syn2cat
/
phrack
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
phrack/phrack47/19.txt

640 lines
30 KiB
Plaintext
Raw Permalink Blame History

==Phrack Magazine==
Volume Six, Issue Forty-Seven, File 19 of 22
A Guide To British Telecom's Caller ID Service
By DrB0B
(DrB0b@grex.cyberspace.org)
Introduction:
Whilst caller ID services are old news to American readers, to UK phone-
phreaks they are a new and potentially exciting addition to British-
Telecom's network services. Many people will have already read articles
describing CNID, almost invariably these articles have been based on systems
utilizing Bellcore's CLASS signalling requirements, it should be
noted that while BT's Caller Display System is also based on CLASS there
are some significant technical differences. I have tried to make the
information in this article as comprehensible as possible, unfortunately the
telecommunications industry is one of the most jargon-infested industries in
the world so if you have any questions about anything in this article don't
hesitate to contact me at the above address, I'll do my best to help.
BT hope to have their Caller Display Service available by November 1994.
LATE NEWS: Today, Nov 1st 1994, BT announce that caller ID services would
be withheld for a while longer as the public are too stupid to understand
what it means, I swear I'm not making this up. According to BT newsline
(0800 500005) "The public failed to comprehend that caller display services
meant that caller number would be transmitted with every call, nor did they
understand that CDS could be blocked on a per call basis by using the 141
prefix, or on a per line basis by arrangement with BT. Go figure !
New date for service launch is towards the end of November.
(1) What is Calling Line Identification Presentation.
When BT introduce their Caller Display Service over the analogue local
access network the first service available will be Calling Line Identification
Presentation (CLIP), this provides for the delivery of the callers
number when a telephone call arrives, in the near future it will also
provide the callers name. When the callers name or number cannot be delivered
then one of two reasons for the failure will be displayed, (1) name or number
not available (the caller has an unlisted number), or, (2) name and number
withheld by customer (this is done by the caller dialling 141 before dialling
the called number, this results in the message "CLI Withheld" being displayed
on the recipients equipment). In addition to caller identification the CLIP
service can also deliver network messages, the time, date, and, (optionally),
some indication of call type.
As noted above callers can choose to withhold CLI information by using the
prefix 141, users should be aware that this has no effect on BT's ability
to trace a call, the 141 prefix is a service activation code whilst call
tracing is an operator function.
(2) Some Necessary Definitions
From here it gets a bit more complex, your mileage may vary. It's probably
best if I define some of the terms to be used before going any further.
Line Reversal
The potential difference between the two wires of the exchange line (A+B)
will always be equal to or greater than 15 volts. An incoming Caller
Display message will be preceded by a polarity reversal between the two wires.
Idle State Tone Alert Signal
Signals sent in the idle state will be preceded by a Tone Alert signal and
a Channel Seizure signal. Terminal equipment may recognize the Idle State
Tone Alert Signal by the detection of both frequencies together, or by
detection of a single (the lower) frequency. In the case of single
frequency detection the recognition time should be not less than 30ms,
if both frequencies are detected the recognition time can be reduced to not
less than 20ms.
Fig 1. The Idle State Tone Alert Signal
--------------------------------------------------------------
|Frequencies | 2130 hz and 2750 hz +/- 1% |
--------------------------------------------------------------
|Received Signal Level | -2dBV to -40 dBV |
--------------------------------------------------------------
|AC and DC load impedance | AC load is high impedance as |
| | required by NET4 |
--------------------------------------------------------------
|Unwanted Signals | Total power of extraneous signals|
| | in the voice band (300-3400hz) is|
| | at least 20dB below the signal |
| | levels |
--------------------------------------------------------------
|Duration | 88 to 110 msec |
--------------------------------------------------------------
Note: NET4 is European Telecommunications Standard ETS 300 001;
Attachments to PSTN; general technical requirements for equipment
connected to an analogue subscriber interface in the PSTN).
DC Load
NET4 requires that the total of terminal equipment on a line shall not
draw in excess of 120 microA in the idle state. The Caller Data Service
terminal equipment may, as an option, draw DC of up to 0.5 mA par device
at 50 V line voltage, but only during CDS idle state, otherwise the
conditions of NET4 apply.
