Comcast’s Caller ID

by on May.23, 2009, under thoughts

Comcast has recently added a new feature to their digital voice service: caller ID anywhere.  Simply download a program on your computer, enter your username and password, and you’ll get a small alert any time you get a call.  The same system allows comcast to show caller ID alerts on your TV.

So, how does this work?  Did comcast come up with some super-secret way to encode this data so no one but them can use it?  Nope; they’re simply using XMPP.

For those unaware, XMPP is a very nice concept: an open messaging protocol.  This means that companies don’t need to invent their own protocol, or shell out big bucks to use another protocol.  Just grab a server and client, and you have an instant messaging system.  XMPP is also designed to be expandible.  Is there a feature you need that it’s missing?  Just code it in, following the current specifications.  The problem with this is that different clients can conform to different specifications for things that aren’t part of the official protocol, but that’s another discussion.

Comcast decided to not reinvent the wheel, and just use XMPP, with a little twist.  If you already know a bit about XMPP, I’ll give you the stanza as a client receives it:

<message to=”” from=”” id=”sn-30552863″ type=”headline”><CInfo>3NoAaS45q2vvGEmdgNb35TReIbQcE7F5d4vtkBu0l1bsyVdLRr3VxaTyWbV

(The line breaks above have been inserted by me in order to not destroy the layout)  So, what’s all this saying?  When your phone rings, comcast sends you a message over the XMPP protocol.  This message goes TO (your_main_account), using the resource “comcast”, and comes FROM (very original naming), with a little resource tacked on the end there.  Each message has a unique ID, and a tag saying that the message is a “headline” (I’m not sure on the specifics of this, I’m guessing this would be used for news items in a XMPP client).  Then, Comcast starts the non-standard part.

When sending an IM over XMPP, there’s usually a body tag inside the message tag.  However, Comcast has invented a CInfo tag, which isn’t part of the XMPP specification.  Inside, there’s a long, encoded string.  Unfortunately, I haven’t worked out how they encode it (I’ll be working on that in the coming days; Any ideas?  Let me know!)

So, what does this mean?  It means that everything is unsecure (except the CInfo tag).  Theoretically, if comcast’s programming is dumb enough, I could send a caller ID message to any comcast user, and have it display on their TV and computer, even though their phone isn’t ringing.  Or, I could call their house, then send them a different caller ID message, and spoof my caller ID info.

Of course, this all hinges on the assumption that comcast figured no one would think of this.  I’m guessing that Comcast doesn’t check who the message is FROM.  If they do, and it needs to be from, then none of this will work.  However, if they don’t check, this could be a fun security excersise.

But first, I need to decode the information inside CInfo.  I don’t have much security expertise, so I can’t guarantee any progress on this.  If you have an idea, please let me know.  If you figure it out on your own, I’d also like to know.  If you use my ideas to expand into your own project, a small link is all I ask.

Stay tuned in the next couple of days to see if I can make any progress.

:, , , , ,

23 Comments for this entry

  • Tajinea

    how do you check callers that have called already
    is there any way you can check missed and recieved calls that were made

  • TrueJournals

    Tajinea: I do not believe Comcast’s application provides this functionality. If the messages from Comcast could be decrypted properly, we could theoretically write a custom program that could keep a log.

  • debra

    i have triple play and im still not getting my universal caller id to come through my tv. I think its abiunch of crap . comcast keep giving me the runaround everytime i called, they said it will take 72 hours from installation time and i have been insalled a week and still no universal caller id > Help Please!

  • Brad K.

    Great blog you got here…keep up the good work.

  • Ross Tate

    I believe my wife and I signed up several months ago for caller id on the tv.
    We havent heard from anyone, are computor challanged, probably paying for the service, and no one cares about our problem

  • Dave

    Ross, I was told today by Comcast that you have to be using comcast(.net) as you email address and for a caller to show up on caller ID, they have to included in your Comcast directory. Kind of lame…

  • TrueJournals

    @Dave I don’t think that’s true. I have an e-mail address, but I never even log into it except for occasionally checking voicemail online. Also, the Caller ID on the TV just uses the normal Caller ID data — that is, you see on your TV whatever you would see on a phone’s caller ID. Unless they changed something major recently.

    @Ross I’m really not sure what to tell you… You can only get the caller ID on your TV if you’re using a cable box. I don’t think there’s an extra charge for the service, but I could be wrong.

  • Rob

    I have Caller Id on my pc and it will not work or open and comcast can not give me answer as to why it won’t open

  • Tom

    I just downloaded the caller ID app and tried it and it works fine. I haven’t tried it with 2 computers both signed in — I heard that might be a problem.

