Slashdot Mirror
New Boxes For Captain Crunch
Logic Bomb, standing in for a crowd of submittors, writes: "The New York Times has an interesting profile (free reg req) of John T. Draper, a long-time phreaker and hacker. He's had quite a career, but is probably best known for figuring out that a freebie toy whistle from a cereal box generated the right tone to make free calls at pay phones. It's an entertaining read."
As sachsmachin puts it, "Crunch is apparently trying to redeem his blue-box-filled past by working as a white-hat hacker in the Web security industry -- his company, "ShopIP," does OpenBSD-based firewalls." Draper is also well-known for writing the first word processor for the IBM PC, (EasyWriter) among other things.
when Captain Crunch used to be Donkey Kong Cereal? That was good shit.
In 1971, John Draper taught Steve Jobs and Steve Wozniak how to make blue boxes. They sold them door-to-door on the Berkeley campus.
Decades later, Jobs brings Apple back from the brink of despair by.. selling computers with coloured boxes!
This was also known as in-band signaling because the signaling tone was in the voice band (200 Hz to 3400 Hz). It is used to interface microwave based FDM (Frequency Domain Multiplexing) systems to PCM (Pulse Code Modulation) systems. The presence of the 2600 Hz tone signifies "on hook". Thus, dial pulsing was represented by 10 pulse per second interruptions of the tone and ringing was represented by 20 pulse per second interruptions of the tone. In essence, all the foreign exchange subscriber (FXS) and foreign exchange office (FXO) signaling functions were implemented with the tone. If the tone were sent *before* the called party picked up, that signified a WATS line call, a free call.
This caused a Friday afternoon crisis. We bought all the Captain Crunch we could find, since not all the whistles would emit a tone close enough to 2600Hz to activate the detector. We had to increase the selectivity of the LC filters by increasing their Q and increase the voice path cut delay.
Even after doing this, some people could inadvertently "talk-down" the connection. Women with mousy voices and old men who whistled through their teeth as they talked could knock down the connection. "Talk-down" happens when you send the 2600 Hz tone during the conversation, an inherent problem with this signaling scheme.
Wansu, th' chinese sailor
yuk yuk yuk
--
Never hit your grandmother with a shovel, for it leaves a bad impression on her mind...
- Explaining the problem to someone else.
- On a long car trip (commuting to work used to provide ample design time).
- In the shower in the morning.
Whereas those times when I've pounded away at a problem in front of a computer for hours on end tend to give solutions that work, but I'd hardly call them elegant or robust...Get off my lawn.
Mr Crunch is a shady character, and one I wouldn't trust with my Internet security. He's a complete joke to almost everyone in the scene, and most people consider him a pedophile. He was kicked out of several private parties at the last Defcon, and was generally ridiculed the whole weekend. Why does he get such harsh treatment from the scene? It's likely caused by the fact that he's much older (and looks the part) than almost any one else (with the exception of the outright insane 'Happy Hacker' Carolyn Meinel), and he acts like a cross of a hermit from a Monty Python sketch and grampa from The Simpsons. I'm not sure what the point of this post is. But it's probably something to the effect of: he won't get supported by the scene on his zany security endeavors because he's got no cred. Or something. I dunno.
# wrote sig.txt, 23 lines, 31337 chars
True, but wasn't it Draper who
figured out that it could be done with
cheap whistles?
I was immediately concerned that the actual captain on the cereal box was going to change when reading the subject. Further reading revealed no such trauma.
It wasn't "Captain Crunch" who figured out that you could make free calls with the whistle that came with the 'Captain Crunch' cereal.
Although he did claim it in the beginning, he admitted the truth after beeing called a lot of bad names for taking the credit from a group of blind kids that discovered this.
Today, he openly admitts, it were the blind kids, who figured it out, but has completely forgotten about that he tryed to credit himself with the discovery.
You can read about it here
--
Why pay for drugs when you can get Linux for free ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
username: dotslash
passwd: slashdot
Have fun...
--
Slashdot didn't accept your submission? hackerheaven.org will!
I crossed paths with him several times in the
late 70s and 80s at Apple/mac users' groups.
Seemed to be a reasonable guy with a few
eccentricies.
Not really. It's like leaving the door unlocked, but using a different type of key.
The 2600Hz tone dropped you to a trunk, basically. From there you needed a special tone dialer with access to the special tones. It was the same thing as standard DTMF except with different tones.
So all you'd end up doing if you whistled 2600 would be to drop the call. Only if you had a custom-made tone dialer, or (in later years) a PC, could you do anything.
