United Phone Losers - caffeine free
issue no. 24 - March 10, 2001
this issue edited by linear


So, the new issue is out on time. And look, it has even undergone a complete make over, and now it looks pretty sexy. But besides it being out on time and having a new look, it's still the same old UPL. And you remember what UPL is all about, right? Yep, you got it; sucking.

So don't let the fanciness of it all fool you, because it still sucks. And here at United Phone Losers, suckiness is our gurantee.

--- linear

today's thoughts, tomorrow's crimes
"The more we elaborate our means of communication, the less we communicate."
- JB Priestley

Stop Paying For Calls on Millenium Payphones
Written by Flame0ut & PrussianSnow

Hullo there.

PrussianSnow and I actually published this article a few months ago, but our fifteen minutes of fame were brief and ultimately unfulfilling. Thus, I've made the executive decision to re-release the article, but this time give the box a catchy name ("Flow Box") instead of just a "method of circumventing toll collection signalling on Nortel M1231 Millennium payphones".

Now you can tell your friends "I built a Flow Box" and they WON'T EVEN ASK WHAT IT IS, you'll just be l33t by default.

Other than that, I haven't really changed anything about the document other than this little header (which makes it unique enough to print, right? Right.)...

It's probably worth mentioning that the toll signalling methods used by the Millennium payphone are probably used by many other payphones in many other areas. If anything you see here seems familiar, go try this on your local phone. ;)

I suppose the only real reason I want so badly to get this document out wherever I can is because actual new, unique creations in the telephony world are few and far between (as opposed to innovations and tweakings) -- and WE DID IT. We did. Us. Look how cool we are.


And now, we shall move on to the original text of the document.


One of the most common questions asked by young telephone enthusiasts in Canada is, "Can I red box Millennium phones?"

The answer, my friend, is no.

But some background first. The Millennium phone (model M1231) is an advanced payphone manufactured by Northern Telecom. A good deal of documentation concerning these phones is available on the Internet and through Northern Telecom (1-800-4-NORTEL), but to quickly list some of their "features":

  • They have an LED screen displaying the current time, date, and a programmable message.
  • They accept (in Canada) nickels, dimes, quarters and loonies, as well as magnetic cards such as Bell Calling Cards and smartcards such as Bell Quickchange Cards.
  • The dialing system is multi-layered and involves several firmware systems; that is to say, the dialpad itself isn't responsible in any way for making DTMF, but rather requesting another system to do so. Note that if DTMF tones are played loudly into the microphone, they will be displayed on the LED screen.
  • ACTS does NOT listen to these lines. Millennium Phones produce no tones when coins are deposited - the line an M1231 sits on is free for dialing out anywhere in the world with no blocking by an Automated Coin Toll System. The only thing blocking you from dialing out on these lines is the payphone itself, which does not actually pick up the line and enable the microphone until it determines that a sufficient amount has been deposited. Note that the dialtone you hear when you pick up the phone is internally generated, and the numbers you "dial" are only actually dialled after the money is collected. This, of course, is significant for our purposes.
  • When a long-distance number is dialed from the payphone, it displays a message along the lines of "Getting Rates, please wait..." While this message is displayed, a modem in the payphone is dialing an internally-stored number to another modem, presumably at the telephone company, from which it gets the rate for the number you have dialed. In my area, this number is in the 416 area code, and it can easily be gleaned by tapping the payphone line and recording then decoding the DTMF. One could even, theoretically, record the exchange between the modems and then play it into a modem that is in "silent answer" mode to observe what happens during the connection, and possibly figure out the protocol/commands used. Which, of course, would be immoral and wrong.

But I digress.

Millennium Payphones, and indeed, most payphones out there, store any coins you deposit in a temporary area until the line called is actually answered. As long as it is ringing or you get a busy signal or an error message, your money is not taken, and if you hang up before the line is actually answered you get your money back. It occurred one day to PrussianSnow and I to wonder how this happens - that is, how the payphone knows that the line was answered.

We'd heard of payphones in which the toll signalling was done with tones generated by the CO - on a payphone line, the central office would generate tones telling the phone to return or take your coins depending on the circumstances; however, we've never directly observed this method.

Fortuitously, PrussianSnow some time later discovered from Northern Telecom's website that one of the requirements for installing an M1231 was "a phone line capable of current reversal". This is, of course, how the tolling is signalled.

Making a call from an M1231 works as such:
  • You dial a number, which is then stored internally.
  • The payphone waits for, collects, and verifies your money.
  • When a sufficient amount is deposited, the payphone goes off-hook and dials the number you entered. At this point your money is in the temporary area.
  • The microphone is enabled (which is also significant).
  • While the number you've called is ringing, the line current is positive on ring and negative on tip, as is standard.
  • The line is answered. The CO detects this and flashes a voltage reversal down the payphone line - for a moment, it is negative on ring and positive on tip.
  • The payphone detects this flash, swallows your money, and enables the dialpad. The voltage is normal (positive ring, negative tip) for the rest of the call.

There are a few alternatives - for instance, when a toll-free number is dialed, no voltage flash occurs so the dialpad must be enabled as soon as the number is dialed. Note that you can make tones while an 800 number is ringing, but not during a local one.

The circumvention of this is obvious, and an example of the futility of placing the bulk of your security within reach of the end user (to be pedantic for a moment). You do not need to stop this voltage flash from happening, but rather, simply to stop the payphone from detecting it. Once this is done, the payphone will never receive a signal to swallow your money (or debit your Quickchange Card, as it were), and it will simply think that the line is ringing for the duration of your call. The CO will know better, but that is irrelevant.

Four diodes, when hooked together so as to convert AC to DC, are collectively referred to as a full-wave rectifier (which can be purchased as a single component). Quite simply, a rectifier has 2 inputs and 2 outputs, and its purpose is to force the polarity of the outputs to be constant no matter what the polarity of the inputs.

Hence, when a rectifier is wired between the line and the payphone, the polarity can be forced to always be positive on ring and negative on tip.

Right, enough theory. It's time to get For Educational Purposes Only on your ass, and talk about some application and installation.

Our prototype of this fingle was a full-wave rectifier of an unknown rating (which happily proved to be enough - these things are generally used on house current AC so many handle up to 110V or 220V with 2 or 4 amps, or more), wired up to a DPDT switch with 3 states -- unrectified, no flow at all (broken line -- no real reason for this one), and rectified polarity.

It took PrussianSnow 40 minutes with his head stuck in the top of an M1231 booth off the side of a highway at midnight to get this thing wired up, but it worked the first time much to our orgasmic delight. (Educational purposes only) It shouldn't really take that long to hook up, but this was the first one ever made so nyah. In our example, we'll be using just a rectifier with no DPDT.

Installation is simple, and I'll list it in little steps with numbers beside so you don't accidentally do them out of order and hurt yourself.

Stuff to bring:
  • 1 pair of pliers
  • 1 full-wave rectifier
  • 1 slot-head screwdriver
  • a couple of quarters or something
  • A flashlight couldn't hurt
  • And neither could some strippers
  • Some gloves would be nice, so you don't get any small shocks
  • And some biscuits, perhaps some Saltines or something of the like - anything crunchy and delicious will do.
  • Alligator clips or crimpers would be nice.

