Introduction: Arduino 12-mode Blue Box - Introduction
FIRMWARE UPDATE!! - 10/2/2015 - See last step for details
Presented here is an Arduino-based "Blue Box". It produces the "traditional" Blue Box 2600Hz tone and MF (multi-frequency) tones, but does much more! It also produces 12 tone signalling systems used by phone phreaks to hack other more exotic system in the US and overseas, including early pre-cellular mobile telephone systems from the 50s, 60s, and 70s,
The box has 12 non-volatile tone sequence storage memories that can store and play back up to 32 tones each. Each memory saves the tone mode as well. All operating parameters, such as tone duration, volume level, backlight status, reminder beep status, and current tone mode are saved to non-volatile EEPROM memory automatically and are restored when the box is powered up. EEPROM errors are automatically detected and corrected when the box is powered on.
An optional LCD provides full information of the operating status of the box and enhances the appearance and user-friendliness of the unit.
This box features sine-wave tone generation using PWM wave-table lookup techniques. It sounds much better than generating the tones using the two-pin square wave output techniques utilized by the standard Arduino "Tone" library.
I designed this new blue box, as I was out of the PCB boards for my older PIC_based blue box design and was looking for a way for others to easily construct a blue box for use with my ProjectMF system, using inexpensive and commonly available parts. This design is easily the most full-featured and technically sophisticated blue box design available. I am a telecommunications and software engineer and took great pains to be sure all of the tone modes are accurately represented. The code has been thoroughly debugged and well-tested.
The following modes are supported. Note that ALL of these modes are obsolete (well, not DTMF!) and no longer work on "real" public telephone systems, except for private systems (like ProjectMF) set up for historical purposes. They are included to preserve the sounds of these old tone signalling systems:
MF (R1) - The 2600Hz/Multi-frequencysystem that ran Ma Bell's long distance network back in the day
DTMF (Touch-Tone, Autovon) - Used on almost every land line phone. A-B-C-D keys used to set call priority on the old Autovon military phone system.
CCITT #5 (C5, SS5) - Same MF tones as R1 (with a few additional tone pairs for special routing), but uses a different tone sequence for international trunk clear/seize.
CCITT #4 (C4, SS4) - Unusual 4-bits/digit tone encoding. Used in the UK and other European countries.
2600 Dial Pulse - Same method used by Joybubbles (Joe Engressia), Captain Crunch (John Draper), and Bill from New York (Bill Acker) to whistle free calls.
Pay Phone Modes - Simulates both US and Canadian nickel/dime/quarter payphone coin drop tones (Red Box). Also simulates US pay phone remote operator control tones (Green Box) and 2600Hz prefix control flash.
R2 (MFC) - Unique forward multi-frequency tone pairs, 2280Hz clear/seize tone, as used in the UK. Replaced the older AC1/AC9 UK dial pulse systems.
AC1- Old UK tone dial pulse trunk signalling, as used by very early UK telephone "enthusiasts".
AC9 - Newer UK dial pulse trunk signalling, as used by early UK telephone "enthusiasts".
MTS (Mobile Telephone Service) - Pre-cellular, pre-IMTS mobile phone service tone signalling and dialing
IMTS ANI (Improved Mobile Telephone Service ANI ) - Newer pre-cellular mobile authentication spoofing
IMTS Digit Dialing - Improved Mobile Telephone Service (pre-cellular) digit dialing,
Step 1: Background Information
The blue box is an electronic device that simulates a telephone operator's dialing console. It functions by replicating the tones used to switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls. The blue box no longer works in most western nations, as modern switching systems are now digital and no longer use the in-band signaling which the blue box emulates. Instead, signaling occurs on an out-of-band channel which cannot be accessed from the line the caller is using (called Common Channel Interoffice Signaling (CCIS)).
A blue box generates the tones that controlled the old long-distance telephone network. Typically blue boxes are handheld electronic devices with buttons or a keypad like a Touch-Tone phone, but they can also be implemented in software on a computer. Blue boxes typically have an external speaker that emits the tones, and it gets held up to the mouthpiece of a telephone to make a call with the blue box. See the Wikipedia article and Phil Lapsley's excellent new book "Exploding the Phone" for more details about blue boxes and the early phone phreaks - the original hackers.
