In-depth analysis from the technical point of view: the number change software, the phone number can be displayed at will, fake call display

Source: Internet
Author: User
Tags password protection

Someone posted a post on wooyun and asked: What is the software implementation principle for modifying incoming calls on the Internet?

I know a little about this thing (I have a wide range of topics and I like to study it )......

In fact, there were such technical analysis documents many years ago. I have read a technical analysis article a few years ago, which detailed the implementation principle. For a long time, Nima's article could not be found, however, remember about the content and combine the search to sort out something.

It is estimated that many people know that this technology is because the gateways used to forward data in different networks are playing a strange role, but they do not understand the underlying principle, this article will begin with the underlying and basic telephone transmission protocols and data frames ......

This is really an old thing about modifying the principle of the incoming call display number. It's at least 20 years old (almost as big as me, -_-|). To understand this principle, you must first understand the electrical number display principle.

Actually, you can modify the call to display this stuff. Any engineer or technician in a phone, communication, network call (VoIP), or mobile phone manufacturing company knows it, just like hackers must know what an IP address is, and they can do it easily without any difficulty ......

First, learn a little about data transmission over the telephone network. The materials are as follows:

The following data is taken from: the principle of incoming call display, the identification and implementation of telephone caller numbers

Identification and implementation of telephone caller numbers

The Cid, Calling Identity Delivery (call identity transfer) refers to the switch that transfers the caller's call number, call date, time, and other information to the called user, the information is displayed and stored by the caller's phone number display. So that the user can know who called or who called the phone before picking the machine. (The phone network did not display this function before 1990s. How can Nima use it? It's hard to imagine ......)

It is implemented by the combination of a switch with the information recognition service of the caller's phone number and a terminal with the function of displaying the caller's phone number, on the terminal, information such as the phone number and call time of the caller can be displayed.

I. background of CID Technology

Bell Communications Research Office (Bellcore) first introduced the Voice Band Data Communication modulation and demodulation method to achieve CID business, and in 1990 put forward related technical suggestions (TR-TS-000031, isue3, January 1990 ), this suggestion is called the bell202 suggestion after multiple modifications. Data transmission uses the frequency-Shift key (PSK) method, which is usually called the frequency-Shift key method.

At the same time, European research institutions represented by Sweden can conveniently implement the calling number delivery service on their own vswitches, the telephone terminal and the switch adopt the dual-Tone Multi-frequency number transmission method as the solution, which is usually called the dual-Tone Multi-frequency method.

After many years of research and development, many countries believe that the frequency-Shift Keying method has a good development prospects, and have formulated their own standards based on this. So far, the countries and regions that adopt the Frequency Shift Keying method include the United States, Canada, Belgium, Britain, Spain, Japan, Singapore and China.

...... Omit irrelevant content ......

Ii. CID business functions: the rights and interests of all parties must be taken into account when the CID business is launched online by phone.

The caller can control whether to send his or her own number to the called user based on his or her own wishes. After the called user registers the display permission of the caller information, the switch should send the Caller information to the called user.

1. Caller information display permission

Whether the caller is allowed to display the Caller information to the called user.

As a caller, you can select CID and CID restriction when making a call.

(1) allow display

All normal dialing operations of the caller are to allow CID calls. The caller information should be sent to the terminal switch where the called user is located. This type of user can also require that the caller information not be displayed to the called user during a call. In this case, a sign number (such **, after receiving the request **, the initiator switch determines that the CID service for this call is restricted and sends a flag. The terminal switch does not send the caller number of this call to the called terminal device.

(2) Restricted display

All normal dialing operations for a caller are to restrict CID calls. The caller's phone number is not sent to the called user's terminal device. This type of user can also ask to display the caller number to the called user during a call. In this case, you need to add a sign number before dialing the call (such **, after receiving the request **, the initiator switch determines that the CID service of the call is allowed and sends the permit sign. The terminal switch sends the caller number of the call to the called terminal device.

Whether the caller is a CID user or a CID user, when the caller is a special server terminal such as 110,119,120,122, the caller number must be transmitted to the called terminal.

2. The caller information display permission of the called user

The displayed permission indicates whether the called user can display the information.

(1) User Registration Caller information display permission

After the user registers the Caller information display permission, when the user is called, the terminal switch should send the corresponding display information to the user.