  1. Locate the phone box for the payphone, or anywhere in the line where you can easily cut it and splice in the rectifier. The phone box, of course, is preferable. In a standard Millennium phonebooth, the plastic "ceiling" is hinged on one side and latched in at the other with 2 "tamper-proof" screws, which can be coerced out with a slot-head screwdriver. You need only turn them about half a revolution.
  2. Once the ceiling is swung down, you will have access to the phone box as well as the 110-volt outlet which powers the lightbulb and the payphone. Some booths have a power switch for the payphone. Don't touch anything you don't have to, unless you want to. And you should want to. You can make funny things happen. Note that the light takes a long time to power up once unplugged and plugged back in.
  3. Look at the phone box and eat a biscuit. Be contemplative. Note that there are two main terminals - the one on the right has the ring wires; a red one going to the phone, and a blue one coming from the line. The left terminal, tip, will have a green wire going to the phone and a white wire going to the line. If these should vary, just trust that the right terminal is ring, and positive. In some phones it's actually the red and green that go to the phone line rather than the phone - just figure out where the wires go, christ, it's not all that hard. Geez. Whiner.
  4. Loosen the nuts on the terminal bolts with the pliers you so fortuitously brought along. Try not to let the green or red wires come off the bolts, as that would be a pain you don't need. Pull out the blue and white wires.
  5. Run the blue wire (or whatever wire was on the right terminal) to an AC input for the rectifier, and run the white wire (or whatever) to the other AC input. You can attach them with gator clips, clothing-pins, crimpers or whatever. Maybe you could bring a soldering iron and some solder, unplug the phone, plug your iron in, wait a couple of minutes while it heats up, then solder the wires together, unplug your iron, wait for it to cool down, put it away, and plug the phone back in. That would be a story to tell.
  6. Run the positive output to the right terminal and the negative output to the left terminal. You can attach them by putting them behind the nuts and tightening them again.
  7. If the phone is still working, that's a good sign. Pick it up and dial a number local to you. It will ask for a quarter. Deposit one.
  8. If the number is dialed and the call goes through, you haven't broken anything. If the number is dialed and you just hear silence, or the LED screen declares "Phone Not In Service", check all your rectifier connections and, as a last resort, assume that I've completely forgotten whether ring is positive or negative and flip your output polarity. Sorry.
  9. Hold your breath. When the line is answered, the CO will send the polarity-flip-flash. When it hits your rectifier, it will turn into normal polarity and nothing will happen. So, when the line is answered, the payphone won't take your money. At this point you may jump around shouting gleefully.
  10. Hang up the phone. Your money will fall into the coin-return slot.


And that's that. The payphone is now, quite simply, free to use. Flip the ceiling back up and screw the latches back in.

Let's talk, now, about caveats.

  • You need to have the money that the call would cost you or, for a long- distance call, the money for the first minute (the timer will never actually begin). A Quickchange card would be nice in this case. You'll get it all back in the end, and the card will simply never get debited.
  • Since the phone receives no polarity flash, and since the dialpad only activates when it receives one, you may not use the dialpad while on local or long-distance calls. Bring your tone generator if you want to use a VMB or anything. Since toll-free calls produce no polarity flip, the payphone must enable the dialpad as soon as it dials the number, as mentioned before (pay attention!).
  • The M1231 may disconnect a call if it goes too long without being answered to the payphone's knowledge. I have no example of this happening, but it would only make sense. At any rate, you have at LEAST 5 minutes. Probably more. Quite possibly this doesn't happen at all, and I'm just a paranoid fuck.
  • This will likely work on any Millennium phone (M1231, M1232, and so on) as well as any other payphone that uses this signalling.
  • Oddly enough, if you dial "0" from the phone, the operator will not be able to hear you. We've yet to determine why this is, since there are no other issues with microphone enabling.
  • Your rectifier may well get diked out when the phone company sees that the payphone in question has made $0.00 in revenue for the last month and a half. (Um, this seems to have been an understatement - note the "update" at the bottom of this document!) For this reason, you may want to make your rectifier togglable. Let's discuss this.

To date, we've not determined a really good way to toggle the rectification. Ours had a DPDT switch but we have to pull down the ceiling to get at it, so gah. We've considered things such as a mercury switch sitting on the plastic ceiling so that you can toggle it by giving the ceiling a good thump (Fonzie-style), a relay in the circuit with part of the circuit going into the booth and the other going into a wire that we could hang through a corner of the ceiling, so that one could toggle the rectification by holding the wire against the side of the booth... we've even considered drilling a hole through the back of the booth and sticking a switch through it.


At any rate, I've gone on long enough and I'm tired. So, this is, of course, all for educational purposes only, and neither PrussianSnow nor I (Flame0ut) take any responsibility for anything this document may cause anyone to do.

Note that if NorTel would just make the microphone not activate until the voltage flash, this method would be moot.

It's a shame, really.


Update, about six months later: Yes, we wrote this document a long time ago and doddled about publishing it.

Some things have happened since which we feel are worth noting. Firstly:

  • Nortel no longer owns the M123X payphone line, it's been sold to a company called Quortech who seems very twitchy about sending out manuals (can't imagine why?)
  • Our prototype device and payphone have been removed. Both of them. Completely. Our proof-of-concept phone was loaded into a truck and taken away for good. It took them five months, but the first ever creation of this device is now in the hands of Bell Canada, godspeed to it.

That's about all.

Nortel Millennium Payphones
Written by ^CircuiT^

Well for you people out there that don't know what a millennium pay phone looks like, I'll start out by telling you. There are many different types of millennium payphones and none of them look the same, so instead of siting here and trying to describe them all I have a few pictures with this file. The most common Millennium payphone is the M1231 and since it is the most common that is the one I will talk about most in this file. For the rest of them look at the end of this file. The M1231 is black with a silver front and a two line LED screen that can be reprogrammed to say other things, such as "Mr. T was here" but I'll be getting into the reprogramming of that a bit later. Under the LED screen there are four buttons the first two control the volume. The next one controls the languages, for example English to Spanish or English to French. For you people in Canada and the last button hangs up your in order to make another call. At the top of the phone it's blue and at the bottom there is a yellow card reader for smart cards, credit cards, and other calling cards such as MCI calling cards. Just above the yellow card reader there are five more buttons that the owner/local phone company can program to do what ever they want. There are two different versions of the M1231 ver1.0 does not have a RJ-11 jack but the ver2.0 does. The RJ-11 jack is there so you can plug your laptop into the phone and connect to the Internet. (The M1231 ver2.0 is mostly in airports)

Well know that you know what they look like let's get into the security of the pay phone. It has four keyholes as you might have seen by just looking at it. The two keyholes on the top and left-hand side of the phone are for changing the LED screen. There is another keyhole under neather the yellow card reader that is for changing the coin box and on the side of the coin box there is yet another keyhole, you need both keys to open the coin box. You will also need an access code (or pin) to get to the coin box (this is not yet confirmed). Another little bit of security the phone has is an alarm some are silent and some are a loud beep. When the alarm is set off the phone calls a set number and notifies them that there is a problem. There are some security rumors flying around, such as there is a tracking device in the phone and that if a phone stolen and then hook-up to a new phone line it will automatically call a set number.

Ok, now that you know about the phones security and how to open it, lets get into the internal hardware workings of the phone. Unlike other payphones the Nortel Millennium payphone has a built in computer and modem the computer is called the "Millennium Manager" and it keeps a log of every call made form the phone (including 800, 888, 877, 911, 611, 411, 311, and 0). It also keep track of how the person paid for the call (collect, card, cash), and also keeps tabs on how many coins are in the coin box and if anything else goes wrong in the phone such as the card reader or LED screen it calls a set number and tells them, and a log of every time the phone is opened or the coin box is opened or if someone changes the display screen. A tool called the "Millennium Maximizer" accesses all this but not much is yet known about this. So as I get that information I will release it. On to the yellow card reader. Once you have opened the phone you should be able to remove the yellow card reader with stander tools such as a screwdriver...etc. Once you have the yellow card reader you should be able to hook it up to your home computer and read cards with it but with what software I don't know. Some people say that you can modify cards with it as well but I have seen nothing that would indicate that. Ok now that all that stuff is out of the way, let's talk about that little two line LED sign. To change the display this is what you must do first: You will need two keys one for the top and the one for the left-hand side. After unlocking them you will have to enter an access code (or pin) from the keypad (If you don't enter the pin an alarm will sound). Then you can remove the top part of the phone in side you will find a port that you can plug in a Millennium Maxmizer. That is all the information I have on the LED display at this time but as new information comes to light I shall update this file.

Ok people, we've made this far so let get straight into the software aspect of the phone starting off with the Millennium Manager. The Millennium Manager is the program the phone's computer runs, it keep track of everything as I said above and that's all I know at this point about the manager. Now onto the Opcodes. Opcodes are short strings of number that are pre-set functions on Millennium payphones but you must correctly enter a pin before you have the chance to input an Opcode. I have heard from other people that you can dial 2541965 or yet another code that is CRASERV or in numbers 2727378 with the hook down. After you dialed it you should be asked for an access code (or pin). One known pin is 25563. After you entered the PIN you could enter any Opcode. Here are a list of opcodes:
  • 267# Answer detect
  • 274# Display brightness control (down?)
  • 277# Display brightness control (up?)
  • 349# Unknown
  • 636# memory access
  • 688# Unknown
  • 66666# motor sound prompts to open phone - probably coin removal
  • 996# error has occurred.

