Defcon Achievements and some notes on the phreakme.ctf
- HAM! I passed my technician’s license exam. I put in about 2.5 hours worth of practice using ham.study. I could have shortened this practice time by exclusively practicing using Study Mode on HAMstudy.org. ~ 2 runs through of reading each of the questions with corresponding answers, plus a practice run on the exam should be sufficient for a pass.
- Phreaking. I did ok at the phreakme ctf. I didn’t put in heavy effort- most of my points were acquired on my mobile phone while going through the airport for my defcon departure. I completed the 2600 blueboxing challenge with my daughter at home using my mobile phone and an iPad hosting a tone generator. Unfortunately I ran out of time to do significant competing on the other challenges. I loved the bbs for the phreakme challenge- the defcon badge trading game was cute & absurd. I found a couple of entertaining resources to follow up on…
- Text Filez!
- Knowledge: In the 90s, text filez were a big thing. I’ve found it hard to find resources from this era- somewhere in my attic I have a 3 ring binder with hacking material I printed up while in highschool/college. I didn’t have my binder in Vegas- but I managed to locate some fun material at www.textfiles.com. They have an archive of blueboxing files at http://textfiles.com/phreak/BLUEBOXING/. Sadly- I didn’t find what I needed from that resource before the end of the CTF. The objective I understood: I needed to be on an idle line to blast the 2600 tone. The challenge in front of me: I was unclear on what the meaning of an “idle” line was. It turns out that it was just a connected line. Lame. The connections museum had some great material that has helped me understand the concepts:
- Hacking Trunks!
- In phreakme bluebox challenge 400– it is asserted that we should take control of a trunk line. My current understanding of this concept is as follows:
- Trunking Basics: When you make a phone call, a connection is established between your home and the local central office of your neighborhood- this is the 000-NXX-0000 part of your phone number- called the Central Office Code.
- https://youtube.com/clip/UgkxmmDOj-icN8_-y-cv_B5eIdngOhtVZpTc?si=RHNAIUhAeoXVvQ2h
- Between Central offices are connections called “Trunk Lines.” Trunk lines are precious assets- you can only have one connection active per call on a trunk.
- In this challenge- our objective is to manipulate the connection from our central office to another central office. In the modern internet- this would be like persuading a router in a traceroute path to use a different route for sending traffic. My unsolved question in the modern era: how do you capture an “Idle” line to blast the 2600 tone into and take control of the trunk?
- I think the basics of capturing an idle line are as follows:
- Call an 800 number/terminating number.
- Once the connection to the 800 number is made, Play the 2600 tone
- The terminating end thinks that the connection has been closed- but my local CO keeps the call to the 800 number open. This creates a kind of race condition where the CO near the 800 number will now respond to DMTF tones as if they’re from a system that’s connected to the local central office.
- Executing the attack: Dialing DMTF tones while on the seized trunk will look to the “terminating CO” like a new call is being initiated. This enables the call routing from the terminating CO to a long distance target.
- One part of the challenge I got stuck on was finding the phone number for the NEX executive. I did some google searching to see if I could find a number- but I was concerned that a google result likely wasn’t being operated by the CTF folks and I succumbed to analysis paralysis. I didn’t want to blast some target that wasn’t operated by the CTF & I wimped out on probing the target.
- Now that the CTF is completed- I see that the “phone number” for the NEX Executive was somewhere on the BBS. Good thing I trusted my gut. I’ll have to try this challenge next year while it’s running.
- In phreakme bluebox challenge 400– it is asserted that we should take control of a trunk line. My current understanding of this concept is as follows:
If you are like me- an external observer aware of the phreaking era- but having missed out on the opportunity to play- these three videos are nourishing: