this can be accomplished, and a number of different applications that you can use. For instance, there is putty, k-IRC or the standard web-based chat servers (via web browser). However I am only going to touch on the one that I am most familiar with... jmIrc - or Java Mobile IRC. jmIrc is a Java based IRC client that lets users connect via browser (IE, Firefox, etc). jmIrc utilizes the use of windows, separating each status, channel, or query windows you may have open, making for an optimal experience.

If you can get to the internet on your cell phone, it is more than likely that this application will work for you. It should work on any cellular phone that supports MIDP 1.0 (Mobile Information Device Profile, which is a Java specification used on devices such as PDAs and our cell phones).

So how does this work you ask? Follow these simple steps and you could hold IRC in the palm of your hands.

First you need to download the jmIrc application to your cell phone. You can do this in a number of ways. I am using the LG Fusic by Sprint. Your phone may have similar options, so this could work for you. If not, just open up your internet browser, type in the address, and follow the simple download instructions.

So what I did was go to my Web Browser option and in the Search field I typed in: http://jmirc.sf.net/jmirc.jad and hit search. This should bring up a list of results. You will want to click on the External Web link. A list of web pages will be displayed. Select the first link, jmirc.sf.net. Your download should start, but I have run into a few problems when installing this application. If you get an error, scroll down the page and select View PC Version. A warning message will pop up saying the file could be unsafe, blah blah... etc etc... just click on Continue.    It will install... you can figure out the rest.

After you get it installed you are ready to IRC! Just run your program from the Applications folder (or My Content), set up your profile, and voila! You have the option to set up profiles for different servers, however you can only be connected to one server at a time.

Do I really have to walk you through the setup of a profile to get your ass on IRC?

Fine. Just for the fuck of it. Run jmIrc and go to Menu. Select Profiles > Menu > Add new profile. Here you can enter the name of your profile. We'll call this "efnet". Next, enter the nick you wish to use... "newb" will go here... enter in the server name irc.prison.net,  channel name #phonelosers. Now that we have that set up, you can select OK and connect... I really shouldn't have to spell this out for you guys. Fuck around with it, figure stuff out - you're hax0rs for Christ's sake, it can't be that hard, right?

Now you know the secret to IRC from your cell phone. Go, spread the word, tell all of your friends.

Disclaimer:
IRC'ing while driving may lead to accidents, injury and/or death, and UPL and its affiliates assume no responsibility and will not be held accountable.


--- vixen
phreak(dot)vixen(at)gmail(dot)com

Owning "Emily," the Bell Canada Robot from Hell
Written by handler
File Under: LOL, Canada

//handl3r [-at-] gmail [-d0t-] com
//August 2008

<file>
<intro>
Incase you haven't noticed Bell Canada has implemented a new (in)security feature to protect your account. When you call Bell at 310-BELL(2355) or 1-800-668-6878 you are greeted by the cthulu of automated systems, Emily. Not sure what I'm talking about? Call the number above and find out. Now back to that new security feature. Let's say you ask for billing, Emily will ask you for your phone number and then tell you about how she would ask you for a pin code or a password but instead you can verify your identity with your voice. In PLA Radio 17 RBCP showed how easy it was to trick Emily with a little social engineering. RBCP called his target and played the part of a library employee calling about overdue books. The phrase that Emily needs to hear to verify you as the rightful owner of the account is "At Bell my voice is my password." RBCP used book titles to trick the target into saying all the needed words. When pieced together and played back to Emily it worked! So the voice security sucks, why am I still blabbing on?
</intro>

<observations>
 Most phone numbers have not been activated with this voice "secuity" feature, at least the ones that I have called. If you find one of these unactivated numbers, Emily will ask you if you would like to activate the voice authentication. When you say yes she will ask you for a 3 digit code on the top right corner of the targets phone bill. So all you need to do whatever you want with the account is a 3 digit code that is printed on a piece of paper and mailed to the targets house every month.
</observations>

