Mastodawn

BarrJess Jun 20, 2025

Long before the internet, some phone networks were hackable by playing a single tone at 2600Hz.

Whistled into a phone, it could grant you unrestricted access. Do you have the vocal chops to be an old-school phone phreak?

I built a web app to test your ability to produce the legendary frequency. You won't get free long distance calls but you will get some honor in the knowledge that you could have been a cool hacker. 😎

I am sad to say that I can only whistle up to 1100Hz... But my wife (a long time woodwind player) is able to consistently get it.

Give it a try: https://phreak.kmcd.dev/

#phreaking #2600Hz #bluebox #RetroComputing #hacker #infosec #Tech

Phone Phreak Emulator

Test your phreaking skills by hacking this phone line.

Show thread

Extreme Electronics Jun 18, 2025

@sudorandom Well i could, "A few" years ago.

And I could get shared fax/landlines to answer me as a fax too. Which was very useful in proving yes, it was actually switched on and answering to a fax tone.

Show thread

Ian K Tindale Jun 18, 2025

@sudorandom when was this ever true? The earliest phones I remember in the 1960s used carbon microphones but had no awareness of tones anywhere in the system, at least from the GPO phone in the hallway by the door. You could dial by imitating clicks by pressing the hook in and out several times, but there was absolutely nothing to do with tones about a phone.

Show thread

Kevin McDonald Jun 18, 2025

@u0421793 Source: https://en.wikipedia.org/wiki/Phreaking#History.

Indeed, this did happen in the 1960s from what I read. I believe this came about "Touch tone" era of telephony, where tones were indeed used to input number input and special tones were used for control systems. It's my understanding that it was new shiny at the time because yes, rotary phones would indeed disconnect and connect the line in order to input numbers. Tone tone would eventually replaced that system.

Phreaking - Wikipedia

Show thread

Ian K Tindale Jun 18, 2025

@sudorandom no, push button DTMF phones didn’t exist back then – they were to come in in the early-middle 80s – but you couldn’t just whistle a tone into them, that’d be insane, it was dual-tones multi-frequency, but none of the frequencies are what you describe, and anyway you’d need to generate two frequencies at once, differently per key

Show thread

Kevin McDonald Jun 18, 2025

@u0421793 bro, I'm reading this from reputable sources. Certain phone routes were vulnerable to a single 2600 tone. Phreaking is said to have begun with the discovery of this exact SINGLE 2600Hz tone.

I agree that the most common signalling mechanism was dual tone but that's not as fun since extremely few people can do that with their voice. And yes, this is why blue boxes exist.

Show thread

Stuck Here Jun 18, 2025

@sudorandom @u0421793

There's a couple of documentaries on Capt Crunch and the other hackers who discovered all of this.

Research phone freaks. It's incredible.

Show thread

Ian K Tindale Jun 18, 2025

@MyWoolyMastadon @sudorandom quite what ‘capt crunch’ actually is is beyond explanation, I’ve never heard of that

Show thread

Stuck Here Jun 18, 2025

@u0421793 @sudorandom

Yep. The toy whistle in the cereal was removed once Ma Bell figured out what was happening.

If memory serves from the documentary about the phone freaks they held competitions.

Ahem, even Jobs & Woziak made an electronic device to mimic tones that allowed people to make free long distance calls. It's in the Jobs biography.

Show thread

Ian K Tindale Jun 18, 2025

@MyWoolyMastadon @sudorandom hang on – what cereal, nobody’s mentioned a cereal yet, what on earth are you talking about.

What on earth is ‘Ma Bell’.

None of this is making any sense.

Show thread

Panicky_Patzer Jun 18, 2025

@u0421793 Cap'n Crunch is the name of an American cereal marketed toward children that came with a "prize" of a child's whistle inside. Apparently, it could create a specific tone that would allow someone to access certain blocked services when played through a telephone receiver. At the time, the American Bell Telephone Company--referred to as "Mama Bell" or "Ma Bell" for short, probably because of their monopolistic business practices--was unhappy about this.

Show thread

narpoleptic Jun 18, 2025

@u0421793 @MyWoolyMastadon @sudorandom Ian, you appear to be assuming that UK-local context is applicable worldwide. For this conversation at least, it is not

Ma Bell = the Bell Telephony family of service providers that used to exist in the USA.
Capt Crunch refers to a promotion that the cereal ran where customers could get a free whistle that allegedly emitted a 2600Hz tone that could be used to get free phone service. This all happened 4 or 5 decades ago. See also https://en.m.wikipedia.org/wiki/2600_hertz.

