**** **** *****
** ** ** ** ** **
** ** ** ** **
** ** ** ** **
**** ** ** *****
** ** ** ** **
** ** ** ** **
** ** ** ** ** ** ** ** **
**** ** **** ** ***** **
S.O.B. - Software Orange Box 1.9.4 Caller ID Generator for Windows
Originally Written by The Fixer - (C) 2009 Whirlwind Software
This program may be distributed freely.
DISCLAIMER
S.O.B. is not intended to be used to harass, deceive, or defraud anyone.
It is released as a proof-of-concept tool only. It may be fun, for
example, to put George W. Bush's name and home phone number on your own
Caller ID Display Terminal but it may be criminal to do the same thing
to one belonging to someone else, especially without their permission.
Furthermore, S.O.B. is NOT guaranteed to work with every Caller ID
terminal on the market.
IMPORTANT
S.O.B. saves its configuration in your Windows Registry. If you need to
uninstall S.O.B. in such a way that there is no evidence that this tool
was there, you will need to run REGEDIT.EXE, and search for the key
HKEY_LOCAL_MACHINE/Software/TheFixer/SOB. Overwrite all the data in
that key and its subkeys, then rename them, and only then delete them.
Then (and this is potentially dangerous) overwrite and delete the hidden
file SYSTEM.DA0. There are a number of good commercial and freeware
file shredders that can do this for you.
USING S.O.B.
S.O.B. is a small and very straightforward Windows application which
should be extremely self-explanatory to anyone who has worked with
Caller ID at the programming level. Certainly the Play button, near the
bottom of the application, is self-explanatory - click Play and the
sound of the Caller ID signal you have specified is played through your
sound card.
For the rest of us, however, some of the fields and controls require
some explanation.
NAME AND NUMBER CALLER ID
The two main fields - Number and Name - are the two fields you are
most likely to want to change before generating a Caller ID signal.
These fields are, of course, the phone number and subscriber name that
would be displayed on a Caller ID box if your Caller ID signal were to
be played into it.
Although the new interface is designed to resemble a physical Caller ID
box, with a liquid crystal display representing the name and number to
be spoofed, in fact you can edit the name, number, date and time right
on the display. In fact, you may right-click on the name or number to
select from a list of recently-played names and numbers.
The phone number can be any length but it is strongly recommended that you
ensure that the area code is included. Any hyphens are automatically
removed.
The name can be up to 15 characters and must be in upper case. The
program will truncate the name to 15 characters if you supply one that
is too long, and it will convert to upper case for you. Phone companies
usually transmit the surname first followed by the initials or as many
characters as they can get of the first name.
CALL DATE AND TIME
Below the number and name are the date and time fields. All flavours of
Caller ID supported by this program include the date and time of the
call. You can enter these values yourself in four-digit MMDD
(month/date) and HHMM (hour/minute) formats, or you can let S.O.B. fill
these in for you. To have S.O.B. use the current date and time, click
the Timestamp button. The "Actual Time" light will turn on to indicate
that S.O.B. will use the current time and date.
CALLER ID FORMAT
There are three Caller ID formats supported by S.O.B. These are
standard MDMF Name-And-Number Caller ID, which is the most common type
used in North America; the older SDMF Caller ID format which can only
transmit the caller's phone number and the date and time of the call;
and the Call Waiting Caller ID format which is similar to the MDMF
format but contains additional signaling protocol to enable delivery of
new-caller information during an existing call.
The Format button switches between these three formats.The three Format
lights beside the Name display indicate which format is being used.
PRIVACY OPTIONS
Toward the lower left of the program you will find the Privacy
Button. When you click this you will notice that the Private and Out of
Area lights beside the Number display change.
When the Private light is on, S.O.B. will spoof the "Private Caller"
message instead of the name and number you have specified.
When the Out of Area light is on, S.O.B. will spoof the "Out of Area"
message instead of the name and number you have specified.
If both lights are off, then the name and number you have specified will
be spoofed.
Repeatedly clicking the Privacy button will cycle between these three
modes.
OPTIONS
The Options Menu is accessed by clicking the button near the upper-right
corner of the program that has the "wrench" icon.
In the first versions, only two parameters could be changed with the Options
menu item: the sound Amplitude (its overall volume) and the clipping
level (which shouldn't be changed unless you are technically familiar
with digital audio and have a good reason to change it...)
By default the amplitude is 63, about half of the maximum level of 127.
This should be loud enough for most applications. If the amplitude is
set too high, clipping could occur on certain parts of the Call Waiting
Caller ID handshaking, possibly causing enough distortion that the
signal no longer works.
As of version 1.9, several more options are available. You can now set
markout bits (we found in testing that this produces more reliable results),
and tweak the SAS and CAS frequencies and cadences, although it should be
pointed out that the default settings are the only ones that comply with
the specification that remote Caller ID boxes will be expecting. No support
is available for these settings.
RAW OUTPUT
The contents of the data stream generated by S.O.B. can be viewed in the
status bar near the very bottom of the application. This display is
updated every time you play or save a Caller ID Stream. Note that the
Channel Seizure and other handshaking signals are not shown there
because they include non-data audio tones.
