Decoding Comcast’s Caller ID!
by TrueJournals on Oct.14, 2010, under Uncategorized
It’s been a while since I’ve written about this, but there’s been a flurry of activity recently, and it’s time for me to post about this!
Comcast’s caller ID encryption has been broken! It’s actually a very simple AES256-CTS encryption. The tricky part is getting the key and the caller ID information. Getting the encrypted information is actually very simple: just connect to the right XMPP server. Getting the key, however, requires decrypting a flash file.
Anyway, with the help of a guy who calls himself Henry (if you want any more credit/a link to your site/whatever, let me know!), I’ve gotten a small python script working which will connect to the correct server and listen for the encrypted info. When it’s found, the information will be decrypted, and displayed in the terminal. Basically, we can get the unencrypted information! From here, it should be trivial to do whatever we want with it! I plan on attempting to write a Network Caller ID server with the current code as the base, but I’m not sure how much time I’ll really have to work on that/how far I’ll get.
Anyway, you’ll need this zip file and the salt Comcast uses. In the interest of not getting sued, I’m not going to post the salt here (I’m attempting to come up with a tricky way to generate the salt currently…). You’ll need to grab the correct SWF file, decode it, and find the salt. The air app can be downloaded from here. This is actually just a zip file. Inside you’ll find a bin folder, and inside that, you’ll find cid.swf. Decompile this file with whatever flash decompiler you want. In the actionscript in this file, you’ll see a package “com.machenmusik” and a class “CM_IM_Decrypt”. In this class, look for the following code:
com.hurlant.util.Hex.fromString(theSalt != null ? theSalt : “(…)”)), arg1);
I’ve put a (…) where the actual salt is.
Last steps to get this working: open up decode.py and place the salt where it says “PLACE THE SALT FROM COMCAST’S AIR APP HERE”, and open test-combot.py and place your comast username and password in that file. You’ll need the python twisted library, and the M2Crypto library installed, but that should be all you need! Run test-combot.py and you should see caller id information coming in when you get a call!
Good luck! Thanks to everyone who helped with this! If you found this helpful, please consider donating something! Just click the button on the right! If you have any questions/comments, I’ll do my best to answer them!
[edit]Here’s a Comcast to NCID gateway, written in python… Complete with init script for Linux! Thanks here goes to Feathers! Just grab this zip file, set the correct variables in the python script, and place the other file in /etc/init.d! Note that you’ll need the previous zip file to take care of the decoding work — this script is just the interface between Comcast and NCID. Thanks to all who helped with this!
October 16th, 2010 on 11:22 pm
I can’t wait to see what people come up with using this info. A daemon running on a linux box that grabbed the CID info and then sent it off as a SMS would be way cool!
October 18th, 2010 on 2:46 am
Henry here.
I have mine working via Node.JS daemon which multiple clients can connect to and get pushed alerts via WebSockets. Please also note that ONE connect to the XMPP server per username or else you’ll get disconnected.
My setup is pushing the caller ID to a LED sign in my room as well as my desktops/laptops via Growl.
I’m excited to see this code in other setups too.
October 18th, 2010 on 9:16 pm
I want to do a “modem-less” send to a YAC server to put caller ID on screen to my media center. Any suggestions on doing this?
November 2nd, 2010 on 11:16 pm
Awesome job, Henry and TrueJournals (TJ?). I’m gonna give this a whirl Real Soon Now and see what can be done.
I’m also interested in making a NCID bridge/server, but I have no idea how to do that (yet), so if you’re going to go that direction, don’t hold your breath waiting for something from me.
Andy, if this gets implemented in NCID, it looks like there is a YAC output module for NCID so it can send the info to something listening for YAC messages. I know, might be a little convoluted, but it’s an option.
Great work, guys. ^_^
December 8th, 2010 on 12:52 am
blah, nothing on your blog is loading fast for me. I click something and it just waits for around 20 seconds, then my anti virus thing pops up and says there’s a threat and asks if I want to proceed. Anyone else getting this or do I just have a crappy antivirus?
February 2nd, 2011 on 2:35 pm
Truejournals… any luck with a NCID server solution yet? I have not coded for some years, but would love to dump the old server/modem model for a software-only solution.
Have you made any progress?
March 29th, 2011 on 2:54 pm
The easiest way to get a NCID solution is to create a gateway. The gateway connects to ncidd and to comcast. It would optain the caller ID from comcast, convert it to the NCID input text line format, and sent it to ncidd.
The SDK at http://ncid.sourceforge.net/NCID-SDK.pdf describes the format for the gateway generated CALL line. It also gives a overview of a gateway implementation.
Email me at sourceforge if help is needed to interface with ncidd. The gateway would make a nice addition to NCID.
April 1st, 2011 on 12:17 am
I am getting garbage instead of text. It feels like I don’t have the right salt.
I decoded the flash okay, but it seems to be a bit different from what is posted. My decode says “Hex.toArray(Hex.fromString(theSalt == null ? (“WhatIThinkIsTheSALT”) : (theSalt))), param1);”
The actual string for “WhatIThinkIsTheSALT” is 18 characters, starts with a number and contains 3 occurrences of “\”. Is this the same salt the rest of you got?
Strangely enough, the exact text of what I think is the salt can be found after “#create the digest
d=Digest::MD5.hexdigest(‘” on this web page:
http://groups.google.com/group/rubyonrails-talk/msg/76f180d1af42c6a4
April 1st, 2011 on 2:45 am
Never mind. I got it working. My username had to be in all lower case.
May 30th, 2011 on 11:24 pm
Anyone else seeing messages like this over and over and over?
authenticated
{u’type’: u’headline’, u’id’: u’sn-xxxxxxxx’}
Good!
August 18th, 2011 on 2:28 am
Bla Blub , Bla BlubBla Blub Bla Blub Bla BlubBla Blub.
August 27th, 2011 on 7:43 pm
My friend told me about your site, so I thought I’d check it out. Very interesting insights, will be back for more!