dixing
Newbie
Karma: +0/-0
 Offline
Posts: 3
|
 |
« on: August 15, 2008, 10:19:34 PM » |
|
Hacking Mobile phone
-------------------------[Intro Q&a]--------------------------
Q: What is a cell phone?
A: A radiotelephone, running 3 watts, with the ability
to change channel on computer command from the central switch.
This happens when you travel thru the service area and your
signal becomes stronger at a neighboring cell base station.
Q: They are marketed as a high security device with no
possibility of anyone making a phoney call and charging it to
someone else, how can it be phreaked?
A: An understanding of the phone reveals that every time a call
is made, the phone number,an electronic serial number, and
other data is sent to the switch. If you were to listen to the
oposite side of the control channel as the call is being "set-up"
you would hear this data being transmitted to the switch in NRZ
code (non-return to zero). All one has to do, is record this
info and program the bogus phone to these params and a free call
is possible thru the switch.
---------------------[Getting to business]----------------------
.Behind the calling process. An intro to the magic numbers:
When a cellular phone makes a call, it normally transmits it's
Electronic Security Number(ESN),Mobile Identification Number(MIN),
it's Station Class Mark(SCM) and the number called in a short
burst of data. This burst is the short buzz you hear after you
press the SEND button and before the tower catches the data.
These four things are the components the cellular provider uses
to ensure that the phone is programmed to be billed and that it
also has the identity of both the customer and the phone.
.The Hack Begins
The ESN and the phone number (MIN) are the two primary identifiers
for any cellular phone. By changing both, the cellular carrier
will accept the call and bill it to either a wrong account or
provide service based on the fact that it is NOT a disconnected
receiver. It will also look at the other two components, in order
to insure that it is actually a cellular phone and to forward
billing information to that carrier.
Ok, this gave you some ideas didn't it? I should have guessed.
You're already thinking on how to change these two simple numbers.
The Station Class Mark can also be changed if you wish to prevent
the cellular carrier from determining the type of phone that is
placing the call. By providing the cellular tower with a false SCM,
the cellular carrier, the FCC, or whoever happens to chase down
cellular fraud is often looking for a particular phone which in
reality is not the phone they are looking for. For example, you
can provide the SCM for a Radio Shack phone, when in reality you
are using a Novatell (How this is done from changing the SCM I do
not know...remember...I didn't write this).
The Number Assignment Module (NAM) also has the SIDH (System
Identification for Home System) number programmed into it. Refer to
SIDH TABLE. The transmittal of the SIDH number tells the carrier
where to forward the billing information to in case the user is
"roaming". The SIDH table tells the major cities and their
identifying numbers. Changing an SIDH is programming job that
takes only minutes, but be aware that the ESN is still sent to
the cellular phone company. After they realize that the ESN is
connected to either a fake number or a phone that is not in the
network, they will block service. They only way around this is
to reprogram the ESN.
.Nams
Number Assignment Module - A 32 word by 8 bit PROM The NAM
contains all the information that can be programmed to the
phone directly from the handset. (i.e. SIDH,MIN,LOCK-CODE,etc.)
Ok. Now you've got an idea of what you can do with these so
called ultra-mega-secure-phones (Yeah, right)...
Continue.......
|
