_______________________________________________________________________________
        _   _                                                      _   _
       ((___))                                                    ((___))
       [ x x ]                 cDc communications                 [ x x ]
        \   /                      presents...                     \   /
        (` ')                                                      (` ')
         (U)                                                        (U)

                            BETTER HOMES AND BLUE BOXES
                           Part III: Advanced Signalling

                                by Mark Tabas -LoD-

                      >>> A CULT Publication......1988 <<<
                        -cDc- CULT OF THE DEAD COW -cDc-
_______________________________________________________________________________


(It is assumed that the reader has read and understood parts I & II before
proceeding to this part).

  In parts I & II, I covered basic theory and domestic singalling and
operators. In this part I will explain overseas direct boxing, the IOCC, the
RQS, and some basic scanning methods.

Overseas Dipect Boxing.

  Calling outside of the United States and Canada is accomplished by using an
"overseas gateway." There are 7 overseas gateways in the Bell System,
and each one is designated to serve a certain region of the world. To
initiate an overseas call, one must first access the gateway that the call
is to be sent on. To do this automatically, decide which country you are
calling and find its country code.  Then, pad it to the left with zeros as
required so it is three digits. [Add 1, 2, or 3 zeros as required].

Examples:

Luxembourg (352) is 352 (stays the
                         same)
Spain (34)   becomes 034 (1 zero added)
U.S.S.R. (7) becomes 007 (2 zeros added)

  Next, seize a trunk and dial KP+011+CC+ST. Note that CC is the three digit
padded country code that you just determined by the above method. [For
Luxembourg, dial KP+011+352+ST, Spain KP+011+034+ST, and the U.S.S.R. KP+011+
007+ST]. This is done to route you to the appropriate overseas gateway that
handles the country you are dialing.  Even though every gateway will allow
you to dial every dialable country, it is good practice to use the gateway
that is designated for the country you are calling.
  After dialing KP+011+CC+ST (as CC is defined above) you should"be connected
to an overseas gateway. It will acknowledge by sending a wink (which
is audible as a  and a dial tone. Once you receive internat-
ional dial tone, you may route your call one of two ways: a) as an
operator-originated call, or b) as a customer-originated call. To go as a
operator-originated call, key KP+ country code (NOT padded with zeros)+
city code+number+ST. You will then be connected, providing the country you
are calling can receive direct-dialed calls. The U.S.S.R. is an example of
a country that cannot.

Example of a boxed int'l call:

To make a call to the Pope (Rome, Italy), first obtain the country code,
which is 39. Pad it with zeros so that it is 039. Seize a trunk and dial
KP+011+039+ST. Wait for sender dial tone anf then dial KP+39+6+6982+ST.
39 is the country code, 6 is the city code, and 6982 is the Pope's number in
Rome. To go as an operator-originated call, simply place a zero in front of
the country code when dialing on the gateway. Thus, KP+0+39+6+6982+ST woulf
be dialed at sender dial tone. Routing your call as operator-originated does
not affect much unless you are dialing an operator in a foreign country
  To dial an operator in a foreign country, you must first obtain the
operator routing from rate & route for that country. Dial rate & route and if
you're trying to get an operator in Yugoslavia, say nicely, "IOTC
Operator's route, please, for Yugoslavia." [In larger countries it
may be necessary to specify a city].  Rate & route will respond with,
"38 plus 11229". So, dial your over- seas gateway, KP+011+038+ST, wait for
sender dial tone, and key KP+0+38+ 11029+ST. You should then get an
operator in Yugoslavia. Note that you must prefix the country code on the
sender with a 0 because presumably only an operator here can dial an
operator in a foreign country.
  When you dial KP+011+CC+ST for an overseas gateway, it is translated to
a 3-digit sender code of the format 18X, depending on which sender is
designated to handle the country you are dialing. The overseas gateways and
their 3-digit codes are listed below.

  182 ..... White Plains, NY
  183 ..... New York, NY
  184 ..... Pittsburg, PA
  185 ..... Orlando, FL
  186 ..... Oakland, CA
  187 ..... Denver, CO
  188 ..... New York, NY

  Dialing KP+182+ST would get you the sender in White Plains, and KP+183+ST
would get the sender in NYC, etc., but the KP+011+CC+ST is highly suggested
(as previously mentioned). To find out what sender you were routed to after
dialing KP+011+CC+ST, dial (at int'l dial tone): KP+0020000+ST.
  If you have difficulty in reaching a sender, call rate and route and ask
for a numbers route for the country you're dialing. Sometimes, KP+011+
padded country code+ST will not work.  I have found this in many 3-digit
country codes. Lexembourg, country code 352, for example, should be
KP+011+352+ST theoretically. But it is not. In this case, dial KP+011+
003+ST for the overseas gateway. If you have trouble, try dialing KP+00+
first digit of country code+ST, or call rate The IOCC.

