Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Phreaking General Information :: med-te~1.htm

MED Guide to UK Telephonics 1



Presents a guide to UK Telephonics
                     ====================================    
                         -+ 0Line +- of the -+ MED +-
                        (an infamous source of gnosis)
                               in Spring, 1997
                     Presents a guide to UK Telephonics.1
                     ====================================

        Well, here's a summary of a lot of info I have managed to accumulate
 over some time. Hope you appreciate it. BTW, I would like to speak for the
 MED in saying we have no (or very little) part in the publication or any
 future publication of 'Medizine', for which it would be a far-fetched idea to
 deem as an HPA mag. Anyway, devour and keep true..

                             ===== Part (i) =====
                             A LITTLE OL' HISTORY
                             ====================

        Originally, the phone-system was run by employed fuk-wits who would
 route the calls for you over a manual switchboard. Lots of fun to be had
 until Subscriber Trunk Dialling (STD) was introduced in 1958 (when there was
 a lot more phun to be had with the old 'probe and listen' methods). As the
 name (STD) implys, it allows the subscriber to 'trunk dial' that is make
 calls without the use of an operator. This gradually killed off the operator
 until  it limited her or him to as they are today, 999, 112, 100, prank etc..
 calls.

        The Joint Electronic Reasearch Agreement was struck up between the
 P.O, Erricsson, GEC, STC, ATE and Siemens Edison Swan in 1956. From here
 they manufactured several experimental exchanges which gave way the the
 electronic TXE range as we knew it.
 The TXE3 never really was, it endured three years of public service between 
 1968 and 1970 before it was fianlly discontinued. In 1976 the TXE4 emerged 
 and  swiftly became 'the' switch. It may be of some note that ATE and 
 Erricson are now both part of the Plessey organisation and Siemens Edison 
 Swan is a part of GEC.
 
        The modernization of the UK network came mainly with the 1960 Routing,
 Switching and Transmission plan. It demanded a network structure somewhat
 simular to that we have today. The RST plan stated that each local telephone 
 exchange should have direct access to its parent 'Group Switching Centre' 
 (GSC) which itself would have direct connections to many other local 
 exchanges. Transit Switching Centres also had to be connected to the GSCs 
 and were of two types, Main Switching Centre, or Group Switching Centre,
 depending on how many subscribers it handled. These Transit Switching Centres
 were connected across the country to enable  quick call setup and a more
 efficient network plan.

        This network structure was held right up to the dawn of digital
 exchanges. Previously, the network had been dominated by Electronical TXE
 (1960+) and  Electo-Mechanical TXS/TXK (1950+). The last in the Electronic
 type exchange  was the TXE4, and there are still many in use today. System X
 was the first  digital system widely used in England, its contractors were
 GEC and PMSL and British Telecom seemed set to install SysX 100% throughout
 the country until  someone thought that it may be unfair for one company to
 have such a hold on the market, and so Erricson were allowed to compete.
 Erricson manufactuer a system called AXE, the version in use in England is
 AXE10, otherwise known as System Y and more or less kicks SysX's ass
 (hehhehkewl).

        The UK telephone network is now nearly totally digital, the last
 electronic exchanges are all being replaced in a great genocidal overhaul
 Currently, the digital network consists of over 4000 digital exchanges and 
 about two more are added every day (including 10,000 kms of fibre that are 
 added to the network each week). The next changes in the network are probably 
 going to occour on the DMSU scale, with new software and further involvement
 into so called `intelligent' switching. The effects of this on us will go 
 unnoticed for some time and at the moment it is targeted largely at 
 cooperations (as the Cyclone Global Virtual Private Network is) and is used 
 as a tool to reduce money spent by BT by being increasingly efficient at 
 routing calls and storing data. Boxing UK is more or less dead - if you're
 not digital then it makes no difference - all exchanges, digital or
 otherwise, communicate with out-of-band signalling. (unless your talking
 about foreign connections in which case, C7 supports backwards compatability
 with C5 and other 'lesser' signalling systems). Time to go back home...

