chirasul

@chirasul

I AM TTHEGGR FN SJFKN GOMMR BAOSLQP

coelary.com/

I'm Chirasul!

I'm a mushroom!

I am a storyteller and artist. I will sometimes post NSFW things. This is my main account.
I am working on a cool project called Coelary, which is about about a lot of things but it's mostly about being a queer adult.

✨✨✨🍄✨✨✨

I'm non-binary.

✨✨✨🍄✨✨✨

OTHER ACCOUNTS:

🎨 @CWF (art account) 🎨

🐛 @coelary (bug people) 🐝

🔞 @inkycap (it's porn!) 🔞

Please give these accounts a follow if you enjoy the things I make and you want to see more.

Tumblr

chirasul.tumblr.com/

Bluesky

bsky.app/profile/moth.gay

Twitter

twitter.com/chirasul

chirasul @chirasul9/15/2024, 7:23 PM

summer @summer

sirocyl @sirocyl9/19/2023, 1:38 AM

I broke IKEA.

Voicemail recording of the delivery service call (Transcript in post)

from some PBX in a LACK rack, I'd assume.

00:00

(or, well, one of their delivery services.)

🔊 Just a fair warning - there are some perhaps annoying glitch sounds in the attached recording. The volumes are normalized to limit loud spikes, as they were a lot worse in person. 😅

See also, the sequel: I broke Google TTS.

so, my phone service has a rather clever anti-spam tactic, which works like this:

I receive a phone call from an unknown number, and it goes through screening when I answer it. It rings until the fifth ring, the voicemail greeting plays out, then I've got 30 seconds to judge if it's a spam robocall or if it's genuine
If it's okay, I press 1, and it interrupts the ring/voicemail sequence and I answer the call like usual.
If it's spam, I press ### (the # key by itself normally opens my PBX menu, so it doesn't go through) and hang up immediately.

Pressing ### and hanging up, will shove the call to voicemail, then launch a "DTMF bomb", which is a rapid sequence of over a hundred tones of DTMF keysmash, even including some of the "ABCD" keys. This has blown up spammers' cheapass PBXes, especially ones with poor security and too much trust given to the DTMF decoder on the call server.

So, when IKEA called from a random 1-877 number to confirm my furniture shipment worth $1200 (that's the equivalent of :sixty: blåhaj!), the only thing it said is "To continue in English, please press 1."... and I had no idea who it was, immediately thought it was spam, and did the ### gesture. Oops.

What follows is a transcript of the call in the recording above.

#css crimes #screen reader friendly #robocalls #DTMF #software gore #glitch #windows xp #I broke IKEA.#i broke ikea

mogery @mog9/19/2023, 6:34 AM

what the fuck is happening here

here's the DTMF bomb decoded:

***00###00***00###DD3001784002B322767B6327677ABA88000CCCDC4002375543716604322108322407332846410873320925710855AAAAA888888888888888888888888888888888888888

here's what is likely happening:

the PBX allocates a 128-byte buffer for parsing DTMF tones, which should be fine, since it is only expecting one
the DTMF bomb sends 154 tones, which overflows the buffer, filling an extra 28 bytes with 88888888888888888888888888
the pickup info, which is positioned after this buffer in memory, is (partially?) overwritten with 8s. this causes... problems, which leads to the glitches and the 8888888... phone number

#DTMF #software gore #glitch #robocalls #pbx

Frost Sparks @frostsparks9/15/2024, 3:05 PM

one of my favorite posts

🌸 lily 🏳️‍⚧️ θΔ ⋐ & ∞@tauon9/15/2024, 6:44 PM

also one of mine

josie :3!!!@marfle-bark9/15/2024, 6:45 PM

a cohost classic. i snort-laugh every fuckin time

You must log in to comment.

in reply to @sirocyl's post:

SEELE, the Throne of Souls @sleeps-darkly9/19/2023, 2:09 AM

oooooof

X @xkeeper9/19/2023, 2:25 AM

absolutely incredible

Plum @plumpan9/19/2023, 2:35 AM

The windows sfx during this was the most impressive bit

fwankie @fwankie9/19/2023, 3:01 AM

wait, what do you have planned for 60 blahaj?

sirocyl @sirocyl9/19/2023, 8:42 AM

I ordered furniture worth 60 blåhaj. I shoulda clarified but it was already late and I eepy.

