Tumgik
Visit Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Fun Fact
There were a total of 171.5 billion posts on Tumblr in 2019.
#ctfwalkthrough
a-study-in-sepia · 1 year
Text
Manually Decoding DTMF Through A Spectrogram
While working on a recent CTF, I came across a challenge that required participants to extract a credit card number from a recording of a touch-tone telephone. If you pull your phone out now, turn on your ringer (because it’s almost definitely off), and click on some random numbers on the phone app keypad, you’ll hear the product of what’s known as DTMF, which stands for dual-tone multi-frequency.
I won’t go into the specifics of DTMF and why it exists — the important thing to know is DTMF uses a combination of two distinct tones to create one sound. There is a low tone and a high tone. Today, I’ll be showing you how to decode DTMF by sight through a spectrogram. There are decoders available for free online, so if you come across a problem like this in a CTF, or otherwise, I highly recommend using one of those, purely for speed and convenience. All that being said, this is an interesting process, and just generally a cool thing to know about. It’s the equivalent of converting binary to hexadecimal by hand instead of using an online converter — basically useless — but a great party trick (in the event of attending one, which I highly doubt given you’re reading this — so yeah, basically useless… on that note (or should I say tone (my musically inclined friend has informed me that I should not)), on with the article!)
Note — Standard DTMF — two tones, four levels per tone.
As of iOS 15.7, this tutorial is still relevant. I am looking for more samples (other phone brands and software models) to determine how accurate this is cross-platform. If you’re interested in contributing, there will be some information at the end explaining how.
I’ll be using this audio file - https://voca.ro/1dr1J1gbyw5B
(This is from the CyberSoc Wales “personalbanker” challenge)
The first thing I did was put the recording through a spectrogram program. There are plenty available for free online; personally, I like using Academo, because it includes lines that will help with quick sight-reading later on. (https://academo.org/articles/spectrogram/).
You may be better off downloading software (Audacity is fantastic), should you require a spectrogram for a longer recording. Academo is not scalable beyond 10 seconds, so you can use it, but you’re going to be taking quite a few screenshots.
The first thing I did was drop the recording from the challenge into Academo.
Tumblr media
A spectrogram is a visual representation of the frequency content of an audio signal as it changes over time. In the image above, I’ve isolated the beeps produced by the clicking of the phone keypad. This section of the recording is longer than 10 seconds, so I also spliced together two screenshots. Any discrepancies you may notice in the image above are a product of that.
Each vertical line of dots represents one beep, and thus, one number. You’ll notice that there are two horizontal rows per beep, this is the magic of DTMF. There are 8 total frequencies involved in the DTMF system. The original DTMF keypad was laid out in a 4x4 format (below). The letter keys (A, B, C, and D) are no longer used for personal telecommunication. For digital decoding purposes, you will almost certainly not come across the letter keys, although they are still used by amateur radio operators, payphones, and the occasional equipment control system.
Tumblr media
I was starting from scratch, with no knowledge of how a spectrogram worked with DTMF, so the first thing I did was create two recordings of myself clicking each number in my phone app (I am using iOS 15.7 on my iPhone XR).
Tumblr media
Tumblr media
What you’ll begin to notice is that each number has its own combination of low and high tones. If you want to try to figure out the system on your own, now is the time.
Each variation in height represents a tone at a specific Hz. In order to decode this manually, you do not need to know the specific Hz of each number, you just need to understand the relational position of each tone, informed by its Hz.
Tumblr media
I ended up throwing the original audio into Audacity so that I could create my own lines on the spectrogram for demonstration purposes.
Tumblr media
First, I’m going to turn down the contrast to make it a little easier to see.
Tumblr media
Now, I’m going to add some lines to match up the similar tones.
Tumblr media
At this point, we have 6 layers of lines, there are no 0s present in this recording, if there were, we would have another line just above the bottom three. The use of the original DTMF structure with the ABCD keys would give us another line above the top three.
The simplest way to proceed is to categorize each set into Low, Medium, and High. You could choose any system — 1, 2, 3; a, b, c; whatever works for you. I recommend the LMH system because it’s visual and easy to keep track of.
I filled out the table below to show each numerical combination.
Tumblr media
Two letters per number, each representing Low, Medium, or High (ultra High in the case of 0).
The first letter represents the top layer, and the second letter represents the bottom.
The corresponding Hz are listed in the third row for your reference.
I’ll walk you through the decoding process for the first two and then you can try the third.
Tumblr media
We’re going to look at the first column of tones (boxed in yellow).
This represents one number.
The first tone is crossed by the lowest of the top lines, it is marked L.
The second tone is crossed by the medium bottom line, it is marked M.
Together, they are LM — which, upon referencing the chart, is 4.
The second one is MM, which is 5.
Now try the third. (full answer at the end, scroll up now if you’d like to try it on your own — try it with lines or without!)
Once you get a feel for this, the process becomes much faster. The lines are purely for demonstrative purposes, with a little practice you’ll be able to quickly do this without lines.
And that’s how to decode DTMF manually through a spectrogram! Is it useless? Yes! Is it fun? That’s debatable!
If you’d like to help me compare cross-platform DTMF signaling, take a screen recording that captures you pressing 1234567890 on your phone keypad. Send the file to me through one of the methods outlined below. Please include your phone model and its latest software.
Discord — Adler#7210
Email me — [email protected]
If you’re seeing this on Tumblr, send me a DM!
Medium link - https://medium.com/@adler7210/manually-decoding-dtmf-through-spectrogram-562e4b0b99c3
The final answer to the CTF challenge — 4562 6598 4585 2366
Anyway, thanks for reading, enjoy decoding!
#osint#ctf#ctftool#ctfwalkthrough#deduction#a study in sepia
34 notes · View notes
nileshpnj · 3 years
Video
youtube
This is my second video where we are playing Mod-X CTF and this is level 2 of the game, where we have a simple cipher to crack. Hope you will enjoy.
#CTF #ctfwalkthrough #hackthebox #modxctf #hacking #ethicalhacking #networksecurity #cyberdefense #vulnerability #penetrationtesting #infosec
0 notes
Last Seen Blogs
butler-on-beale-street
I ain't no saint.
ifthepuppetmakesyousmile
it's not shitposting, it's jiveposting.
hotbeveragedrinker
blooms247.co.uk
hotbeveragedrinker
blooms247.co.uk
lairbrew
Lairbrew