sirocyl

@sirocyl

noted computer gremlinizer

they/any

working on a @styx-os.

"accidentally-vengeful telco nerd"
—Tom Scott

platform sec researcher, OS dev, systems architect, composer; Other (please specify). vintage computer/electronics nut.

I am open to tag suggestions - if there is something you want me to tag on my posts, leave a comment. <3

take a look at

this cool bug I found 🪲

sirocyl @sirocyl9/19/2023, 1:38 AM

I broke IKEA.

Voicemail recording of the delivery service call (Transcript in post)

from some PBX in a LACK rack, I'd assume.

00:00

(or, well, one of their delivery services.)

🔊 Just a fair warning - there are some perhaps annoying glitch sounds in the attached recording. The volumes are normalized to limit loud spikes, as they were a lot worse in person. 😅

See also, the sequel: I broke Google TTS.

so, my phone service has a rather clever anti-spam tactic, which works like this:

I receive a phone call from an unknown number, and it goes through screening when I answer it. It rings until the fifth ring, the voicemail greeting plays out, then I've got 30 seconds to judge if it's a spam robocall or if it's genuine
If it's okay, I press 1, and it interrupts the ring/voicemail sequence and I answer the call like usual.
If it's spam, I press ### (the # key by itself normally opens my PBX menu, so it doesn't go through) and hang up immediately.

Pressing ### and hanging up, will shove the call to voicemail, then launch a "DTMF bomb", which is a rapid sequence of over a hundred tones of DTMF keysmash, even including some of the "ABCD" keys. This has blown up spammers' cheapass PBXes, especially ones with poor security and too much trust given to the DTMF decoder on the call server.

So, when IKEA called from a random 1-877 number to confirm my furniture shipment worth $1200 (that's the equivalent of :sixty: blåhaj!), the only thing it said is "To continue in English, please press 1."... and I had no idea who it was, immediately thought it was spam, and did the ### gesture. Oops.

What follows is a transcript of the call in the recording above.

"To continue in English, please press 1️⃣."
[extremely rapid DTMF spam string]
"Your delivery is scheduled for Tuesday. Five. [A burst of digital static plays out here for about a quarter of a second.] $DeliveryDate between the hours of 2pm and 6pm.

If an adult will not be available within the timeframe provided, or you have any other conflicts, please contact us at

8
8

8
8

8
8

8
8

8
8

8
8

8
8

8
8

8
8

8
8

Message repeat. ⚠️. Your delivery is scheduled for-" [total system breakdown occurs here... followed by dead line noise.] ............. [blerp] ............. [blerp] ............. [blerp] ............. [blerp]

... I should've just bought :sixty: blåhaj, instead.

(Names, businesses, times, dates and phone numbers may be changed or redacted in order to protect the privacy of those involved.)

#css crimes #screen reader friendly #robocalls #DTMF #software gore #glitch #windows xp

You must log in to comment.

in reply to @sirocyl's post:

Dreams Darkly @sleeps-darkly9/19/2023, 2:09 AM

oooooof

X @xkeeper9/19/2023, 2:25 AM

absolutely incredible

Plum @plumpan9/19/2023, 2:35 AM

The windows sfx during this was the most impressive bit

fwankie @fwankie9/19/2023, 3:01 AM

wait, what do you have planned for 60 blahaj?

sirocyl @sirocyl9/19/2023, 8:42 AM

I ordered furniture worth 60 blåhaj. I shoulda clarified but it was already late and I eepy.

(I own two though!)

fwankie @fwankie9/19/2023, 10:48 AM

oh 😔 less exciting

ENBYSS @enbyss9/19/2023, 1:43 PM

im going to imagine that all the furniture is made from 60 individual blahaj

@mojilove9/19/2023, 3:25 AM

This is fantastic - the transcript is the icing on the cake!

Tenna Lotor @tenna9/19/2023, 3:32 AM

omg i want an anti-spam solution like that

B04 DEEZ NUTS @the-doomed-posts-of-muteKi9/19/2023, 3:50 AM

wait is this what they meant by #ikeahacking

SysL @sysl9/19/2023, 3:52 AM

Can you provide an isolated DTMF bomb? It would make a cool ringtone.

Cheese @microwaved-cheese-sandwich9/19/2023, 4:34 AM

what phone provider do you use?

sirocyl @sirocyl9/19/2023, 1:55 PM

It's in a comment above o7

tl;dr: Google Voice -> SIP -> I am now the telephone provider.