<method>
     Do I really need to explain this? Here is a hint, MAILBOX.
</method>

<conclusion>
Bell Canada is run by fools. Sure it is a lot easier to just speak a phrase than to remember a passcode but it is also a hell of a lot less secure. And using a code that is printed on the bill to set up the system is a terrible idea. What happened to asking for personal information like middle names or maybe the last four digits of the creditcard used for the last payment. Or even better, use a numerical password. Using things on the outside of your body for verification is horrible security. Fingerprints, Iris scans, and your voice can all be recorded and duplicated. A password that is stored in your mind is a million times better.

Someday they will learn...
</conclusion>

<links>
     PLA Radio 17 - http://www.phonelosers.org/pla-radio-episode-17-voice-authentication
</links>

//my first text file :D

--- handler


OMG HAX: Vandalizing Christian Singles (singles.org) Profiles
Written by jenn
File Under: Phreaks4Jesus



                       **    DISCLAIMER: The following is for informational purposes only. The    **
                       ** creation of this article should not be construed as endorsement of the  **
                       **         potentially hilarious misuse of the information therein.        **


The other day I performed a Google search when I happened upon a database for a Christian singles dating site.

I assumed the first field was the user name and the second field the password. But was wrong. :( Curious about how I could use the new found database, I signed up for an account. When editing my profile, I noticed my log in was included in the URL:

http://db.singles.org/cgibin/pullout.cgi?template=csu_update.htm&ads.login=cscp197595   <--- cscp197595 is my log in.

I changed the log in in the URL and omghax:

    http://db.singles.org/cgibin/pullout.cgi?template=csu_update.htm&ads.login=cscp197594

Not only was I able to edit other people's profiles, but their email addresses and passwords (which are likely shared  among accounts) were in plain view.

I previously used this so-simple-it-is-likely-to-be-overlooked method to view private data on MySpace accounts (Ref: http://www.thisisarecording.com/myspace/)

Shout Outs: Phone Losers of America message board (Where I originally posted this information before they got all responsible and baleeted it) phonelosers.org, omgitslinear for approaching me about writing this article and bringing back teh UPL (Thanks for your patience. :D), all the losers in #phonelosers, s1acker (Miss you, bro. :( ), Julie (Because I know you'll read this eventually XD).

If you enjoy this zine, you will probably enjoy my website of telephone recordings and other nonsense at http://www.thisisarecording.com


Defcon 2008 Aftermath
Written by RedBoxChiliPepper
File Under: Three Months Outdated

I went to Defcon in August. I left for the airport Friday morning and hung out there for a few hours. I stopped at an ATM to take out $300 for the weekend and the machine only gives me $280! I always thought it was stupid to count the money because ATM machines never make mistakes like that, right? But yeah, it kept $20 of mine. It was a U.S. Bank ATM so I called them and they told me to call PayPal since that’s the card I was using. PayPal emailed me a chargeback form, so hopefully that works. I’m not counting too much on getting my $20 back though.

defcon badgeI sat to the most talkative girl ever on the plane (really, she just went on and on and on to me.) and got into town just in time for rush-hour traffic. Arrived at the hotel and bumped into el jefe about 5 minutes later. Had drinks for awhile, then set off to find RijilV and Co. He was awesome enough to somehow get me a free badge so I didn’t even have to wait in line or pay.

We ate at Peppermill, I gambled $5.00 because Spessa ordered me to. I also have to share my winnings with her, which comes out to $0.00 each. We walked all over Vegas for an hour or two and then went back to the hotel.

On Saturday I woke up around 10am and walked to 7-Eleven for breakfast. I tried Dennys first, but there was a line out the door, so I settled for Hostess cupcakes and milk. I ended up trading 2 PLA t-shirts for other shirts that were being sold in the vendor area, which has always been my way of saving a few bucks at Defcon. Set out PLA stickers, media DVDs and business cards on an empty table. I also got the guy at Sticker Nation, who had a bunch of buttons on his table, to take a bunch of PLA buttons and sell those too. I think I gave him about 30 PLA buttons. Thanks, Sticker Nation guy!