  Sometimes when"you call rate and route and ask for an "IOTC numbers
route" or "IOTC operators route" for a foreign country, you will get
something like "160+700" (as in the case of the Soviet Union). This means
that the country is not dialable directly and must be handled through
the International Overseas Completion Centre (IOCC). For an IOCC routing,
pad the country code to the RIGHT with zeros until it is 3 digits. Then KP+160
is dialed, plus the padded country code, plus ST.

Examples:

The U.S.S.R. (7) ...... KP+160+700+ST
Japan (81) ............ KP+160+810+ST
Uraguay (598) ......... KP+160+598+ST

  You will then be routed to the IOCC in Pittsburg, PA, who will ask for
country, city, and number being dialed.  Many times they will ask for a ringback
[thanks to Telenet"Bob] so have a loop ready. They will then place the call
and call you back (or sometimes put you through directly). Some calls, such
as to Moscow, take several hours.

The Rate Quote System (RQS).

  The RQS is the operator's rate/quote system. It is a computer used by TSPS
(0+) operators to get rate and route information without having to dial the
rate and route operator. In Part II, I discussed getting an inward routing
for dialing-assistance and emergency interrupts from the rate and route
operators (KP+800+141+1212+ST). The same information is available from
RQS. Say you want the inward routing for 305-994. You would sieze a trunk
and dial KP+009+ST (to access the RQS).  Sometimes, if you seize a trunk in an
NPA not equipped with RQS, you need to dial an NPA that is equipped with RQS
first, such as 303. Anyway, after you dial KP+009+ST or KP+303+009+ST, you
will receive a wink () and then RQS dial tone. At RQS dial
tone, for an inward routing for 305-994 you would dial KP+06+305+994+ST. That
is, KP+06+NPA+exchange+ST. RQS will respond with "305 plus 033 plus". This
means you would dial KP+305+033+121+ST for an inward that services 305-994.
If no special routing were required, RQS would have responded with "305
plus" and you would simply dian: KP+305+121+ST for an inward.
  Another RQS feature is the echo feature. You can use it to test your
blue box. Dial RQS (KP+009+ST) and then key KP+07+1234567890+ST. RQS will
respond with voice identification of the digits it recognized, between the
KP+07 and ST.
  RQS can also be used for rates and directory routings, but those are
seldom needed, so they have been omitted here.

Simple Scanning.

  If you're interested in scanning, try dialing on a trunk, routings in the
format of KP+11XX1+ST. Begin with"11001 and scan to 11991. There are lots of
interesting things to be found there, as Doctor Who (413 area) can tell you.
Those 11XX1 routings can also be prefixed with an NPA, so if you want
to scan area code 212, dial KP+212+ 11XX1+ST.

  There, now you know as much about blue boxing as most phreaks. If you
read and understand the material, and put aside preconceived ideas of what
blue boxing is that you may have aquired from inexperienced people or
other bulletin boards, you should be well on you way to an enlightening
career in blue boxing. If you follow the guidelines in Part I to box, you
should have no problem with the fone company. Comments made by "phreaks" on
bulletin boards that proclaim "tracing" of blue boxers are nonsense and should
be ignored (except for a passing chuckle).

NOTE 1: CCIS and the downfall of blue
         boxing.

CCIS stands for Common Channel Interoffice Signalling. It is a signalling
method used between electronic switching systems that eminiates the
use of 2600Hz and 3700Hz"supervisory signals, and MF pulsing. This is why
many places cannot be boxed off of; they employ CCIS, or out-of-band
signalling, which will not respond to any tones that you generate on the
line. Eventually, all existing toll equipment will be upgraded or replaced
with CCIS or T-carrier. In this case, we'll all be boxing with microwave
dishes. Until then (about 1995 by current BOC/AT&T estimates), have fun!

If you have ANY questions about this text, please feel free to drop me a
line. I will respond to anl mail, messages, etc. Insults are also
welcomed. And if you discover anything interesting scanning, be sure to let
me know.

                  Mark Tabas
                    $LOD$

This text was prepared in full by Mark
Tabas for:

K.A.O.S.
Philadelphia, PA.
[215-xxx-xxxx].

Technical acknowledgements:

Karl Marx, X-Man, High-Rise Joe,
Telenet Bob, Lex Luthor, TUC, John Doe,
Doctor Who (413 area), The Tone Sweep,
Mr. Silicon, K00L KAT, The Glump.

References:

1. Notes on the BOC Intra-LATA Networks
   Bell System publication, 1983.
2. Notes on the Network
   Bell System publication, 1983.
3. Engineering and Operations in the
   Bell System
   Bell System publication, 1983.
4. Notes on Distance Dialing
   Bell System publication, 1968.
5. Early Medieval Architecture.



===============================================================================
 (c)1988  Mark Tabas and cDc communications                           1/1/88-32
 All Rights Worth Shit