(Please note these codes are what people have told me I have not getten them to work.)

Some other software aspects of the phone is the fake dial tone, its only a recording. You would know this if you ever picked one up cause you hear the fake dial tone and some op telling you to "insert your card". So what happens is you dial the number your calling put your money in and the computer dials it so you never get the chance to hear a real dial tone. You might be asking yourself if I don't ever hear a real dial tone can I box a call off a millennium phone. The answer is yes and no. Yes you can box local calls, I do it all the time just hit 0 for the op and tell her the phone's keypad is messed up and ask her to dial for you then drop in your tones. The No is for boxing long distances calls, the Op's don't really like it when you put in $3.50 in fake coins.

One of the most fun things I have found about the millennium phone is that you can use it as a DTMF decoder. It's really simple to all you do is take you recorded DTMF tone to the phone and play them really loud into the month piece of the phone the numbers will show up on the LCD screen and there you go, you got a DTMF decoder.

Well we have covered a hole lot about the millennium payphone but theres still a little bit to cover like the fact that millennium phones have a ringer but never ring. The reason for this is because if you call a millennium phone you will one of about four different msg saying things like this line is for out going calls only" or "the number *** - **** is out ofserves". The reason Nortel did this was because they didn't want drug dealers hanging out by the phone waiting for a call. If you act like a really nice person you can call the op and ask her to call you back on it "but wait a min you said they cant get incoming calls". Well they can but only from an op see when you call her this pop's up on her screen 0 (+) MIL_UNIV or 0 (+) MIL_CARD plus your location so she thinks why call them back? But if you convince her who knows you might of made that phone ring for the first time ever.

Ok now that we are done with everything lets talk about all the other millennium phones. Well since I haven't used any of these phone yet, so I don't have much to talk about so I put in here what Nortell has to say about there phone from there web page. Enjoy.

The M1000
Public communications access terminals need to be ready for the future -- even if they accept only coins today. The Millennium M1000 Coin Basic Terminal is an ideal solution for low-revenue sites because it keeps the door open to future expansion by allowing you to add options quickly and easily in the field. For example, you can install a 2-line x 20-character illuminated display that can help you generate new sources of revenue. And to further increase payphone usage, you can add the optional card reader. Driven by Millennium Manager, this payphone workhorse protects your investment and revenue stream with electronic coin validation, anti-fraud capabilities and anti-vandalism features.

The M1131
This terminal is the perfect solution for service providers who want to offer advanced public communications access while eliminating the cost of handling coins. The Millennium M1131 Card Only Terminal handles card transactions with ease allowing customers to use a variety of cards, including calling cards, credit cards, cash cards and smart cards. Card customization programs provide another opportunity to further differentiate yourself from the competition by making branding and image advertising possible. And like all Millennium terminals, the Card-Only Terminal offers intelligent features such as call statistics, self-diagnostics and alarms, store-and-forward routing, voice prompts and call rating. Simple to install and maintain, these terminals are backed by the powerful, fault-tolerant Millennium Manager.

The M1231
The More payment options mean more customers. From coins to calling cards, credit cards, cash cards and smart cards -- the Millennium M1231 MultiPay Terminal accepts them all. And with so many options, gaining and retaining customer loyalty is as simple as picking up the phone. Millennium MultiPay Terminals are changing the scope of customer expectations and the future of public payphones. The RJ-11 data jack provides Internet access and enables data calls. A scrolling display can double as a billboard for advertising and cross-selling promotions. Quick Access Keys speed revenue generation and allow customers to access their choices quickly. Busy lobbies, cafeterias, convenience stores and parking lots are just a few of the many sites where MultiPay Terminals easily reach their earning potential.

The M1241
This advanced terminal can offer consumers more choices, added convenience and access to the power of the network. It's the ideal platform, allowing smart cards, credit cards and calling cards to drive increased usage and revenue. Configured with the RJ-11 integrated data jack, the Millennium M1241 MultiPay/MultiApplication Terminal lets you offer easy access to network services, e-mail and the Internet to attract callers with laptop computers. Not only can you reap additional revenues from the computer calls themselves, the terminal's flashing display and Quick Access Keys let you cross-sell your products and services to callers during data transactions. Or you can lease displays and Quick Access Keys to third-party advertisers for additional revenue. The M1241 Terminal also features downloadable code, which allows you to make changes and upgrade services without a site visit.

The M1245
This consumer-friendly terminal can provide information to your customers with a touch of a button -- while increasing your revenue. With its large graphical display, this terminal becomes much more than a payphone to attract people on the move. It's an electronic billboard. Ideal for any high-traffic site or any retail delivery location, the M1245 MultiApplication Terminal is loaded with features -- but uncluttered and easy to use. And it accepts coins as well as cards for added convenience and customer appeal. An 8-line x 20-character easy-to-read display catches the attention of passersby, providing a strong promotional and advertising medium. Soft keys support interactive phone-based transactions. And graphical images that change whenever the receiver goes on-hook or off-hook entice the customer to interact -- all at the touch of a button.

The M1361 Millennium
Offers an attractive alternative for nontraditional payphone locations, such as a waiting room table, lobby counter or the wall in a VIP lounge. With its distinctive style and small footprint, the Millennium Desk Set delivers all the features, convenience, reliability and security you find in Millennium wall-mounted terminals. And it becomes a mobile office -- or home away from home - by providing an advanced card reader along with an RJ-11 data jack so callers can plug in a laptop computer. An illuminated display and Quick Access Keys tell the customer this is more than just a phone. Caller-controlled features such as language selection, volume control and a Next Call button make using this terminal a comfortable, hassle-free experience.

The M1400 and M1410 Millennium
offers correctional facilities what they need most -- flexibility and control of inmate communications. Powerful phone monitoring and reporting capabilities provide on-line access to management information. That means you can adjust payphone functions - such as curfew periods, call duration, and changes to call screening lists or personal identification numbers (PINs). And you can make these changes without having to call your service provider. The Millennium Inmate System also tackles phone fraud and illegal activities head-on with capabilities that provide unprecedented control over payphone access and usage. And self-diagnostics built into each Millennium Inmate Terminal virtually eliminate out-of-service situations.

The Millennium Kiosk
Represents a new way for you to reach your customers at all times, allowing you to deliver email accessibility, web browsing, online services, the printing of items such as tickets or vouchers and more. The Kiosk's advanced design offers robust and ergonomic terminals designed for public use, with open application delivery platforms that feature non-proprietary, standards-based architecture. Plus, they are easy to maintain with network-based administration that allows the centralized management and updates of terminals. You can use the Kiosk to take advantage of your Internet and Call Center applications knowing that customers can use this public communications device to access your organization. That can mean more revenue for you because your business never closes and can operate 24 hours a day, 7 days a week!

Here is some information and phone number about Nortel that I think some people out there might like. There full Corporate name is Nortel Networks Corporation. They have Stock Exchanges on New York, Toronto and London stock exchanges. The 1998 Revenues were US $17.6 billion and the 1998 Earnings were US $1.07 billion. They Employ Approximately 70,000 people worldwide. The CEO is John Roth (President and Chief Executive Officer). The CFO is Frank A. Dunn (Senior Vice President and Chief Financial Officer). The CIO is Keith Powell (Chief Information Officer). The CMO is John A. (Ian) Craig (Executive Vice President and Chief Marketing Officer). The CTO is Bill Hawe (Senior Vice President and Chief Technology Officer).

The Corporate Headquarters is at
8200 Dixie Road, Suite 100
Brampton, Ontario L6T 5P6
  • 1-800-263-7412 Bell Canada Millennium (Help Line)
  • 1-800-567-2448 Bell Canada Millennium (Test Line)
  • 1-800-461-1747 Bell Canada Millennium (Voice Test)
  • 1-800-461-1879 Bell Canada Millennium (Data Test)
  • 1-800-772-2141 Bell Canada Millennium (Setshop)
  • 1-800-668-4862 Bell Canada Millennium (Coin)
  • 1-800-466-7835 Millennium sales representative
  • 1-214-684-5930 Millennium sales representative
  • 1-416-748-2694 Bell Canada, Pay phone Department

Well that's all I hope you enjoyed the file and you get some good use out of it. I would like to dedicate this file to my loving girlfriend without her support I could not of made this happen. I would also like to thank all the people who helped me along the way with this file you know who you all are.