                ================= Part (ii) ==================
                THE LOCAL DISTRIBUTION NETWORK (or Local Loop)
                ==============================================

        All telephone lines in an area form part of an exchange's local loop.
 The link to an exchange from a house can either be analogue or digital; BT
 sell digital links in the form of an ISDN (Integrated Service Digital
 Network) line, but most people have a lax analogue link to their local
 telephone exchange. Wander round your town enough and you'll eventually find
 your local exchange, or you could obtain an internal directory or even ring
 0800800192 and ask BT themselves where it is. Whilst wandering you would most
 probably come across a green cab-box aswell..

 THE CAB-BOX:
 ============

        Cab boxes are invaribly green and house the lines for all the
 immediate BT subscribers in the area. Types of cab-boxes vary from the 
 organised to the choatic, holding up to roughly 1000 pairs (or lines). The
 way the lines are identified is not a particularly friendly one.. more often
 than not, there will be a map of the area the cab-box covers on the side of
 the door, which tells you the route the lines take from the houses to the
 box. Trying to decode the map may take quite some time, and probably won't
 get you anywhere near to finding a particular line inside the box. If you
 want to identify a line inside a cab-box, then you're going to need one or
 maybe two pieces of BT apparatus. These useful objects are known as
 Oscillators and Amplifiers.

        The basic theory is that the BT engineer (or phreak) applies certain
 discreet tones to someone's line, which may then be picked up by an
 Amplifier by waving it around inside the cab-box, thus finding a certain
 line. The (loud) tones needed may be applied to the line in one of
 several ways. First, with the prementioned Oscillator which means you are
 actually going to have to go to the house it runs to and hook the bit of kit
 up to the line, whilst someone else finds the line in the box. The  prefered
 method to apply the tones is to use the famous 4Tel service (which i'm not
 going into), or even more simply with the number 176. If you dial 176, then
 the full number, including STD, of the line you want tolocate, you should
 hear some quick bleeps, which means the tones have been applied to the line
 and you may then whip the Amplifier out and identify it in a jiff.
 Unfortunatly, not every area supports the 176 (Cable-Pair identification)
 number and so you will probably have to get an oscillator or use primitve
 4Tel. If you can use 176, it can be used to engage someone's line without
 their knowledge as whilst it is in use, it will busy the line out although
 calls may still be made on the line.

 A LITLE MORE ON LOCAL LOOP & THE LOCAL EXCHANGE:
 ====================================================

        Lines leave the exchange from its 'Main Distribution Frame', and head
 to the customer's premsis via overhead or underground distribution. These
 telephone lines connect you to the Public Switched Telephone Network (or
 PSTN) which is one of five main BT networks.
 
 If your local TE is a fancy secure affair then there is a good chance that
 it is a good trash target. However, if it is a lowly exchange then there
 is little chance you will find anything of any real intrest at all. If you
 happen upon the good fortune of being able enter your TE, what you will
 find can be extremely varible. As far as computer access goes, most low-key
 exchanges won't have any proper accessable computer equiptment, but just a
 load of terminals for accessing CSS and the relavant switch's Man-Machine
 Interface (MMI, through which they manipulate the switch). These are all
 password secured (and sometimes you will need a swipecard) so you have little
 chance of doing any hacking if you are actually at the site. Some more
 important, or older exchanges will have a processor on the site, which is
 normally a VAX/UNIX affair and you stand more chance of gaining access here.
 If your local exchange is actually a proper switch then you are very lucky
 indeed and could find a whole host of equiptment and intresting
 documentation. However, even at the lowest of the scum of exchanges, you
 may still find the unexpected piece of kit, or perhaps a few Monologs 
 (small devices that log a particular line's activity) which can be worth
 fooling around with or finding the local number for.
 
                         ======= Part (iii) ========
                         THE PSTN AND EXCHANGE TYPES
                         ===========================

       Before diving into the network structure, I would like to say a word or
 two about the UK's most common switches, AXE10 and System-X.
 
 System X is manufactured by GEC/Plessey (GPT) whilst AXE10 is manufactured by
 the Swedish born Ericsson. Both systems are modular in design and so divided
 into a number of sub-systems. These subsystems do not all have to be located
 at the same site, and so often one exchange will father another. On a high
 level, both systems are more or less similar, the only differences being in 
 different names for the different subsystems, but the real difference is
 in the details, which are more obvious to the learned. AXE10 is supiour to
 the lesser System-X and is the choice switch for the external market.
 