Setsune @Setsune9/19/2023, 4:39 AM

Please contact us at The Stanley Parable Demo. https://youtu.be/fcKjg2nqXsE

Kewlio: No but for real though @KewlioMZX9/19/2023, 4:58 AM

Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight.

sirocyl @sirocyl9/19/2023, 10:17 AM

♿︎｜Asriel // Azi｜Θ∆｜🏳️‍⚧️@MisutaaAsriel9/21/2023, 6:29 AM

Stanley then proceeded to break the IKEA shipping reminder line. Great job, Stanley! It's not like anyone has furniture being delivered or anything…

Binary @binary9/19/2023, 4:59 AM

Holy shit.

[deleted]9/19/2023, 9:56 AM

sirocyl @sirocyl9/19/2023, 10:14 AM

I shared it with a few people who Know Telephone before I posted it here, and their theory is that what we're hearing at the end is the audio path going open-circuit when the PC crashed.
It probably blue-screened, and we're hearing the EM interference from the CPU or I/O controller hub as Windows writes a minidump, then begins waiting for a debugger to attach (the blerps at the end being scans for connected serial port, PCI, network or 1394 debug hardware)

mogery @mog9/19/2023, 10:33 AM

wait, so, since this is likely a buffer overflow, it's running on Windows XP, and the regular audio output is used for telephony (as suggested by the audible XP error sound)... specially crafted DTMF could gain code execution and rickroll everyone called by the system

sirocyl @sirocyl9/19/2023, 10:35 AM

"Ohohoho, delightfully devilish, Seymour."

Twilight Sparkle @ConfuSomu9/19/2023, 10:37 PM

thanks for this additional info!

Francis Theodore Catte @franktcatte9/20/2023, 5:45 AM

from personal experience, what was on the other end was likely a Nortel Call Pilot, which runs on Windows Server 2003 Embedded iirc. I think that's even the default voice. I'd say I'm surprised one of those was still in service in 2020 but given my aforementioned personal experience, I'm really not.

sirocyl @sirocyl9/20/2023, 10:48 AM

I bet its login is still the default nnadmin/PlsChgMe! 😜

in tuft we trust @tit9/19/2023, 12:23 PM

I hate how googling "DTMF bomb" gives me 3 results of which 2 are useless and one (first result) is this post

sirocyl @sirocyl9/19/2023, 12:37 PM

just checked for myself; one of those results appears to be "congratulations! you're on a list", the website.

to be clear to the person or persons at whichever three-letter agency is tasked with the unenviable job of reading this, the post above has absolutely nothing to do with explosives or devices thereof, or firearms

in tuft we trust @tit9/19/2023, 12:50 PM

dear agencies, we just can't help that cohost is so weirdly good at SEO

in tuft we trust @tit9/19/2023, 12:55 PM

"congratulations! you're on a list", the website.

yeah it's a good thing I didn't browse there from work......oh, oops

sirocyl @sirocyl9/19/2023, 1:01 PM

:yeah: 💀

Obsidian @OpalSys9/19/2023, 12:45 PM

Broke Ikea so hard the autoresponder started playing The Stanley Parable demo

sirocyl @sirocyl9/19/2023, 12:50 PM

apparently, I only just learned about the whole 8 saga in TSP as a result of this post.

also, go to stanleyparable.com and press 8 on your keyboard :D

in tuft we trust @tit9/19/2023, 12:58 PM

really want to try this on my buildings intercom now. even though I already know the codes that I shouldn't know, I wonder if capturing the "all good, open the gates" signal is possible or if it's just a full digital box (boring!)

C-paz @C-paz9/19/2023, 1:13 PM

This sounds like some analog horror nonsense.

I love it lol

sirocyl @sirocyl9/19/2023, 1:17 PM

wow this post is doing number
Notifications: 8888888888

~@modulusshift9/19/2023, 2:08 PM

lmao

Trace @TraceBullet9/19/2023, 1:41 PM

I'm amazed at how accurate that transcript is.

@Souzetsu9/19/2023, 2:20 PM

Wait, is this why my IKEA order never arrived?

sirocyl @sirocyl9/19/2023, 2:31 PM

👀💦 uhhhhhhhh

bungle @bunglewump9/19/2023, 3:16 PM

SIXTY BLAHAJ???????

sirocyl @sirocyl9/19/2023, 3:19 PM

... worth of furniture. I could've chose a bed, mattress, couch and some household needs,

or I could've chosen 60 haj for the same price.

bungle @bunglewump9/19/2023, 3:24 PM

oh boy I think I need a vision test 😅 here I was envisioning a mountain of shonks

sirocyl @sirocyl9/19/2023, 3:35 PM

in retrospect I shoulda got the pile of shorks

Epiglottal Axolotl @epiglottal-axolotl9/19/2023, 5:49 PM

60 shårks is a valid substitute for a bed and mattress.

