202 204 2303/Investigation

From otp22 db
Jump to: navigation, search
Investigation This is an investigation subpage.

The information found here includes bleeding-edge updates, information dumps, and speculation.
The factual/summarized article for this page is: 202 204 2303
Be sure to separate different subjects here using a new section and subtopics using ===Subsections===.

LIST OF ALL NUMBERS WE USED TO GET RETURN NUMBER REQUEST FROM MD GUY

Number Date No. given to MD DID you leave your No. OTP Agent Return succesful
303-309-0004 2012-12-07 9001 YES zhazha YES
202 999 3335 2012-12-16 7234 YES nadando NOT YET
202 999 3335 2012-12-?? 2881 moose
202 204 2303 2012-12-15 9725 YES Adah NOT YET
202 204 2303 2012-12-16 30004 YES Xkeeper NOT YET

LIST OF ALL NUMBERS MD USED FOR RETURNING CALLS

Number Date Agent number Result OTP Agent Called after
202 204 2303 2012-12-07 9001 899053 zhazha three days
1200000000 2012-12-?? moose few times
 
 

Waiting time for return call from MD can vary a lot: spacemehrin was like 45 minutes, braco like two hours, zhazha three days, and he called me (Moose) the first time 24 hours later, then about the same time every night for like two weeks

UNUSUAL FSK

Source: [12:46] <LordHeinrich> I woke up 1hr earlier than I should have. I called message desk (202 204 2303) and got this instead: http://vocaroo.com/i/s1pIH6tqiewI

202-204-2303 6/12/2012 11:45:03 UTC

FSK-4 - frequency shift keying with 4 levels

   [14:25]	R6mco	Thus , summarizing:
   [14:25]	R6mco	http://vocaroo.com/i/s1pIH6tqiewI <- audio sample
   [14:26]	R6mco	http://postimage.org/image/h7nzc0exf/full/ <- analysis of it
   [14:26]	R6mco	http://postimage.org/image/wvp6isuj7/full/ <- outcome of it
   [14:26]	R6mco	http://pastebin.com/u1RgrysK <- outcome in text
   [14:26]	R6mco	bits are not 100% sure

Spectogram:

cjYGv.jpg

Full Res: http://postimage.org/image/ugxaydeab/full/

A better spectrogram from the original recording: http://postimage.org/image/yvadnye8j/full

This recording was filtered with a band pass: Fc = 617 Hz, bandwidth 700 Hz. The result is this:

http://postimage.org/image/uao790uj7/full

Zoomed into the 6 - 10 sec part:

