The THC Hack/Phreak Archives: CELPHRK4.TXT (114 lines) Note: I did not write any of these textfiles. They are being posted from the archive as a public service only - any copyrights belong to the authors. See the footer for important information. ========================================================================== WHATS IN A NAM by The Mad Phone-man --------------------------------------------------------- Nam stands for "Number Assignment Module" or to the Teckies a PROM (Programable Read-Only Memory) A blank Nam usualy costs between $1. to $2.75. Sometimes its more expensive depending on the operating temperature and packaging specifications. Two flavors of NAM's are used for cellular. NEC uses the open colector (Signetics p/n 82S32 or equivalent). All others use the tri-state (Signetics 82S123 or equivalent). Blank Nams are manufactured by Signetics,National Semiconductor, Monolithic Memorys, Fujitsu, Texas Instruments, and Advanced Microdevices. Blank Nams can be purchased at your electronic distribuitor's and many radios come with a blank included. The NAM contains the subscriber number and lock code, the home system identification and other system required information. You may wonder how this info is arranged. The NAM is organized into 32 rows and 8 columns. It is 32 words of 8 bits each. (256 bits total) Starting from the top of the NAM (address 00) you will find the abreviation SIDH, This means "system identification number home" , a number starting at 0001 assigned by the FCC. Each market allows two systems. Even for the wire-line and odd for the non-wireline. At address 03 we find LU (Local use) on the left and MIN on the right these are usualy set to 1. Locations with zeros are reserved. Going down the map, there's MIN1 and MIN2 the subscriber number and the area code respectivly Dont try to read them from a raw printout of the NAM data, they are scrambled beond recognition. The reason? The way they are arranged is the way they must be transmitted to the cellular systems receivers. The programmer does this to make the radio's job easier. Next is the station class mark, which identifys the class and power capability of the phone. The system will treat a handheld (low power) differently than a standard 3 watt mobile. IPCH is the inital paging channel. The radio listens for a page on this channel. Wirelines use 334 and non-wirelines use 333. ACCOLC (ACCess Overload Class) is designed in throwing off customers in the event of an overload. Thru neglect this standard has been largely unused. (A class 15 station is supposed to be police, fire, or military) Usualy its set to 0 plus the last digit of the phone number to provide random loading. PS- Prefered system. This is always 1 in non-wireline and 0 in wireline. The lock code is about the only thing you can read directly by studying the NAM data. The "spare" bit must be a 0 if the radio contains a 3 digit code. Because the number of clicks when you dial 0 on a (dial) phone equals 10 zeros in the lock code are represented by an "A" the hexadecimal equiv of 10. EE,REP,HA, and HF correspond to end-to-end signaling (DTMF tones possible you talk) REPeratory dialing (provision for 10 or more numbers in memory) Horn Alert and hands free. Like all options, they are 1, if turned on and 0 if (all these numbers are in hex) are supposed to be used by radio mfgrs to store option switches. Usualy 13 is used, 14 sometimes and the rest less often. Last you will find checksum adjustment and checksum. These numbers are calculated automaticly after the data has been edited for the NAM. The sum of all words in the nam plus these last two must equal a number with 0's in the last two digits. The radio checks this sum and if it isnt correct the radio assumes the NAM is bad or tampered with. In the case the radio refuses to operate until a legal NAM is installed. MARK most BIT SIGNIFICANCE least Hex DEFINITION address ---------------------------------------------------------------------------- | 0 SIDH (14-8) | 00 ---------------------------------------------------------------------------- | SIDH (7-0) | 01 ---------------------------------------------------------------------------- LU=Local use | LU | 0 0 0 0 0 0 | MIN | 02 ---------------------------------------------------------------------------- | 0 0 MIN2 (33-28) | 03 ---------------------------------------------------------------------------- | MIN2 (27-24) | 0 0 0 0 | 04 ---------------------------------------------------------------------------- | 0 0 0 0 | MIN1 (23-20) | 05 ---------------------------------------------------------------------------- | MIN1 (19-12) | 06 ---------------------------------------------------------------------------- | MIN1 (11-4) | 07 ---------------------------------------------------------------------------- | MIN1 (3-0) | 0 0 0 0 | 08 ---------------------------------------------------------------------------- | 0 0 0 0 | SCM (3-0) | 09 ---------------------------------------------------------------------------- | 0 0 0 0 0 | IPCH (10-8) | 0A ---------------------------------------------------------------------------- | ICPH (7-0) | 0B ---------------------------------------------------------------------------- | 0 0 0 0 | ACCOLC (3-0) | 0C ---------------------------------------------------------------------------- PS=Perf Syst | 0 0 0 0 0 0 0 | PS | 0D ---------------------------------------------------------------------------- | 0 0 0 0 | GIM (3-0) | 0E ---------------------------------------------------------------------------- | LOCK DIGIT 1 | LOCK DIGIT 2 | 0F ---------------------------------------------------------------------------- | LOCK DIGIT 3 LOCK SPARE BITS | 10 ---------------------------------------------------------------------------- EE=End/End | EE | 0 0 0 0 0 0 | REP | 11 ---------------------------------------------------------------------------- REP=Reprity | HA | 0 0 0 0 0 0 | HF | 12 ---------------------------------------------------------------------------- HF=Handsfree | | HA=Horn Alt | Spare Locations (13-1D) | | contain all 0's | 13 | | to | | 1D ---------------------------------------------------------------------------- | NAM CHECKSUM ADJUSTMENT | 1E ---------------------------------------------------------------------------- | NAM CHECKSUM | 1F ---------------------------------------------------------------------------- Downloaded from The Land of Fa-II [716]/773-7526 ---------------------------------------------------------------------------- Please don't send requests for reposts, missing parts, GIFs, FTP sites, technical advice, codes, etc. If you find getting text files from this newsgroup inconvenient, the archive is available on disk. Send a blank email to hplist@f26.n340.z1.fidonet.org for more information. Authors wishing to have files added to or removed from the THC Public archive should contact me at: tommy@f26.n340.z1.fidonet.org. Please help keep clutter to a minimum - refer comments to e-mail. Thank you. -=( Tommy )=- -- /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ -=- CandyMan -=- http://www.mcs.net/~candyman/ candyman@mcs.com "If in other lands the press and books and literature of all kinds are censored, we must redouble our efforts here to keep them free." -- Franklin Delano Roosevelt /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\