natescape navigator @natescape9/19/2023, 3:22 PM

This is, of course, incredible, but WHAT is it with these apparently legitimate multinational corporations leaving context-free scam-ass voicemails? "To continue in English, please press 1" oh for sure my dude

Chamomile🐑@chamomile9/19/2023, 4:19 PM

Not sure if that's what's happening here but a lot of these automated systems will talk right over your voicemail/call screening prompt so the actual voicemail recording only catches the end of their spiel. It's very annoying.

sirocyl @sirocyl9/19/2023, 6:33 PM

I don't have a prompt. If it was talking, it was talking while the phone was still ringing out. The whole mess would've been recorded as soon as the call is answered by the screening script.
That plus the fact that it lands directly on "To continue in English", rather than in the middle of a phrase, makes me think that is its first phrase, there's no "Hello, this is an automated message, concerning your IKEA delivery." or similar.
No "Hello, my name is Inigo Montoya, you killed my father" - straight to "Prepare to die."

Chamomile🐑@chamomile9/19/2023, 7:58 PM

Wow, that's terrible.

@wavedasher9/19/2023, 4:20 PM

This would make an amazing sample for a song, the whole thing.

[very very bright light]@solartxt9/19/2023, 4:49 PM

my parents get so many spam calls, i just know they would take absolute joy in doing this. how would i go about setting something like this up? is it carrier specific or can i rig it up myself? thank you! (also this would make a sick sample)

Renée the Rapper @FunkmasterFuma9/19/2023, 5:35 PM

It turned into a teletypewriter at the end lmao.

Ari @ari-9/19/2023, 5:53 PM

Damn I liked the Google voice preview of calls but this is next level

[Gateway of Last Resort]‮@wxcafe9/19/2023, 7:41 PM

wow... i love godspeed you! black emperor

n.s.@reth9/19/2023, 8:34 PM

world heritage chost

@Panazel9/20/2023, 2:59 AM

Okay but this "DTMF bomb" or whatever and how it really screws up that voice recording call...Holy geez is that some surreal audio right there.

You could probably put it into some trippy indie game like OFF or Omori or Hypnospace or something else with surrealist/dream elements and it wouldn't totally be outta place. Whew~

certified sendaen kisser 💽🦈@azushark9/20/2023, 4:23 AM

**00##00**00##DD3078402B32767B32767ABA8000CCDC402375437160432108324073284610873209271085AAAA88888888888888888888888888888888

Tried my hand at translating the DTMF bomb into something human-readable

That may explain the 8s, lmao

@KateYagi2/27/2024, 11:42 AM

Mindflayed via tickling

Mateus Auri @MateusAuri3/21/2024, 9:47 AM

Musically, this goes harder than any Merzbow record tbh

Xuerle @XRLEAVT3/21/2024, 2:04 PM

SCP-3008

grey @greytdepression3/21/2024, 3:51 PM

i've just looked up dtmf because of this chost and,,,, is that how telephones work?? like,, when you pick up your phone it's just a line to your service provider or whatever and then your phone plays the little song and your service provider is like "ah, they want to call that person" 😶

kyle @-pegasus3/21/2024, 5:39 PM

for a traditional telephone system where it's a copper wire from your house to the cabinet, carrying audio and 48v power, yes

each key makes a separate tone so it always knows which one you press

rotary phones used a different method where they would rapidly disconnect and reconnect to cause pulses, the number of which matched the number on the dial you had span.

the hook that you put the phone down on also worked by disconnecting the phone, so if you had really good rhythm you could dial numbers by tapping it out on that

grey @greytdepression3/21/2024, 5:45 PM

😄 that’s so wild. i never made that connection that landlines would just also modulate audible signals onto the wire to communicate 😅

sirocyl @sirocyl3/21/2024, 6:36 PM

You should look up 2600Hz in the concept of phones! It's kind of amazing what people did with the telephone system of the day.

Also, check out the Connections Museum, in Seattle or on YouTube.
There may also be a telephone museum near you, like the Long Island Telephone Museum.

grey @greytdepression3/21/2024, 6:43 PM

i live in europe, so the long island museum is closer than the seattle one but still a little far ^^
i’ll definitely check out the youtube channel and look into 2.6 kHz thing! thanks :D

blob @powerfulblob4/8/2024, 9:00 PM

The sound the voicemail made at the end is... Something else.... this could make a great ambient soundtrack for an independant horror game damn

Pinned Tags

siroblog