DC Wetting Pulse
In order to improve reliability of idle state data reception (by reducing
noise), it is mandatory that the terminal equipment shall draw a short
pulse of current from the line by applying a resistive load for a
specified time.
(3) Signalling
For an understanding of the processes involve we need to have some under-
standing of the four layers used in Basic Mode communication. Basic Mode
communication covers transmission of data between network and terminal
equipment, either before ringing is applied or without any ringing,
transmission is either down-stream (network to terminal equipment), or
up-stream (terminal equipment to network).
Physical Layer: This defines data symbol encoding and modulation, and
analogue line conditions.
Datalink Layer: This defines framing of messages for transmission and a
simple error checking procedure.
Presentation Layer: This defines how application-related information is
assembled into a message.
Application Layer: This defines the application that uses the signalling.
In this case Calling Line Identity Presentation.
Now we'll go into a little more detail about each of these layers.
Physical Layer:
Signalling may occur in either the idle state or loop state. We won't
discuss loop state signalling here, as it's not pertinent at this stage.
An incoming CDS call is indicated by a polarity reversal on the A and B
wires, usually followed by ringing current applied to the B wire. The
Terminal Equipment responds to the Idle State Tone Alert by drawing a DC
wetting pulse and applying a DC load and an AC load. The DC wetting pulse
is applied during the idle period following the end of the Idle State
Tone Alert signal. The AC load is applied at the same time as the DC
wetting pulse. It is removed after the end of the V.23 signals. The DC load
is applied and removed at the same time as the AC load impedance. On removal
of the DC and AC loads the CPE reverts to the idle state. For some
applications the Channel Seizure may be delayed by up to 5 seconds,
either or both silent periods may be extended in this case.
If a terminal equipment loop state condition is detected the CDS message
is aborted and the call presented as a non-CDS call. All data transmitted
by the physical layer consists of 8-bit characters transmitted asynchronously
preceded by one start-bit and followed by one stop bit. With the exception
of the mark signal immediately following channel seizure there should be
no more than 10 stop bits between characters.
Values for octets are given in the following format:
S2 M B7 B6 B5 B4 B3 B2 L S1
(Order of bits S1 first S2 last)
where S1 = start bit
S2 = stop bit
M = most significant bit
L = least significant bit
B* = bit numbers 2 to 7
Octets are transmitted with most significant octet first.
Datalink Layer:
The datalink layer provides framing of data into packets that can be
distinguished from noise, and has error detection in the form of a check-
sum.
Fig 2. Datalink Packet Format
-------------------------------------------------------------
|Channel |Mark |Message |Message |Message |Check- |
|Seizure |Signal |Type |Length | |sum | | | | | | | |
-------------------------------------------------------------
^^^^^^^^^^
Presentation
Layer
Analysis of the fields in a Datalink Packet:
Channel Seizure
The channel seizure consists of a continuous sequence of alternate 0 and 1
bits at 1200 bits/s. The purpose of channel seizure is to minimize the possibility of noise mimicking a genuine carrier. The length of channel
seizure as seen by terminal equipment is at least 96 bits (80 msec). It
may be longer, up to 315 bits (262 msec)
Mark Signal
The mark signal seen by terminal equipment is at least 55 bits (45 msec)
of continuous mark condition (equivalent to a series of stop bits, or no
data being transmitted).
Message Type
The message type is a single binary byte. The value depends on the
application.
Message Length
The message length is a single binary byte indicating the number of bytes in
the message, excluding the message type, message length, and checksum bytes.
This allows a message of between 0 and 255 bytes.
Message
The message consists of between 0 and 255 bytes, according to the message
length field. This is the presentation layer message (explained later).
Any 8-bit value may be sent, depending on the requirements of the
presentation layer and the application.
Checksum
The checksum consists of a single byte equal to the two's complement sum
of all bytes starting from the "message type" word up to the end of the
message block. Carry from the most significant bit is ignored. The
receiver must compute the 8-bit sum of all bytes starting from "message
type" and including the checksum. The result must be zero or the message
must be assumed to be corrupt.
Presentation Layer:
Fig 3. Presentation Layer Message format
-------------------------------------------------------------------
|Parameter|Parameter|Parameter| ... |Parameter|Parameter|Parameter|
|Type |Length |Byte(s) | |Type |Length |Byte(s) |
-------------------------------------------------------------------
The fields Parameter Type, Length, and Byte, together describe one
presentation layer parameter, and may be repeated.