 Having said this, all of the _main_ exchanges (DMSU etc) apart from those
 that route internationally use System X rather than the supiour System Y
 (SysX underwent specifications as a military network whereas AXE10 did not).
 AXE10 however, does crop up at most of the internationally routing digital
 sites whereas System X never does, at least on any of the known ones.

        The following is an basic illustration of the Public Switched
 Telephone Network. Obviously it is really a lot more complex then this.
 
 Basic Network Structure of PSTN:
 ================================
      -------    -------  
      + ALE +    + RCU +                            ....... = Switched
      ------:    :------                            . . . . = Not Switched
           -:----:-          ----------
           + DLSU +----------+  DMSU  +  
           + DMSU +          -:------.-  
           -:----:-           :      .             -------       ------- 
      ------:    `--------.   :      .             + RSS +       + RCU + 
      + RCU +             |   :      .             :------       :------ 
      ------- Local Cell  |  -:------.-      ------:-      ------:-      
                          `--+  DMSU  +------+ DLSU +------+ DLSU +      
                             -:------.-. . . + DCCE +......+  DLE +      
                              :      .       -:------      ------:-      
                              :      .        :                  :------ 
                              :      .        :                  + ALE + 
                             -:------.-       :      Local Cell  ------- 
                             +  DMSU  +-------'     
                             ---------- 
                             
  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  
                     +---------------------+  
                     + REMOTE CONCENTRATOR +------
                     +---------++----------+     -  Subscribers (Arseville)
                               ||                -
                               || Digital 
                               || Link
                               ||
     Rest of        +----------++----------+
     Network ;------+     MAIN EXCHANGE    +    -  
                    +----------------------+    - Subscribers (Shit Town)
                    + ON-SITE CONCENTRATOR +-----
                    +----------------------+
 
 TYPES OF EXCHANGE/EXCHANGE FUNCTION IN PSTN
 ===========================================
  
  DMSU - Digital Main Switching Unit - DMSUs switch telephone traffic
       between themselves and handle groups of lesser exchanges. Each DMSU
       handles several old Group Switching Centre areas. Forms part of a fully
       interconnected trunk network. About 52 in entire network.
       DMSUs are exclusivly of exchange type System X.
       Expect tough security at a DMSU.. this includes guards etc as these are
       most important exchanges.

  DJSU - DJSUs have no direct customer exchanges, they just act as a tandem
       between other exchanges. All DJSUs at present to the best of my
       knowledge are located in London.

  DISC - Digital International Switching Centre, very sparse but very
       advanced. Intrestingly, there are no System-X DISCs, as they are all
       AXE10, DMS100 or 5ESS. The ISCs I know of are:
          Keybridge - AXE10
             Kelvin - AXE10  
            Mondial - 5ESS
             Madley - AXE10 & DMS100

  DLSU - Digital Local Switching Unit - This is also known as a Digital Local
       Exchange, or Digital Local Processor Exchange. It provides service for
       all its customers and varying functions according to relationship with
       rest of network.

  DCCE - Digital Cell Centre Exchange - These exchanges handles service for
       its own local customers, nebry RCU/RSSs and local rusting old Analogue
       exchanges (generally Telephone eXchange Electronic). They shuttle calls
       to DMSUs for any lesser exchanges in area which do not have their own
       link. The DCCEs and DLSUs also switch traffic just between themselves
       if a call has no reason to visit a DMSU or likewise.
 
   DLE - Digital Local Exchange - Digital Local Exchanges play host to remote
       or local RCUs and ALEs that are to be replaced with RCUs in future.
 
   RCU - Remote Concentrator Unit - Often little more than glorified 
       cab-boxes. RCUs (System X) and RSSs (AXE10) are basically just meeting
       points for all the lines in an area. They plex all the lines down to
       just a few and send them of to the parent exchange which does all the
       switching and routing. Having said this,  RCUs/RSSs tend to occupy
       entire buildings as they were the old locations of whole Analogue
       exchanges, which have now been replaced with just the limb of a digital
       exchange.
       
  UXD5 - A digital exchange developed from the older CDSS1 Monarch PBX.
       Generally these a used in regions of low-density.. some of  Keltic
       Phrost's older files have sound info on the UXD5.
   
