phreaking - blue box

blue box
The Blue Box operator wants to make a call from New York to Washington. He starts dialling the (toll free) 1-800 number of a company which has it's headquarters in San Fransisco (or somewhere else, but the call has to be a long distance call). After dialling the number, he will be connected to a New York tandem. The sending side of that tandem will stop whistling the 2600 Hz tone. Your New York tandem sends tones to an idle tandem (which is whistling 2600 Hz) in San Fransisco now. San Fransisco stops the 2600 Hz and listens to the tones coming from New York, telling him to ring that 1-800 number. The tandem rings the phone to ring and the phone company's computer notes that you have started a toll free 1-800-call. Everything's normal so far.

2600 Hz
The phreak pushes his Blue Box on the mouthpiece of the phone now and presses the 2600 Hz button. The San Fransisco tandem thinks the signal comes from the phone company's equipment and ends the connection to the 1-800 number. But. The Blue Box operator stops, after about a second, the 2600 Hz tone. San Fransisco doesn't hear the 2600 Hz anymore and thinks there is coming another call over the line again. The phone company doesn't know you started a new call because you didn't hang up. The tandem isn't ready to ring a number yet. The Blue Boxer presses the KP (Key Pulse) button of his device. This will make the registery ready for a new call. He dials out the number he wants to call in Washington on his Blue Box and he's connected.

ESS?
Some people say Blue Boxing under ESS is impossible. This is not true. Blue Boxing became a bit harder, but not because of ESS.
First you have to know something about in-band and out-band signalling. In-band signals are the tones which can transported over normal telephone lines. Other frequency's which are used by the phone company, but which cannot be transported over the normal band, are therefore out-band signals.
What makes it difficult to the Blue Boxer are the CCISlinks (out-band signalling). 99% of all tandems comunicate with CCIS links. When you blow a 2600 Hz through the line the tandem knows that tone isn't coming from the system. because a system that works with CCIS doesn't use a 2600 Hz tone, but another one, out-band of course, so the phreak cannot emulate it. When it hears a 2600 Hz the tandem disconnects.