More Novell Fun
Written by Royal-Tea

Ok, heres some quick exploits on Novell (least on my school). Everyone that has a novell account, as all students and teachers do at my school, has a network hard drive and access to other shared network drives. You have no access to the computer's actual C: drive...or so they thought. Here's some quick ways to get access:

A) Open wordpad and goto file, open and then you can browse the C drive, edit files, etc.

B) Just create a shortcut in your shared drive since you have write access to that.

C) Just open up a web browser and type in C:

As I just stated the above methods, I feel I should share a friend's story. He was "perusing" the network as he liked to call it, when he found out that the Z: drive had no protection on it, you could access it just by opening a web browser and typing in Z:. Now what happened to just be sitting in the open in about 9 text files? The name and student ID number of every student in the school. Well, suffice to say, he now has everyones login info and it's a lot of fun to log on to a hot chick's account, and leave a text file on their network hard drive called "You have nice tits".

Be responsible people, don't get caught, as schools probably do log what you do on the network; trust me, schools are asses, because of me and another friend's activities (not the ones described in this one, but another friend and anotherthing altogether), they had to create a new rule in the student handbook. That's my pride and joy, but that's another article for another time.

History and Review of Electronic Hacker Magazines
Part One in a Two Part Series
Written By Phractal

Phone Losers of America (PLA):

This was a small text file group that officially released its first issue in 1994, but the actual texts go back to 1990! Well, the very first text was originally written in 1990, and the next ten or so were spiffed up 1992 texts, and after issue 13, they were all written from 1994 to 1997. These were old school guys who ran this. These were not evil guys, who traded credit card numbers or pirated software heavily, but they were far from being 'white hat' hackers. The main founders were RedBoxChiliPepper, Colleen Card, El Jefe (aka Zak), and Apok0lyps. Later there were other people who joined the PLA 'group', most notably Calimar Rasputin. Read issue 46 to get a list of all the 'real' members of the 'PLA group', if there is such a thing. The publication evolved from single article texts to an electronic magazine. There is plenty of information on how to get free telephone calls throughout the issues. There are also several articles about payphones, cordless phones, BBSing, cool computer tricks, IRC scripts, prank calling, and humor. Humor is the heart of PLA. Read Issue 25 and Issue 14 to get the feel for PLA humor and how these guys think. PLA is not especially the most legal, technical or useful magazine, but it is respected by several people in the scene, and inspired other h/p magazines. PLA was more than some jokers with too much time on their hands, they assisted people more than I think many realize, although they did cause problems for some people as well. The time of publication bridged the worlds of BBSes and the internet. Check out their website - although the publication is long gone, the webpage is frequently updated, and RedBoxChiliPepper's webpage is full of interesting reading (http://www.phonelosers.org/rbcp).

System Failure:
http://www.sysfail.org (currently down)

This was the main magazine that was inspired by PLA. Co-created by PLA fan, Logicbox and Penguin Palace's Pinguino. Their first issues resembled PLA content, but the writers were more serious. Around the 8th issue, a turnaround was created, and the zine was full of more technical information, most notably Unix information by Logicbox and Velocity and the inner workings of the TCP/IP protocols by BarKode. Pinguino is known for her informative SysInfoTrade news section, organizing interviews and ocassional poetry. The thing I love about this magazine is the fact that at first it was filled with a lot of criminal and 'grey' subjects, like illegal teleconferencing, free phone calls, harrassing people on IRC, etc, and by the last issues, you could swear that different people were writing the magazine. It shows how the writers grew into respectable and knowledgable people of the underground. It is really a great source of information about TCP/IP and UNIX, and not neccessarily about 'hacking into' UNIX and TCP/IP systems, just information about them. What you choose to do with this info is up to you. The focus was much more on information and education, which I highly agree with.

--Side note: Included in the System Failure staff was Sean O'brien, who was made a national celebrity by making a website, raymondsucks.org, voicing his negative opinion of one of his teachers. You can see a mirror at bluevan.net

May Sean rest in peace, much sympathy to all who knew him.

Digital Phreak Pimps:

This is another PLA inspired magazine. It has several informative and silly/humorous articles. They have an article on how to set up your own pirate TV station, Novell Netware exploits, and technical information about what happens when you Back Orifice a computer. Examples of the sillyness of DPP are their extensive prank call logs, and most notably they took the 'Conscience of a hacker' and rewrote them in l33t talk and changed the topic from hacking to software priracy. Personally, I found this to be very funny but also disrespectful towards one of the most elite hackers ever, The Mentor. The magazine's ringleader, hatredonalog was editor of Dissident Magazine, and is now in the privelaged Phone Punx Magazine staff, which is ironic, because the PPM staff disagree with many of the topics encouraged in DPP. DPP attempted to be a sister zine to System Failure, but System Failure was much more legit and complete and lasted longer than DPP. Definetly read DPP though, I bet you will learn SOMEthing new.

Phrack Magazine:

This is arguably the best known and longest running e-zine in all of cyber- space time. It was founded by Taran King and Knight Lightning in 1985, two high school students. Phrack united many hackers and phreakers of the BBS underground. Taran King and Knight Lightning first got into the underground with pirate BBSes around 1983. As Taran King and Knight Lightning moved on to college, Phrack reached BITNET, and moved on to the Internet. Knight Lighting and Taran King gave up the zine to other editors after issue 14, in 1987. After Shooting Shark had edited most of the issues, KL and TK returned in 1988 with issue 20. In issue 24, KL and TK got into some trouble with the law for publishing the E911 document, which has technical information about how the 911 system works. Throughout the 30s issues, Dispater and Crimson Death edited the issues. Eric Bloodaxe, famous from Legion of Doom membership took over Phrack's editor position in issue 42(1993). Daemon 9 aka Route took over in issue 48 (1996), although Eric B still held affiliations with Phrack. Look at the articles in Phrack issues, since its start to now. They are the stuff of the underground. They are interesting. They are boring. They are technical, very technical. I don't think anyone in the underground to this day completely understands everything that was published in Phrack. Phrack has held together after all these years. Definetly read Phrack if anything. Phrack is also a great source to get a feel for how the underground was back in the 1980s, since that was Phrack's best time anyway.

Phreakers/Hackers Underground Network (PHUN Newsletter)

I'm really not sure why, but this is probably my favorite h/p zine. It resembles Phrack to some extent in content and additude. It shows that the 1980s were not all the same in the hacking scene, as commonly seen by many. In the first issue, it describes how there was a time not to long ago when you could fire up a code scanning program, and in minutes have a huge abundance of long distance access codes. They say, but now phreaking is has gotten harder, and codes are harder and harder to get. This is 1988 too! The editor of this magazine was Red Knight, and he contributed some interesting articles to the zine, such as UNIX hacking and Information on Airline Computer systems (Die Hard II came out the follwing year..hmm). Knight Lightning makes an appearance in Issue 4 to report on how Phrack was 'banished' from his college computers, and how him and Taran king had lost their internet/BITNET accounts. For Knight Lightning to write for PHUN to tell Phrack fans his current situation, then it is obvious that PHUN was a minor pillar in the h/p scene between 1988-1990. Other interesting topics in the 5 issues include several viruses in several languages, deep UNIX and VAX/VMS information, Much on Bell Switching Systems and several different kinds of telephone and computer address scans. Definetly worth checking out. PHUN stopped publising after Operation SunDevil of 1990 by the Secret Service

Ocean County Phone Punx/Phone Punx Magazine
OCPP: 1997-1998
PPM: 1999-

The Ocean County Phone Punx (OCPP) were a group of New Jersey hackers, which published their own magazine. They were also the group who published the original Alt.Phreaking FAQ. These people have the souls of hackers, but are phreaks. Pretty much all their articles are phone related. And they are good too. This a great source of recent information, such as switching information, Payphone information, Phone company business and mergers, well supported editorials and scans. There are touhces of 'darkside' hacking in there, with Credit Card information and Scams. There is also an article by Neptunium Overkill, lead article contributor to Digtial Phreak Pimps.

