ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ The International Information Retrieval Guild ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Presents ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ The IIRG Technical Journal Volume II, Issue 3 ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ July 15, 1995 ÄÄÄÄÄÄÄ / ÄÄÄÄÄÄÄ Editor: Thomas Icom ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ - In This Issue of the Journal - ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ The Cheesebox ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ////// ////// /////// //////// // // // // // // // /////// // //// // // // // // // ////// * ////// * // // * ///////// * Ä]à International Information Retrieval Guild ´[- OFFICIAL DISCLAIMER... All information in the IIRG Technical Journal is Member contributed material. The Publishers and Editors of THE IIRG disclaim any liability from any damages of any type that the reader or user of such information contained within this journal may encounter from the use of said information. All files are brought to you for entertainment purposes only. We also assume all information infringes no copyrights and hereby disclaim any liability or responsibility. IIRG Technical Journal is (C) 1995 by The IIRG IIRG and INTERNATIONAL INFORMATION RETRIEVAL GUILD is (C) 1982 Non-commercial reproduction encouraged. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ The Cheesebox ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ Design and Implementation: Thomas Icom ³ ³ ³ ³ Technical Quality Assurance: Mercenary ³ ³ ³ ³ Caffeine Administration: Žnuáis ³ ³ ³ ³ Shout Outs: CHN, Stormbringer, The ³ ³ l0pht, Emmanuel Goldstein, Chuck ³ ³ Hammill, RC, Bleach, Phractal, NESOG, ³ ³ and all you cyber-libertarians on the ³ ³ net (as well as others whom I can't ³ ³ mention right now). ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÚÄÄ¿ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ÚÄÄ¿ ³ ô Section 1: Background ô ³ ÀÄÄÁÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÁÄÄÙ The original cheesebox came to surface during the 60's. It was so named by Bell Security because the first device of this type that they found was inside a cheesebox. The cheesebox turned two phone numbers into a loop line. What this enabled one to do was communicate with another party without having to disclose either party's phone number. The first party would call into line one, the second party would call into line two, and the cheesebox would connect the two lines together, enabling the two parties to communicate. It was often installed in a phone cabinet, or at an apartment that was rented with an alias. Additionally, the cheesebox incorporated a black box circuit for each line. This enabled each party to avoid being billed for the call, and also acted as the switchook for the device. Other variations of the cheesebox, often called "CF (call forwarding) Boxes", or "Diverter Boxes" enabled one to call line one and receive line two's dialtone. These boxes are still available commercially; mated with an autodialer for use in a person's place of business to reroute calls to an answering service after hours. Plans for the original cheesebox were printed in YIPL/TAP during the 70s. Unfortunately, since they only work on Step by Step or Crossbar switches (due to the integration of the black box circuit into the unit), they are unsuitable for use in 99% of the country. In the mid-1980s, plans were distributed on H/P BBSes for a device known as a "Gold Box". The Gold Box was a diverter-style cheesebox. The schematic was drawn with ASCII character graphics, and difficult to interpret. Current versions of that g-file have either an unreadable or incorrect schematic. More recently, a seller of "specialized electronics" equipment has marketed the "Logos Box". This diverter-style cheesebox uses a single line with three-way calling to accomplish its function. The price, however, is out of the reach of many, and the requirement for the line to have three-way calling limits its use. (If there is sufficient interest, the IIRG will publish plans for a Logos Box and other surreptitious BASIC Stamp applications in a future Tech Journal.) ÚÄÄ¿ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ÚÄÄ¿ ³ ô Section 2: Implementation ô ³ ÀÄÄÁÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÁÄÄÙ This version of the cheesebox is based around the Parallax BASIC Stamp. This microcontroller was chosen due to its small size, extreme versatility, and inexpensive price. The use of a microcontroller also enables one to use a minimal amount of support hardware, as control functions are handled via software. There are currently two versions of software for this device. The first listing is designed to go off-hook as soon as a ring is detected on the primary (incoming) line. The second listing waits 30 seconds (The time can actually be any length up to 18 hours. That's one of the nice things about using a microcontroller.) after hearing an initial ring; at which time it will then pick up on the first ring of the next incoming call. The second listing is for use with a primary line that has an answering machine, FAX or similar device installed on it. Most auto-answer telecom devices require a minimum of two rings to activate. The use of a one-ring wake up feature makes it compatible with them. Picking up on the first ring will also defeat any caller ID device placed on the primary line. CID data is sent between the first and second ring. By picking up on the first ring, the data is prevented from being sent and subsequently received by any CID device on the primary line. The CID device will display nothing for that call. One should keep in mind though, that this feature should be used in conjunction with other caller ID defeating techniques; as it by itself won't defeat auto-callback (*69 in most areas) or call-trace (*57 in most areas). After detecting a ring, the device picks up the primary and secondary (outgoing) line. If the secondary line is not in use, one will receive the secondary line's dial-tone. If the secondary line is ringing at the time of seizure, the device will "answer" it. To the caller on the secondary line, this would sound like a regular phone call (alleviating some suspicion if instead the caller was just told to dial the number and wait in silence; thus indicating potential cheesebox usage). If the secondary line was in use, the caller into the primary line would be thrown into the conversation occurring on the secondary line. While this might prove to be interesting for PSYOP purposes, the use of this device in its current configuration for surveillance would be a poor choice, as the audio path would be two-way, and cheesebox picking up the secondary line would be as detectable as if someone picked up a regular