(I own two though!)

fwankie @fwankie9/19/2023, 10:48 AM

oh 😔 less exciting

ENBYSS @enbyss9/19/2023, 1:43 PM

im going to imagine that all the furniture is made from 60 individual blahaj

@mojilove9/19/2023, 3:25 AM

This is fantastic - the transcript is the icing on the cake!

cat @catball9/19/2023, 3:29 AM

lmao, incredible

what phone provider do you use that lets you fire off DTMF signals like that? that's an extremely nice anti-spam feature :)

hk @hindsightee9/19/2023, 12:29 PM

This might not be provider-specific - since DMTF is in-band, i don't think there's anything preventing you from just recording those sounds into a voicemail message. If the provider allows you to upload those rather than speak them into a mic, you can just make them yourself with Audacity and free time.

in tuft we trust @tit9/19/2023, 12:48 PM

No need for Audacity, you can just generate them online :)

Here's a link to a .mp3 file I made with that generator & the transcript provided by @mog. (a little slower than the original, though)

https://cohost.org/tit/post/2895449-empty/1e41eb887ece41809165c6dc862ca739

sirocyl @sirocyl9/19/2023, 12:44 PM

iirc it's generated from a script in asterisk, with the delay and tone durations set "short" (I think it was the minimum EIA/TIA DTMF mark/space numbers, not sure.)

My phone system was Google Voice, through an SIP bridge with Obihai (now defunct/discontinued). Asterisk then made the SIP connection and rang my other phones, a Lucent Partner ACS for my landlines, cellphones, ATAs and forwarding numbers, also over SIP.

Most of the hardware was lost in the housefire last year. This recording was from early-mid 2020 or so.

cat @catball9/19/2023, 6:29 PM

oh wow!! you had a super advanced setup! really cool, thank you for sharing :)

mogery @mog9/19/2023, 9:16 PM

what a shame it was lost :( do you have any other recordings of spam PBXes breaking?

sirocyl @sirocyl9/19/2023, 9:25 PM

None recorded :( I changed around the whole pipeline some time in the middle of it, to grab voicemail recordings of scam calls from my screening system; and then the fire happened about two months after that, and I haven't had a robocall, let alone one that passes Google Voice's spam detection, in that timeframe.

Tenna Lotor @tenna9/19/2023, 3:32 AM

omg i want an anti-spam solution like that

invertigo hayfever @the-doomed-posts-of-muteKi9/19/2023, 3:50 AM

wait is this what they meant by #ikeahacking

SysL @sysl9/19/2023, 3:52 AM

Can you provide an isolated DTMF bomb? It would make a cool ringtone.

Cheese @microwaved-cheese-sandwich9/19/2023, 4:34 AM

what phone provider do you use?

sirocyl @sirocyl9/19/2023, 1:55 PM

It's in a comment above o7

tl;dr: Google Voice -> SIP -> I am now the telephone provider.

Setsune @Setsune9/19/2023, 4:39 AM

Please contact us at The Stanley Parable Demo. https://youtu.be/fcKjg2nqXsE

Kewlio: I'll see you guys next time @KewlioMZX9/19/2023, 4:58 AM

Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight. Eight.

sirocyl @sirocyl9/19/2023, 10:17 AM

♿︎｜Asriel // Azi｜Θ∆｜🏳️‍⚧️@MisutaaAsriel9/21/2023, 6:29 AM

Stanley then proceeded to break the IKEA shipping reminder line. Great job, Stanley! It's not like anyone has furniture being delivered or anything…

Binary @binary9/19/2023, 4:59 AM

Holy shit.