After the last issue of OCPP in the middle of 1998, Mohawk, the editor and lead writer of OCPP, started Phone Punx Magazine(PPM) By this time, it seems Mohawk and others had changed their views on h/p and moved towards a more legit scene. They recommend staying away from warez and carding, when they had printed carding information in OCPP issues. PPM is a better magazine. It is quarterly, but they have not exactly kept up with scheduale, but thier 3 issues of PPM are nothing short of stout and technical. Mohawk is a respectable person, just for being in the scene for around 10 years, and now he has recruited new people for the PPM staff, such as BlackAxe and MMX. Suess is another lead member, but he has been in it since the OCPP days. Information in PPM issues include DATUs, Voice over IP, Cellular Phone Programming, Extensive Caller ID information, Trunked Radio systems, and other assorted radio information.

Side notes:

I've met Black Axe in person, and he's a real cool guy, he knows his radio stuff. Hatredonalog, the ringleader of Digital Phreak Pimps, is currently in Phone Punx Magazine Staff

Damage Inc. Newsletter
1997 -

Damage Inc is interesting for several reasons. They are very underground, they don't seem to hang out on IRC or Usenet, they just publish their magazine, which to my surprise, many don't know about. Their magazine was one of the first I read. They know much information on phones and computers. If I had to chose, I'd say they are phreakers over hackers, but they do have a lot of computer info. They are into trojans, and publish source code for trojans and also some other assorted DOS programs. They are good at batch programming. It is interesting that they hardly touch on on UNIX at all, and stick with the good(?) old DOS. The thing that is most prevelant in Damage Issues are their hatred for Big Brother, Cencorship, and any types of restrictions put on by the government. Their issues are also huge, and tend to be several months between release. They are seen in the Summer 1999 issue praising PLA and System Failure. Blackened is the leader of Damage.

Summer 1999 Issue contains interviews with RBCP and Logicbox

Brotherhood Of Warez
1994 - 1999?

This is remembered as the ultimate dark side hacker magazine of all time. These guys are strict black hat hackers. They encourage pirating software all the time, and speak in l33t speak throughout their issues. They have some of the best ASCII artwork I have ever seen, as software pirates are known for their ascii skills. Their issues are funny too. They are not just a bunch of lamers either. They have UNIX information. They have logs of them rooting other people. There is PGP information. There are ridiculous articles in there. There are phreaking articles. They are much more interested in getting free calls than exploring the phone network. There was 8 issues published monthly in 1994, when BBSes still were around, and then there was a ninth issue in 1999. U4EA is the founding father, and from some reliable sources, I've heard that he invented the "tough guy" voice that so many EFnet confers know so well. And remember "Old warez is No warez!"

Confidence Remains High
http://www.codez.com (has been down for a while)
1997 - 1998

These guys are the underground. I think their first issue is one of the best textfiles I have ever read. They are the elite, and boy do they like to point that out. They seem to come down on the SiN hacker group for being so lame. Check this out, they had custom UNIX exploits, written by themselves with every new issue! That's effin elite. They also have plenty of other code for you to stare at and wonder what it means. The group CodeZero publishsed the magazine, and so1o stood as the editor and manager of the magazine, contributing his own helpful SunOS code and sk00ling UNIX to the newbies. There is a lot of international information, such as Blue Boxing in the UK, UK wardialing, and Russian carrier dialups. They do lack in the phreaking section, but they are not phreakers, they are hackers. I've spoken to many, and no one could tell me what happened after the final issue 9. They might have gotten busted, becuase the zine abruptly ends at issue 9, with no prior indication. Some issues issue greets and respect towards the British hacker group called 'Darkcyde', which publishes Faith Magazine.

Faith Magazine
1998 -

Ahh, F4ITH Magazine, hailed as the last true phreaking magazine, although I beg to differ with the PPM around. What is ironic about this magazine, is that it is published by a group called 'Darkcyde', when the people who publish it, most notably Hybrid, are not dark side hackers at all. Dark siders are the code abusers, the crackers, the people who trade pirated software, the BoW type. These are serious phreakers, Darkcyde. Half of their issues are complex ascii diagrams of how the phone networks and switches operate. The other half are wardial scans. They do also have ocassional irc logs, which is unusual for a magazine this underground. The heart of faith are technical issues and how they work. Do you really know how ESS routing works, how SS7 communitcates with the global phone network, or how Cisco routing works? If not, check out F41th, or just check them out anyway. They are one of the last true h/p zines left around.

Keen Varacity
http://www.legions.org (?)
http://www.legionsunderground.org (?)
1998 - 1999?

Keen Varacity is/was a magazine published by the fairly knowledgable hacker group Legions of the Underground. KV is full of information and knowledge, and is also very underground, much like f4ith and Confidence Remains High. In fact, it is almost like a sister zine to Confidence. It contains fresh code in many issues. Optiklenz is the main staffer of the zine. They seem to be primarily interested in data transfers over networks, and have a lot of articles on tracing routes, sniffing, and how Internet protocols work. There is also your standard UNIX and NT articles, but up to Faith and CRH quality. Now, according to kM, a buddy of Legions of Underground(LoU), and sysop of hackersclub.com, some script kiddies took over legions.org, the LoU website, claiming that LoU was their own group and took it upon themselves to to release their own KV issues. You can read about it at hackersclub.com/km/frontpage, and also supposedly legions.org is the script kidde site, and legionsunderground.org is the site made of the real original members of LoU. I'm convinced that this story is true, because the latest issues don't appear to have any original staff members, and also, the latest issue has an article about how to make teleconferences thru Cocots..., and I don't think people who write about Packet Fragmentation attacks, ARP and ICMP, TCP Wrappers, and UNIX security would write an article about setting up confs.

40HEX Magazine
1991 - 1995

The old-schoolers. THE virus zine of all virus zines. This is THE virus zine. You could call them worse than BOW becuase all they are focused with are malicious software, viruses. And that's what is published, code and more code. Different langauges for different platforms, but they are all viruses. The leader of the zine's handle is 'Hellraiser', go figure. At least BOW isn't focused on ways of destroying software, although they do write about putting viruses in their warez distribution. Most of their viruses are for DOS. If you ever try and figure out their code, along with some Artificial Intelligence knowledge, the way viruses is created is quite interesting. It is a no brainer to simply delete data on a computer, but it requires skills to make programs that will prepare to take the user totally by surprise and delete the data with out the consent of the user. Viruses manipulate the power of the computer to a destructive end. Anti Virus writers can use the code to better understand how these virus coders can defeat their protection software. There is also a great deal of encryption information, which is used in their programs to avoid virus detection, but it makes for good brain food if you want too learn about ecryption. In fact, a good deal of their articles are how to avoid scanning detections. There is also plenty of articles about their busts and other virus coder/hacker/fraudster busts, such as Virus writers at Cornell University. Definetly one of the darker magazines out there.

Secure IRC How-To
Written by Joseph Mallet

1. The Idea
IRC is a convenient way of talking with other internet-connected people. You can discuss a project, swap recipies or jokes, and sit around and talk about your day. You can even look for a date. But for real business, it isn't such a good idea. The problem is IRC traffic is unencrypted. You can limit connections to certain IP addresses, and you can keep it all on your intranet, but if someone ever got on to your network, they could run a sniffer and see everything you're typing. My goal was to either come up with a way to use an existing IRC client for secure traffic, or write a secure ircd and irc client.

2. The Implementation
Looking at the ircd code, I found it would be a pain to write wrappers to use ssl to send/recieve all text, it would be too big of a job for me. I also decided I didn't want to limit people to a terrible-looking client. I wanted a way to use mIRC or BitchX.

I decided upon running an IRC daemon which would listen on, and accept only connections from, localhost ( I installed my IRC daemon from source, and I edited it to accept only from localhost, and to listen only on localhost, port 6667. But where do I go now? How does this make it secure? Well, that's easy - ssh.