· If a call has a calling number, "Number + date + time" is displayed ";

· If the terminal switch does not receive the main call number in a call, "O" is displayed. · if the main call number cannot be displayed in a call, "P" is displayed ".

(2) The user does not register the Caller information display permission.

If you do not register this permission, the switch does not send any information to this user.

III. Basic CID business technologies

A switch using a shift-frequency keying transmission mode shall have the hardware environment related to this mode, as well as the necessary software environment for data processing and transmission.

1. Transfer of the caller's number and logo between Bureaus

The information displayed on the caller's phone number is transmitted by the terminal switch to the called user's terminal device. Therefore, the terminal switch should be able to obtain the caller's phone number smoothly, this requires that the initiator switch transmit the information such as the main call number to the terminal switch through the inter-office signaling system (such as the No. 7 message), and a flag code is also sent along with the main call number, indicates the caller's willingness. For example, "x" indicates that the caller number can be transferred to the called user; "Y" indicates that the caller code is unwilling to be transferred to the called user.

2. Transmission of calling information from the terminal switch to the user

After the terminal obtains the caller's number information, it controls the transmission of the caller's number information based on the characteristics of the called user and the caller's flag code. The following methods can be used:

· When the called user does not apply for the CID service, no information is transmitted;

· When the Calender is a CID user and the caller is "Y", send "P ";

· When the Calender is a CID user and the caller ID is "X", the system transfers the "Caller ID + time + date ";

· When the called user is a special server user such as 110,119,120,122, the caller's number is transmitted no matter whether the caller's sign is "X" or "Y.

The terminal switch must use different transmission sequences and formats based on the current status of the called user before transmitting the caller number information. To ensure smooth transmission.

(1) The called phone is in the suspended status.

For a switch that uses the shift-frequency keying method, the terminal switch uses the call number information as the shift-frequency keying (PSK) during the first and second rings) to the called user terminal device.

(2) The called phone is in the call status.

When a called user registers for certain services (such as waiting for a call), if the called user is in a call state, the terminal switch can still send the Caller information to the called user. (That is, the conditions on which the phone can receive and call at the same time .)

For example, when user B calls user a with the CID function and user B calls user B, user B's identification information is displayed.

...... Omit irrelevant content ......

Incoming call number display is actually a service provided by the modern telecommunications exchange network. In terms of its mechanism, the switch provides users with data transmission in the special format of incoming call numbers, and the user terminal receives and displays the data using an end machine that meets the data decoding format requirements.

When the switch sends the first ringing signal, it then sends a series of modulation signals (currently, there are two main formats of signals ), this signal contains the dialing party's phone number, date, time, name, and other information.

The incoming call number display starts to receive the PSK signal after every wake-up call. The decoded chip (such as Motorola's rc145447) obtains the information, the format is processed by the microcontroller and displayed on the screen.

Similarly, if you transmit the DTMF call number information, you only need to use the DTMF decoder chip to decode the data to display the DTMF call number.

...... Omit irrelevant content ......

The above is a very small part of the telephone communication protocol. The materials are too long. Do you think it is a bit dizzy? It doesn't matter. I will give you a simple picture to explain.

Actually, there are many similarities between this stuff and Internet communication protocols. I will draw a picture:

Caller → telephone line → terminal switch (GATEWAY) → carrier backbone network → terminal switch (called Gateway) → telephone line → called

The permission for displaying information of each device is as follows:

The caller can control whether to send his or her own number to the called user, that is, the "Hidden number" function set by the mobile phone system. However, this function must be supported by the carrier, but now all carriers are transmitted by default, so it is a decoration ......

Terminal switch (GATEWAY): has the right to control whether to send the caller number (except for special users such as 110,119,120,122, which must be sent !), And you can do whatever you want. Of course, regular carrier machines won't do this ......

Carrier backbone network: transmits data without any modification. (This is where the Public Security listening phone number is located ~)

Terminal switch (called Gateway): the permission is the same as above. However, it is used to determine whether the call display function has been activated. If the function is activated, it will be released. If it is not activated, it will not be released. Yes, that's right. Due to Nima's broken function, the operator also receives a 3 yuan incoming call display fee every month ......

Called: determines whether an additional information packet exists. If yes, it is displayed. Otherwise, no operation is performed ......