Amy Dentata @amydentata9/19/2023, 6:02 AM

this is cyberpunk

Zircus @zirc9/19/2023, 7:16 AM

ah, so this is how I learn that the tones played by the keypad actually do something...

shork @shork9/19/2023, 8:24 AM

back in the olden days dialing was in-band, you dialed a number by sending those tones down the line (or pulses, way earlier, those directly controlled the telephone switching hardware)
using the tones to communicate with the other end to navigate menus was just a bonus

Pokey @tercel-enby9/19/2023, 10:14 AM

I knew they used to do something, but I honestly thought in the modern day it was just set dressing to make the buttons feel more reactive or whatever. Neat

@yuubi2/20/2024, 5:20 AM

when you type a phone number on your cell phone, your phone collects all the digits and then sends one message with the whole number (origination on older circuit-switched phones, sip INVITE on newer ims/volte/vonr phones), then the network sets up a voice channel or dedicated best or whatever to carry the audio. once you're connected, pressing buttons causes tones to come out the other end. for the newer stuff, there's a special kind of rtp frame (see rfc 4733 or its predecessor) that says "here's a tone" instead of the usual "here's some compressed speech" frame, because speech codecs often do bad things to tones.

to set up a 3-way call or similar there's another message that your phone sends with all the digits at once, called flash with info on the older systems, and i think another INVITE on the newer.

kyle @-pegasus9/19/2023, 4:31 PM

This is still how it works

shork @shork9/19/2023, 4:42 PM

I'm pretty sure my cell phone doesn't open a phone line and send bloops down it and my "landline" is just VoIP pretending to be a phone line

kyle @-pegasus9/19/2023, 4:52 PM

there's still millions of normal POTS lines around the world. mine is one. they're talking about shutting the GPO/BT/Openreach system in a couple of years. heard nothing from my (competing) telco

shork @shork9/19/2023, 5:07 PM

not here :) and before that most of Germany had ISDN which is actually kinda sad to see going away

kyle @-pegasus9/19/2023, 5:52 PM

mainland europe of course being technologically 15 years ahead of the uk and gaining

[deleted]9/19/2023, 9:56 AM

sirocyl @sirocyl9/19/2023, 10:14 AM

I shared it with a few people who Know Telephone before I posted it here, and their theory is that what we're hearing at the end is the audio path going open-circuit when the PC crashed.
It probably blue-screened, and we're hearing the EM interference from the CPU or I/O controller hub as Windows writes a minidump, then begins waiting for a debugger to attach (the blerps at the end being scans for connected serial port, PCI, network or 1394 debug hardware)

mogery @mog9/19/2023, 10:33 AM

wait, so, since this is likely a buffer overflow, it's running on Windows XP, and the regular audio output is used for telephony (as suggested by the audible XP error sound)... specially crafted DTMF could gain code execution and rickroll everyone called by the system

sirocyl @sirocyl9/19/2023, 10:35 AM

"Ohohoho, delightfully devilish, Seymour."

Twilight Sparkle @ConfuSomu9/19/2023, 10:37 PM

thanks for this additional info!

Francis Theodore Catte @franktcatte9/20/2023, 5:45 AM

from personal experience, what was on the other end was likely a Nortel Call Pilot, which runs on Windows Server 2003 Embedded iirc. I think that's even the default voice. I'd say I'm surprised one of those was still in service in 2020 but given my aforementioned personal experience, I'm really not.

sirocyl @sirocyl9/20/2023, 10:48 AM

I bet its login is still the default nnadmin/PlsChgMe! 😜

in tuft we trust @tit9/19/2023, 12:23 PM

I hate how googling "DTMF bomb" gives me 3 results of which 2 are useless and one (first result) is this post

sirocyl @sirocyl9/19/2023, 12:37 PM

just checked for myself; one of those results appears to be "congratulations! you're on a list", the website.

to be clear to the person or persons at whichever three-letter agency is tasked with the unenviable job of reading this, the post above has absolutely nothing to do with explosives or devices thereof, or firearms

in tuft we trust @tit9/19/2023, 12:50 PM

dear agencies, we just can't help that cohost is so weirdly good at SEO

in tuft we trust @tit9/19/2023, 12:55 PM

"congratulations! you're on a list", the website.

