STATION ID - 7047/3.12 9x Datakit Network FOR OFFICIAL USE ONLY This is a 9x system, restricted to authorized persons and for official 9x business only. Anyone using this system, network or data is subject to being monitored at any time for system administration and for identifying unauthorized users or system misuse. Anyone using this system expressly consents to such monitoring and is advised that any evidence of criminal activity revealed through such monitoring may be provided to law enforcement for prosecution. ------------------ i cant take any credit for the intelectual information in this article. it was all either looked up, or taught to me in one way or another. all this text is doing is arranging the information important for having a little fun with people. -siezer ------------------ Fun with a motarola or two. One of the things I do when I get bored and cant find anything better to do is play with my motarolas. As im sure you know, you can take a motarola phone, and if its old enough, dump it into testmode, and listen in on people. Hell, if the signal strength is high enough, you can cut into their conversations and mess with them. That is allways fun. But what do you do when the phone switches towers? How do you know what channel the phone was handed off to? I asked myself this question, and I found the answer in the Motarola Bible, section 5, called Hacking the FOVC. Ive included a program at the end of this file to aid converting the data, as described in the motbible. "so how DO i mess with people's cell phones?" you may be asking yourself. well... im gonna tall ya. What im not gonna do is give you alot of unessicary information about cellular that has nothing to do with the task at hand. =) first, you need a motarola phone that was made before 1995. it took them from the time they started making phones all the way up to 1995 to realize that people were eaves-dropping using their phones. so, they changed the firmware in the phones to only work on certain channels, which have no conversation on them... they use these channels for testing signal strength god knows what else. just find yourself a phone made before 95, okay? for the purposes of this article, i will be speaking specifially about flip phones. if you have a brik or a bag, consult the motarola bible on how to get it to testmode. - in order to tell if it was made before 1995 you need to know the firmware version. - in order to get the firmware version, you need to put it in testmode. "how do i put it in testmode, siezer?" - how you put it in testmode depends on the firmware version. (see step 1) this means you have to do a few trial and errors.. on phones with firmware versions of 95xx (1995... xx'th week) or higher, the code fcn 00**83786633 sto (spells TESTMODE) will put you in testmode. 95xx's basically have anything cool disabled, which means you cant clone it, use it as a scanner, or anything of that nature. Therefore, if that code puts you in testmode it is generally a bad thing. although, I have seen exceptions, for example my 9449 brick uses that code.... if fcn 00**83786633 sto gives you nothing, its time to go find yourself a peice of tin-foil. Take the battery off your flip, and there will be three pins for the battery on the back of the phone. in order from left to right, we shall call these pins pin 1 2 and 3. take your foil and find and connect pins 2 and 3. slide the battery back on and power up. you should see some flashing numbers... you are now in test mode. this is rather difficult at first, but you will get the hang of it. what i like to do is fold the foil so that there is a little peice that acually fits in the hole of pin2 and squeezes between the pin and the plastic. the rest of the foil is long enough to hang out the back of the phone when you put the battery back on, and wide enough to touch pin3. I can pretty much do it on the first try now. after you have fumbled with getting your phone into testmode, i suggest you go download the motarola bible. there is soooo much more that you can fiddle with than what im about to tell you. Once in testmode, there are alot of things you can do, from identity transfers, to messing with the battery indicator. let me list the relevant ones for messing with people. 08# -- Rx audio on. turns on the receiver audio. all a cell phone is is a ham radio with a computer attached to it. 07# --Rx audio off. 11xxxx# -- this lets you switch channels. every frequency has a channel assigned to it. for example, you wanted to listen to what people were saying on 880.86 Mhz... you would turn on your Rx audio and enter 110362#. this command ignores preceding zeros, so hitting 111# is the same as 110001#. 1153# is the same as 110053#. you get the idea. 45# -- tells you the signal strength of the channel/freq you are listening to. on most phones, this is a range from 0-100+. On some flips, however, its a range from 0-50+. you figure out which one your phone is. the highest ive ever got it is 110 on my brick with a car antenna attached to it. 47x# -- sets Rx audio level to x. basically volume control. usually the max is 15... see the motarola bible for more details. -- 4716# ive found, keeps it at the last audio level... but makes it so you cant hear the buttons when you press them. dtmf tones can get irratating. 10# -- Tx audio. turns on the transmitter audio. You need this on to turn on the Tx carrier. 09# -- Tx audio off. 05# -- Tx carrier on. If the signal strength is closeish to 100, you can say things to people. the lowest ive ever been able to jump in on is 75. i dont know how that worked. when your tx carrier is on, all they can hear is you, not the person they are talking to, so when you are finished talking, remember to turn the carrier off so you can hear them go "who the fuck was that?!?" 06# -- Tx carrier off. 40# -- receive one voice channel word.... ill explain this and its uses later. so here we go... --------------------------------* begin fucking with people *--- turn your phone on.... in testmode.... hit # to get you to the ' prompt enter in: 08# to turn your Rx audio on. 10# to enable your transmitter. 