We learned from the above information that the telephone communication network does not rely on telephone numbers for user identification, while the incoming call display function is only that after the switch sends the first ringing signal, A data packet containing the caller's user information is appended, including the dialing party's phone number, date, time, name, and other information. The incoming call number display is triggered by every ringing signal, the system starts to receive the 2's signals and obtains the information from the decoder chip. The information is formatted and displayed on the screen by the MCU.

It seems that when I send a message to a QQ number during communication on the Internet, I can choose whether to send a nickname (phone number and other information), and this nickname can be completely modified.

Now that we know the transmission principle, how does the software change the number ???

Here we need to know about VoIP (IP Phone and network phone ......


In short, Voice over Internet Protocol digitizes Analog voice signals and transmits data packets over IP networks in real time.

The biggest advantage of VoIP is that it can widely use Internet and Global IP interconnection environments to provide more and better services than traditional services.

VoIP can deliver voice, fax, video, and data services cheaply over an IP network, such as unified messaging, virtual phone, virtual voice/fax mailbox, account checking service, Internet call center, Internet call management, video conferencing, e-commerce, fax storage and forwarding, and storage and forwarding of various information..

Why is VoIP relatively inexpensive?

VOIP phones are just an application on the Internet and are not controlled. Therefore, in essence, VOIP phones are no different from emails, instant messages, or web pages. They can all be transmitted between machines connected to the Internet. These machines can be computers or wireless devices, such as mobile phones or handheld devices.

Why do some VoIP services charge fees and some services are free of charge?

The VOIP service not only communicates with VoIP users (just like QQ voice chat), but also can communicate with telephone users, such as users who use traditional fixed-line networks and wireless phone networks. For this part of calls, the VOIP service provider must pay the call fee to the fixed-line network operator and the wireless communication operator. This part of the fee will be transferred to the VoIP user. Calls between VoIP users on the Internet can be free of charge.

In recent years, network communication has become unstoppable. QQ, fetion, and other instant messaging software have impacted the traditional telephone communication methods, which has created many new and expensive networks. Many investors hope to share a piece of cake in network communication. Following QQ, fetion, and other software, the network phone number developed in recent years has been widely used by enterprises and individuals for long-distance calls at home and abroad.

At the same time, in recent years, some network telephone "talk" has rapidly emerged in schools, residential areas, industrial areas and so on. Unlike the traditional "Public IP address supermarket" that emerged a few years ago, the operating costs of network telephones are lower and the entry threshold is lower. Only one computer, one broadband, several phones, and one billing software can be used. network companies can provide technical support to franchisees or operators. Because it is as convenient as a regular call, the network "talk" quickly occupies the market of low-income and migrant workers, and has an impact on traditional telephone services.

Because of its low cost and broad market, VoIP has become a "profiteering" investment project. However, due to its lack of policy support, there are still operating and management vulnerabilities and the development prospects are unclear, investment requires caution. After several years of development, although the network telephone is widely used, the network telephone business is still in the "gray zone", and the law does not limit or allow it, there is no business license for the Internet phone "talk" on the market. In addition, the network telephone itself also has inherent defects. The quality of the call is affected by the quality of the network, which cannot be used during power outages, And the definition is also different from that of the traditional fixed phone. Secondly, there is also a risk of eavesdropping on the Internet phone.

...... Omit irrelevant content ......

It's a long piece of information. Let's take a look at it again. Haha, I'll summarize it in a simple language ......

In fact, VoIP is network voice chat, which transfers audio data from one computer to another over the Internet, without borders and remote transmission, just like QQ voice, you just need to install software on both sides ......

Then you may ask: Second goods! What are you talking about? You have talked so much about the relationship between Nima and the code change software ??????

Don't worry, don't worry, you will be suddenly enlightened !!!! (It is estimated that intelligent readers have come up with it! (^ O ^ ))

For a clear description, I will draw a picture:


User A → computer → ISP Operator Interface → Internet backbone network → ISP Operator Interface → computer → user B

Nima, isn't this running mode explained? You are using it every day, commonly known as: surfing the internet !!!!

Do you still remember the phone network diagram ??

Telephone Network (simplified ):

User A → call gateway → carrier backbone network → called Gateway → call → user B

Oh, well, what will happen if VOIP and telephone are combined with completely unrelated networks?