yeah it's a good thing I didn't browse there from work......oh, oops

sirocyl @sirocyl9/19/2023, 1:01 PM

:yeah: 💀

Obsidian @OpalSys9/19/2023, 12:45 PM

Broke Ikea so hard the autoresponder started playing The Stanley Parable demo

sirocyl @sirocyl9/19/2023, 12:50 PM

apparently, I only just learned about the whole 8 saga in TSP as a result of this post.

also, go to stanleyparable.com and press 8 on your keyboard :D

in tuft we trust @tit9/19/2023, 12:58 PM

really want to try this on my buildings intercom now. even though I already know the codes that I shouldn't know, I wonder if capturing the "all good, open the gates" signal is possible or if it's just a full digital box (boring!)

C-paz @C-paz9/19/2023, 1:13 PM

This sounds like some analog horror nonsense.

I love it lol

sirocyl @sirocyl9/19/2023, 1:17 PM

wow this post is doing number
Notifications: 8888888888

~@modulusshift9/19/2023, 2:08 PM

lmao

Trace @TraceBullet9/19/2023, 1:41 PM

I'm amazed at how accurate that transcript is.

@Souzetsu9/19/2023, 2:20 PM

Wait, is this why my IKEA order never arrived?

sirocyl @sirocyl9/19/2023, 2:31 PM

👀💦 uhhhhhhhh

natescape navigator @natescape9/19/2023, 3:22 PM

This is, of course, incredible, but WHAT is it with these apparently legitimate multinational corporations leaving context-free scam-ass voicemails? "To continue in English, please press 1" oh for sure my dude

Chamomile🐑@chamomile9/19/2023, 4:19 PM

Not sure if that's what's happening here but a lot of these automated systems will talk right over your voicemail/call screening prompt so the actual voicemail recording only catches the end of their spiel. It's very annoying.

sirocyl @sirocyl9/19/2023, 6:33 PM

I don't have a prompt. If it was talking, it was talking while the phone was still ringing out. The whole mess would've been recorded as soon as the call is answered by the screening script.
That plus the fact that it lands directly on "To continue in English", rather than in the middle of a phrase, makes me think that is its first phrase, there's no "Hello, this is an automated message, concerning your IKEA delivery." or similar.
No "Hello, my name is Inigo Montoya, you killed my father" - straight to "Prepare to die."

Chamomile🐑@chamomile9/19/2023, 7:58 PM

Wow, that's terrible.

@wavedasher9/19/2023, 4:20 PM

This would make an amazing sample for a song, the whole thing.

[very very bright light]@solartxt9/19/2023, 4:49 PM

my parents get so many spam calls, i just know they would take absolute joy in doing this. how would i go about setting something like this up? is it carrier specific or can i rig it up myself? thank you! (also this would make a sick sample)

Renée the Rapper @FunkmasterFuma9/19/2023, 5:35 PM

It turned into a teletypewriter at the end lmao.

Ari @ari-9/19/2023, 5:53 PM

Damn I liked the Google voice preview of calls but this is next level

[Gateway of Last Resort]‮@wxcafe9/19/2023, 7:41 PM

wow... i love godspeed you! black emperor

n.s.@reth9/19/2023, 8:34 PM

world heritage chost

@Panazel9/20/2023, 2:59 AM

Okay but this "DTMF bomb" or whatever and how it really screws up that voice recording call...Holy geez is that some surreal audio right there.