extension (ie. a "click" would most likely be heard, and the line voltage would drop). Once the Stamp picks up the phone, line voltage is used to latch open the two 12V line relays. The Stamp then goes back to waiting for a ring detect again. When the caller on the primary line hangs up, the line voltage will drop to zero and the relays will unlatch. The cheesebox is ready for another call. When the Stamp is in its normal state, it draws 2 milliamps of current. When it picks up the phone, this goes up to 22 mA for about three-quarters a second. Under those circumstances, a 9V 600 mAh battery will last somewhere around ten to twelve days. This is extended by using the Stamp's sleep feature so that the Stamp only checks for a ring roughly three times a second; as opposed to a thousand times a second. When in sleep mode the current draw is only 20 uA (0.020 mA). This should extend the battery life to somewhere between twenty and thirty days, depending on use. ÚÄÄ¿ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ÚÂÄÄ¿ ³ ô Section 3: Hardware Construction ³Ã´ ³ ÀÄÄÁÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÁÁÄÄÙ The first thing you should do is read the manual that came with your BASIC Stamp programming package. It's full of useful information you will need to know in order to successfully complete this project. Hardware construction is pretty straightforward, due to a minimum number of components involved. The following will be required: 1 BASIC Stamp I Module with carrier board (available from Parallax) 1 BASIC Stamp Programming Package (Parallax) 1 Ring Detector Module, which consists of: 1 NE-2H Neon Lamp (Radio Shack #272-1102) 1 22K Ohm Resistor (Radio Shack 271-1128) 1 Photocell (exact type not important. I used one from Radio Shack's #276- 1657 package.) 1 .1 uf Capacitor (Radio Shack #272-135) 1 5V SPST Reed Relay (Radio Shack #275-232) 2 12V SPST Reed relays (Radio Shack #275-233) 1 1:1 600 Ohm Isolation Transformer (Radio Shack #273-1374) 1 560 Ohm Resistor (Radio Shack #271-1116) Hookup Wire Electrical Tape Electronic Tools (Soldering Iron, Solder, etc.) 4 Alligator Clips 1 Decent capacity 9V battery, preferably rechargable (such as the 600 mAh Radio Shack #23-229) The BASIC Stamp and Programming package can be ordered from: Parallax 3805 Atherton Rd. #102 Rocklin, CA 95765 916-624-8333 FAX: 916-624-8003 BBS: 916-624-7101 FTP: ftp.parallaxinc.com WWW: http://www.parallaxinc.com This should all fit on the prototyping area of the Stamp's carrier board, although some care should be taken as to placement. The one step that should be paid attention to is the ring detector. This consists of the neon bulb (with it's dropping resistor) and photocell. Take a length of electrical tape and wrap the photocell and neon bulb together, taking care that the leads of each component don't touch. You want to make this as light-proof as possible, a second layer/piece might be necessary. When this is completed, attach the dropping resistor to one of the neon bulb's leads and attach the neon bulb/resistor combination to the phone line. Attach an ohm meter to the leads of the photocell. You should get some high reading. Now ring your phone and watch the ohm meter. The reading should go down significantly. If it does, then your device works. If not, check the construction and try again. The exact readings are unimportant, you just have to get a high reading when it's idle and a low reading when it detects a ring. Once you have the ring detector working, you can attach it to the Stamp according to the schematic and calibrate it. Load up your programming software, attach and power up the Stamp, enter the editor and press Alt-P. When asked for the pin, input "0" (That's the pin you connected it to.) Hook up the ring detector to the phone line, and while the calibration routine is running; ring your phone. Write down the scale value that appears, you will need to put it in the source code at the appropriate place. (You should understand once you become familiar with the Stamp and see the source code.) After the hardware construction phase is completed, load up your programming software, and put one of the following pieces of source code in the stamp. ÚÄÄ¿ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ÚÄÄ¿ ³ ô Section 4: Software ô ³ ÀÄÄÁÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÁÄÄÙ Pick Up on First Ring Version CHEESE1.BAS: start: goto wait pickup: high 1 pause 1000 low 1 goto start wait: pot 0,xxx,b0 'xxx=The scale number received during calibration if b0>0 then pickup nap 4 goto wait Ring Once and Then Call Again Version CHEESE2.BAS start: goto wait pickup: high 1 pause 1000 low 1 goto start wait: pot 0,xxx,b0 'xxx=The scale number received during calibration if b0>0 then window nap 4 goto wait window: sleep 30 secheck: pot 0,xxx,b0 'See earlier pot command. Same number goes here too. if b0>0 then pickup nap 4 goto secheck ÚÄÄ¿ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ÚÄÄ¿ ³ ô Section 5: Operation ô ³ ÀÄÄÁÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÁÄÄÙ Operation is pretty straightforward. A nine volt battery is attached and the box is hooked up to two phone lines. The primary wires will be attached to the incoming line, and the secondary wires to the outgoing. When a call is made into the primary line, the caller will be switched into the secondary. When the caller hangs up, the cheesebox resets itself and waits for another call. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Editor's Note: It is mandated within the Declaration of Independence, and The Constitution of the United States that it is every citizen's responsibility to employ whatever means necessary to keep this country free. James Madison once said "A people who mean to be their own governors must arm themselves with the power knowledge gives." The great senator Barry Goldwater said "Extremism in the defense of liberty is no vice. Moderation in the pursuit of freedom is no virtue." Therefore, we believe that the use of techniques and/or devices described in this publication is justified in challenging the totalitarian bastards who consistently take actions to eliminate our rights of privacy and personal freedom guaranteed under the constitution, but only after all other means of dealing with these individuals have been exhausted. "When more than fifty percent of the people are breaking the law, there is something wrong with the law..." ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Comments and suggestions about this and future issues of the IIRG Tech Journal are welcome. Contact Thomas Icom at the IIRG WHQ, the Rune Stone, or via email to thomas.icom@iirg.com. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The IIRG Technical Journal (C) IIRG'1995 - May Odin Guide Your Way - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-