2600 hertz - Wikipedia

Show thread

Stuck Here Jun 18, 2025

@narpoleptic @u0421793 @sudorandom

What's truly weird is that Jobs & Wozniak dabbled in phone freaking and made money selling a device that mobsters used to circumvent federal agents.

https://www.chaintech.network/blog/a-journey-from-1955-to-1980-the-intriguing-world-of-phone-phreaks/

The Shocking Tale of Phone Phreaks: 1955-1980 Odyssey

Who were Phone Phreaks? And how did they change the course of history of cybersecurity? Uncover this fascinating tale in our insightful blog.

Chaintech

Show thread

narpoleptic Jun 18, 2025

@MyWoolyMastadon @u0421793 @sudorandom oh, I didn't know about the Woz/Jobs bluebox - thanks for the link, I look forward to reading more about it 🙂

Show thread

Stuck Here Jun 18, 2025

@narpoleptic @u0421793 @sudorandom

Grab a copy of the Jobs biography. There's a bit in there about it. It's the chapter in which Jobs & Wozniak meet. It's surreal to think how Jobs used Wozniak and did some shady stuff long before the first Apple Computer.

Show thread

Ian K Tindale Jun 18, 2025

@MyWoolyMastadon @narpoleptic @sudorandom I read it, in the 80s – I remember that bit, I didn’t relate to it at all as it completely contradicted how an actual telephone network works in my experience, so I put it down to just fictional bravado making themselves sound cool, but now I realise it is because they were in a foreign country so things were different for them

Show thread

Marty Fouts Jun 18, 2025

@u0421793 @MyWoolyMastadon @narpoleptic @sudorandom Part of the problem is that your understanding of how the phone system works appears to be limited to the user interface but does not seem to include how the system works internally.

Non US systems also automated long distance routing using tones for in band signals. The frequency wasn’t 2600hz, but it would work the same way.
Even in the 60s.

Show thread

Stuck Here Jun 18, 2025

@u0421793 @sudorandom

Before the big telecommunications break up Ma-Bell or Bell Telephone controlled the phone industry in the USA. Plus they owned the equipment in your home that you paid rent to use. You could never own it. https://www.u-s-history.com/pages/h1803.html

As to cereal, it was a toy whistle given away in Captain Crunch cereal that sparked an explosion in phone freaks. The whistle gave the exact tone needed for free long distance. https://phreaknet.org/phreak/

Bell Telephone System

Show thread

Oriel Jutty

Jun 18, 2025

@u0421793 @MyWoolyMastadon @sudorandom

hang on – what cereal, nobody’s mentioned a cereal yet, what on earth are you talking about.

Kevin has mentioned it, indirectly, in the Wikipedia link he gave you. It literally says: "John Draper discovered through his friendship with Engressia that the free whistles given out in Cap'n Crunch cereal boxes also produced a 2600 Hz tone when blown (providing his nickname, "Captain Crunch")."

As for when and where this happened, the very first sentence of the linked section states: "Phreaking began in the 1960s when it was discovered that certain whistles could replicate the 2600 Hz pitch used in phone signalling systems in the United States."

Show thread

Thomas Lee ✅

Jun 20, 2025

@u0421793 @MyWoolyMastadon @sudorandom Captain Crunch was an American breakfast cereal for kids. Loaded with sugar and other crap. The packages contained a toy, one of which was a whistle. This whistle blew at precisely 2600.

Show thread

Marty Fouts Jun 18, 2025

@u0421793 @MyWoolyMastadon @sudorandom “Cap’n Crunch” was a US cereal that gave away a toy whistle in the box of cereal. Turns out the whistle is supposed to have generated the correct (2600 hz) signal to trigger the in band signal to initiate a long distance call without generating any billing, in effect, free long distance b

Show thread

Ian K Tindale Jun 18, 2025

@sudorandom no, this has never ever been possible – you’re probably talking about some highly local scenario in some foreign country somewhere far away which had different technology, but seriously, this was not the lived experience of any normal person anywhere around when I was growing up, those of us who had a phone at home (which wasn’t everybody) had a normal GPO telephone, which used clicks to dial. Later in the 80s deregulation came and the first DTMF phones arrived, some with green tags (allowed) and some naughty imported ones with red tags (not allowed) (why did they sell them then) and from that point on, people were also allowed to connect a modem directly to the (then-new) phone socket. Prior to that, it was only acoustic couplers allowed. But the acoustic coupler tones were not what you are describing, and didn’t interact with the normal GPO phone system.