You could probably put it into some trippy indie game like OFF or Omori or Hypnospace or something else with surrealist/dream elements and it wouldn't totally be outta place. Whew~

certified sendaen kisser 💽🦈@azushark9/20/2023, 4:23 AM

**00##00**00##DD3078402B32767B32767ABA8000CCDC402375437160432108324073284610873209271085AAAA88888888888888888888888888888888

Tried my hand at translating the DTMF bomb into something human-readable

That may explain the 8s, lmao

@KateYagi2/27/2024, 11:42 AM

Mindflayed via tickling

Mateus Auri @MateusAuri3/21/2024, 9:47 AM

Musically, this goes harder than any Merzbow record tbh

Xuerle @XRLEAVT3/21/2024, 2:04 PM

SCP-3008

grey @greytdepression3/21/2024, 3:51 PM

i've just looked up dtmf because of this chost and,,,, is that how telephones work?? like,, when you pick up your phone it's just a line to your service provider or whatever and then your phone plays the little song and your service provider is like "ah, they want to call that person" 😶

kyle @-pegasus3/21/2024, 5:39 PM

for a traditional telephone system where it's a copper wire from your house to the cabinet, carrying audio and 48v power, yes

each key makes a separate tone so it always knows which one you press

rotary phones used a different method where they would rapidly disconnect and reconnect to cause pulses, the number of which matched the number on the dial you had span.

the hook that you put the phone down on also worked by disconnecting the phone, so if you had really good rhythm you could dial numbers by tapping it out on that

grey @greytdepression3/21/2024, 5:45 PM

😄 that’s so wild. i never made that connection that landlines would just also modulate audible signals onto the wire to communicate 😅

sirocyl @sirocyl3/21/2024, 6:36 PM

You should look up 2600Hz in the concept of phones! It's kind of amazing what people did with the telephone system of the day.

Also, check out the Connections Museum, in Seattle or on YouTube.
There may also be a telephone museum near you, like the Long Island Telephone Museum.

grey @greytdepression3/21/2024, 6:43 PM

i live in europe, so the long island museum is closer than the seattle one but still a little far ^^
i’ll definitely check out the youtube channel and look into 2.6 kHz thing! thanks :D

blob @powerfulblob4/8/2024, 9:00 PM

The sound the voicemail made at the end is... Something else.... this could make a great ambient soundtrack for an independant horror game damn

in reply to @mog's post:

蒸しルビー @YuushaRuby9/19/2023, 6:49 AM

I need this spam solution in my life

mogery @mog9/19/2023, 6:50 AM

same.

sirocyl @sirocyl9/19/2023, 8:50 AM

that's actually plausible, holy shit. I think you've cracked it.

here's :sixty: +8 :chunks: for the hard work \o

mogery @mog9/19/2023, 10:20 AM

i still have no fucking clue what happens after Your delivery is scheduled for-. maybe the 8s also overwrite (a part of) a pointer, so the speech code starts reading the delivery date from a random point in memory (causing the junk audio) and eventually segfaults (which kills the line)?

mogery @mog9/19/2023, 10:23 AM

actually, reading your other comment about the PC crashing makes more sense. i don't know how a bad memory access would crash it though (but i'm also not familiar with how volatile Windows XP may be)

sirocyl @sirocyl9/19/2023, 10:32 AM

I'd suspect, being Windows XP, they integrated some DSP-type stuff (like DTMF processing) and maybe other telephone mumbo-jumbo into a big scary omnibus kernel driver, for performance.
Hell, such a kernel driver might be inputting DTMF tones as keyboard keys? lol

mogery @mog9/19/2023, 10:36 AM

oh GOD... the system bluescreening when it tries the read the delivery date again sounds like the whole thing is one big kernel driver where the DTMF overflow and the segfault occurs

mogery @mog9/19/2023, 10:42 AM

maybe it's sending some bad data to TAPI and that's what crashes the system... os version checks out, is plausible

sirocyl @sirocyl9/19/2023, 10:54 AM

TAPI deez nu-

[User was relocated to an IKEA call center for this post.]

mogery @mog9/19/2023, 11:01 AM

imma hit u with the ***00###00***00###DD3001784002B322767B6327677ABA88000CCCDC4002375543716604322108322407332846410873320925710855AAAAA888888888888888888888888888888888888888 so be careful

in reply to @frostsparks's post:

mogery @mog9/15/2024, 5:15 PM

🫡

Pinned Tags