Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
April
S M T W T F S
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Sponsored Links
Latest Postings
Topic Options
Rate This Topic
#42950 - 07/02/07 01:40 PM On the subject of tracfones... kinda
Joined: Jul 2007
Posts: 3
demonica Offline
UGN Newbie
demonica Offline
UGN Newbie

Joined: Jul 2007
Posts: 3
okee dokee folks, being that im noew here i don wanna step on any toes or nothin, so you admins email me if i go wrong. For strictly educational purposes i would like to delve into tracfone hacking...

Top
Sponsored Links
#42951 - 07/02/07 01:52 PM Re: On the subject of tracfones... kinda [Re: demonica]
Joined: Jul 2007
Posts: 3
demonica Offline
UGN Newbie
demonica Offline
UGN Newbie

Joined: Jul 2007
Posts: 3
once again not steping on toes (*prayers to above*) i work at a convieniance store that sells tracfones and i have figured out to a point the process that is used for activation....

i would like the ok from the admins here b4 i post nE details but the basics with minamal Nfo are as follow:

1: idiot casheir # 14 scans tracfone minute card on register
2: activation data is sent to tracfone server (url unnamed ;#) via telnet or some sorta ssh probably
3: buyer calls company and follows automated voice promts to enter pin
4: server beams info to fone saying "alright already give 'em his freakin minutes!"
5: buyer wears stupid grin cause he thinks he gets good deal!

ok so for a viable hack u need several things:

1: url and connection type (telnet/ssh or other)
2: algorythm for generating new keys( just compare several cards with a matmaticly oriented buddy of yours!)
3: a nice pretty gui to slap on the package!
*grinns to high heaven*

demonica signing out for now(/yells "whaddya mean WE RAN OUTA COFFEE! Must have caffine!!!!!!")

Top
#42955 - 07/03/07 12:11 AM Re: On the subject of tracfones... kinda [Re: demonica]
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
If the thread devs into stealing paid goods it'll be promptly locked. It's also good to keep in mind that several .gov agencies visit this site regularly, so posting about telecommunications fraud isn't something smart to do.

Now, discovery of the activation and maintenance processes is perfectly fine to talk about...

And #a2 It'd be SSH or another secure service; telnet and standard web based would leave them open for sniffing and I'm sure they thought of this. Likely it's a simple web-ap hidden behind an ssl connection.

As for #a4, minutes aren't stored on phones anymore, they're stored on server to where they cannot be edited short of a refil card.

As for what you'd need, b1 is correct, you'd also need the port in which connections are handled; which can get kind of tricky as well, as they can use both SSL (port 443) and another port over the ssl connection.

B2 it'd be likely that the account number is a raw number/letter combination, there would also be some sort of authentication string (likely an MD5ed password) as well as some sort of unique id for that store and possibly one to identify employees. Likely it'd be something such as aaaaaaaaaa.###### where a is the store/location id and # is the unique employee id.

B3, who needs a GUI? Adobe's licensing system for example runs off of a telnet server, nothing fancy ;\)


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#42956 - 07/03/07 02:20 AM Re: On the subject of tracfones... kinda [Re: Gremelin]
Joined: Jul 2007
Posts: 3
demonica Offline
UGN Newbie
demonica Offline
UGN Newbie

Joined: Jul 2007
Posts: 3
Awwwww shuks but the gui makes it som much more fun! anywho yay for admins! hehe thanks for the promt reply and a couple 'o side notes

yes theres several things they do when they swipe the card.
1: they (mystery casheir #1) first have to log on to the stores private network (whalmart *shudders*) but odlly enough they dont use a ssh in the store network

1A: user enters casheir number (asigned to user @ hire)
1B: logs in(pass?)
1C: scans barcode @ register
1D: swipes magnetic strip on card

(given that i dont do they cashier job ima gona sweat talk to a friend 'o mine so be back soon)

Top
#44048 - 11/07/07 03:28 PM Re: On the subject of tracfones... kinda [Re: demonica]
Joined: Oct 2007
Posts: 64
ZER0_DECEPTION Offline
UGN Poser
ZER0_DECEPTION Offline
UGN Poser

Joined: Oct 2007
Posts: 64
Eugene, OR, USA
demonica,

How did it go? Was the self-education worthwhile, or were there too many roadblocks? The ability to hack a tracfone would be indeed powerful. Not only could you keep yourself anonymous, but that'd be huge savings. Though I'd never think to rip off a big company that rips it's faithful off!! **evil grin**

And on an educational level, that'd be a very satisfying experience!


>\zer0.Deception/<

発見
Top

Member Spotlight
Gremelin

Gremelin
Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics45,509
Posts80,677
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 38,673
Gremelin 7,194
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 2 guests and 4 spiders.
Latest News