[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]

..[ Phrack Magazine ]..
.:: Rolm systems ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ]
Current issue : #3 | Release date : 1986-02-01 | Editor : Cheap Shades
IndexCheap Shades
Rolm systemsMonty Python
Making shell bombsMan-Tooth
Signalling systems around the worldData Line
Private audienceOverlord
Fortell systemsPhantom Phreaker
EavesdroppingCircle Lord
Building a Shock RodCircle Lord
Introduction to PBX'sKnight Lightning
Phrack Issue(03), Number(10)Phrack
Title : Rolm systems
Author : Monty Python
                                ==Phrack Inc.==
                    Volume One, Issue Three, Phile 2 of 10

    The purpose of this file is to tell you what you would be dealing with if
you stumble across this system, or if you know of a company that is using this
system. It doesn't go into incredible detail, and is lacking in areas. It is
not a guide to hacking into it, just letting you know what you would be dealing
with. This is to pique your interest in the system.

   So What the Hell is ROLM?
    ROLM is a "Business Communications System" bought by IBM a few months ago,
in an effort to compete effectively with AT&T, and get a larger share of the
market, in a grand master plan to become "Big Daddy Blue" as opposed to "Ma
Bell". It is a very complex system, with features such as PhoneMail, A
Super-PBX, Local Area Networks, Public and Private Data Networks, Desktop
Communications, and Call Management.
    The heart of the system is the Controller, called the CBX <Computerized
Business Exchange>. This controls the entire network accessible through ROLM.
Since 1983, the CBX was redesigned and upgraded to the CBX II. It is a PBX with
much much more <See 'Introduction to PBX's' available on your local bbs> to
offer, and that is ROLM's claim to fame. It is light years ahead of the regular
PBX system.

    The CBX II

    The CBX II is the core of the ROLM network. It is computer driven and
expandable from one node, with 165 channels, to 15 nodes providing 11,5200
2-way channels. The smaller business could have a model with a 16 user maximum
limit, but it can go up to 10,000 users, though this would be quite rare <and
quite God Damn expensive!>. It can be accessed from outside lines <like you> as
well as HardWired units, with a switching system to prevent busy signals on a
port. Speed depends on the system in place, either the newer, faster ROLMbus
295, or the older standard ROLMbus 74. <see Service manuals for exact details>
The larger the system, the faster as well. It is adjustable to accept different
bandwidths for the various components, such as Telex, Voice, Data, Mainframe,
LAN, Video <ta-da! Picturefones in reality!>, and anything hooked up to the
system. Similar tasks can be bunched onto one channel as well, at high or low
speeds. If multiplexing is used <above>, the maximum speed is 192,000 bps, and
if using a single interface, the top possible rate is a mindboggling 37,000,000
bps, which if you ask me, if just fluff and not too practical, so they are
usually multiplexed. <Now, what a difference that is from 300 baud!>.  Using
the CBX II network, you might find just about any kind of mainframe, from HP,
to DEC, to VAX, to the IBM 327 series.
   Note : There is a smaller version of this called the VSCBX.

    Phone Mail

     This is one of the little beauties of the system, something truly fun to
fuck with. I called ROLM Headquarters in California to ask specific questions
about ROLM, posing as a researcher, and I got the big runaround, transferred
from department to department. Maybe you can get further than I. Their  is
408-986-1000. The  to PhoneMail from the outside is 800-345-7355. A nice
computer-generated voice comes on asking you to enter your Extension number
<which each employee has>, and then enter the "" sign. Then enter your
password. If you make around 3 or 4 bad attempts at an Extension of Password,
it will automatically ring another number, assistance I assume, to find out why
there has been an unsuccessful entry attempt. I haven't played around with this
that much, so leave mail to Monty Python with whatever you find. Once entering
an authorization  with correct password, you will be presented with more
options, leave messages to other people, and whatnot. You can hear your
messages, forward them to another person, leave the same message to more than
one person, change your welcome message, etcetera. The service is for those
business-type pigs who never sit still for one minute, like they are
permanently on speed.

     A Phone Mail Scenario

     Let's say if Mr. Greed goes out to meet his secretary at a motel, but
definitely has to get that important message from Mr. Rasta, who's bringing in
$3 mil in Flake, and can't trust it to the person who would handle it <ie: the
person filling in for his sec with the tremendous tits who is getting balled by
the dirty old fat man>. Mr. Greed would have given Mr. Rasta his phone  and he
would be forwarded to the Phone Mail network, where he would hear a message
left my Mr. Greed, to anyone who would call. Mr. Rasta would leave his message
and hang up. Then Mr. Greed could call up the 800-345-7355 , punch in his
extension authorization number, and password. Or, if he was back at the office,
he could get it there through DeskTop communications. Messages can be delivered
without error, in the person's own voice, without other people knowing about
it. Therefore, someone with enough knowledge could use an unused account and
use it as his own service, without the knowledge of others.