At some point during the day, I was walking alone and someone passed me and yelled, “PLA!” Then someone walking behind me yelled back at him, “Cactus cactus!” As I rounded the corner into another hall, I looked back at him and told him there was no cactus here. He ended up telling me that he found the PLA when he heard it mentioned in a Nerdcore song. It was, of course, Trevelyn’s song called Blackhat Life where he mentions PLA Radio. This guy wondered what PLA Radio was, so he Googled it and seems to know a lot about us now. So thanks, Trevelyn, for bringing even more hapless people to the PLA.

Met hevnsnt from i-hacked.com and a bunch of other people in their Skybox. Went with RijilV & Co. to the Star Trek ride which was a lot of fun, even though I’m not much of a Star Trek fan. Was a really great ride, though, and I can’t believe they’re going to tear it all down after this summer.

Ended back up at the i-hacked.com Skybox a few more times and watched their live podcast. Hevnsnt gave me a cool badge with “RBCP” laser-etched into it which gave me a few free drinks. Drifted between the i-hacked party and the 303 party for several hours and met a ton of people that I hadn’t seen in years or that I’d never met in person before. One of those people was Skydog from Phreaknic who luckily didn’t punch me in the face for my phone stunt at the last Phreaknic I attended. He told me all about how he was on the floor, under their PBX system, trying to figure out how we’d messed up their phone service. He said I’m allowed back, but I have to be punished publicly, or something like that. I met Grey Frequency too! I didn’t even know she went to Defcon so that was unexpected.

I woke up pretty early on Sunday but didn’t feel tired for some reason. So I showered and got ready to wander around the hotel. But midway through shaving, I suddenly felt really sick and wanted to pass out and/or puke. I barely made it out the bathroom and fell back to the floor to sleep for a couple more hours. I think it’s been about 5 years since I was hung over. I got up later and went to Denny’s for breakfast. Felt a lot better after that. Attended a lot of talks throughout the rest of the day, mostly just so I could rest.

Rode a Limo back to the airport in the evening - between 7 of us it was $10 each. Pretty uneventful flight home. It’s always funny to see a billion hackers walking all over the airport, waiting for flights home. Got into Portland at 11:30pm and then home at 1:30am. And that was my weekend. Here’s a few pictures: http://www.flickr.com/photos/rbcp/sets/72157606674289675/ 

--- rbcp
http://www.phonelosers.org

Linux n00b Corner
Using wireless-tools to connect to wireless internet from the command line
Written by RogueClown
File Under: What's a Linux?

                        %*************************************************************************%
                        %                          NOTE FROM THE EDITOR!                          %
                        %*************************************************************************%
                        %     This section is a COLUMN. That means that, in the unlikely event    %
                        %  that UPL starts to be regularly published (just like the old days!@#), %
                        %   this would be a reoccurring feautrue in the zine. Though ideally it   %
                        %  will be regularly written by RogueClown, perhaps guest columnist will  %
                        %              also contribute. OH BOY I BET YOU'RE EXCITED!              %
                        %                                                                         %
                        %                            ---> linear                                  %
                        %                                                                         %
                        %*************************************************************************%

Sooner or later, it is going to happen. Maybe you will be on a computer that does not have a graphical interface installed for the wireless connection. Maybe the graphical interface on the computer you're using has become corrupted or somehow unusable, and you need to get on the internet to figure out how to troubleshoot the problem. Maybe you have an computer with so few system resources that you'd like to avoid installing a GUI at all, or install as few graphical programs as possible. Maybe you are just curious. Whatever your reasons for needing to control your wireless connection from the command line, the good news is that doing it is very easy, and requires learning only a few simple commands. The hardest thing about it is finding all of the information you need in one place, in a form that doesn't assume that you already know how to do it.

