UGN Security

On the subject of tracfones... kinda

Posted By: demonica

On the subject of tracfones... kinda - 07/02/07 01:40 PM

okee dokee folks, being that im noew here i don wanna step on any toes or nothin, so you admins email me if i go wrong. For strictly educational purposes i would like to delve into tracfone hacking...
Posted By: demonica

Re: On the subject of tracfones... kinda - 07/02/07 01:52 PM

once again not steping on toes (*prayers to above*) i work at a convieniance store that sells tracfones and i have figured out to a point the process that is used for activation....

i would like the ok from the admins here b4 i post nE details but the basics with minamal Nfo are as follow:

1: idiot casheir # 14 scans tracfone minute card on register
2: activation data is sent to tracfone server (url unnamed ;#) via telnet or some sorta ssh probably
3: buyer calls company and follows automated voice promts to enter pin
4: server beams info to fone saying "alright already give 'em his freakin minutes!"
5: buyer wears stupid grin cause he thinks he gets good deal!

ok so for a viable hack u need several things:

1: url and connection type (telnet/ssh or other)
2: algorythm for generating new keys( just compare several cards with a matmaticly oriented buddy of yours!)
3: a nice pretty gui to slap on the package!
*grinns to high heaven*

demonica signing out for now(/yells tired "whaddya mean WE RAN OUTA COFFEE! mad mad Must have caffine!!!!!!")
Posted By: Gremelin

Re: On the subject of tracfones... kinda - 07/03/07 12:11 AM

If the thread devs into stealing paid goods it'll be promptly locked. It's also good to keep in mind that several .gov agencies visit this site regularly, so posting about telecommunications fraud isn't something smart to do.

Now, discovery of the activation and maintenance processes is perfectly fine to talk about...

And #a2 It'd be SSH or another secure service; telnet and standard web based would leave them open for sniffing and I'm sure they thought of this. Likely it's a simple web-ap hidden behind an ssl connection.

As for #a4, minutes aren't stored on phones anymore, they're stored on server to where they cannot be edited short of a refil card.

As for what you'd need, b1 is correct, you'd also need the port in which connections are handled; which can get kind of tricky as well, as they can use both SSL (port 443) and another port over the ssl connection.

B2 it'd be likely that the account number is a raw number/letter combination, there would also be some sort of authentication string (likely an MD5ed password) as well as some sort of unique id for that store and possibly one to identify employees. Likely it'd be something such as aaaaaaaaaa.###### where a is the store/location id and # is the unique employee id.

B3, who needs a GUI? Adobe's licensing system for example runs off of a telnet server, nothing fancy wink
Posted By: demonica

Re: On the subject of tracfones... kinda - 07/03/07 02:20 AM

Awwwww shuks but the gui makes it som much more fun! anywho yay for admins! hehe thanks for the promt reply and a couple 'o side notes

yes theres several things they do when they swipe the card.
1: they (mystery casheir #1) first have to log on to the stores private network (whalmart *shudders*) but odlly enough they dont use a ssh in the store network

1A: user enters casheir number (asigned to user @ hire)
1B: logs in(pass?)
1C: scans barcode @ register
1D: swipes magnetic strip on card

(given that i dont do they cashier job ima gona sweat talk to a friend 'o mine so be back soon)


Re: On the subject of tracfones... kinda - 11/07/07 03:28 PM


How did it go? Was the self-education worthwhile, or were there too many roadblocks? The ability to hack a tracfone would be indeed powerful. Not only could you keep yourself anonymous, but that'd be huge savings. Though I'd never think to rip off a big company that rips it's faithful off!! **evil grin**

And on an educational level, that'd be a very satisfying experience!
© 2018 UGN Security Forum