If you force people to ssh to your host, then irc to localhost, all traffic is passed locally unencrypted, and all the text which goes over a network is encrypted by the ssh daemon. The ssh client intercepts it and decrypts it. This limits a user to BitchX or ircii or whatever is running on the server, unless you use X11 Forwarding through ssh and run xchat or kvirc.

3. Use
For every user you want to have access to your IRC server, add an account to the server computer. Then set them up with an ssh client, and install BitchX or the client you would like to use on the server. Now all your external traffic is encrypted. One could probably write wrappers to run a bare irc conntection over ssh and use mIRC if they were on windows, too. And this way, you don't have to muck around in ircd or BitchX's source code, and you get encrypted IRC.

Questions, comments, and corrections may be sent to jmallett{at}newgold{dot}net

Printer Port Hacking
Written by Jackel

Okay if your like me your tired of the same bull FTP hacks you have been doing. So try Printer Port Hacking! How do you printer port hack?

Well let's let Mr.Wizard and Billy show you.

Billy: Gee golly, Mr. Wizard! I'm tired of the lame port 21 attacks!

Mr. Wizard: Well, Billy, let's try a printer hack.

Billy: Gee, how the fuck do we do that?

Mr. Wizard: Well, Billy, the first thing we do is go to this amazing website http://www.hotfiles.com/ to get a networking tools program.

Billy: I like this one, Mr. Wizard.

Mr. Wizard: Then you look for a low end company where the fat fucks don't give a shit.

Billy: Who?

Mr. Wizard: Try a Walmart or K-mart. No try to find the local server.

Billy: How?

Mr. Wizard: scan your local ISP. If you live in a hickville it will be reletively easy.

Billy: You mean Ping all those IP's?

Mr. Wizard: Billy you are a retard! No! Look up ISP in the phone book.

Billy: Okay...

Mr. Wizard: Now find the web address of the ISP's webpage.

Billy: Uh-huh...

Mr. Wizard: Now ping the address of the webpage - say is the address; scan through

Billy: says K-mart.

Mr. Wizard: Now now finger and trace the web administrator.

Billy: Found him at

Mr. Wizard: Now Port Scan the hole range of IPs from to

Billy: Here's one that states port 23 and port 80!

Mr. Wizard: Good boy! Now, the Microsoft system defaults will reside in the printer.

Billy: So use a cracker program?

Mr. Wizard: No, open the spooler and add some porn in there and you just got someone fired.

Billy: Isn't that wrong, Mr. Wizard? I mean, what about our 'ethics'?

Mr. Wizard: Shut up, Billy, shut up.

[note from linear: my apologies to Jackel for the heavy editing (for clarity) and new ending (for humor) that I did to this. Hopefully you don't mind.]

Fake ID Tips: If Jesus Won't Help You, I will!
Written by The 3rd Worm

If you are unable to edit out someone else's photo and put in one of your own, don't give up! It's okay that you don't know how to go to a warez site and grab the latest PaintShopPro or PhotoShopPro and use one of them to perfectly edit an ID. It's perfectly normal! A lot of kids get dropped on their heads at a young age, most of them just don't admit it.

Anyway, an easier thing to do than to change the photo to your own is to make the photo resemble you. Or make yourself resemble the photo. How, do you ask? Well, if you've been observant, you should've noticed some similarities between people. And things that make them appear similar. For example, have you ever gazed at a police officer driving an oinkmobile? And then have you seen another drive by and found yourself wondering if that was the same guy or not? I'm a complete geek that sometimes spends weeks inside my room, and I've still had the opportunity to notice that. Well, here's what makes them similar: They are usually overweight, usually wear uniforms, usually have short hair, and usually have mustaches. (They also sometimes walk like penguins, but that isn't noticeable on an ID.)

So, say the person whose ID you have has a mustache and you don't. But the rest of you looks the same. (Or would look the same if you had a mustache.) What do you do? Either get a fake mustache (recommended), or grow one. The reason that I recommend getting a fake one, is in case the place you scammed has to describe your features to authorities later, they'll tell them that you have a mustache, but you actually don't. (If you're only using the fake id to get free beer, then you're boring and I'm against you.) (This doesn't apply to you if you're getting beer or other alcohol for some idiot who's paying you.)

Now, what if the person doesn't have a mustache? This is where your editing skills come in. It's easier to paste a mustache than it is to paste and allign an entire picture. For this task you have to be a little bit more artistic, and I apologize to those 90% of people who just got thrown out the window. (Yes, I think lowly of most of you.) (No, I don't think highly of myself. I just think lowly of you.) So, what you do, in case you haven't figured it out yet, is you edit the fake id and apply a fake mustache. Hopefully you have access to a good color printer, and have a store near by that sells laminating sheets. You can buy a small self-adhesive sheet set at Staples for about $5. Price varies. The sheets are 10"x12" in size, so you shouldn't have to spend too much money should you have a tendency to incessantly screw up.

"But..." you exclaim, "I can't get a mere mustache to work, I'm too odd looking! Help me 3rd Worm! Help me!" Well, no worry. The possibilities aren't over yet. You might want to consider things like wigs, moles, scars, eye patches (those things one eyed pirates wear), wearing a hat while showing an ID of a bald person in case you have noticeable hair (you will be afterwards described as bald. This isn't recommended for females, nor is the mustache.) In an extreme case, you can consider wearing black round sunglasses and walking around with a dog and an "I am blind" sign. (If you cannot hire a dog, you can always substitute with a walking cane or an equivalent.)

"I'm too cheap to wear a wig! I don't know where to buy one!" This is where creativity comes in once again. Sometimes you can make one out of a coat or a road kill if you're morbid.

I've seen transexuals purchasing things at GoodWill before, but I've never whitnessed them being checked for an ID. If anyone knows what transexuals do for an ID, please e-mail me or write an article about it.


Phone Line Color Codes
Written by Triad

Have you ever opened a can out in the wilderness expecting to find all sorts of goodies inside, but instead where presented with a mass of multi colored wires? I have, and at first it was as fun as a rabid hamster in my pants. However time has passed, and I have learned a few things since then, so here it is in all it's glory.

Color Code in a typical 25 pair phone cable.

Tip Ring
--- ----
Blue Blue
Blue Orange
Blue Green
Blue Brown
Blue Gray

Red Blue
Red Orange
Red Green
Red Brown
Red Gray

Black Blue
Black Orange
Black Green
Black Brown
Black Gray

Yellow Blue
Yellow Orange
Yellow Green
Yellow Brown
Yellow Gray
Purple Blue
Purple Orange
Purple Green
Purple Brown
Purple Gray

That's it. Now go out and do something counter productive to society.

Using WinPopup at Your School
Written by pHire_pHly

Windows Pop-Up or WinPopup, is a program that allows computers connected on a network to send short messages to one another. It's real purpose is basically useless, but we're not using it for it's real purpose today. We'll be using it to laugh at and harass people that go to your school. Shall we begin? Of course.

The easiest way to get into WinPopup is to go to Microsoft Internet Explorer, and in the URL box, type "C:\Windows\WinPopup.Exe". From there, it should launch a little applet, which is WinPopup. We will now discuss how to use it, which is extremly simple.

You should see the catagory "Messages" at the upper left-hand of the window, underneath the name WinPopup. Click it, and go to "Send". From here, you can enter in the name of the person you wish to message. In most schools, you have an ID such as "Chape.09", or simply a number in the case of "29831". You will know, as it will be your PIN in your school. You don't need YOUR PIN of course,... you need the fool's that you are messaging. First, they need to be logged onto the system, or someone has to be logged on under their name. You will, of course, get messages saying that they cannot be found on the network if they are not on the network. Anyhow, make sure "User or computer" is checked instead of "Workgroup" before you enter their PIN\UserID. After you have filled in the "To:" field, you can enter in the text that you wish to send. The server may limit the text to 38 characters or something, and it's 11 characters in my school, so dont write a frikkin book. When you have entered everything, hit (OK) and it will say "Message successfully sent" or something to that effect.

They should now receive the message. On some computers in my school, the recipient's screen turns black and red, and is all blotchy, and repeats the message over and over again, blinking. They have to hit [Ctrl]+[Alt]+[D] in order to close it. On most of the computers at my school however, the message comes up as a clean, crisp, little windows text box. If they hit (OK), (Close), etc, the message will close, although some computers (all of the DELLs at my school) will send two copies of the message you sent.