Parameter Type will be discussed more fully in the next section.
Parameter Length is a single binary byte of a value between 0 and 255. In
Basic Mode a complete message must be contained within a single datalink
packet, this means that the total length of presentation layer parameters
must not exceed 255 bytes.
Parameter Byte(s) contains zero or more bytes of application related
information. The information contained in this parameter should be en-
coded in BT ISDN Character Set IA5 format.
Parameter Type:
There are eight parameter types associated with CLIP
Fig 4. Parameter Type values
-------------------------------------------------------------
| Parameter Type Value | Parameter Name |
-------------------------------------------------------------
| 00010001 | Call Type |
-------------------------------------------------------------
| 00000001 | Time & Date |
-------------------------------------------------------------
| 00000010 | Calling line directory number (DN)|
-------------------------------------------------------------
| 00000011 | Called directory number |
-------------------------------------------------------------
| 00000100 | Reason for absence of DN |
-------------------------------------------------------------
| 00000111 | Caller name/text |
-------------------------------------------------------------
| 00001000 | Reason for absence of name |
-------------------------------------------------------------
| 00010011 | Network message system status |
-------------------------------------------------------------
The calling line directory number is the number of the line from which the
call was made, or a substitute presentation number. The called directory
number is the number that was called. This is of significance when the call
has been diverted.
There may be parameters of other types present. the call type parameter, if
present will always be sent first, other parameters may be sent in any
order. at least seven of these eight parameters must be recognized for the
CLIP service (Called directory number is not necessary). Parameters may be
sent with zero length. In such cases parameter length will be zero and the
checksum will be correct. Parameters are usually encoded in IA5. The
version used is a 7-bit code and is sent in 8-bit bytes with the most
significant bit set to zero. Non-displayable characters (codes 0-32
decimal) are not used. In the tables following byte number 1 is sent first
followed by byte number 2 and so on.
Call Type Parameter
------------------------------------------------------
| Byte Number| Contents |
------------------------------------------------------
| 1 | Call Type Parameter Type Code |
| | (00010001) |
| 2 | Parameter Length |
| 3 | Call Type |
------------------------------------------------------
------------------------------------------------------
| Call Type Encoding | Call Type |
------------------------------------------------------
| 00000001 | Voice Call |
| 00000010 | ring-back-when-free-call |
| 10000001 | message waiting call |
------------------------------------------------------
If the call type parameter is omitted then the call type is "voice call".
Additional Call Types may be defined later. Other call types, ie FAX, will
be used when they are available. The "message waiting" call type is used
to give an indication of a new message from a specific caller.
Time and Date Parameter
The Time parameter indicates the date and time (+/- 1 minute) of the event
associated with the supplementary information message. Where the call type
has a value 127 (01111111) or less, then the time is the current time and
can be used to set internal terminal equipment clocks and calendars. For
a call of type "message waiting" the time and date refer to the time
message was left or recovered. For other call types with value 128
(10000000) or greater, the time and date may refer to some unspecified event
and not necessarily current time.
--------------------------------------------------------
| Byte Number | Contents |
--------------------------------------------------------
| 1 | Time & Date parameter type code |
| | (00000001) |
| 2 | Parameter length (8) |
| 3 | Month |
| 4 | Month |
| 5 | Day |
| 6 | Day |
| 7 | Hours |
| 8 | Hours |
| 9 | Minutes |
| 10 | Minutes |
--------------------------------------------------------
Calling Line Directory Number Parameter
The maximum length of number sent is 18 characters. The first digit sent is
in byte 3. The Calling Line Directory Number is a number that may be used
to call back the caller, or the same service. It may not be the directory
number of the originating call, for example, an 0800 may be associated
with the caller. Where an alternative to the directory number of the caller
is sent this is known as a Presentation Number. There is no indication of
which type of number is sent, this may change.
If only a partial number is known then that partial number may be sent. This
will be followed by a "-". For instance, where a call comes from outside the
digital network the area code may still be sent and shown as:
0171-250-
or, (under the new national code) for an international call from France;
00 33-
assuming the new international access code of 00.