    You have gathered some great data about the message format. I’m really interested in the possibility of sending messages to my TV via this mechanism. Was that example message you included

    message to=”” from=”” id=”sn-30552863? type=”headline”>3NoAaS45q2vvGEmdgNb35TReIbQcE7F5d4vtkBu0l1bsyVdLRr3VxaTyWbV

    a real message? How did you capture it?

    Have you tried sending this message to see if it popped up on the TV? What’s the easiest way to test this out? Download some XMPP client and send the message?

    The reason I ask all this is that it may be easier to figure out what encryption is being use if we could capture real messages. Because then we’d have both the encrytped text along with the plain text. Make sense?

  • Han

    Incoming call from Lincolnshire IL (847) 613-46xx

    I put xx so the number wouldn’t be online.

  • Han

    Anyway, I decoded it. So… I wonder if this is dead by now… Anyone gonna read this? It’s only a year old…

    I made a version for Delphi. Works like a charm. Fires an event when a call comes in.

  • TrueJournals

    Han, that’s awesome! Any chance you’d be willing to share your source code? If you don’t have a place to host it online, I’d be more than willing to upload it here!

  • Andy

    Han — please provide us with the decode mechanism. I am also trying to work something out for Media Center.

  • Ross Presser

    I’ve started working on decoding it myself. Comcast provides a Caller ID desktop app for your computer, which is written as an Adobe AIR app. That can be dissaembled into Actionscript code using any of various Flash decompilers; the interesting files are:

    I can email you these files if you wish. They’re using AES256 as an encryption method; the key is generated from this function:

    internal static function GenerateKeyForUser(arg1:String):flash.utils.ByteArray
    return GenerateKey(com.hurlant.util.Hex.toArray(com.hurlant.util.Hex.fromString(theSalt != null ? theSalt : “7R]c\’1z<q\\O%eybO")), arg1);

    I found these things out, but I'm having trouble connecting Pidgin to the comcast XMPP server. What XMPP client were you using, TrueJournals? and anyone know if Pidgin is capable of receiving the XMPP headline?

  • Ross Presser

    OK, I’ve discovered how to view the debug log in Pidgin, and yes, Pidgin is authenticating fine to the XMPP server. It’s expecting more info from the server, perhaps a buddy list, and that’s why it doesn’t show that the connection is finished; but it is connected, and when the phone rings I do see the HEADLINE packet coming in. Unfortunately Pidgin ignores HEADLINEs … well, I would have to write a plugin anyway to do the decryption, so it’s moot. I guess I’ll need some other XMPP client or client library.

  • Andy

    Ross — are you trying to replace the air app or simply decode/descrypt. I know I would be satisfied taking the CID info directly from the air app/xmpp network payload.

    Have you gotten any farther?

  • Henry

    I have successfully gotten my code to decrypt the XMPP messages from comcast. With the help from Bobby (Truejournals) we have connected to Comcast’s XMPP server and decoded the XML message. He plans on releasing our code but I haven’t heard from him. I plan on releasing the code in a couple days if he doesn’t.

  • TrueJournals

    Sorry about the delay with this. I’ve been busy being a college student 🙂

    Just made a new blog post! Hope it works for everyone 🙂

  • Annamarie Ediger

    I truly liked %BLOGTITLE%. Youre so cool! I dont suppose Ive read anything like this before. So good to seek out someone with some unique ideas on this subject. realy thanks for beginning this up. this website is one thing that is needed on the net, somebody with somewhat originality. helpful job for bringing one thing new to the web! Agile Marketing Solutions, LLC 2905 East Point Street, Suite 91784, Atlanta, GA 30344 (404) 939-5631

  • Jim

    Great site! Thanks for it. I’m still looking for information about how the caller ID is supposed to get to the TV. Mine hasn’t worked for a year. Many interactions with Comcast – all ending up with the “wait 24 (48 or 72) hours” and it will be OK. Had a tech out twice to verify everything is hunky dory. Still no Caller ID on the TV. Maybe if I could find out how it is supposed to work, I could figure something out. Again, love your site.


  • Melissa Osika

    I am having the same problem as Jim. Got a new Comcast DVR cable box and have lost my caller ID. Comcast has no idea what is wrong. I get the same excuses about powering down the box and waiting 72 hours. Nothing has worked. Grrrr.

  • grimmwerks

    Hey – found this by doing some google searching — I’m wondering if theres a way I can PUSH messages to my dvr – ie ‘new email from’ etc — from my computer via cmdline? Really interested in this…

  • Sheila

    Is there a way I can see missed calls?

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...