Before we begin, note that almost all of the necessary commands require root or superuser privileges. Make sure that you have these privileges, at least with respect to networking capabilities. Otherwise, your computer will not recognize the commands, and you will not be able to configure your wireless connection. If you do not have root privileges or wireless networking superuser privileges, consult your system administrator.

Making sure you have wireless-tools installed


 This tutorial covers basic wireless connection management using wireless-tools, a suite of programs that comes with most Linux distributions. If you are using a Debian-based distribution (Debian-based distributions include some popular  ones like Ubuntu, Xandros, Knoppix, and Damn Small Linux.  However, this list is by no means exhaustive; a quick Google  search for your distribution should tell you which core it is based on), you can check to see if you have the most current version of wireless-tools by opening up a terminal and typing the command:

dpkg -l | grep wireless-tools


This command looks at the list of all of the packages installed on your computer, pipes the list into grep, and lets it search for wireless-tools. If it does exist on your computer, it returns a line of text containing it, looking something like this:

ii wireless-tools 29-1ubuntu2 Tools for manipulating Linux Wireless Extens


This is from an HP Pavilion laptop running Ubuntu 8.04; don't be discouraged if it looks a little different. What matters is off to the left of the line of text: that it says that wireless-tools is installed on your machine. Odds are that it is installed already on your system, and you can skip to the next section and start learning how to use it. However, if it is not, and your computer is currently connected to the internet, install it by typing:

sudo apt-get install wireless-tools


If you are not using a Debian-based distribution, check your distribution's documentation to verify how to check for an installed program, and to verify whether your distribution has an automated package management system through which you can install wireless-tools. If your distribution does not have an automated package manager, and your computer does not have wireless-tools installed, download the suite at:


Read the included instructions, which explain how to install and compile the software.


Finding and turning on your wireless card


Before scanning for a wireless network, you need to find the name of your wireless card, and turn it on. To find the name of your wireless card, type the following command into your command line:


~$ sudo lshw -C network


lshw produces the list of hardware connected to your computer, and -C network filters the list to show only network devices. Find the entry that says description: Wireless interface; this is your wireless card. Look down several lines, and note the logical name of your wireless interface. Knowing the name of your wireless interface is important, because you need it to tell your computer which piece of hardware to configure and connect with.


Now, before you start connecting to a new wireless network, you need to make sure that your wireless interface is on and not still trying to connect to an old network from somewhere else. To accomplish this, type the following series of commands:


~$ sudo ifconfig [interface] down

~$ sudo dhclient -r [interface]

~$ sudo ifconfig [interface] up


This series of commands uses two command-line network configuration programs: ifconfig and dhclient. ifconfig allows you to configure network interfaces, both wired and wireless; the first command uses this program to turn your wireless card off. dhclient is a command-line program that manages connections to networks that use dynamic host configuration; a protocol discussed in a little more detail later in this article. The second command uses dhclient to release [-r] your wireless card from any IP address it had been bound to before. The last command uses ifconfig again, this time to bring your wireless interface back up. Now you're ready to scan for a network.


Scanning for a wireless network

wireless-tools has a useful utility called iwlist. According to the man page [accessible by typing man iwlist], it shows wireless networking information that is not accessible from iwconfig. What does this mean to you? Pertinent to getting your wireless working from the command line, its scan mode reveals wireless networks that your card detects. Type the following into your command line:

~$ sudo iwlist [interface] scan | less


and you will get a list of the wireless networks available. Make sure to pipe the iwlist scan into less, because usually the list is too long to fit on one screen. Piping it into less makes it a lot easier to scroll through; you can just use your up and down arrows.

