A Voip Wardialer for the phreaking of 2020
To try VoIP Wardialer at this stage of development check it out INSTALL.md
It's actually usable as a command line tool:
$ python dialer.py call
Usage: dialer.py call [OPTIONS] SIP_URI SIP_REG_URI SIP_USERNAME SIP_PASSWORD
PHONE_NUMBER MODEM_VERSION MODEM_PARITY
$ python3 dialer.py call sip:username@sip.example.com sip:sip.example.com username password +1555123456 V22 8n1
LIMITATIONS: It needs tuning and fixing on the channel quality for proper DSP Modem operations (probably echo cancellation and noise suppression) as modem carriers does not always CONNECT
This project aims to provide a modern voip wardialing free software.
It's meant for seasoned and young hackers willing to play with the old good telephony system from the comfort of their notebook.
It try to overcome the telecommunication related carrier over compressed audio codec used in VoIP, by trying to negotiate carriers with speed of 300bit/s 600bit/s 1200/bit.
The software is meant also to be as simple and easy software voip dialer with modem detection, modem modulation/demodulation that finally let you interact with the remote system trough terminal emulation.
Most of the project that went working on something like this gave up due to the many complexity across telecommunication and not ready software modem stack that can be easily used and integrated.
VoIP Wardialer need to first solve this nifty problem, reaching a working sofware modem (DSP) that you can use and provide you an I/O with a remote system terminal from within your application.
VoIP Wardialer made up of two component:
- The VoIP Wardialer
- The Modem Server
The VoIP Wardialer is a Python 3 application that use PJSUA VoIP Stack with Python 3 binding.
It does call the target phone number, detect if there's a modem answering, negotiate modem carrier with a Remote Modem Server, provide then I/O of the remote system terminal dumping it's content into a file or to standard output.
To connect the audio flow coming from the called phone number to the Modem DSP running on Modem Server:
- VoIP Wardialer starts another SIP VoIP call to a pre-configured Asterisk (running in localhost)
- VoIP Wardialer setup a conference bridge between the two calls (One to remote system, one to local Asterisk)
- Asterisk-Softmodem is used by Asterisk in the Modem Server negotiate the modem carrier
- Asterisk-Softmodem provide the I/O of the remote system termina connecting via TCP a VoIP Wardialer listener
It's a neat workflow of data going around that may require a schema.
The software is not yet fully working and does require further work to achieve it's goal.
-
Experiment to make DSP properly working
- Make DSP Modem (Asterisk-Softmodem hooked to Asterisk) working properly and consistenly
- Evaluate other Asterisk BTX Modem in place of Asterisk-Modem
- Integrate a C native code software modem trough ctypes (Linmodem? Fisher-Modem?)
-
Develop TCP Listener built-in in VoIP Wardiaer (to receive terminal I/O of remote system from Asterisk-SoftModem running in Modem Server)
-
Scanning functionalities
- Range generation
- Session resumption
- Logging of carrier and output of those carriers
-
Multi channel parallel dialing
-
Modem Detection trough Audio Sample Frequency Analysis (Use ready made WarVox Classifiers)
-
Modem Server Improvement
- Modem Server Configuration Generation
- Remote Modem Server (to run it on another machine)
-
Provide interactive terminal emulation connector (ptsy/tty for use with Minicom)
-
Provide a working AT hayes modem emulator to be able to be used as a VoIP software modem by existing wardialing software
Technical resources useful for the project research
Most of the complexity in this project is overcoming the problem of having any to integrate and use software modem DSP
Below several software modem resources
- Asterisk-Softmodem fork that we use, with parity bit improvements
- Asterisk-Softmodem Original Asterisk Softmodem
- Asterisk Btx Modem Another Asterisk softmodem with v.23 carrier (No good: "it only does V.23 without negotiation")
- Fisher Modem a potentially very cool software modem (that nobody used)
- Linux Softmodem Original Linmodem source code for integraton with linux softmodem
- Liquid-DSP improvement ideals
- Osmocom Linmodem cool project to hook AT hayes / RTP Procesing / PTY Terminal to Linmodem
- IAXModem and idea to use it for modem carrier (not only fax)
A nice writeup by Asterisk-Softmodem fork author Modem Emulation - an RC2018/09 prologue
We plan to support only basic low bitrate carriers such as
- V21 - 300/300 baud
- V23 - 1200/75 baud
- Bell103 - 300/300 baud
- V22 - 1200/1200 baud
- V22bis - 2400/2400 baud
We do support those parity configurations:
- 8N1
- 7E1
- iWar Linux Terminal Analog Modem Wardialer
- ToneLoc MS-DOS Analog Modem Wardialer
- WarVox Linux IAX VoIP Wardialer with freq Detection but not Modem DSP (no Terminal)
- Raptor's ward.c Simple single file analog wardialer for Unix
- WarVox 1.0 Presentation
- 2017 Defcon Talk AAPL – Automated Analog Telephone Logging on iWar/WarVox status and evolution
- 2009 Defcon Talk Metasploit Framework Telephony as an Analog Wardialer for use with Metasploit
- THC Scan NG old school Linux modem wardialer with many high performance features
- Python Advanced Wardialer for ISDN scanning
Below a list of modem for testing the DSP connections
- IT Dialup Number of Infinito +39771751751 (** Ascend TNT Terminal Server **)
- UK O2 CSD Data Number (PPP) +447712927927
- NL KPN (TUN\TAP) +31653141414
- DE Blup BBS +4920938143 https://www.blup-bbs.de/mailbox
- BE TAP SMSC for Proximus +32475161621 (8N1) . (It could be used to send SMS with Linux's smsclient)
- US ATT Nationwide Pager +18007247784 (2400/7E1) from TAP Dialup Numbers
- NZ New Zealand Telecom Paging +64264001283 (7E1) from TAP Numbers
- BBS with Dialup, mostly in US (up to date) https://www.telnetbbsguide.com/bbs/connection/dial-up/list/detail/