In the US, the operation of a blue box was/is simple, using the MF/R1 signalling system: First, the user places a long distance telephone call, usually to an 800 number or some other non-supervising phone number. For the most part, anything going beyond 50 miles would go over a trunk type susceptible to this technique. When the call starts to ring, the caller uses the blue box to send a 2600 Hz tone. The 2600 Hz is a supervisory signal, because it indicates the status of a trunk; on hook (tone) or off-hook (no tone). By playing this tone, you are convincing the far end of the connection that you've hung up and it should wait. When the tone stops, the trunk will go off-hook and on-hook (known as a supervision flash), making a "Ka-Cheep" noise, followed by silence. This is the far end of the connection signaling to the near end that it is now waiting for MF routing digits. Once the far end sends the supervision flash, the user would use the blue box to dial a "Key Pulse" or "KP", the tone that starts a routing digit sequence, followed by either a telephone number or one of the numerous special codes that were used internally by the telephone company, then finished up with a "Start" or "ST" tone. At this point, the far end of the connection would route the call the way you told it, while the users end would think you were still ringing at the original number.
Even though this is all obsolete, it is again made possible by a set of modifications and patches made to the open-source Asterisk PBX server. It allows users to dial into the system via a variety of access methods, including the regular public switched telephone network and SIP. The user is presented with a ringing line. The ringing can be disconnected and the trunk seized by playing a 2600 tone into the line. Thereafter, the call can be diverted to another number or to a series of internal recordings and functions that reside on the server/switch by playing MF or multi-frequency tones into the line. This is all perfectly legal, as the system is totally private. It is really more than a simulation. The call is going over a trunk group of 24 SF/MF trunks, although both sides of the trunks are terminated on the same PC. The hardware that makes this possible is two extra dedicated Ethernet cards on the PC running T1 over Ethernet protocol over a loopback Ethernet cable. Your incoming call gets looped over one of the 24 trunks before terminating back on the same switch, so you have 2600 and MF control.
I have maintained a public ProjectMF system for over 7 years now. At last old-timers, aspiring phone phreaks, and the curious can experience the clandestine thrill of blue boxing their own calls! I have extended Phiber's original patches to add to the realism and reliability of the system. Lots of the old tricks are possible, including trunk "stacking",as illustrated in one of the Phonetrips recordings. Access is at +1-630-485-2995.
Step 2: Arduino Blue Box Operation Overview
YouTube video at: http://youtu.be/_KHAGNpQo-c
Step 3: Blue Box Construction Details
YouTube video at: http://youtu.be/tK45aoz0oD4
Step 4: Blue Box Manual and Software Configuration
YouTube video at: http://youtu.be/HLnmIA7fzJs
Step 5: Software and Construction Documentation Download Links
Download link for latest Arduino software and documentation: Download Link, or download the software, libraries and documentation package in a convenient .zip file directly from Instructables at the end of this step.
Note that the hardware and code are designed to work only with the newer Arduino Leonardo architecture boards that use the Atmega 32U4 chip. Older Arduino Uno-style boards will not work.
The Blue Box uses standard Arduino IDE libraries, plus some customized libraries that are included in the software distribution compressed .zip files. These libraries must be installed before attempting to configure and compile the software.
The software must be configured by un-commenting the correct "#define" statements at the beginning of the code, to match the hardware configuration used. See the manual for details.
Additional videos that highlight the operation of the various modes are on my YouTube channel at: https://www.youtube.com/user/df9999999999/videos
FIRMWARE UPDATE!! - 10/2/2015
I added a minor change to the sine wave table definition that was preventing the code from compiling with the newer Arduino IDEs. The sine table is stored in program memory. Newest IDEs require the "const" keyword before the table array definition.
The .zip file found here as well as at the download link now contains this change. No other code changes, so the version remains the same.