Show thread

Oriel Jutty

Jun 18, 2025

@u0421793 @sudorandom Cool. Tell that to Bell and the FBI: https://www.counterpunch.org/2008/06/30/blind-whistling-phreaks-and-the-fbi-s-historical-reliance-on-phone-tap-criminality/

Blind Whistling Phreaks and the FBI's Historical Reliance on Phone Tap Criminality

In 1971, Ron Rosenbaum’s Esquire article, “Secrets of the Little Blue Box”, introduced America to phone phreaks, a subterranean network of geek explorers

CounterPunch.org

Show thread

Oriel Jutty

Jun 18, 2025

@u0421793 @sudorandom As for the "highly local scenario in some foreign country": Yes, the country in question being the USA.

Show thread

Face Thumb Jun 18, 2025

@barubary @u0421793 @sudorandom The USA is foreign to me :)

Show thread

Marty Fouts Jun 18, 2025

@sudorandom @u0421793 Y’all are talking past each other. The 2600 signal was internal in band and not generated by phones. Also it seems that there’s some confusion about the difference between US/AT&T versus other/GPO. they are similar but have different deployment history n

Show thread

PhilSalkie Jun 18, 2025

@u0421793 @sudorandom
IIRC, the 2600Hz tone was part of the system that allowed you to make long distance calls without operator intervention. Time frame was late '60s, early '70s - when in-band signaling was in use for phone equipment on one end of the wire to tell the equipment on the other end what was happening. (Like sounds made when a coin was dropped into a pay phone.) DTMF was used for long distance network signaling starting around 1959.

The 2600Hz tone was used by the local central office to tell the equipment on the remote end that the call had finished.
The hack was that if you played a 2600 Hz tone into a phone that was making a long distance call, the far end would hang up and the near end would not - you could then use a special DTMF box that generated network tones (not the same pairs that later were used by touch tone phones, but the same idea - network DTMF was decades earlier) to dial a new number on the far end. By timing the disconnect correctly, you could make the remote calls without the local end generating any billing information.

Lots of link rot if you go searching for exact details.

Show thread

Ian K Tindale Jun 18, 2025

@PhilSalkie @sudorandom well, no, that’s now how it was

The GPO-installed phone in the hallway of the homes which had a phone were not based on any tone at all. They were based on disconnects, by the dial mechanism. Tones were simply not part of the system – at least from the GPO phone in the home. DTMF phones came with GPO deregulation in the mid 80s, and didn’t involve a single frequency but a dual tone multi frequency system.

Show thread

Josh Jun 18, 2025

@u0421793 You're talking about GPO, so UK? It was different in the US with the bell system. And this 2600 tone was different to the normal phone tones anyway I'm pretty sure. It was a real thing, maybe not in the UK I don't know. There's a very good video on it from the US based Connections Museum channel on YouTube.

Show thread

PhilSalkie Jun 19, 2025

@u0421793 @sudorandom

You're correct that home DTMF (Dual-Tone Multi-Frequency) came later, when used for the home-to-central office connection. The thing is that DTMF was in use for decades before that for central office-to-central office signalling - by the time Touch-Tone phones were introduced, DTMF was a very mature technology.

At the start of dial/disconnect calling, connections between distant central offices still required operator intervention ("Long Distance Calling"). After a while, the trunking system was automated - for example, there might have been 100 physical pairs run between two large cities, and calls were placed on them automatically, with the first few numbers dialed causing a trunk selection, and the remaining numbers being sent over the trunk to dial the destination line at the far end. There were different busy signals for "destination line in use" and "no trunk available" - in the US, those were slow busy and fast busy.

However there was more information that needed to be sent along the trunk line than could be encoded in just the clicks - that's where DTMF came in, it wasn't originally intended for home use at all. Various sorts of billing and logistics information could be sent along with a call - eventually the dial pulses would be captured locally, the trunk assigned, and the number re-transmitted via network DTMF to the far end. This kept the trunk from having to be held while the user dialed and dialed - much more time-efficient.

Show thread

PhilSalkie Jun 19, 2025

@u0421793 @sudorandom

Sometimes you could hear those network tones - dial a long distance number with a rotary phone, and you might hear a distant "beep-bloop-blip-beep-blip-blip-beep" as DTMF was sent from local CO to distant CO. Doing this decreased the amount of time each call took on the trunk line because rotary dialing took time. (As a side note, in the US, the "Area Codes" - three digits, x0y or x1y - were selected so that large areas (NY - 212, LA - 213, Chicago - 312) were "Low Dial Pull", so it took less time than dialing Oklahoma - 405. This saved the users' time, but not time on the trunks.)

When DTMF was used for long distance redialing, there needed to be a way to signal the remote side that the local side had hung up. Two different tones were used for that, the "Caller Hang Up" was 2600 Hz, dunno what the "Receiver Hang Up" was.