    DeskTop communications

     ROLM has developed a Computer/Telephone integrated device for use with the
Desktop communications. It is linked with the CBX II through fone lines, thus
accessible by you and me from the outside. It is not hardwired, though it can
approach hardwired speed. If you could get your hands on one of these
computer/fones then I think you would have found something very useful at home,
in your general life. But you could access the network without the special
features of the fone, like one touch dialing, which is designed for the stupid
lazy businessman. You can access company databases through the network,
mainframes, other people, just about anything as if you were right there and
told your secretary to do it for you. There is special software used by the
computers or computer/fone but it can be improvised and is just an aid. It uses
a special protocol <Don't know what, try to get your hands on one by trashing a
sales office>. What is great is that everything is tied together through
telefone lines, and not RS-232C! Thus, there is an access port....somewhere.
Scan the 's around the office  using ROLM. How do you know if it is using
ROLM one way or the other. Compile a list of local businesses, call them up
saying "This is ROLM Customer Support. We have a report of a complaint in your
CBX II network, let me speak to your supervisor please." If they say "ROLM? CBX
II? We don't use that" then just apologize and go elsewhere. Or say that you
are from ROLM corp and would like to know if the company is interested in using
it to network its system. Like, if they have it already, they would say that
they had it. And if they didn't, you would just give them a fake  <or if
you're nice the  for the local sales office obtainable in the list below>.

    But you know what's REALLY Great? They have made the network link in mind
for the person with a Computer IQ of about 0. Commands are in plain English.
Here is a demonstration screen as seen in their brochure:
           CALL, DISPLAY or MODIFY

           Display groups

             [00] PAYROLL       [01] MODEM       [02] IBMHOST
             [03] DOWJONES      [04] DECSYSTM    [05] MIS-SYSTM
             [06] DALLAS        [07] SALES

           Call Payroll

           CALLING 7717  <which would be the ID code for the PAYROLL file>
           CALL COMPLETE

           **PAYROLL SYSTEM** <or whatever they want to call it>

    See, nothing is confusing, everything pretty self-explanatory. There may be
more than one person wanting to do the same thing you are, so if there is, you
would be put on a queue for the task. It seems that those with an IBM would be
best suited for ROLM hacking, because ROLM is owned by IBM, and the PC's used
by the network are IBM. A person with a simpler fone/Terminal couldn't access
something like their DEC mainframe, or something like that. By calling in, you
could not run an application, unless you had a special interface, but you could
access the database, which any dumb terminal could do.
    However, there are security levels. Thus one with a privileged account
could access more things than one without it. Like Joe Schmoe in Sales couldn't
get to Payroll . It seems that for non-IBM's to access some of the parts of the
network, you would need an interface to become the same thing as a RolmPhone.
    Excessive 's of bad logon attempts, which would be construed as a linking
error would notify the network manager, And if they saw that there was no
hardware error, eventually, they would think of if they were somewhat
experienced, you guessed it, hackers.

   The PBX

    ROLM has something called Integrated Call Management <from here on known as
ICM>. Now, when designing ICM, they must have taken into account the abuse
possible in plain ol' PBX's. So they put in something called Call Screening.
This will enable the company to restrict calls to certain 's and prefixes.
Calls to non-business 's or certain areas can be screened out <"No personal
calls on my time, Johnson!">, with the exception of 1 specific  that you want.
    There is a choice of having a codeless, screened PBX, or a PBX where
accounts are assigned to each employee, and the 's they call get recorded to
that account. There can be privileged accounts where a large volume of calls
would go relatively un-noticed. But I don't think that large-scale abuse of
this system would be easy or practical. Calls are routed AUTOMATICALLY through
the service where the rates are cheaper to the location dialed, which is pretty
fucking cool.  And, the PBX is accessible from the outside, using Direct Inward
System Access, making it AB-useable.
    But what about if there is Equal Access in that area? It doesn't matter,
the CBX will automatically access the service without you having to worry about
it <hell, this is totally unnecessary for a hack/phreak, cause we ain't paying
for the damn call anyhow!>
        BUT!: There is a use of Call Detail Recording, where information on all
ingoing and outgoing calls are recorded.


     Not a lot of research went into this file, but it did take a little while
to type up, and all of the information is correct, to my knowledge. Anyone is
free to expand on this file into a Part II. It was written to enlighten people
about this system, and I hope this has helped a little bit.
     Sysops: You are free to put this file up as long as NONE of the credits
are changed! <this means the Phrack, Inc. AND Personal credits>. Please give us
a chance.

    Coming soon, to a telephone near you: The Return of The Flying Circus. Look
for it.
                   --Later On
Monty Python             <01/11/86>

[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2016, Phrack Magazine.