SAVING TO A .WAV FILE
You may find it useful, after you have built and examined a Caller ID
data stream with this tool, to save the audio output to a .WAV file so
that you can share it with others, put it on a portable device, etc.
The Save button near the bottom-right of the application brings up a
Save File dialog box allowing you to do this.
USING THE COMMAND LINE VERSION
In response to requests, we have finally implemented a command-line build
of the program. In addition to having a considerably smaller memory foot-
print, the command line version will allow you to use S.O.B. from a batch
file or even as a CGI on your website! The Command line program will use
any settings you have changed in the Options menu of the main program, except
the "Force Uppercase Name" and "Allow Only Alphanumerics In Name" options.
And of course, if you have registered S.O.B., the command line program can
save your Caller ID streams to a WAV file just as the main program does.
The command line program, SOBCon.exe, contains its own help. Just type
SOBCon at the command line prompt for a summary of command line options.
SOBCon 1.9.4 ¸ 2009 Whirlwind Software
Options:
/name Joe Blow
/num=800-555-1212
/time=06132338
/mode=CWCID
/file=output.wav
/pri
/ooa
/? for detailed help
For detailed help, type SOBCon /? at the command line prompt.
SOBCon 1.9.4 ¸ 2009 Whirlwind Software
Command Line Options
/name followed by one or more words separated by spaces
sets the displayed name in name-and-number MDMF Caller ID
This should not exceed 15 characters total.
e.g. /name George Bush
/num=<number> This sets the displayed number.
e.g. /num=800-555-1212
/time=<timestamp> This sets the time of the Caller ID message
The timestamp is always 8 characters in the
format MMDDHHmm where MM is the month, DD is
the date, HH is the hour and mm is the minute.
e.g. /time=06132338 means June 13, 11:38pm
If this option is not used, SOBCon will use the current
time.
/mode=<mode> This sets the Caller ID mode. Valid values are
CWCID (for Call Waiting), SDMF (for early number-only
Caller ID), and MDMF (for name-and-number Caller ID)
e.g. /mode=CWCID
/pri This sets "Private Call" mode instead of sending a name and number
/ooa This sets "Out of Area" mode instead of sending a name and number
/file=<output filename> Using this option causes SOBCon to output a WAV
file with the specified filename instead of playing
the Caller ID signal through your sound card. If
this is not used, you will hear the sound
immediately. This feature is only available to
registered users.
A few examples:
This example will produce a caller ID stream with "George W. Bush" for
the name, "202-555-1234" for the number, September 12 at 5:51pm for the
time stamp, using Call Waiting Caller ID:
SOBCon /name George W. Bush /num=202-555-1234 /time=09121751 /mode=CWCID
This example produces a caller ID stream that indicates that the call
is marked "Private", as if the caller had dialed *67 before calling.
This also uses Call Waiting Caller ID, although this time we didn't
use the /mode option as Call Waiting Caller ID is the default mode.
SOBCon /pri
This example produces a caller ID stream with "250-953-9000" for the
number, with no name, in the early SDMF (number only) format. In this
example, and the one above, the /time switch was not used, so both
will have your computer's current time and date included in the Caller
ID stream.
SOBCon /num=250-953-9000 /mode=SDMF
This example produces a caller ID stream with "Barney Rubble" for the
name, 606-555-2666 for the phone number, and the current time and
date, in the default Call Waiting format. But instead of playing the
stream through the sound card, it will instead write the stream to
barney.wav for later playback. If the software is not registered,
this feature is not enabled and the program will just play the sound
through the sound card.
SOBCon /name Barney Rubble /num=606-555-2666 /file=barney.wav
USING S.O.B. IN THE REAL WORLD
This program is an educational tool, it is not designed to remotely
spoof Caller ID. Nevertheless, I have received many questions on how to
do that.
The only way to successfully spoof Caller ID with this program without
being directly connected to the Caller ID terminal is through the
emulation of Call Waiting Caller ID - or, the Orange Box. To do this
you would set up the name, number, and call time you wish to have
displayed in advance, select Call Waiting Caller ID, call the number,
and then any time after the line is picked up, play the signal.
To emulate regular Caller ID, you have to be physically present at the
Caller ID Terminal, where you would have to connect a phone line
emulator (expensive piece of test equipment) to generate the ringing
voltage that the terminal uses to know when to expect a Caller ID signal
to come in. Almost immediately after the ring voltage is applied, you
would send the emulated Caller ID signal.
In all cases it is strongly recommended that the sound card be directly
connected to the line through a Part 68 interface, rather than by
acoustic methods which will distort the signal enough to render it
useless.
For more information, seek out the text file on Orange Boxing by
Lucky225 on the net. Also, the Orange Boxing FAQ maintained on
artofhacking.com at http://artofhacking.com/obfaq.htm is a compilation
of answers to nearly every question we have received about the
technique.
------------------------------------------------------------------------
Visit www.artofhacking.com - Get some before it's too late!