Asterisk, The Gatekeeper
by Master Chen (infoinject@gmail.com)
Before the idea came to fruition, I already thought Asterisk and VoIP telephony were awesome subjects in technology, but this project brought Asterisk to a whole new level in my mind.
As a disclaimer, unwelcome entry into a gated community is not something I advocate. This project was done with the permission of the tenants involved. As with all true hacking ventures, it was done with curiosity and education as driving forces.
The Problem
I hang out at my friend's apartment quite frequently.
Movies, video games, coding sessions, and other nerd things made his apartment a great place to be when the rest of the world wouldn't cooperate. My friend lives in a gated community, where you have to call a tenant from the box at the gate. The tenant then dials 9 on their handset (either cell phone or landline) and the gate opens to let the caller into the complex.
The issue here is that the box would call my friend's roommate instead of him, and I hate being any sort of bother to anyone. As I noticed this problem, I realized that it could be solved with Asterisk!
The Fix
First, I needed to know the Caller ID information my friend's roommate received whenever the box would call. No social engineering needed here; just simply asked my friend to text me the number.
Next, the leasing office needed to know the new number to call when a guest of the tenants wanted entry. Simple notification via paperwork on the tenant's end and that was out of the way as well.
It was time to mess with the dial plan.
I am going to make the fair assumption that you are reading this article because you either know Asterisk like the back of your logs, or you are interested enough to learn more about it.
The following is just a snippet of my /etc/asterisk/extensions.conf file as needed to illustrate my work. Phone numbers have been changed to protect the innocent:
[inbound] exten => 8665012600,1,Answer ; only go to gatecode context if Caller ID matches the box... or if it's spoofed to match *shrugs* exten => 8665012600,2,GotoIf($["${CALLERID(num)}" = "7025665151"]?gatecode|s|1) [gatecode] exten => s,1,Answer ; wait to make sure box "hears" DTMF exten => s,2,Wait(5) ; 9 is what a regular tenant would dial to open gate exten => s,3,SendDTMF(9) exten => s,4,hangupIt's just that simple.
Now, no one is bothered, my problem-solving mind has been nourished, and I have a story to share.
Conclusion
This was just another example to add to the massive list of how Asterisk can be used for everyday telephony solutions.
I have never experimented with an X10 automation system, but I imagine it to be along the same line as today's hack.
This hack has been brought to you by the chenb0x. Please hack responsibly.
Shout Outs
The chenb0x crew, all phreakers past present and future, The Shaolin temple in Henan, my DEFCON contest team "The Ecip Tpyos," my sysadmin bros saving lives overseas, and most importantly MZD.