---------------------------------------------------------
| Byte Number | Contents |
---------------------------------------------------------
| 1 | Calling Line Directory Number |
| | Parameter type code (00000010) |
| 2 | Parameter length (n) |
| 3 | First digit |
| 4 | Second digit |
| . | . |
| . | . |
|n+2 | nth digit |
---------------------------------------------------------
Reason for Absence of Directory Number Parameter
------------------------------------------------------------
| Byte Number | Contents |
------------------------------------------------------------
| 1 | Reason for Absence of DN parameter type |
| | code (00000100) |
| 2 | Parameter length (1) |
| 3 | Reason |
------------------------------------------------------------
The reason will be one of the following BT IA5-encoded values
"P" = "Number Withheld"
"O" = "Number Unavailable"
Called Directory Number Parameter
The Called Directory Number is the telephone number used by the caller when
making the call. The maximum length of characters sent is 18, the first digit
of the number is sent in byte 3, the second in byte 4 and so on.
---------------------------------------------------------
| Byte Number | Contents |
---------------------------------------------------------
| 1 | Called Directory Number Parameter |
| | type code (00000011) |
| 2 | Parameter length (n) |
| 3 | First digit |
| 4 | Second digit |
| . | . |
| . | . |
| n+2 | nth digit |
---------------------------------------------------------
Caller Name/Text parameter
At the launch of the service the Caller Name will not be available, the
parameter will contain text only.
The Name/Text consists of between 1 and 20 BT-IA5 characters. The parameter
may be used for other information when no name is available.
---------------------------------------------------------
| Byte Number | Contents |
---------------------------------------------------------
| 1 | Caller Name/Text Parameter type code |
| | (00000111) |
| 2 | Parameter length (n) |
| 3 | First digit |
| 4 | Second digit |
| . | . |
| . | . |
| n+2 | nth digit |
---------------------------------------------------------
Reason for Absence of Name Parameter
The reason will be one of the following;
P "Name Withheld"; Caller has withheld delivery of name
O "Name Unavailable"; The name is not available
---------------------------------------------------------
| Byte Number | Contents |
---------------------------------------------------------
| 1 | Reason for Absence of Name type |
| | parameter (00001000) |
| 2 | Parameter length (1) |
| 3 | Reason |
---------------------------------------------------------
Network Message System Status Parameter
The value of the Network Message System Status parameter is a binary
encoded value indicating the number of messages waiting in the message
system. 0 means no messages, 1 means one or an unspecified number, other
values, up to 255, indicate that number of messages waiting.
This parameter is not necessarily associated with a normal phone call, and
will probably be sent as a no ring call.
---------------------------------------------------------
| Byte Number | Contents |
---------------------------------------------------------
| 1 | Network System Message Status |
| | Parameter (00010011) |
| 2 | Parameter length (1) |
| 3 | Network System Message Status |
---------------------------------------------------------
Unless a Call Type parameter is also set, then any time parameter sent with
the Network System Status parameter will indicate current clock time. This
is to enable the terminal equipment to assume the time is current time and
to set it's internal clock where no Call Type parameter is sent.
(4) Message Length
The longest CLIP message, excluding datalink layer information is currently
64 bytes. This length is expected for call types "Voice", "Ring-back-when-
free", "Message Waiting". In future there may be additional parameters that
could extend message length, these will be sent after the parameters Call
Type, caller number, name/text, reason for absence of name or number, and
Network Message System Status.