If you're in a familiar location like home or your favourite coffee shop, then finding the wireless network is easy. Even when you use a graphical program to connect to wireless, it shows the name of the system. That name is called the "ESSID." wireless-tools gives you that same identifier. Look through the entries returned by iwlist, and find the one with the ESSID matching the wireless network to which you normally connect. The block of information with that ESSID is going to have everything you need to know--in fact, a whole lot more than you need to know--for connecting to the wireless network.

If you're in an unfamiliar location, don't despair. iwlist gives you plenty of information with which to select a wireless network. First of all, look at the "Encryption key" field; it will either say on or off. If it says “on”, that means it has a WEP [Wireless Encryption Protocol] key, a password to get on the network. If you're at a coffee house or another public place with WiFi, and the network associated with the location has a password, ask the staff for it. If you cannot get the password for any of the stray wireless networks around, then you can do the same thing from the iwlist results that you can from a graphical interface: look for unsecured networks. See which networks have "Encryption key:off", and among those, look for the one with the highest Quality [another field on iwlist].

Don't be shy about jotting down your interface name and ESSID, especially if you're new to doing command-line wireless configuration. Until I had memorized the syntax of the commands and the information for my favourite wireless networks, I always had to write that information down.

Configuring your connection to the wireless network

 Most home and public wireless networks use a protocol called DHCP: Dynamic Host Configuration Protocol. Instead of assigning a computer the same IP address to use for all time [as is true when a network uses a static protocol], the network assigns a computer its identifying details, including its IP address, when it attempts to connect. This is good news for you, since not only is it a little more secure than static IP addressing, it makes connecting to the network easier. Take the information that you gathered during your scan, and type the following onto your command line:


~$ sudo iwconfig [interface name] mode managed key [password, or 'off' if no password] essid [ESSID]


This command uses the program iwconfig, yet another part of the wireless-tools suite, to configure your wireless card to be ready to connect to the wireless network of your choice. The mode managed section of the command tells your wireless card that it is supposed to associate with a central access point that is offering wireless network services, instead of trying to connect directly with other computers in a network.


It is important to remember to always give a key instruction to iwconfig, even if there is no key needed to get onto the wireless system. Otherwise, if there was already a key configured for the wireless card's use, it will start giving that key to the wireless network that doesn't need one—and you will not get on the wireless network. Thus, if you wanted to use a wireless interface called eth1 to connect to a network called Homenet that doesn't use an encryption key, you would type the following:


~$ sudo iwconfig eth1 mode managed key off essid Homenet


Know also that if the ESSID has more than one word, you must put it in quotes. However, as shown above, do not put single-word ESSIDs in quotes. All ESSIDs, be they single-word or multi-word, are case sensitive. So, if you want to use interface ath0 to connect to a network called Robust Beans Coffee, with the encryption key cf1e94a35b, you would type the following:


~$ sudo iwconfig ath0 mode managed key cf1e94a35b essid “Robust Beans Coffee”


Instead of directly giving a key, which can be difficult to memorize, some systems instead give out an ASCII passphrase. In many cases, the systems administrator comes up with a phrase that the router converts into a hexadecimal code, the network key. Instead of memorizing the key, you can use iwconfig with that passphrase by prefacing the passphrase with s:. To use interface eth1 to connect to a network called allienet, with the passphrase lolrushas2bukkits@home, you would type the following:


~$ sudo iwconfig eth1 mode managed key s:lolrushas2bukkits@home essid allienet


After typing this configuration command, you have told your wireless card what it needs to know in order to find the network and ask it for a connection. You are not, however, connected to the network yet. To do that, you need to get your wireless card to ask the network for a connection. Type:


~$ sudo dhclient [interface]


This command should connect you to the wireless network. It will ask the access point to assign your computer an IP address. If it's successful, and the network binds your computer to an IP address, it will say on the screen:


bound to [A.B.C.D]


A.B.C.D. is your IP address on the network; it will be four numbers separated by periods. To make sure your connection works, go ahead and ping a website you know will be up:


~$ ping www.google.com


If the ping starts returning lines like this:


64 bytes from py-in-f147.google.com (64.233.167.147): icmp_seq=5 ttl=242 time=60.9 ms


Congratulations! You're on the internet. Hit ctrl-C to stop the pinging, and enjoy using the internet.