The whole in-band signalling was a hack, to save them from having to reimplement a bunch of stuff. It tacked onto the existing system with a minimum of effort and was completely secure. Until someone found out what the tones were...
Cool. I didn't know you could 'pulse dial' with it.
Thanks.
"Whether black hats can become white hats is not a black-and-white question"
:)
I thought that was EXACTLY the kind of question it was!
These are 'live' concerns. Here in NoVa there are quite a few execs, and newspaper reporters, who read slashdot. This concern is one that many people in the industry have. Good post and good responses. These security concerns are ones we need to address. Many suits think that open source is less secure. Or, at least, that there is less opportunity to sue a vendor if a security flaw exposes vital data. Of course, the effects of UCITA needs to be explained to the suits. But WITHOUT flames. For the effect of flames on suits, and reporters, ask Jerry Pournelle why he (and many others) gave up on reporting on Apple.
Best Slashdot Co
For debugging, though, I agree; there's nothing like hardcopy and a big conference table on which to spread it.
Tom Swiss | the infamous tms | http://www.infamous.net/
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Isn't the article author, John Markoff, surrounded by controversy regarding Kevin Mitnick? I seem somehow recalling that Mr. Markoff engaged in a betrayal... it seems like so long ago. I can't remember the details, but there are those I know who turn up their noses at the mention of his name, muttering that this guy hosed Mitnick pretty ruthlessly.. Regards, Eric
I have an in-box pre-ordered PC (when I bought it the tape hadn't even been removed), complete with the manuals, disks, and little advertising plugs for upcoming software. One of them is a little black on light blue order form so you can order DisplayWrite when it becomes available. I think the date quoted was April or May, but I'm not really sure. Oh, an interesting note; On the invoice, MSDOS cost a grand total of $41.59, CP/M was nearly $300. Adjust that for inflation!!
.sig: Now legally binding!
So Captain Crunch is designing BSD firewalls eh? 5 gets you 10 they're invulnerable to everything... except a whistle at 2600 hz...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
You can bypass all the reg-required NY Times links if you notice that channel.nytimes.com has all the stories, but without the login prompts. Next, notice that channel.nytimes.com has a different IP address than www.nytimes.com and nytimes.com. Do a DNS lookup on channel.nytimes.com and add it to your hosts file, something like this:
208.48.26.223 www.nytimes.com
208.48.26.223 nytimes.com
There. No more reg links. channel.nytimes.com gives you a directory listing for the root directory, however, so you don't get a flashy intro page. But if you use their page at www.nytimes.com, you probably have an account there anyway.
Is code quality worse now that people are used to just sitting down and hacking it out?
Yes, much worse.
Debugging is done by the quickest and dirtiest method. It always has been, that's just human (and geek) nature. The difference is that In The Olden Days, it was so slow to do the compile, run, test cycle that you would make damn sure the program couldn't possibly go wrong first -- simply through laziness. It was easier to know about things like loop invariants, because it was so damned painful to compile anything. If a bug showed up, it was because you'd made a mistake (despite trying) - it wasn't just a case of "run it and see what falls out".
These days, pressing the button is quick and easy. If it compiles, throws something on the screen, and doesn't let the magic smoke out immediately, then it's "finished" (I'm telling you kid, it ain't). Very few people have any idea of whether their code is really bug-free or not, simply that it has shown no obvious bugs as yet. This is a very scary quality standard.
From the article:
It was an ideal situation," he said. "It forced me to get off the computer and think and debug my program."
I had a computer science prof who just couldn't seem to emphasize this enough--"don't just sit down at the computer and start coding away. It'll be a nightmare. You need to be away from the machine and think out your code before you start in on it, and sometimes it helps to get a hardcopy and review the code on paper when you're debugging. "
In this age, though, all the up-and-coming programmers, the college kids and such, have had no experience with programming that required a LOT more effort and thought--such as punch cards, time-limited use of a mainframe, etc. They sit down at their $400 eMachines and bang out some Java. Is there anyone here who can comment on this? Is code quality worse now that people are used to just sitting down and hacking it out?
Also--in the movie "Pirates of Silicon Valley"--even I know a good deal of that movie was exaggeration and pretty flashy things, but blue boxes WERE shown--what did a blue box look like?
Any URLs?
I'm honestly asking this stuff here. Thanks.
Angry IT woman in big clompy boots. And talking lint!.
Discovery Online has John Draper in their Hall of Fame. Gives some general information about him.
There's more information about him, EasyWriter, and his work at WebCrunchers.