(5)Fig 5. Received Characteristics of V.23 Signals
------------------------------------------------------------
| Modulation | FSK |
------------------------------------------------------------
| Mark (Logic 1) | 1300 Hz +/- 1.5% |
------------------------------------------------------------
| Space (Logic 0) | 2100 Hz +/- 1.5% |
------------------------------------------------------------
| Received signal level | -8dBV to -40dBV |
| for mark | |
------------------------------------------------------------
| Received signal level | -8dBV to -40dBV |
| for space | |
------------------------------------------------------------
| Signal level | The received signal levels may |
| differential | differ by up to 6 dB |
------------------------------------------------------------
| Unwanted signals | Total power of extraneous |
| | signals in the voice band is at|
| | least 20dB below the signal |
| | levels |
------------------------------------------------------------
| AC & DC load impedance | AC load impedance is Zss (see |
| | below) |
| | DC load impedance has been de- |
| | scribed above. |
------------------------------------------------------------
| Transmission rate | 1200 baud +/- 1% |
------------------------------------------------------------
| Data format | Serial binary asynchronous (1 |
| | start bit first, then 8 data |
| | bits with least significant |
| | bit first, followed by 1 stop |
| | bit minimum, up to 10 stop bits|
| | maximum. Star bit 0, stop bit 0|
------------------------------------------------------------
(6)Fig 6. Zss
Zss: a complex impedance nominally represented by the following network;
139 nF
----------------
| |
------ -------
| | | | ------------
| ---------------- | | |
O----- -------- ----------O
| | | |
| --------------- | ------------
| | | | 827 Ohms
------ -------
| |
----------------
1386 Ohms
(7)Fig 7. BT IA5 alpha-numeric character set
-----------------------------------------------------
| B | b7 | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 |
-----------------------------------------------------
| I | | | | | | | | | |
-----------------------------------------------------
| T | b6 | 0 | 0 | 1 | 1 | 0 | 0 | 1 | 1 |
-----------------------------------------------------
| S | | | | | | | | | |
-----------------------------------------------------
| | b5 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 1 |
---------------------------------------------------------
| BITS | | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
|b b b b | | | | | | | | | |
|4 3 2 1 | | | | | | | | | |
---------------------------------------------------------
|0 0 0 0 | 0 |NUL |TC7 |SP | 0 | @ | P | ` | p |
---------------------------------------------------------
|0 0 0 1 | 1 |TC1 |DC1 | ! | 1 | A | Q | a | q |
---------------------------------------------------------
|0 0 1 0 | 2 |TC2 |DC2 | " | 2 | B | R | b | r |
---------------------------------------------------------
|0 0 1 1 | 3 |TC3 |DC3 | # | 3 | C | S | c | s |
---------------------------------------------------------
|0 1 0 0 | 4 |TC4 |DC4 | | 4 | D | T | d | t |
---------------------------------------------------------
|0 1 0 1 | 5 |TC5 |TC8 | % | 5 | E | U | e | u |
---------------------------------------------------------
|0 1 1 0 | 6 |TC6 |TC9 | & | 6 | F | V | f | v |
---------------------------------------------------------
|0 1 1 1 | 7 |BEL |TC10| ' | 7 | G | W | g | w |
---------------------------------------------------------
|1 0 0 0 | 8 |FE0 |CAN | ( | 8 | H | X | h | x |
---------------------------------------------------------
|1 0 0 1 | 9 |FE1 |EM | ) | 9 | I | Y | i | y |
---------------------------------------------------------
|1 0 1 0 | 10 |FE2 |SUB | * | : | J | Z | j | z |
---------------------------------------------------------
|1 0 1 1 | 11 |FE3 |ESC | + | ; | K | [ | k | { |
---------------------------------------------------------
|1 1 0 0 | 12 |FE4 |IS4 | , | < | L | \ | l | | |
---------------------------------------------------------
|1 1 0 1 | 13 |FE5 |IS3 | - | = | M | ] | m | } |
---------------------------------------------------------
|1 1 1 0 | 14 |SO |IS2 | . | > | N | ^ | n | ~ |
---------------------------------------------------------
|1 1 1 1 | 15 |SI |IS1 | / | ? | O | _ | o |DEL |
---------------------------------------------------------
Where;
BEL = Bell
CAN = Cancel
DC = Device Control
EM = End of Medium
ESC = Escape
FE = Format Effectors
IS = Information Separator
NUL = Null
SI = Shift In
SO = Shift Out
SP = Space
SUB = Substitute Character
TC = Transmission Control
Conclusion:
My head hurts, I've been in front of this screen for eight hours, I started
this because I was chucked out of the cinema for being drunk and disorderly
and I'd nothing else to do, I've got through 2 packs of Marlboros, 1 bottle
mad dog and a stack of telco manuals. Most of this has been lifted whole-
sale from those manuals (in the great tradition of all p/h g-philes). I'm
currently working on a round up of ISDN2 and ISDN30, a glossary for European
phone phreaks (almost ready), and a technical description of British and
Irish cellular communication systems. If anybody has any info to share on any
of these things, or any questions they'd like answered (stick to the subject
though, I don't know who killed Kennedy, #8^)), then get in touch with me at
the above address or at any of a variety of boards.
Reference in New Issue View Git Blame Copy Permalink