   ALE - ALE are now extremely rare, possible types are Strowger (TXS),
       Crossbar (TXK1) and Electronic (TXE2/4)

   TXE - Telephone eXchange Electronic. A now very scarse breed of exchange.
       TXEs were the bees-knees phreak/hack wise as they all held their
       own UNIX processors and were bloody everywhere, with loads and loads
       of numbers that could be haqed and pissed around with. TXEs handled all
       the calls with computers, but all the telephone links were analogue and
       at no point be converted to digital format. Alas, today nearly all TXEs
       have been replaced with RCUs or RSSs. :(

       It should be noted that one actual location can consist of several
       exchange types, such as DMSU and DLSU or DMSU and DJSU.
      
  Overlayed onto the PSTNetwork is the Digital Derviced Services
 Network (DDSN). The DDSN provides specialised 'LinkLine' services such as
 0800, 0345, 0898 etc numbers. The DDSN consists as switches known as
 Digital Derived Service Centres (DDSSC's) which are themselves controlled by
 a Intelligent Network Database (INDB). Connection to the DDSN is achieved
 via DMSUs.
 
                         ======== Part (iv) =========
                         THE FIVE FUNCTIONAL NETWORKS
                         ============================

        The five main functional networks are thus:

  Visual    PDN    Telex    PCN    PSTN  Functional Networks
     |        |       |       |     ||
 1 --+--------+-------+-------+-----++-- OLO/VAN/INT
     |        |       |       |     ||
 2 --+--------+-------+-------+-----++-- Admin
     |        |       |       |     ||
 3   |        |       |       +------+-- Syncronisation
     |        |       |       |     ||
 4 --^-Transmission Bearer Network--^^-- LOCAL LOOP -- Subscriber
 
 Section 1: The gateways provide a link between the functional networks.
 For instance, a PSTN number for access to PSS, or Telnet could be considered
 a gateway. They also allow access to Other Licenced Operators (OLOs) such
 as Mercury, or Value Added Networks (VANs) such as Cellnet, radiopaging
 etc.. Access to the international network is achieved through International
 Gateway Exchanges.
 
 Section 2: This Admin Network has access to the processors of the five
 functional networks for their management, maintenance and collection
 of data. The Admin Network is BT's own private network and operates using 
 packet switches. If you wanna phuck, phuck this (but do it nicely).
 
 Section 3: A Sync network is used to ensure that the timing between digital
 exchange clocks remains the same. If it did not, and the times at different
 exchanges differed then the exchange would be unable to recieve and 
 retransmit infomation properly.
 
 Section 4: The Transmission Bearer Network consists of many line
 transmission systems which interconnect the functional networks. The
 Transmission Systems each carry a large number of circuits and are used
 to interconnet the switching nodes of each functional network. The points
 at which they connect are called Transmission Repeater Stations.
 
 Now a little about the networks:
 
 The Visual Network primarily provides service for Television companies using
 permanent or semi-permanent routes over high quality radio links.
 
 The Public Data Network is primarily the Packet Switching Stream (PSS), the
 UK's first Managed Data Network Service. Many companies use it, including
 banks, telecom, international businesses etc. PSS is very powerful and
 flexible in use and is virtually error free in its packet-switching
 technology.
 
 Telex is that shit service some libraries use. Even despite its crap
 qulity, over 200 countries round the world use it and consiting of many 
 global businesses of use it for their business tranactions.
 The Private Circuit Network provides an extensive national private
 circuit network transmitting at speeds up to 64KBit/s under Kilostream,
 and 2MBit under Megastream. Some analogue circuits are still in
 operation. The entire network is now uses ACE sites (Automatic 
 Crossconnection Equipment) and is controled from network controllers in 
 Manchester and London.
 
 A Virtual Private Network (VPN) is a closed user group working within the
 PSTN. They use the same connections and exchanges as other traffic but
 are more or less invisible. An example of a VPN is FeatureNet. FeatureNet
 uses exchanges called Advanced Service Units that are basically 
 independant Digital Exchanges. If you want to phuck with an ASU then I 
 suggest you go scanning. If you already have, then you will know them by
 the `You have reached xxxxx ASU' messages some numbers in the ASU ranges
 repeat. An ASU will normally have this message on 9999 so try some (STD) xxx 
 9999 numbers if you're intrested.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH