A Blue Box is an electronic device that generates "MF" tones, the same tones employed by a telephone operator's dialing console to switch long-distance calls. The Blue Box emerged in the 1960-70s; it allowed users to route their own calls by emulating the in-band signaling mechanism that then controlled switching in long-distance dialing systems. The most typical use of a Blue Box was to place free telephone calls. A related device, the Black Box, enabled one to receive calls which were free to the caller. The Blue Box no longer works in most Western nations, as modern switching systems are now digital and do not use in-band signaling. Instead, signaling occurs on an out-of-band channel that cannot be accessed from the line the caller is using, a system called Common Channel Interoffice Signaling or CCIS.
History[]
In November 1954, the Bell System Technical Journal published an article titled "In-Band Single-Frequency Signaling" which described the process used for routing telephone calls over trunk lines with the then-current signaling system, R1. The article described the basics of the inter-office trunking system and the signaling used. This, while handy, could not be used in and of itself, as the frequencies used for the Multi-Frequency, or "MF", tones were not published in this article.
In November 1960, the other half of the equation was revealed by the Bell System Technical Journal: another article titled "Signaling Systems for Control of Telephone Switching" was published containing the frequencies used for the digits that were used for the actual routing codes. With these two items of information, the phone system was at the disposal of anyone with a cursory knowledge of electronics. Once Bell realized what they had done, company representatives visited most college campuses and physically cut out the pages that had the tone frequencies, but the information had already been made public and the error was irreversible.
However, contrary to numerous stories, before finding the articles in the Bell System Technical Journal, many people had already discovered (some very unintentionally and to their annoyance) that a 2600 Hz tone would reset trunk lines. "Trunk lines" were long-distance telephone lines for which AT&T Corporation employed a 2600 Hz tone as a steady signal to mark ones not currently in use. Joe Engressia (known as Joybubbles) accidentally discovered it at the age of 7 by whistling (with his mouth). He and other famous phone phreaks such as "Bill from New York" and "The Glitch", trained themselves to whistle 2600 Hz to reset a trunk line. They also learned how to route phone calls by causing trunks to flash in certain patterns. At one point in the 1960s, packets of the Cap'n Crunch breakfast cereal included a free gift: a small whistle that (by coincidence) generated a 2600 Hz tone when one of the whistle's two holes was covered. The phreaker John Draper adopted his nickname "Captain Crunch" from this whistle. Others would utilize exotic birds such as canaries that are able to hit the 2600 Hz tone to the same effect.
With the ability to blue box, what was once individuals exploring the telephone network started to develop into a whole sub-culture. Famous phone phreaks such as John "Captain Crunch" Draper, Mark Bernay, and Al Bernay used Blue Boxes to explore the various "hidden codes" that were not able to be dialed from a regular phone line.
Some of the more famous pranksters were Steve Wozniak and Steve Jobs, founders of Apple Computer. On one occasion, Wozniak dialed Vatican City and identified himself as Henry Kissinger (imitating Kissinger's German accent) and asked to speak to the Pope (who was sleeping at the time).
Blue Boxes were primarily the domain of "pranksters" and "explorers" [citation needed], but others used Blue Boxes solely to make free phone calls. They were also popular with drug dealers and other criminals, because calls were not only free, but were virtually impossible to trace with the technology available at the time.
Blue boxing hit the mainstream media when an article by Ron Rosenbaum titled "Secrets of the Little Blue Box" was published in the October, 1971 issue of Esquire magazine. Suddenly, many more people wanted to get into the phone phreaking culture spawned by the blue box, and it furthered the fame of Captain Crunch and groups, like the Legion of Doom. CQ Magazine also published details on phone phreaking, including the tone frequencies and several working blue box schematics in 1974.
In November 1988, the CCITT (now known as ITU-T) published recommendation Q.140, which goes over Signaling System No. 5's international functions, once again giving away the 'secret' frequencies of the system. This caused a resurgence of blue boxing incidents with a new generation.[citation needed]
During the early 1990s, blue boxing became popular with the international warez scene, especially in Europe. The software was made to facilitate blue boxing using a computer to generate the signaling tones and play them into the phone. For the PC there were BlueBEEP, TLO, and others, and blue boxes for other platforms such as Amiga were available as well.
In the 1970s and 80s, some trunks were modified to filter out single-frequency tones arriving from a caller. The death of blue boxing came in the mid to late 1990s when telcos, becoming aware of the problem, eventually moved to out-of-band signaling systems with separate data and signaling channels (such as CCIS and SS7). These systems separated the voice and signaling channels, making it impossible to generate these signals from an ordinary phone line. It is rumored that some international trunks still utilize in-band signaling and are susceptible to tones, although often it's 2600+2400 Hz then 2400 Hz to seize. Sometimes the initial tone is a composition of three frequencies. A given country may have in-band signaling on trunks from a specific country but not others.
Frequencies and timings[]
Operator (blue box) dialed MF frequencies
| Code | 700 Hz | 900 Hz | 1100 Hz | 1300 Hz | 1500 Hz | 1700 Hz |
|---|---|---|---|---|---|---|
| 1 | X | X | ||||
| 2 | X | X | ||||
| 3 | X | X | ||||
| 4 | X | X | ||||
| 5 | X | X | ||||
| 6 | X | X | ||||
| 7 | X | X | ||||
| 8 | X | X | ||||
| 9 | X | X | ||||
| 0/10 | X | X | ||||
| 11/ST3 | X | X | X | |||
| 12/ST2 | X | X | ||||
| KP | X | |||||
| KP/ST2 | X | X | ||||
| ST | X | X | ||||
| ********** | ********** | ********** | ********** | ********** | ********** | ********** |
Operation[]
The operation of a Blue Box is simple: First, the user places a long distance telephone call, usually to an 800 number or some other non-supervising phone number. For the most part, anything going beyond 50 miles would go over a trunk line susceptible to this technique.
When the call starts to ring, the caller uses the Blue Box to send a 2600 Hz tone (or 2600+2400 Hz on many international trunks followed by a 2400 Hz tone). The 2600 Hz is a supervisory signal, because it indicates the status of a trunk; on hook (tone) or off-hook (no tone). By playing this tone, the far end of the connection is convinced that the caller has hung up and it should wait. When the tone stops, the trunk will go off-hook and on-hook (known as a supervision flash), making a "Ka-Cheep" noise, followed by silence. This is the far end of the connection signaling to the near end that it is now waiting for routing digits.
Once the far end sends the supervision flash, the caller would use the Blue Box to dial a "Key Pulse" or "KP", the tone that starts a routing digit sequence, followed by either a telephone number or one of the numerous special codes that were used internally by the telephone company, then finish up with a "Start" or "ST" tone. At this point, the far end of the connection would route the call the way instructed, while the user's local exchange would presume the call was still ringing at the original number. KP1 is generally used for domestic dialing where KP2 would be for international calls.
The Blue Box consisted of a set of audio oscillators, a telephone keypad, an audio amplifier and speaker. Its use relied, like much of the telephone hacking methodology of the time, on the use of a constant tone of 2600 Hz to indicate an unused telephone line. A free long distance telephone call (such as the information operator from another area code) was made using a regular telephone, and when the line was connected, a 2600 Hz tone from the Blue Box was fed into the mouthpiece of the telephone, causing the operator to be disconnected and a free long distance line to be available to the Blue Box user. The keyboard was then used to place the desired call, using touch tone frequencies specific for telephone operators. These frequencies are different from the normal touch tone frequencies used by telephone subscribers, which is why the telephone keypad could not be used and the Blue Box was necessary.
Gallery[]