Shortly after leaving prison, Mr. Draper was hired by Apple Computer, at a time when the company had only 15 employees. He developed a telephone-dialing card for the original Apple II computer. But Apple never marketed it for fear that it could be used as a powerful computer-controlled blue box.
Now that's a product that could have shaken the industry, at least in hindsight. How would the world of networking have been different if the world's most popular personal computer inn the early 1980s had shipped with a modem? Would we already have universal broadband by now? :)
http://freshmeat.net/projects/charities.cron/
Actually, your thinking about one of the blind kids he knew that actually clued him in to the whole whistle thing in the first place.
"We obviously need a new moderation category: (-1, Woo-fucking-hoo)" --Mr. AC
And don't tell me the code would be checked, because most code isn't checked at all,never mind sufficient to uncover something like this.
Doesn't openBSD do line-by-line security audits every six months? If they do, any backdoors would certainly be caught.
IIRC, BSD does an audit on any patches sent to them, they haven't had a remotely exploitable problem in over three years.
Just my two cents.
"This is not a company that appears to be bothered by ethical boundaries."
Attorney General Mike Hatch on Microsoft
... that we as a culture (a Geek Culture, of course.) should demand Cap'n Crunch as an ikon, worthy of veneration - that is, unless there are ikonoklasts in the /. world. Man... the things you come up with half an hour out of bed .
(I mis-spelled "icon" on purpose, BTW, to distinguish between the thing you click on, and the thing you worship. "Ikon" is from the Greek of the similar spelling (iota-kappa-omikron-nu), and denotes a thing worthy of worship. See Greek and Byzantine history for more.)
Geek Culture killed my dog/
and I don't think it's fair...
io hymen hymnaee io
io hymen hymnaee
Well, assumedly, the source could be diffed against the current source tree, or against whatever version he clamied to be using. Assuming that we trust the OpenBSD team we would only need to validate the changes to the code, not the whole thing, in fact, given that OpenBSD is already being used as a firewall would probably mean that no real new code would need to be added.
Amber Yuan 2k A.D
"and dear god does this website suck now." -- CmdrTaco
Capt'n crunch could tell any tone by ear to a few Hz (as many people can, apperantly), but I havn't heard anything about him being able to whisle that freqency. If he could, why would he ever need the whisle? There was one blind kid who could whisle any tone, however.
Amber Yuan 2k A.D
"and dear god does this website suck now." -- CmdrTaco
the NYT *is* free! you just have to register!
Amber Yuan 2k A.D
"and dear god does this website suck now." -- CmdrTaco
You might find some more useful information in this list of Phreak URLs - the alt.phreaking FAQ will help shed some light on who was 'Cap'n Crunch' and other 'lore' phreakers. If you can't whistle at 2600Hz, nor get hold of a suitable whistle, have a look for the link to 'Reorder Tones'....
Richy C.
Here's the no login link to http://partners.nytimes.com/2001/01/29/technology/ 29CAP.html.
Richy C.
You're correct - the US telephone companies used a signal at 2600Hz to switch customer lines onto the telephone 'trunk'. More information can be found in Chapter 5 of 'The Phreakers Manual' as well as the details of the legendary blue box
Richy C.
rr
Quidquid latine dictum sit, altum videtur.
This from one of many computer timeline sites (http://burks.bton.ac.uk/burks/pcinfo/hardware/com phist/comp1980.htm):
IBM announces the IBM 5150 PC Personal Computer, in New York. The PC features a 4.77 MHz Intel 8088 CPU, 64 KB RAM, 40 KB ROM, one 5.25-inch floppy drive (160 KB capacity), and PC-DOS 1.0 (Microsoft's MS-DOS), for about US$3000. Also included is Microsoft BASIC, VisiCalc, UCSD Pascal, CP/M-86, and Easywriter 1.0. A fully loaded version with color graphics costs US$6000.
At any rate, I am happy to see that this talented individual is using his talents in a positive way, and I hope he succeeds in this endeavor.
What does everyone else think? Is the "hacker" image of the OSS community hurting it?
"During the day, he recalled, he would write the code. Then, at night, after returning to jail, he would study the paper list of programming commands, looking for errors. "It was an ideal situation," he said. "It forced me to get off the computer and think and debug my program."
Gotta admit its one hell of a way to increase productivity. I can just see some evil project manager chuckling with glee and reaching for the number of the nearest jail....
Jon
Sounds like the guy's had a hard time. He's been to prison paid his debt to society, good luck to him. Obviously it's nothing more than a guess, but I'd say he's (probably) not going to stick backdoors into his clients firewalls.
We ARE the peat bog soldiers.