So here's the magic !!! Look at the figure:

User A → computer → Internet interface → Internet backbone network → Internet interface → computer → user B boarding, get off gateway user C → telephone → call gateway → carrier backbone network → called Gateway → telephone → user d

Gateway for boarding and boarding:

It is also known as a relay gateway and a landing gateway. It is connected to the voice Access Gateway of the user end through the IP interface, and the remote control switch through the E1 interface.

The relay gateway converts IP packet packets and PCM to enable communication between the voice Access Gateway and the Public Relations Telephone Network (PSTN.

A gateway that transfers a call from a traditional telephone line to an IP network is generally called a boarding gateway, while a gateway that transfers a call from an IP network to a telephone network is called a get-off or a landing gateway.

The gateway needs to apply from the telephone carrier and connect to your server.

Now, the telephone network and the Internet can be interconnected.

Let's go back to the question of changing the number. Since you cannot control the telephone network gateway, we only need to send a virtual number on the signaling to make a call from the network core device (landing gateway, the device in the called location will think that this is a real calling number, so it shows the called call, that is, my virtual number, which is a very simple network scam.

Mobile operators can certainly do this, but I believe no operator will do this, but we should see that there are still many service providers (SP) connected to the operator's network devices, there are a large number of them, it is difficult to say that no one will violate the rules. Of course, there are other operators, such as calls from a fixed telephone network or calls from outside China.

This is a vulnerability in the operator's network and cannot be repaired.

The process can be summarized as follows:

1. First, a VoIP Software is preset on a smart phone or computer. The software points to a preset gateway, which is illegally deployed.

2. The Gateway allows and receives the specified caller number sent by the client and passes the number to the gateway to which the called Number belongs.

3. Call and forge a phone number.

It is not subject to special numbers such as 110, because the number has been forged from the "source Gateway", so you can call 110 with a call number of 110 ......

After a lot of work, the core things are on this landing gateway! Similar gateways are used for communication between different networks, not just the Internet.

The gateway is placed in the middle of the gateway between the caller and the telecommunications company. After the caller's number is modified, the modification result is sent to the telecommunications company's gateway system.

They have their own platform, which has interfaces with carriers, or some IP carriers outside China.

If you need it, you will first install a software for your computer or mobile phone to establish a channel with the platform, but when you use this function, it is equivalent to connecting to his platform. His platform then helps you simulate any number call.

Finally, let's summarize:

"Incoming call display modification" uses the network IP address Telephone Gateway technology. First, let's take a look at the principle of displaying incoming phone numbers on a common landline. First, the switch transfers incoming call data from the caller, the receiver terminal must receive and display the data in a dedicated decoding format.

When the switch sends the first ringing signal, it then sends a series of modulation signals containing the dialing party's phone number, date, time, name, and other information.

The incoming call number display starts to receive signals after every wake-up call signal. The decoded chip obtains the information and displays the information on the screen after processing.

In this way, after the caller sends a call, the caller must first transmit the call to the telecommunications company's exchange system. After the identity verification of the system, the caller can receive the signal.

The "Platform" is actually a network IP phone, and the "Telephone Gateway" set by a Telecommunications Company is equivalent to a traditional communication exchange system.

The so-called call display modification also creates a gateway, which is placed in the middle of the gateway between the caller and the telecommunications company. You can use your gateway to modify the caller's phone number at will, then, the modification result is sent to the gateway system of the telecommunications company. Currently, most companies that sell and modify software use this principle.

Since these calls are called through the transit platform or computer software, they are not connected between the two parties. Therefore, as long as the phone is dialed by the displayed number, the other party cannot answer the call.

Currently, all Internet calls, such as Skype and uucall, can be modified to make the call numbers legal, therefore, you can only modify your mobile phone number and require text message verification.

In fact, their administrators can modify it at will ......

These fake phone numbers are exactly the same as the operating modes of these network phone companies, except that they are dealing with illegal businesses ......

Why are more and more illegal calls with fake phone numbers in the past two years?

Because the network is becoming more and more developed, the speed is getting faster and faster, the cost is getting lower and easier to use, and it can connect with the telephone network, which is more than forging a phone number from a telephone company (the earliest way of forging) it's easy not to mention half past one, which has promoted the development of such companies, and they have sprung up like mushrooms ......

From the perspective of network security, the traditional mobile phone and phone number as a way to verify the identity of a user (such as a mobile phone password protection) has completely crashed ......

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.