==Phrack Inc.==
           Volume One, Issue Three, Phile 2 of 10

Rolm systems

The purpose of this file is to tell you what you would be dealing with if you stumble across this system, or if you know of a company that is using this system. It doesn't go into incredible detail, and is lacking in areas. It is not a guide to hacking into it, just letting you know what you would be dealing with. This is to pique your interest in the system.

So What the Hell is ROLM?

ROLM is a "Business Communications System" bought by IBM a few months ago, in an effort to compete effectively with AT&T, and get a larger share of the market, in a grand master plan to become "Big Daddy Blue" as opposed to "Ma Bell". It is a very complex system, with features such as PhoneMail, A Super-PBX, Local Area Networks, Public and Private Data Networks, Desktop Communications, and Call Management. The heart of the system is the Controller, called the CBX <Computerized Business Exchange>. This controls the entire network accessible through ROLM. Since 1983, the CBX was redesigned and upgraded to the CBX II. It is a PBX with much much more <See 'Introduction to PBX's' available on your local bbs> to offer, and that is ROLM's claim to fame. It is light years ahead of the regular PBX system.


The CBX II is the core of the ROLM network. It is computer driven and expandable from one node, with 165 channels, to 15 nodes providing 11,5200 2-way channels. The smaller business could have a model with a 16 user maximum limit, but it can go up to 10,000 users, though this would be quite rare <and quite God Damn expensive!>. It can be accessed from outside lines >like you< as well as HardWired units, with a switching system to prevent busy signals on a port. Speed depends on the system in place, either the newer, faster ROLMbus 295, or the older standard ROLMbus 74. <see Service manuals for exact details> The larger the system, the faster as well. It is adjustable to accept different bandwidths for the various components, such as Telex, Voice, Data, Mainframe, LAN, Video <ta-da! Picturefones in reality!>, and anything hooked up to the system. Similar tasks can be bunched onto one channel as well, at high or low speeds. If multiplexing is used >above<, the maximum speed is 192,000 bps, and if using a single interface, the top possible rate is a mindboggling 37,000,000 bps, which if you ask me, if just fluff and not too practical, so they are usually multiplexed. <Now, what a difference that is from 300 baud!>. Using the CBX II network, you might find just about any kind of mainframe, from HP, to DEC, to VAX, to the IBM 327 series.

Note : There is a smaller version of this called the VSCBX.

Phone Mail

This is one of the little beauties of the system, something truly fun to fuck with. I called ROLM Headquarters in California to ask specific questions about ROLM, posing as a researcher, and I got the big runaround, transferred from department to department. Maybe you can get further than I. Their is 408-986-1000. The to PhoneMail from the outside is 800-345-7355. A nice computer-generated voice comes on asking you to enter your Extension number , and then enter the "" sign. Then enter your password. If you make around 3 or 4 bad attempts at an Extension of Password, it will automatically ring another number, assistance I assume, to find out why there has been an unsuccessful entry attempt. I haven't played around with this that much, so leave mail to Monty Python with whatever you find. Once entering an authorization with correct password, you will be presented with more options, leave messages to other people, and whatnot. You can hear your messages, forward them to another person, leave the same message to more than one person, change your welcome message, etcetera. The service is for those business-type pigs who never sit still for one minute, like they are permanently on speed.

A Phone Mail Scenario

Let's say if Mr. Greed goes out to meet his secretary at a motel, but definitely has to get that important message from Mr. Rasta, who's bringing in $3 mil in Flake, and can't trust it to the person who would handle it . Mr. Greed would have given Mr. Rasta his phone and he would be forwarded to the Phone Mail network, where he would hear a message left my Mr. Greed, to anyone who would call. Mr. Rasta would leave his message and hang up. Then Mr. Greed could call up the 800-345-7355 , punch in his extension authorization number, and password. Or, if he was back at the office, he could get it there through DeskTop communications. Messages can be delivered without error, in the person's own voice, without other people knowing about it. Therefore, someone with enough knowledge could use an unused account and use it as his own service, without the knowledge of others.

