README.md 4.99 KB
Newer Older
1
2
3
4
**Bluebox AVR**
===============

***Bluebox AVR*** implements a bluebox (see 
David Griffith's avatar
David Griffith committed
5
https://en.wikipedia.org/wiki/Blue_box) on AVR microcontrollers 
David Griffith's avatar
David Griffith committed
6
7
8
9
(currently only the ATtiny85).  This project was initially a 
reimplementation of the PIC-based bluebox presented at 
http://projectmf.org/bluebox.html, but has expanded past that one by 
adding several more tones modes besides just MF and DTMF signalling.
David Griffith's avatar
David Griffith committed
10

David Griffith's avatar
David Griffith committed
11
12
13
Currently, only one board is available for this firmware.  The KiCad 
design files are available at 
https://gitlab.com/DavidGriffith/bluebox-esquire.  More are in the works.
David Griffith's avatar
David Griffith committed
14

David Griffith's avatar
David Griffith committed
15
16
17
18
19
20
21
22
23
24
25
26
27

Description
-----------

Currently only 13 keys are supported.  These are arranged in a 3 x 4 
rectangle with the 13th key appearing at the very top by itself.  That 
one is reserved for playing the 2600hz tone.  The rest are as a standard 
telephone keypad.


Operation
---------

28
There are currently ten tone modes:
29

David Griffith's avatar
David Griffith committed
30
1. MF:  These emit MF tones 0 through 9 with KP and ST -- a standard bluebox.
31

32
33
34
35
36
37
38
	|                |   |            |
	|----------------|---|------------|
	| 1              | 2 | 3          |
	| 4              | 5 | 6          |
	| 7              | 8 | 9          |
	| KP (Key Pulse) | 0 | ST (Start) |

David Griffith's avatar
David Griffith committed
39
2. DTMF:  Standard DTMF dialing tones
40

41
42
43
44
45
46
47
	|   |   |   |
	|---|---|---|
	| 1 | 2 | 3 |
	| 4 | 5 | 6 |
	| 7 | 8 | 9 |
	| * | 0 | # |

David Griffith's avatar
David Griffith committed
48
3. Redbox:
49

David Griffith's avatar
David Griffith committed
50
51
52
53
54
55
56
57
	|              |             |               |
	|--------------|-------------|---------------|
	| US Nickel    | US dime     | US quarter    |
	|Canada nickel | Canada dime | Canada quarter|
	| UK 10 pence  | UK 50 pence |      .        |
	|     .        |      .      |      .        |

4. Greenbox (the first two rows have a 2600hz wink.  
David Griffith's avatar
David Griffith committed
58
   The next two rows have a 900hz + 1500hz wink):
59

60
	|                  |                   |                             |
David Griffith's avatar
David Griffith committed
61
62
63
64
65
66
67
68
69
70
71
	|------------------|-------------------|-----------------------------|
	| Coin collect     | Coin return       | Ringback                    |
	| Operator attach  | Operator release  | Op release and coin collect |
	| Coin collect     | Coin return       | Ringback                    |
	| Operator attach  | Operator release  | Op release and coin collect |
    
5. 2600hz pulse: Emits 2600hz pulses according to the number as on a 
rotary dial (0 is 10 pulses).  This mode predates MF tones.  This was 
how John Draper (aka Cap'n Crunch) and Joe Engressia Jr. (aka 
Joybubbles) were able to phreak using a whistled 2600hz tone.

72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
	|   |   |   |
	|---|---|---|
	| 1 | 2 | 3 |
	| 4 | 5 | 6 |
	| 7 | 8 | 9 |
	| . | 0 | . |

6. AC1

	|       |   |               |
	|-------|---|---------------|
	| 1     | 2 | 3             |
	| 4     | 5 | 6             |
	| 7     | 8 | 9             |
	| Seize | 0 | Clear Forward |

7. AC9

	|       |   |               |
	|-------|---|---------------|
	| 1     | 2 | 3             |
	| 4     | 5 | 6             |
	| 7     | 8 | 9             |
	| Seize | 0 | Clear Forward |

8. IMTS - ANI (Mobile Identification)

99
	|        |   |       |
100
101
102
103
104
105
106
107
	|--------|---|-------|
	| 1      | 2 | 3     |
	| 4      | 5 | 6     |
	| 7      | 8 | 9     |
	| Hangup | 0 | Seize |

9. IMTS - Dialed Digit Pulsing

108
	|        |   |       |
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
	|--------|---|-------|
	| 1      | 2 | 3     |
	| 4      | 5 | 6     |
	| 7      | 8 | 9     |
	| Hangup | 0 | Seize |

0. MTS - Dialed Digit Pulsing (Secode/GE System) - No authentication

	|            |   |            |
	|------------|---|------------|
	| 1          | 2 | 3          |
	| 4          | 5 | 6          |
	| 7          | 8 | 9          |
	| Disconnect | 0 | Connect    |


125
126
127
128
129
Mode is selected by holding down the key corresponding to the mode's 
number while switching the unit on.  A 1700hz tone will play to let you 
know that you've switched modes.  To set the startup mode, hold the 
2600hz key while turning the unit on.  This will cause a 1400hz tone to 
play.  Then press a key for the mode you want to set as the startup 
David Griffith's avatar
David Griffith committed
130
mode.  Two tones will then play to let you know that your desired mode 
131
132
133
has been saved to memory.  To set a slow tone length (120 milliseconds), 
press the star key.  To select a fast tone length (75 milliseconds), 
press the hash key.
134
135
136
137
138
139
140
141
142


Building and Installing
-----------------------

Building the bluebox firmware requires GCC-AVR, preferably in a Linux or 
BSD environment.  To write the firmware to a completed board, you will 
need AVRDUDE.  Both of these tools are usually available in Linux and 
BSD software repositories.  You will also need an AVR programming 
143
144
device.  Ladyada's USBtinyISP (https://www.adafruit.com/product/46) is 
inexpensive, easy to use, and will do the job nicely.
David Griffith's avatar
David Griffith committed
145
146

Typing "make" will show you a list of build targets:
David Griffith's avatar
David Griffith committed
147

David Griffith's avatar
David Griffith committed
148
149
    This Makefile has no default rule. Use one of the following:
    make hex ........ to build bluebox.hex
150
    make bin ........ to build bluebox.bin
David Griffith's avatar
David Griffith committed
151
152
153
154
155
156
    make program .... to flash fuses and firmware
    make eeprom ..... to extract EEPROM data from .elf file and program the device with it.
    make fuse ....... to flash the fuses
    make flash ...... to flash the firmware (use this on metaboard)
    make clean ...... to delete objects and hex file