The $40 Hardware War Dialer
by Grandmaster Plague
Have you ever been on a pen-test, doing some reconnaissance or just poking around for fun, and thought about how great it would be to have a hardware war dialer that you weren't worried about using and losing? Well, here's the answer to your problems, and it's not as difficult as you might expect.
Overview
A war dialer is "a program that calls a given list or range of phone numbers and records those which answer with handshake tones (and so might be entry points to computer or telecommunications systems). Some of these programs have become quite sophisticated, and can now detect modem, fax, or PBX tones, and log each one separately."1
War dialers are especially useful for exploring PBX networks and probing a particular target for a point of entry that may have been forgotten. Traditionally, a war dialer is used from a computer. This could be from a PC at one's home, school, etc., or a laptop out in the field. Advantages to a PC are the virtually unlimited power supply, and the fact that you know it's not going anywhere.
Disadvantages to the PC are that one usually doesn't want the phone company to know you're dialing a thousand sequential numbers in a matter of an hour or so. Especially since they can trace you to where it's happening. If that happens to be your home or place of employment, you may not want the police keeping an extra watchful eye on what goes on there. So the other alternative is a laptop. Great, you can leave it be wherever you want and let it dial and collect all the data it wants while remaining relatively worry-free about the whole police/telco situation.
This also works great if you're testing a PBX and need it closer to the target (i.e., within the physical confines of the network). But doesn't this seem like overkill? Even a cheap laptop has a fancy color 12" LCD screen, a hard drive, a nice processor, and pretty good bit of RAM in it, not to mention network and video cards. And what if something happens while you're letting the war dialing software do its job? I don't know about you, but I don't want to leave my expensive laptop lying around for someone else to stumble upon and pick up while I'm waiting for results. Also, laptops are bulky. They're not exactly easy to conceal in those green TNI boxes while making their calls.
The Solution
The solution I propose has seemed obvious to many for years, but hasn't become economically practical until fairly recently. My solution includes three parts. A computer, a modem, and software. That simple. However, we're not just going to use any computer, modem, or software. We're going to use a PDA. Specifically, we're using a Palm V PDA. I picked one up on eBay with a hard case, cradle, and AC adapter for $22 (plus $10 S&H). The next thing we'll need is a Palm V modem. This I got after a little price-watch browsing from a company called Compu-America2 for $4 (plus $4 S&H).
Finally, we download TBA, the friendly Palm OS war dialer from the equally friendly Kingpin of AtStake (formerly the L0pht).3
So, we've got all three things now and it shouldn't take a genius to put them together. Hook up the Palm to your computer and load in TBA. Charge the batteries, take it out of the cradle, plug in the Palm modem, start up TBA, and you should be good to go as soon as you get a live dial tone.
Ideas
Now that you've got your $40 Hardware War Dialer ($22 for Palm plus $4 for modem, plus $14 S&H) up and running, what are you going to do with it? Well, just reading the TBA manual might give you some ideas.4
You've got a pretty small device (about 1/2" thick, 5" long, and 3-1/2" wide) that can be concealed anywhere. You could hide it in one of those green TNI boxes I was talking about, and with one end of the phone line stripped and alligator-clipped you have a perfect Beige Box war dialer. If you're worried about power, you can pick up an AC adapter for the modem for a few more bucks and plug it into the wall some where. The possibilities are endless, and hey, if you lose it or have it confiscated, no huge deal, right? You only spent forty bucks on it.
Alternatives
Sure, this isn't at all an original idea and it's been done before. I'm just trying to shed light on the fact that this can now be done easily and cheaply. I guess if you wanted to be hardcore you could hook up an external modem to a microcontroller and program the microcontroller yourself. However, there is still the issue of power (you'd either have to find a place for a battery or always plug it into the wall). Also, the cost of this would probably be prohibitive, unless you have a bunch of blank microcontrollers lying around and a development kit for them. You also don't have the benefit of having a neat little Palm V to mess around with after you're done. And, an external modem with a microcontroller looks pretty nefarious when it's sitting on a desk plugged into a phone line for hours, at least far more so than a Palm V.
Credits and URLs
1.) Definition from the Jargon Dictionary: info.astrian.net/jargon/terms/w/war_dialer.html
2.) Product page for the Palm V modem: www.compu-america.comlprodLG.jsp?prodId=f083b8fb22.1
3.) TBA can be obtained: atstake.com/research/tools/info_gathering
4.) The TBA Handbook: atstake.com/research/tools/info_gathering/tba_handbook.pdf
Hello once again Mary (Nary).