202 204 2303/Investigation
 |
This is an investigation subpage. The information found here includes bleeding-edge updates, information dumps, and speculation. |
Contents
LIST OF ALL NUMBERS WE USED TO GET RETURN NUMBER REQUEST FROM MD GUY
| Number | Date | No. given to MD | DID you leave your No. | OTP Agent | Return succesful |
|---|---|---|---|---|---|
| 303-309-0004 | 2012-12-07 | 9001 | YES | zhazha | YES |
| 202 999 3335 | 2012-12-16 | 7234 | YES | nadando | NOT YET |
| 202 999 3335 | 2012-12-?? | 2881 | moose | ||
| 202 204 2303 | 2012-12-15 | 9725 | YES | Adah | NOT YET |
| 202 204 2303 | 2012-12-16 | 30004 | YES | Xkeeper | NOT YET |
LIST OF ALL NUMBERS MD USED FOR RETURNING CALLS
| Number | Date | Agent number | Result | OTP Agent | Called after |
|---|---|---|---|---|---|
| 202 204 2303 | 2012-12-07 | 9001 | 899053 | zhazha | three days |
| 1200000000 | 2012-12-?? | moose | few times | ||
Waiting time for return call from MD can vary a lot: spacemehrin was like 45 minutes, braco like two hours, zhazha three days, and he called me (Moose) the first time 24 hours later, then about the same time every night for like two weeks
UNUSUAL FSK
Source: [12:46] <LordHeinrich> I woke up 1hr earlier than I should have. I called message desk (202 204 2303) and got this instead: http://vocaroo.com/i/s1pIH6tqiewI
202-204-2303 6/12/2012 11:45:03 UTC
FSK-4 - frequency shift keying with 4 levels
[14:25] R6mco Thus , summarizing: [14:25] R6mco http://vocaroo.com/i/s1pIH6tqiewI <- audio sample [14:26] R6mco http://postimage.org/image/h7nzc0exf/full/ <- analysis of it [14:26] R6mco http://postimage.org/image/wvp6isuj7/full/ <- outcome of it [14:26] R6mco http://pastebin.com/u1RgrysK <- outcome in text [14:26] R6mco bits are not 100% sure
Spectogram:
Full Res: http://postimage.org/image/ugxaydeab/full/
A better spectrogram from the original recording: http://postimage.org/image/yvadnye8j/full
This recording was filtered with a band pass: Fc = 617 Hz, bandwidth 700 Hz. The result is this:
http://postimage.org/image/uao790uj7/full
Zoomed into the 6 - 10 sec part:
http://postimage.org/image/800c91x8z/full
SOLUTION
- [2012-12-09 22:49:25] <LordHeinrich> I looked at that as a spectrogram and didn't find anything interesting, sadly
- [2012-12-09 22:49:29] <LordHeinrich> I think it's just an error tone
- [2012-12-09 22:49:41] <Ymgve> LordHeinrich: no, the digital signal, the one we're trying to decode now
- [2012-12-09 22:50:21] <Ymgve> the "gurgling" noise at 6-10 seconds
- [2012-12-09 22:50:45] |<-- Mortvert has left freenode ()
- [2012-12-09 22:51:52] <R6mco> Ymgve: fooling around with MFSK-4 without a clue, you can better buy a lot in the state lottery ; -)
- [2012-12-09 22:53:20] <Ymgve> considering the other message in the same place only said "MESSAGE DESK GA" this will probably turn out to be something equally boring
- [2012-12-09 22:54:21] <R6mco> I wonder why this was 'normal' rtty
- [2012-12-09 22:54:41] <Ymgve> PM works in mysterious ways
- [2012-12-09 22:57:24] <R6mco> Ymgve: yeah, but there are limits ... if it is a bit phreaking game... ok ... like 'crack the code'
- [2012-12-09 22:57:35] <R6mco> but this is information diarrhea
- [2012-12-09 23:01:21] <Ymgve> R6mco: http://de.wikipedia.org/?title=Cellular_Text_Telephone_Modem
- [2012-12-09 23:01:26] <Ymgve> see something you recognize?
- [2012-12-09 23:03:21] <R6mco> 400 Hz / 600 Hz / 800 Hz / 1000 Hz
- [2012-12-09 23:04:26] <Ymgve> bingo
- [2012-12-10 01:06:13] <Ymgve> '\x05ME\x16S\x16\x16\x16\x16\x16' '\x05SAGE\x16\x16\x16\x16\x16'
- [2012-12-10 01:06:21] <Ymgve> and I don't care enough to transcribe the last part
- [2012-12-10 01:06:48] <Adah> What's this from?