DeskTop communications

ROLM has developed a Computer/Telephone integrated device for use with the Desktop communications. It is linked with the CBX II through fone lines, thus accessible by you and me from the outside. It is not hardwired, though it can approach hardwired speed. If you could get your hands on one of these computer/fones then I think you would have found something very useful at home, in your general life. But you could access the network without the special features of the fone, like one touch dialing, which is designed for the stupid lazy businessman. You can access company databases through the network, mainframes, other people, just about anything as if you were right there and told your secretary to do it for you. There is special software used by the computers or computer/fone but it can be improvised and is just an aid. It uses a special protocol . What is great is that everything is tied together through telefone lines, and not RS-232C! Thus, there is an access port....somewhere. Scan the 's around the office using ROLM. How do you know if it is using ROLM one way or the other. Compile a list of local businesses, call them up saying "This is ROLM Customer Support. We have a report of a complaint in your CBX II network, let me speak to your supervisor please." If they say "ROLM? CBX II? We don't use that" then just apologize and go elsewhere. Or say that you are from ROLM corp and would like to know if the company is interested in using it to network its system. Like, if they have it already, they would say that they had it. And if they didn't, you would just give them a fake <or if you're nice the for the local sales office obtainable in the list below>.

But you know what's REALLY Great? They have made the network link in mind for the person with a Computer IQ of about 0. Commands are in plain English. Here is a demonstration screen as seen in their brochure:

           CALL, DISPLAY or MODIFY

           Display groups

             [00] PAYROLL       [01] MODEM       [02] IBMHOST
             [03] DOWJONES      [04] DECSYSTM    [05] MIS-SYSTM
             [06] DALLAS        [07] SALES

           Call Payroll

           CALLING 7717  
           CALL COMPLETE

           **PAYROLL SYSTEM** 
See, nothing is confusing, everything pretty self-explanatory. There may be more than one person wanting to do the same thing you are, so if there is, you would be put on a queue for the task. It seems that those with an IBM would be best suited for ROLM hacking, because ROLM is owned by IBM, and the PC's used by the network are IBM. A person with a simpler fone/Terminal couldn't access something like their DEC mainframe, or something like that. By calling in, you could not run an application, unless you had a special interface, but you could access the database, which any dumb terminal could do.

However, there are security levels. Thus one with a privileged account could access more things than one without it. Like Joe Schmoe in Sales couldn't get to Payroll . It seems that for non-IBM's to access some of the parts of the network, you would need an interface to become the same thing as a RolmPhone.

Excessive 's of bad logon attempts, which would be construed as a linking error would notify the network manager, And if they saw that there was no hardware error, eventually, they would think of if they were somewhat experienced, you guessed it, hackers.


ROLM has something called Integrated Call Management . Now, when designing ICM, they must have taken into account the abuse possible in plain ol' PBX's. So they put in something called Call Screening. This will enable the company to restrict calls to certain 's and prefixes. Calls to non-business 's or certain areas can be screened out <"No personal calls on my time, Johnson!">, with the exception of 1 specific that you want. There is a choice of having a codeless, screened PBX, or a PBX where accounts are assigned to each employee, and the 's they call get recorded to that account. There can be privileged accounts where a large volume of calls would go relatively un-noticed. But I don't think that large-scale abuse of this system would be easy or practical. Calls are routed AUTOMATICALLY through the service where the rates are cheaper to the location dialed, which is pretty fucking cool. And, the PBX is accessible from the outside, using Direct Inward System Access, making it AB-useable.

But what about if there is Equal Access in that area? It doesn't matter, the CBX will automatically access the service without you having to worry about it <hell, this is totally unnecessary for a hack/phreak, cause we ain't paying for the damn call anyhow!>

BUT!: There is a use of Call Detail Recording, where information on all ingoing and outgoing calls are recorded.


Not a lot of research went into this file, but it did take a little while to type up, and all of the information is correct, to my knowledge. Anyone is free to expand on this file into a Part II. It was written to enlighten people about this system, and I hope this has helped a little bit.

Sysops: You are free to put this file up as long as NONE of the credits are changed! <this means the Phrack, Inc. AND Personal credits>. Please give us a chance.

Coming soon, to a telephone near you: The Return of The Flying Circus. Look for it.

--Later On
Monty Python <01/11/86>