If your dhclient command makes multiple attempts to connect does not return the bound to message, and instead returns an error, you are not connected to the internet. Go back and make sure that you typed all of the commands correctly, and assigned all of the commands that needed [interface] fields to the correct name of your wireless interface. If you typed any of the commands incorrectly, start from the beginning and try again. If you typed all of the commands in correctly, then it could be a problem with the network. If you have access to any of the other networks shown on iwlist, attempt to connect to it. If you do not, contact the systems administrator.


Conclusion


Connecting to wireless from the command line using the wireless-tools suite may seem a little complicated at first, especially if you are unaccustomed to using the command line. But, after a few times going through this process, the syntax will come. It's fairly intuitive which programs do what, and it's a useful skill to have in case you need a wireless internet connection from a Linux computer without a graphical wireless program.


If you have any questions about the content of this paper, please e-mail me at adalia [-at-] weaknetlabs [-d0t-] com.

---> RogueClown
adalia[-at-]weaknetlabs[-d0t-]com



XF_UPL_DTMFENC.pl
Written by duper
File Under: Source Code Repository 

#!/usr/bin/perl -XF_UPL_DTMFENC

         my($n)=2;
        #shEWp4d00p <<=958`
       $n**=6;my$MF =[[+1209
      ,+1336,+1477, +1633],
     [+697,770,852, +941]];;
    my$kP=[[49..51] ,[52..54
    ],[55..57],[42, 48,35]];
    sub dial{for(my $i=0;$i
    <4;++$i){;;for( my$j=0;
    $j<4;$j++){;if( ($kP->
   [$i][$j]==ord(  
  $_[0]))){return  
  [$MF->[1][$i],   
  $MF->[0][$j]];   
 }}}}map{push@        ##%##%##%##%##%##%##%##%##%##%##%##%##%##
 {$_},(++$n)}@        #%#:.::::::::::::::::::::::::::::::::.#%#
 {$kP};cos(420        ###:'##.... ##:'########::'##:::::::::###
 &6)|7,print(q        #%#: ##:::: ##: ##.... ##: ##:::::::::#%#
 {keypad> }),         ###: ##:::: ##: ##:::;.##: ##:::::::::#%#
 my$s=uc(<>);         #%#: ##:::: ##: ########:: ##:::::::::#%#
 chop$s;for(          ###: ##:::: ##: ##:::::::: ##:::::::::###
 my$k=0;($k)          #%#: ##::::.##: ##:::::::: ##.::::::::#%#
 <length($s)          ###:; #######:: ##:::::::: #########::###
 ;$k++){my$Op         #%#::.......;:::..;:::::::.........::;#%#
 =&dial(substr        ##%##%##%##%##%##%##%##%##%##%##%##%##%##
  ($s,($k),1));
  print" ".@$Op[
  0];(());print"+"
  ."@$Op[1] Hz\n"}; $_[411]
    =('"X?2k"');%X= {a=>0x1
   ,w00p=>'eW33T!'} ;eval''
    ;for('B'.. 'C') {#duper
    ;eval;push(@$u, undef(
     ))};push((@u), rand);
     ;;select(@u);; #SxS#
      quotemeta[q{} ]#SS7'
        if($s=~/\S+ \`/);
          exit(0);


announcements


disclaimer

Seriously... come on. Think about it.

THE UPL ARISTOCRACY (FEAR!)

linear
Head of State, Editor
REHIRED

Rob T Firefly
Token Elder, Interim Editor
REHIRED

Phractal
Master of Historical Records 
REHIRED

http://www.phonelosers.net