- [2012-12-10 01:06:58] <Ymgve> \x16 are idle chars, \x05 is start of block
- [2012-12-10 01:07:07] <Ymgve> http://vocaroo.com/i/s1pIH6tqiewI
- [2012-12-10 01:08:15] <Ymgve> it's a recording of someone typing MESSAGE and I bet the last part I haven't decoded will contain DESK
- [2012-12-10 01:08:28] <Ymgve> the encoding is the one used in http://de.wikipedia.org/?title=Cellular_Text_Telephone_Modem
- [2012-12-10 01:09:06] <Ymgve> code used for decoding: http://pastebin.com/uR5mPgpL
- [2012-12-10 01:16:27] <Lurker69> how did you find that encoding ymgve?
- [2012-12-10 01:16:47] <Ymgve> Lurker69: googled a lot for the frequencies used
- [2012-12-10 01:16:53] <Ymgve> 400, 600, 800, 1000hz
- [2012-12-10 01:18:15] <nadando> why are all those extra characters in there?
- [2012-12-10 01:18:35] <Ymgve> they are idles
- [2012-12-10 01:18:41] <Ymgve> this is like a teletype thing
- [2012-12-10 01:18:47] <Ymgve> sends a letter when someone presses a key
- [2012-12-10 01:18:55] <Ymgve> sends an idle char if nothing has been pressed
Scrambled messages
2 original recordings: http://vocaroo.com/i/s0umnXSktvyC http://vocaroo.com/i/s0DPJYCDu772
http://vocaroo.com/i/s0umnXSktvyC (resampling to 8000Hz may help in Audacity)
Duplicate clips
<crash_demons> Q: if it's just mixed-up VOIP packets, why are there duplicates received? <Lurker69> are both messages the same? <crash_demons> there are two very small parts that have the same audio <Lurker69> i man duplicates, or are duplicates some packets inside one message <crash_demons> maybe a single syllable length <crash_demons> uploading spectrogram with marking. <crash_demons> the screenshot will be in grayscale, but it's even more convincing using the color spectrogram <crash_demons> or listening to it <crash_demons> Lurker69, http://ompldr.org/vZ3RhZg/dupe_in_s0umnXSktvyC.png <Lurker69> looks same yes <crash_demons> sounds the same too <Lurker69> maybe PM made his own sample librara and is making substitution cipher messages out of audio samples <crash_demons> ugh <AluisioASG> Are you guys thinking the new scrambled is just a recording being sliced and these slices being shuffled? <Lurker69> 16,5 and 18,3 also looks same * Notify: Baph is offline (FreeNode). <crash_demons> good eye <Lurker69> also this came from 202-204-2303 <Lurker69> wich was number MD used for some of return calls, we thougt it is direct number to MD, but now PM redirected it to scramblers, meaning that PM has controll over it not MD
attempt analyze duplicate clips
full spectogram
http://postimage.org/image/mtu8w8cyb/full/
now we can start searching for repeated samples and analyzing them or/and putting them to right order
Results of investigation so far:
- [15:20] crash_demons Audacity Project with duplicate clips labelled: http://ompldr.org/vZ3RveQ/Vocaroo_s0umnXSktvyC.zip (the ones R6mco and I found tonight at least for http://vocaroo.com/i/s0umnXSktvyC ). Labels with timestamps can be read in text format also: http://pastebin.com/PgCTDUxi
- [15:23] crash_demons PS: done with old Audacity 1.3.13-beta (Unicode)
- [15:23] crash_demons and with that, I must sleep
- [15:26] R6mco my feeling is that the doubled frames may be glued together to form a word or phrase or something
Pairs from Photoshop.
With arrows i marked samples that might be the same but seem distorted.
- Can't verify any additions there; here's my current though (several additions confirmed by Echoshork): http://pastebin.com/cC1iE2xD -- Crash demons (talk) 08:30, December 26, 2012 (UTC)
UPDATED IMG http://pastebin.com/yASEK105
- After looking at Lurker's additions, this is my current list. http://pastebin.com/WnnQT8mj -- Crash demons (talk) 19:28, December 26, 2012 (UTC)
- two more (M,W; unsure about W) http://pastebin.com/qgFCAAGL -- Crash demons (talk) 20:01, December 28, 2012 (UTC)