The whole "Phone Phreaking" thing in the '70s was about figuring out what was going on with the tones, and how they could be generated by individuals to control the network. One story is that the whole thing started because someone was playing electronic music to a friend on a long distance call, and anytime they played a certain piece, the call would drop. They spoke to someone knowledgeable at the phone company, and was told about the disconnect tones, so any reasonably clean 2600Hz tone for a quarter-second or so would disconnect the far end of the call, leaving the near end still attached to the trunk line.

Show thread

PhilSalkie Jun 19, 2025

@u0421793 @sudorandom

So, even from a rotary phone, with the right equipment (a 2600Hz tone generator and a box that could make network DTMF tones) it was possible to make a long distance call to a specific area, disconnect the far end with a 2600Hz beep, then network DTMF a different number through the handset microphone for the remote CO to dial, and connect to the phone you actually wanted to call. I guess the disconnect tone caused the billing clock to stop, or maybe you had to call some toll-free or reserved system number to then disconnect and make a free call. (In the US, the last four digits "99xy" were reserved by COs for things like "silence", "busy", "ringtone", "ringback", "time", etc.)

The hand-held DTMF concept wound up being adopted by alternate long-distance providers in the US and other countries - if you wanted to use an alternate carrier, you had to touch-tone in some codes, but couldn't do so if you had a dial phone or were on a dial payphone, so you could get a hand-held tone generator to put against the handset's microphone. You could then use Sprint or MCI or whomever as your long distance provider by tone dialing the proper numbers. Some of those units had memory so you could just push one button to send the provider selection and your account number with one press, then dial the number you wanted on the little keypad. (Of course, those DTMF tones were the "Touch Tone" frequencies, different pairs from the "Network" tones.)

Show thread

Marty Fouts Jun 18, 2025

@u0421793 @sudorandom In the US AT&T introduced DTMF in 1963 but the signal in question wasn’t a DTMF signal and wasn’t meant to be generated by a phone.

It did take nearly 20 years for DTMF to become widely used though because AT&T had an incentive to introduce technology slowly until they lost a couple of famous court cases.

Show thread

lpbkdotnet Jun 18, 2025

@u0421793 @sudorandom 2600Hz signalling was mostly in use in the USA.

In the U.K. trunk lines between exchanges often used 2280Hz signalling to route the call.

You would often hear a chirp at the start or end of a long distance call

Eg you can hear the chirp at the beginning of this Noel Edmund’s phone prank:

https://m.youtube.com/watch?v=5ptcKL_T1xw

You may be able to hear another at the end, I didn’t get that far!

More info than you ever wanted about uk telephone signalling here:
https://www.britishtelephones.com/pwover1.htm

Noel Edmonds Phone Calls - Haggis Shooting

YouTube

Show thread

lpbkdotnet Jun 18, 2025

@u0421793 @sudorandom if you want to see a live demonstration of 2280Hz signalling, visit Milton Keynes Museum.

They have an interactive demo (using real GPO equipment) that allows you to listen in on the trunk and hear the beeps that were usually hidden from callers.

It’s an excellent museum with a lot to see and do!

It’s a bit trickier to whistle off a 2280Hz trunk, than it was in the USA, but it was absolutely possible in the UK.

Source: I’ve done it

Show thread

Alex@rtnVFRmedia Suffolk UK Jun 18, 2025

@lpbkdotnet @u0421793 @sudorandom there was also a *lot* more official secrecy about the British telephone network and it was harder to get any information about it until well into the late 1990s. There were also filters in some cases to prevent 2280 Hz being sent down the line from the subscribers end, and even alarms that sounded if it was detected. Phone phreaking was considered fraud against the public purse so risked heavy punishment.

By late 90s it was possible to bluebox some Global Majority countries via Country direct (dial 0800 89nnnnn and send 2280/2600 tone down when you heard the pip) but I never did it as it didn't seem ethically right when you could already legitimately get dirt cheap phone calls compared to the 80s/90s...

Show thread

lpbkdotnet Jun 18, 2025

@vfrmedia @u0421793 @sudorandom "harder to get any information about it until well into the late 1990s"

The city & guilds textbooks Telephony by Herbert & Proctor (1938) and Atkinson (1950) both describe VF signalling in detail. The POEEJ was available in libraries.

Toll-A Dropback was exploited in the 50s, trunk stacking and payphone dodges go back even further. New Scientist wrote about it in Dec 1973!

The filters, alarms and split signalling did make it harder, but not impossible....

Show thread

lpbkdotnet Jun 18, 2025

@vfrmedia @u0421793 @sudorandom The key difference between the UK and the USA wasn't so much technical as it was sociatal.