This program is easy to get caught with, as the message will give the SERIAL number of the computer it's coming from, but most people wont take notice, and even the "Media Center Specialists" at my school will just tell the whole computer lab to stop sending WinPopup messages, as they dont know how to find the sender on the network. The person with the message sometimes acts like a baby and goes to the "Media Center Specialist", telling them that they are getting these weird messages, etc. There are ways to WinPopup the ADMIN account, getting them red hot mad, but the tactics involved usually includes something to the effect of sending the message, then running out and hopping in a car, not to return for days...

The best way to use WinPopup, however, is to harass the innocent. First, find a gullible, computer illiterate sucka' fool, then get their UserID (PIN). This is usually on school ID cards, and most people use them as their lunch account numbers, so you can stand behind\near them and listen to the number they tell the lunch lady. Most of your friends will just give you their UserIDs, making for some fun. When sending messages, it's often hilarious to see what they do when you send fake error messages such as: "***VIRUS ALERT***", or "Error in Drive C:". Another favorite is using the "Stalker" method. Say that your target is a really hot girl. Send a message saying: "Hey Kathryn", or "I like your skirt". Continue to say: "Turn around", "I am behind you", "You can't see me?", "Stand up", "I am watching you", "I love you", "I have your locker combo", or something like that. It's fun to see their reactions. Another option is sending a message stating their full name or their phone number, or send scary notes asking them to put ten bucks in locker 212 or else they loose their dog on Wednesday. It's good times. My favorite is to be like: "Stand up and pat your head three times if you want me to stop". They will usually do it! It's fun to try and keep your laughter in too, when everyone's looking at them funny, and they keep standing up, patting their head, and looking around with wide eyes.

I hope you have fun with your new hobby, and apologize if you already knew this, as it is basic knowledge. In no way is this meant to be tried, right? You alone take responsibility for your actions, thus freeing me, the author from any acusations.

How to Get Free International Flights
Written by phrenzy

What you will need
Now to do this you will need to know some basic information about a victim who flies a lot (info like birth date, last address, etc). If they are a bit suspicious they might want to know if you {the victim} have gone on any trips recently. That sort of info is easy to get so it shouldn't be hard.

The call
when you ring up go they will give you a whole lot of options; choose any except the right one and the booking operator. Tell them that you forgot your pin number and you are updating you records or some crap like that. They get this all the time so it shouldn't be hard. They will ask for your Birth date then address then possibly any recent flights your victim has been on. Then they should give you the pin just like that. It has worked for me heaps of times with no problems. They just tell you to be more careful with your records. Now you have the pin - ring up the same number, then follow the prompts to get to the booking office (if its not one of the options there will be a number in the phone book for bookings). They will ask for some info, but it will be the same stuff you got from the other operator. They will ask for a date that you want to fly, where you want to fly, the usual crap. anyways you should get them to send it to a PO box and it should be there within 3-7 days. Enjoy your trip.

Also if the victim flies a lot I mean A LOT you could book a 2-way first class flight anywhere in the world. You can also get other stuff while your on holiday as long as you book it in advance when you book the flight (like good hotels and rental cars). Go fly 1st class to London, stay in a 5 star hotel, and all meals included drive in a rented z3 roadster. Have fun.

Safety tips
Don't pay out the operator once you get the pin they will freeze the account. Also do it from a payphone (the usual).

Why don't you just card the call?

Well because they won't prosecute you for stealing frequent flyer miles its not money most people never use them any way especially people who fly heaps anyway.

This was merely a demonstration of lack security on the part of whoever runs frequent flyers and was never intended to be used.

Using Domino's as a Small Scale CNA
Written by Ice Pick

As you probably know, Domino's keeps track of all their customers names, and phone numbers on their store computer. What you might not have known is that the computer has a modem, in case the owners want to dial in, and check sales for the day, and shit like that. Now how we can use this to our advantage. Once you have the number, (don't ask how to get it, if you can't get it, don't read anymore) you can dial it from your favorite terminal program. When the modem answers, you will recieve a prompt for the remote logon password. Now, for the best part. Over 80% of Domino's stores use Ultra TMS by National Systems. Now National Systems in all of their ultimate wisdom made the default password "remote". I tend to find that most stores have not changed this.

So after you enter the password, you will be taken to a login screen that will ask you for your employee number. You will have to either guess, or social engineer it. (most employee numbers are 2 digits, although some of them are the last 4 of the SSN. After you have entered the employee number, you will be taken to the main menu of the system. When you are in this menu, go to the Orders sub menu. When you get to the orders sub menu, type in the same employee number, then type in a phone number. If the number is in their system, then you get all the info, (name, address, and sometimes credit card numbers). That is basically it, you may not be able to get into some of the menus, as they are password protected. If you do get prompted for a password, try all the letters, "P" is a very common password. Once you are online with all the Domino's stores in your city, there is no telling how much fun you can have.

Mayhem In The Grocery Store
Written by Killa2Killa

Grocery stores are fun places to wreak havoc on unsuspecting customers and employees so have fun and remember: it was like that when you got there.

  1. Meats: Poke the meat packages open and leave big holes from your finger. Take the hot food i.e. chicken and leave them in various parts of the store. Take any meat and hide it REALLY well. Squeeze the big sausages.
  2. Cheeses: Put the cheese any place warm but take it out of the package first!
  3. Produce: Squeeze the juices out all over the place, floors, shelves, door handles, ect. Throw them at customers and if they get all pissy tell them that the voices in your told you to do it. Set up messy experiments such as the potato.
  4. Fish: This is even better than the cheese and meat - hide fish in a warm or hidden place. Set the lobsters free in various parts of the store. If an employee has a problem tell them that you were helping the lobsters fight back!
  5. Salad Bar: Mix everything together and see employees cry and customers puke!
  6. Bakery: Take a bite out of everything and put it back. Make smiley faces with your finger in everything.
  7. Cereal: Fish through the boxes making as big a mess as you can then yell AH HA loud as you can when you find the prize.
  8. Soups, Pasta, Mexican: Smash the soup cans as hard as you can on the floor. If someone asks say you were experimenting with gravity. Empty out the pasta containers on the floor and watch people slide on them, and then after they slip warn them about the pasta on the floor. Try to carry as many glass containers of sauce as you can and when you drop one casually walk away. Crush all the taco shells.
  9. Candy: Put each piece in your mouth and put it back hehe. Melt it then stick it on handles, doors, knobs, and merchandise.
  10. Condiments: Carry the very large containers of mustard, ketchup, and mayo, than drop them on the floor.
  11. Snacks: Crush all the chips into itty-bitty pieces. Set them on the floor and step on them. Open them up and have a snack, then start talking while eating and spray chips everywhere!
  12. Refrigerators: Take things out and start throwing them around as if you’re looking for something.
  13. Soda: shake them up and leave them or open them and make a mess! Or better yet open right in front of some one and drench them!
  14. Liquor: Crash your wagon into shelves or displays. Take big expensive bottles of the stuff and 'accidentally' drop them.
  15. Toilet paper towels: If you’ve got the nerve pull down you pants and wipe the shit out of your ass!
  16. Throw the toilet paper at people of over isles.
  17. Parking lot: Race wagons in the isles and ram into cars o r trucks. Take as many wagons as you can then call the store and demand a ransom for them. If you don’t mind the scratches run them over with your car. Or just crash them hard into the building.
  18. Bathroom: Lay one on the floor, take a piss on the floor, take out all the toilet seat covers and throw them around the bathroom and the rest of the store. Unravel all the tp and trash the baby-changing center.
  19. Miscellaneous: Remember when confronted by employees, be as mean and sarcastic as possible. The worst that can happen is that you get kicked out of the stores for a day. Also cameras are very few though out the store so these pranks are unlikely to get you caught, and shoplifting is easy. You can also screw with the phones, but I won’t get into that see RBCP’s anarchy in Wal-Mart at WWW.phonelosers.org And finally I have probably left out a lot, and if you have any suggestions, comments, or stories about things you have done here or new things, send them to Killa2Killaphoneloser -at- hotmail -.- com, I will give full credit to anyone that contributes to this article, and if I get enough people contributing, I will probably publish this regularly.

Thanks you bastards!