http://postimage.org/image/800c91x8z/full

SOLUTION

[2012-12-09 22:49:25] <LordHeinrich> I looked at that as a spectrogram and didn't find anything interesting, sadly
[2012-12-09 22:49:29] <LordHeinrich> I think it's just an error tone
[2012-12-09 22:49:41] <Ymgve> LordHeinrich: no, the digital signal, the one we're trying to decode now
[2012-12-09 22:50:21] <Ymgve> the "gurgling" noise at 6-10 seconds
[2012-12-09 22:50:45] |<-- Mortvert has left freenode ()
[2012-12-09 22:51:52] <R6mco> Ymgve: fooling around with MFSK-4 without a clue, you can better buy a lot in the state lottery ; -)
[2012-12-09 22:53:20] <Ymgve> considering the other message in the same place only said "MESSAGE DESK GA" this will probably turn out to be something equally boring
[2012-12-09 22:54:21] <R6mco> I wonder why this was 'normal' rtty
[2012-12-09 22:54:41] <Ymgve> PM works in mysterious ways
[2012-12-09 22:57:24] <R6mco> Ymgve: yeah, but there are limits ... if it is a bit phreaking game... ok ... like 'crack the code'
[2012-12-09 22:57:35] <R6mco> but this is information diarrhea
[2012-12-09 23:01:21] <Ymgve> R6mco: http://de.wikipedia.org/wiki/Cellular_Text_Telephone_Modem
[2012-12-09 23:01:26] <Ymgve> see something you recognize?
[2012-12-09 23:03:21] <R6mco> 400 Hz / 600 Hz / 800 Hz / 1000 Hz
[2012-12-09 23:04:26] <Ymgve> bingo
[2012-12-10 01:06:13] <Ymgve> '\x05ME\x16S\x16\x16\x16\x16\x16' '\x05SAGE\x16\x16\x16\x16\x16'
[2012-12-10 01:06:21] <Ymgve> and I don't care enough to transcribe the last part
[2012-12-10 01:06:48] <Adah> What's this from?
[2012-12-10 01:06:58] <Ymgve> \x16 are idle chars, \x05 is start of block
[2012-12-10 01:07:07] <Ymgve> http://vocaroo.com/i/s1pIH6tqiewI
[2012-12-10 01:08:15] <Ymgve> it's a recording of someone typing MESSAGE and I bet the last part I haven't decoded will contain DESK
[2012-12-10 01:08:28] <Ymgve> the encoding is the one used in http://de.wikipedia.org/wiki/Cellular_Text_Telephone_Modem
[2012-12-10 01:09:06] <Ymgve> code used for decoding: http://pastebin.com/uR5mPgpL
[2012-12-10 01:16:27] <Lurker69> how did you find that encoding ymgve?
[2012-12-10 01:16:47] <Ymgve> Lurker69: googled a lot for the frequencies used
[2012-12-10 01:16:53] <Ymgve> 400, 600, 800, 1000hz
[2012-12-10 01:18:15] <nadando> why are all those extra characters in there?
[2012-12-10 01:18:35] <Ymgve> they are idles
[2012-12-10 01:18:41] <Ymgve> this is like a teletype thing
[2012-12-10 01:18:47] <Ymgve> sends a letter when someone presses a key
[2012-12-10 01:18:55] <Ymgve> sends an idle char if nothing has been pressed

Scrambled messages

2 original recordings: http://vocaroo.com/i/s0umnXSktvyC http://vocaroo.com/i/s0DPJYCDu772


http://vocaroo.com/i/s0umnXSktvyC (resampling to 8000Hz may help in Audacity)

Duplicate clips

62kDZG4.png

<crash_demons> Q: if it's just mixed-up VOIP packets, why are there duplicates received?
<Lurker69> are both messages the same?
<crash_demons> there are two very small parts that have the same audio
<Lurker69> i man duplicates, or are duplicates some packets inside one message
<crash_demons> maybe a single syllable length
<crash_demons> uploading spectrogram with marking.
<crash_demons> the screenshot will be in grayscale, but it's even more convincing using the color spectrogram
<crash_demons> or listening to it
<crash_demons> Lurker69, http://ompldr.org/vZ3RhZg/dupe_in_s0umnXSktvyC.png
<Lurker69> looks same yes
<crash_demons> sounds the same too
<Lurker69> maybe PM made his own sample librara and is making substitution cipher messages out of audio samples
<crash_demons> ugh
<AluisioASG> Are you guys thinking the new scrambled is just a recording being sliced and these slices being shuffled?
<Lurker69> 16,5 and 18,3 also looks same
* Notify: Baph is offline (FreeNode).
<crash_demons> good eye
<Lurker69> also this came from 202-204-2303
<Lurker69> wich was number MD used for some of return calls, we thougt it is direct number to MD, but now PM redirected it to scramblers, meaning that PM has controll over it not MD

attempt analyze duplicate clips

full spectogram
http://postimage.org/image/mtu8w8cyb/full/


now we can start searching for repeated samples and analyzing them or/and putting them to right order


Results of investigation so far:

Pairs from Photoshop.

With arrows i marked samples that might be the same but seem distorted.

img1 img2


Can't verify any additions there; here's my current though (several additions confirmed by Echoshork): http://pastebin.com/cC1iE2xD -- Crash demons (talk) 08:30, December 26, 2012 (UTC)

UPDATED IMG http://pastebin.com/yASEK105

After looking at Lurker's additions, this is my current list. http://pastebin.com/WnnQT8mj -- Crash demons (talk) 19:28, December 26, 2012 (UTC)
two more (M,W; unsure about W) http://pastebin.com/qgFCAAGL -- Crash demons (talk) 20:01, December 28, 2012 (UTC)