11632# (or any other channel you would like) 4716# to turn off the button noise.. (optional) sometimes them hearing the beepy noises are good, if you are pretending to be an alien or somthething. 45# to check the signal strength if its close to 100.... you can fuck with em. if not, you can still listen. pick some more channels if you'd like... once you've found a stong enough signal... 05# "Fuck you bitch." 06# ... "did you hear that?" ... "yeah.... who was that?" 05# "my name is the Watcher" 06# ..."what the fuck?!" 05# "i thought i should warn you...." 06# ..."how the fuck is he talking on my phone?" 05# "that Big Brother is watching you" 06# --------------------------------* end fucking with people *--- shit like that... sometimes it gets interesting if you pretend you are god.. or whatever... ive recorded some examples of me messing with people, but those are on a super-secret URL. what i like to do when recording is have 4 phones going. a flip to listen, a brick to transmit,(makes it easier to hit buttons -- so i dont miss anything) one just listening with the volume all the way up and a microphone over the speaker, and one collecting 40# data. in the course of eaves-dropping/messing with people you may encounter some things that you might wonder about. for example, you can hear one person talking, but not the other.... or you'll hear these wierd noises then all of the sudden extrememly loud static. ill go over the static one first. when you talking on your phone, you are using a cell tower. (if you need more info, go consult somewhere else). Anyway, when your phone moves about, it switches you to the closest tower. when this happens, the channel you are on is switched, too. well.. the cell tower has to tell your phone what channel to switch to, right? otherwise your call would be cutoff. How it goes about doing this, is embedding data in the audio that tells your phone do stuff like adjust the power level, or to switch channels. well.... that's where 40# comes in handy. in a nutshell, 40# listens for this data, and then displays it in hex you hit 40#, and it waits for the data. You can get back to the ' prompt by pressing the # key. when it gets it, it scrolls it across the display. Truthfully, i have no idea what it means, but there's a way to extract the new channel number out of it. I got this from the motarola bible. (again, for the 900th time, DOWNLOAD IT) when you hear the wierd noise... and if the conversation is still there.. the phone you are listening to was sent a power adjustment command. if you hear the strange noise, and the conversation is gone (loud static) it was sent a channel switching command. well... what you do now is take the number left on the display (3 digits sould have scrolled by.) and write em down. you should have something like this: 54e30c4 the first digit is junk. only the next 3 are important. disregard the rest. so now you have 4e3. take each of the digits, and convert them into binary. 4 0100 e (14) 1110 3 0011 next, concatenate (big word!) the 3 binary words: 010011100011 drop the first 2 bits 0011100011 take that whole thing, and convert is into a decimal. 227. viola!! you new channel number. dont ask me why that works, i have not the slightest idea, but it works. well... at least most of the time. unless you can do all that stuff up there in your head, you might want to check out the program attached to the end of this file. (dont laugh at the code, please) Next up, is what to do when you can only hear one person on a line. This happens when two people are talking on two cell phones. im not going to go into this, simply because this file is long enough, and is starting to stray off topic. but the basic gist of it is that you are hearing one person's tx audio... and not their rx... to listen to the other side, find the conversion tables and do some math. either that, or there is a digital phone involved. if this is the case, you'll have to wait for somebody with an analog phone to jump on the channel. damn technology. well thats about it. experiment. piss people off. make people laugh. do what you'd like. siezer mad greets to the following: substance -for 9x 9x -for 9x atrophis -for putting up with me over the years dtmf -damn the man foundation. i dont have the words to express. oeb and nancy -letting me live at their house for a week. fringe -getting me into cellular xram_lrak -giving me the idea for all this. infi -for helping me with my lame brain code. shoutouts: satori, oeb, infi, judas, spam, kow, nef, mka, fallen, hypomonk, zero, gman, havan, bob, atrohpis, effinay, honkey, adonis, trixtacy, stash, fringe, xram_lrak, segv. ---- lame code -------------------------------------------- cut here --------- /* quick little hack for 40# data conversion. its buggy and incomplete, but its usually pretty relyable. if you cant figure out how to use it, read the motarola bible. thanks to infi for binvert(), and for making hexvert() compatible with his binvert(). like i said, i have no skills. mad props to fringe and pimp ezines for hookin me up with the frequency conversion formulas. -siezer */ #include int hexvert(int HEX) { char temp[40]; sprintf(temp,"%c",HEX); return((strtol(temp,(char **)NULL,16))); } int binvert(int DEC,char *temp) { int i,dec; bzero(temp,40); if (DEC>=8) { sprintf(temp,"1"); DEC-=8; } else sprintf(temp,"0"); if (DEC>=4) { strcat(temp,"1");DEC-=4;} else strcat(temp,"0"); if (DEC>=2) { strcat(temp,"1");DEC-=2;} else strcat(temp,"0"); if (DEC>=1) { strcat(temp,"1");DEC-=1;} else strcat(temp,"0"); } double txvert(double tx) { double fr3q; if(tx<=0 || (tx>=800 && tx<=990) || tx>1023) fr3q=0; else if((tx>0 && tx<777)||(tx>991 && tx<999)) fr3q=(870+(tx*.03)); else if(tx>1000 && tx<1023) fr3q=(870+((.03*tx)-1023)); return(fr3q); } int main() { int i, len, chan; double rx,tx; char hex[4],temp[40],temp2[40]; int digit; int binary=0; /* printf("\ec\n"); */ /* clear the screen on startup. i commented it out so it works on * windows boxen */ printf("??? are lost in scroling. -'s are junk. just type in the X's\n"); while(1){ bzero(temp2,40); printf("40# data (???-XXX---): "); gets(hex); if(strlen(hex)!=3)printf("dont work like that\n"); else { for(i=0; i