Blue box


A blue box is an electronic device that produces tones used to generate the in-band signaling tones formerly used within the North American long-distance telephone network to send line status and called number information over voice circuits. During that period, charges associated with long-distance calling were commonplace and could be significant, depending on the time, duration and destination of the call. A blue box device allowed for circumventing these charges by enabling an illicit user, referred to as a "phreaker", to place long-distance calls, without using the network's user facilities, that would be billed to another number or dismissed entirely by the telecom company's billing system as an incomplete call. A number of similar "color boxes" were also created to control other aspects of the phone network.
First developed in the 1960s and used by a small phreaker community, the introduction of low-cost microelectronics in the early 1970s greatly simplified these devices to the point where they could be constructed by anyone reasonably competent with a soldering iron or breadboard construction. Soon after, models of relatively low quality were being offered fully assembled, but these often required tinkering by the user to remain operational.
Over time, as the long-distance network became digitized, the audio call-control tones were replaced with out-of-band signaling methods in the form of common-channel signaling carried digitally on a separate channel inaccessible to the telephone user. This development limited the usefulness of audio-tone-based blue boxes by the 1980s, and they are of little to no use today.

History

Automated dialing

Local calling had been increasingly automated through the first half of the 20th century, but long-distance calling still required operator intervention. Automation was deemed essential by AT&T. By the 1940s they had developed a system that used audible tones played over the long-distance lines to control network connections. Tone pairs, referred to as multi-frequency signals, were assigned to the digits used for telephone numbers. A different, single tone, referred to as single frequency, was used as a line status signal.
This new system allowed the telephone network to be increasingly automated by deploying the dialers and tone generators on an as-required basis, starting with the busier exchanges. Bell Labs was happy to advertise their success in creating this system, and repeatedly revealed details of its inner workings. In the February 1950 issue of Popular Electronics, they published an advertisement, Playing a Tune for a Telephone Number, which showed the musical notes for the digits on a staff and described the telephone operator's pushbuttons as a "musical keyboard". Two keys on a piano would need to be pushed simultaneously to play the tones for each digit. The illustration did not include the tone pairs for the special control signals KP and ST, although in the picture the operator's finger on the KP key and the ST key is visible. In the 1950s, AT&T released a public relations film, "Speeding Speech", which described the operation of the system. In the film, the tone sequence for sending a complete telephone number is heard through a loudspeaker as a technician presses the keys for dialing.
In November 1954, the Bell System Technical Journal published an article entitled "In-Band Single-Frequency Signaling", which described the signaling scheme used for starting and ending telephone calls for the purpose of routing over trunk lines. In November 1960, an article in the Bell System Technical Journal provided an overview of the technical details of signaling systems, and disclosed the frequencies of the signals.
The system was relatively complex for 1950s technology. It had to accurately decode the frequencies and ignore any signals where that frequency might be accidentally created; music playing in the background might randomly contain the SF tones and the system had to filter these out. To do this, the signaling unit compared the signal power from a bandpass filter centered on 2600Hz to signal power in other parts of the audio band, and only triggered if the tone was the most prominent signal. The originating end of the call would play the tone into the trunk line when the call ended, and trigger the remote end to end the call. After a short time, the originating end reduced the tone level and continued to send tone as long as it received on hook status from its local equipment.

Discovery and early use

Before the technical details were published, many users discovered unintentionally, and to their annoyance, that a 2600 Hz tone played into the caller's handset would cause a long-distance call to disconnect. The 2600Hz tone might be present if the caller were whistling into the telephone microphone while waiting for the called party to answer. Upon detecting the tone from the caller's end, the receiving signaling unit sent an on hook status to the connected equipment, which disconnected the call from that point forward, as if the caller had hung up.
Among the earliest to discover this effect was Joe Engressia, known as Joybubbles, who accidentally discovered it at the age of seven by whistling. He became fascinated with the phone network, and over the next decade had built up a considerable base of knowledge about the system and how to place calls using the control tones. He and other phone phreaks, such as "Bill from New York" and "The Glitch", trained themselves to whistle 2600Hz to reset a trunk line. They also learned how to route telephone calls by flashing, which is using very short pulses of the on-hook signal to send routing instructions.
At one point in the 1960s, packages of the Cap'n Crunch breakfast cereal included a free gift: a small whistle that, by coincidence, generated a 2600Hz tone when one of the whistle's two holes was covered. The phreaker John Draper adopted his nickname "Captain Crunch" from this whistle.
The "toll-free" 800 service was launched in 1967 and gave the hackers easy numbers to call. The user would generally choose a number in the target area and then use it as above. Even if billing information were generated, it would be to a 1-800 number and thus free of charge. As before, the remote system would notice a call going to the ultimate non-free number, but could not match the other end.

Technology

It was technically possible to generate the tones with the technology available at the time the system was first deployed. A piano or electronic organ had keys that were close enough in frequency to work. With tuning, they could even be made dead on frequency. For dialing the phone number, the user would press two keys at a time. An experienced pianist might have found the key combinations awkward to play. But a blank player piano roll could have been punched to operate the required keys and dial a phone number. Another strategy would have been to purchase doorbells, remove the plungers, and mount them on a frame that could be set over the piano keyboard. Twelve DPDT pushbuttons, labelled KP, ST and the 10 digits, would operate pairs of plungers to play the phone company tones, after the E7 piano key had been pressed and released.
At the time, there were consumer devices for recording on wire or blank phonograph records, so the piano did not have to be near the phone. Consumer tape recorders came later and made the recording process easier. Small, battery powered, tape recorders allowed the tones to be played back almost anywhere.
It was possible to construct an electronic blue box with 1940s vacuum tube technology, but the device would have been relatively large and power-hungry. Just as it did for radios, shrinking them from the size of toasters to the size of cigarette packages and allowing them to be powered by small batteries, transistor technology made a small, battery-powered, electronic blue box practical.
AT&T security captured its first blue box in about 1962, but it probably was not the first one built.
A typical blue box had 13 pushbuttons. One button would be for the 2600Hz tone, pressed and released to disconnect the outgoing connection and then connect a digit receiver. There would be a KP button, to be pressed next, 10 buttons for telephone number digits, and the ST button to be pressed last. The blue box may have had 7 oscillators, 6 for the 2 out of 6 digit code and one for the 2600Hz tone, or 2 oscillators with switchable frequencies.
The blue box was thought to be a sophisticated electronic device and sold on the black market for a typical $800–1,000 or as much as $3,500. Actually, designing and building one was within the capabilities of many electronics students and engineers with knowledge of the required tones, using published designs for electronic oscillators, amplifiers and switch matrixes, and assembled with readily available parts. Furthermore, it was possible to generate the required tones using consumer products or lab test equipment. The tones could be recorded on small, battery-powered, cassette recorders for playback anywhere. In the early 1980s, Radio Shack sold pairs of Intersil ICL8038 voltage-controlled oscillator chips which were ideal for the purpose. A clever hack was to use a TI-30 pocket calculator as the chassis of the device, with the diodes for the switch matrix wired into the keypad. A miniature audio jack connected through the recharge port for the calculator's optional rechargeable battery would then be used to connect the speaker to play the tones into the handset.
To reduce call setup time, telephone numbers were transmitted from machine to machine in a "speed dial" format, about 1.5 seconds for a 10-digit number, including KP and ST. To catch the cheaters, AT&T could have connected monitors to digit receivers that were not being used for operator dialed calls and logged calls dialed at manual speed. So, some hackers went to the extra trouble of building blue boxes that stored telephone numbers and played the tones with the same timing as the machines.