US phreaking became very counter-culture, "stick it to the man, free long distance for everyone!" with celebrities buying blue boxes.

In the UK, it was far more "interested geeks poking at it for fun to see what it did" with a sense of fair play.

Well, except for those phone engineers inside the system who were abusing their position... but that's a whole other story!

Show thread

Alex@rtnVFRmedia Suffolk UK Jun 18, 2025

@lpbkdotnet @u0421793 @sudorandom

I read Atkinson in the 1980s (had to get it from the library) but only knew about it as I'd been tipped off by engineers at the BBC Receiving Station in Crowsley Park who told me and my friends how the telephone network worked (the BBC and BT operated closely together in that area as BBC Monitoring had HF receivers that could be remotely controlled over the telephone network like todays SDRs)

Show thread

lpbkdotnet Jun 18, 2025

@vfrmedia @u0421793 @sudorandom Atkinson is amazing! I regularly refer to my copy! I may be an outlier... 🤣

The UK phreaking stuff is a favourite subject of mine (can you tell?) and I've spent a lot of time talking to a couple of the 18 people tried at the old bailey in the 1973 "telephone trial of the century" as it was reported in the national press.

They have so many fascinating stories to tell, but not all of them are proud of their past adventures.

Show thread

Dan Piponi Jan 14

@lpbkdotnet @vfrmedia @u0421793 @sudorandom I believe one of my school teachers was one of those 18. AFAIK he was found not guilty.

Show thread

Marty Fouts Jun 18, 2025

@u0421793 @sudorandom It wasn’t something a phone did. It was a form of “in band” signal that the GPO (AT&T in the US) used to communicate between central office (CO) equipment to control routing and billing of automated long distance calls. It was how the GPO eliminated the need for long distance operators.

Show thread

Dr Andrew A. Adams #FBPE 🔶Jun 19, 2025

@u0421793 @sudorandom
US phones. The UK's GPO used different systems in the exchanges.

Show thread

Thomas Lee ✅

Jun 20, 2025

@u0421793 @sudorandom Bell Tell introduced touch tone phones at the 1961 NY Worlds Fair.

Show thread

Ian K Tindale Jun 20, 2025

@DoctorDNS @sudorandom Quite what “Bell Tell” is supposed to mean is an inexplicable mystery. Also, North Yemen didn’t have a Worlds Fair in 1961, Italy did, in Turin.

Show thread

Thomas Lee ✅

Jun 21, 2025

@u0421793 @sudorandom BellTell was the US Bell Telephone company that at one time ran most
Of of the US telephone system. It was a monopoly and later broken up. New York (the one in the US in case you did not know that either) hosted the 1961 Worlds Fair. That's where they introduced the touch tone phone. It and the phone phreakers were an Ametican thing mostly. Do a bit of research?

Show thread

Thomas Lee ✅

Jun 21, 2025

@u0421793 @sudorandom I may have the dates wrong. Bell announced DTMF in 1963, and the world's fair was 64. Faulty memory but I did attend the fair and made a call using it. Not sure when the UK adopted DTMF.

Show thread

V_Mags_Fox 🏳️‍⚧️:3 Jun 18, 2025

@sudorandom @connections

Show thread

GJ Groothedde 🇪🇺Jun 18, 2025

@sudorandom Did it! Anyone can whistle! 😎

Show thread

GJ Groothedde 🇪🇺Jun 18, 2025

@sudorandom (also, I'm a woodwind player 😉)

Show thread

Kevin McDonald Jun 18, 2025

@Eetschrijver curse you and your embouchure! 😆

Show thread

GJ Groothedde 🇪🇺Jun 18, 2025

@sudorandom Indeed. 😎

Show thread

Sordid Amok!Jun 18, 2025

@sudorandom A friend of mine who ran a tiny record label, and set up tours for bands, had a device that would make the sound. Good ol' days.

Show thread

curtmack Jun 18, 2025

@sudorandom I can do it!

Show thread

Vio Jun 18, 2025

@sudorandom I can reach 2400Hz; and I might go higher with training.

But it seems hissing like a cat go WAY highter (about 4000~7000 if I believe the link) ?

Show thread

Vio Jun 18, 2025

@sudorandom Not "Hissing", in fact; blowing through the upper teeth resting on the lower lip.

Show thread

Ross of Ottawa Jun 18, 2025

@sudorandom could only whistle to 2400ish.

I recall discovering 'phreaking' by accident in about 1980 - I had built an audio oscillator and was talking to my brother who'd left home to go to college. I played it over the phone to him - and it made weird clicks back and went to dial tone. lol

Show thread