Pacific Bell Manholes
Written by s0uL-SL1nG3r

In this article i will explain what is inside of those pac-bell manholes that you have been wondering about.

Finding the perfect manhole
First of all, make sure that you find a manhole that isnt close to a lot of houses or a main road, it may take you a while to find an isolated one, but you will find one! The second thing that you want to make sure that you bring with you are some strong friends!!! these manhole lids are often made of steel and are very heavy and akward, and you CANNOT open one by yourself, unless you have a crane, and i dont think you or any of your friends own cranes. And it also wouldnt be very smart to roll around town in your crane looking for the manhole you saw yesterday!!!! Third thing you will need will be a pretty strong crow bar and something strong that you can fit under the sides of the lid to lift it up with, maybe 2 or 3 or 4 crow bars.

Opening the manhole lid
When you first find the right manhole that you are going to open, you will want to check and see if there are any holes in the sides of the lid, (where you will be sticking your crow bar into), without these it will be very hard and probally impossible to lift the lid off. Ok, you and your friends are ready to open this damm manhole eh? Ok, lets get to it!!! The first thing that you want to do is stick your crow bar under one of those openings in the side of the manhole lid, then have one of your friends stick his crow bar under another one of the opening so that you can slide your bar over, this will cause the lid to be on top of your bar and this will make it much easier to take the lid off. Now once the lid is up on your crow bar and you have enough finger room to get under the lid, get a friend and put your hands under the lid and flip it over onto the ground. WHOA, a manhole with out a lid eh? Look down in the manhole, and you should see a ladder leading to the manhole floor. I think you know what to do next:)

Inside the manhole
Ok, you and your friends are in this manhole wondering what to do next. If the manholes are the same where you live as they are out here, then you should see some boxes on the walls, maybe 3 or so. You notice that these boxes look like the boxes at the bottom of the fone poles on the side of the road! These boxes contain fone lines! If you have your linemans set with you, (which you should always bring with you on your little midnight missions), you can open these boxes with your can opener and hook up to some lines, or just raid the damm thing for some manuals and handsets if there are any down there. Look around, be careful, and don't mess with anything that you dont know will do! There might be a "telco air compression pipe", i have no idea what these pipes do, but I wouldn't mess with it unless you plan on getting blown through the ground! Be careful and have phun!

Neither me or the upl-pla, will be responcible for what you do with this information. It is intended for educational purposes only. We will not be responsible if you or your frinds get into trouble.

Letters To UPL

Here are a bunch of emails I've recieved recently, and decided I should share with you, my little UPL groupie cupcakes. Although a few of these people are cool, a majority of them are complete idiots who we should all laugh at. So go on... Laugh.

C'mon! Don't be shy! Laugh!

From: Andy Parsons
Date: Thursday, March 08, 2001 5:29 AM

sorry, I had a great idea for your zine, but it was the same idea i'd just sent to someone else, and now I can't get the message up again (I logged out of my email site and didn't bother to save the message). So to send it to you now i'd have to write it all over again, and i just can't be arsed. sorry!

[note: oddly enough, this is the best article we've ever recieved!]

From: Arbie
Subject: [pla_upl] Linear is a fag
Date: Wednesday, February 21, 2001 7:14 AM


Look linear, your URL made it into a book! I bet you think you're cool now!

My homepage: http://www.phonelosers.org/rbcp/
Contact me: ICQ: #17320246 AOL: ROYBEECP

From: Habib Jamal
Subject: the entertainer
Date: Saturday, March 10, 2001 10:02 AM

your article on 7-3-99 on phone songs was a lot of fun. Right away I unplugged my phonecord and tried them. They were lots of fun, so I started just pushing buttons, with in a minute I had made a sorry rendition of "the entertainer"

3 1 0 # 0 0 3 1 0 # 0 0 3 1 0 # 1 0 *


From: BIadeofIMP
Subject: oh shit...
Date: Thursday, March 08, 2001 12:00 AM

this is the same linear at UPL!!!, koo

From: Zack Morris
Subject: stolen AOL format
Date: Tuesday, February 13, 2001 5:29 PM

Dear Linear,

DAMMIT YOU WHORES!!!! I was gonna steal the AOL layout and stuff up until I saw that you bitches got to it first! I'm the 13370 h4x0r here not you fools, I 0wn3r j00! I was pretty pissed off about all this until I thought of a solution, I'm gonna rape the UPL website and steal your layout instead!

What a idea! You guy's lawyers are gonna be so busy with the AOL people you won't have time to come after me. I hope your trial takes a REALLY long time! Of course as backup protection I have the fact that I have no enjoyable content on my page so no one ever goes to it anyway! Ok thanks for your time. I'll send you a link after I finish raping your page.

1-877-861-8600 ext 592

PS: did I spell sincerely wrong?

From: dominic laspino
Subject: site
Date: Tuesday, February 13, 2001 6:11 PM

i cant wait for the threatening letters from aol!!!!

[note: we've had the stolen AOL layout for a while now, and still no threatening letters. Hopefully, they'll come soon. We can't wait for them either, you see.]

From: tuck167
Subject: [pla_upl] Linear is Gay He told me in a email...
Date: Thursday, February 22, 2001 11:42 PM

Linear has emailed me many times today... and showed me how gay he is... how ill-knowledged he his... I say... he should be Impreached... I say its time for a new leader... someone with half a brain... SOmeone who knows how to use " " right someone who actually knows something about the phone system someone who knows how to hack... Someone whos not a gay 17 year old... Someone who has facial hair... Linear... Is a Fag... he is the Cause of the UPL going no where... Late issues... and all that... He doesn't server the people very well... He makes up fake stories... i wonder if linear knows what a beige box is with out looking it up... Linear... Is bad news... its time someone else takes over... The fag has ruined this UPL long enough... Its time for a change...

[note: this guy has been bugging the upl_pla list with crap like this ever since he got pissed off because I wouldn't put his picture on the loser alert. Sheesh. Myabe someday he'll learn how to use "..." correctly.]

From: Steven
Date: Saturday, March 10, 2001 2:30 PM

you suck

From: Carol Fexa
Date: Monday, February 26, 2001 1:02 PM

dude, how do i become a hacker? mail me a chat so i can talk to u.

From: Carol Fexa
Date: Monday, February 26, 2001 1:02 PM

i wanna be hacker.

[as if the first email wasn't enough.]

From: tuck167
Subject: [pla_upl] You People are Hallarious!!!
Date: Sunday, March 04, 2001 9:32 PM

I'm new in the phreaking community... I've been in the computer community for years... This phone stuff is all new to me... Yeah... You all suck... and the reason i say that is... I've read the stories behind all you that have your stories posted... RBCP... Ooh your really not a failure... and linear how the heck did you fail alegbra??? you guys just don't have a sense of direction... Your level of common sense is about the same as a kid who has the same spelling abilities as me... a 8 year old... Yeah i'm not 8 i spell bad... But ya know what... You all understand what i'm saying... No need to be perfect on something that doesn't count... Yeah i'm leaving this list... yeah i'm leaving... right after i teach you guys a few things... and Colleen i would love to see your neighbor... Hes pretty cool if he can properly use all those programs that i wrote about... I bet that you can't!!! or any other phreak on this page... Look bad at the list... That is not a high school kids material... no... Thats what the pro's use... and if you think that real hackers don't use that... well i've got news for ya... They do... And how do i know your asking well you all will just have to wait and find out.... I have some words to you all on computer hacking... Shut up... ask questions... or show your stuff.. quit talking about how 31337 you are!!! because as we all know... we can careless... Yeah i havn't proved anything of knowledge to you guys yet... It will... Stories will be provided... Skills will be learned... After all... you all suck at social engineering... *hint* *hint*

Brice Carlson

[like i said, this guy keeps bugging the list]

From: Andyfil PJ Ybanez
Subject: asap
Date: Tuesday, March 06, 2001 2:13 PM

Hi, I want to know and learn how to crack a password for aol...thanx


Don't do bad things.

United Phone Losers

Head of State

Rob T Firefly
Department of Wit, Humor

Department of Cynicism, Apathy

Department of Melodramatics

Harry Tuttle
Department of Propaganda

Department of Treasury

el caco
Department of Prolonged Absence