Your Ad Here
                            .oO Phrack 50 Oo.

                        Volume Seven, Issue Fifty

                                 13 of 16

                     ===============================
                     DTMF Encoding and Decoding In C

by Mr. Blue

Introduction

DTMF tones are the sounds emitted when you dial a number on your touch

tone phone. Modems have traditionally been the device used to generate these tones from a computer. But the more sophisticated modems on the market today are nothing more than a DSP (digital signal processor) with accompanying built-in software to generate and interpet analog sounds into digital data. The computers sitting on your desk have more cpu power, a more complex OS, and very often a just as sophisticated DSP. There is no reason you can not duplicate the functionality of a modem from right inside of unix software, providing you with a lot easier to understand and modify code.

In this article I provide the source code to both encode and decode

DTMF tones. There are numerous uses for this code, for use in unix based phone scanning and war dialing programs, voice mail software, automated pbx brute force hacking, and countless other legitimate and not so legitimate uses.

I will not go into depth explaining the underlying mathematical

theories behind this code. If you are of a sufficient math background I would encourage you to research and learn about the algorithms used from your local college library; it is not my intent to summarize these algorithms, only to provide unix C code that can be used on its own or expanded to be used as part of a larger program.

Use the extract utility included with Phrack to save the individual

source files out to the dtmf/ directory. If you find this code useful, I would encourage you to show your appreciation by sharing some of your own knowledge with Phrack.

<++> dtmf/detect.h /* * * goertzel aglorithm, find the power of different * frequencies in an N point DFT. * * ftone/fsample = k/N
* k and N are integers. fsample is 8000 (8khz) * this means the maximum frequency resolution * is fsample/N (each step in k corresponds to a * step of fsample/N hz in ftone) * * N was chosen to minimize the sum of the K errors for * all the tones detected... here are the results : * * Best N is 240, with the sum of all errors = 3.030002 * freq freq actual k kactual kerr * ---- ------------ ------ ------- ----- * 350 (366.66667) 10.500 (11) 0.500 * 440 (433.33333) 13.200 (13) 0.200 * 480 (466.66667) 14.400 (14) 0.400 * 620 (633.33333) 18.600 (19) 0.400 * 697 (700.00000) 20.910 (21) 0.090 * 700 (700.00000) 21.000 (21) 0.000 * 770 (766.66667) 23.100 (23) 0.100 * 852 (866.66667) 25.560 (26) 0.440 * 900 (900.00000) 27.000 (27) 0.000 * 941 (933.33333) 28.230 (28) 0.230 * 1100 (1100.00000) 33.000 (33) 0.000 * 1209 (1200.00000) 36.270 (36) 0.270 * 1300 (1300.00000) 39.000 (39) 0.000 * 1336 (1333.33333) 40.080 (40) 0.080 ** I took out 1477.. too close to 1500 * 1477 (1466.66667) 44.310 (44) 0.310

define FSAMPLE 8000

define N 240

int k[] = { 11, 13, 14, 19, 21, 23, 26, 27, 28, 33, 36, 39, 40, /44,/ 45, 49, 51, 72, 78, };

/* coefficients for above k's as: * 2 * cos( 2pi k/N ) / float coef[] = { 1.917639, 1.885283, 1.867161, 1.757634, 1.705280, 1.648252, 1.554292, 1.520812, 1.486290, 1.298896, 1.175571, 1.044997, 1.000000, / 0.813473,*/ 0.765367, 0.568031, 0.466891, -0.618034, -0.907981, };

define X1 0 /* 350 dialtone */

define X2 1 /* 440 ring, dialtone */

define X3 2 /* 480 ring, busy */

define X4 3 /* 620 busy */

define R1 4 /* 697, dtmf row 1 */

define R2 5 /* 770, dtmf row 2 */

define R3 6 /* 852, dtmf row 3 */

define R4 8 /* 941, dtmf row 4 */

define C1 10 /* 1209, dtmf col 1 */

define C2 12 /* 1336, dtmf col 2 */

define C3 13 /* 1477, dtmf col 3 */

define C4 14 /* 1633, dtmf col 4 */

define B1 4 /* 700, blue box 1 */

define B2 7 /* 900, bb 2 */

define B3 9 /* 1100, bb 3 */

define B4 11 /* 1300, bb4 */

define B5 13 /* 1500, bb5 */

define B6 15 /* 1700, bb6 */

define B7 16 /* 2400, bb7 */

define B8 17 /* 2600, bb8 */

define NUMTONES 18

/* values returned by detect * 0-9 DTMF 0 through 9 or MF 0-9 * 10-11 DTMF *, # * 12-15 DTMF A,B,C,D * 16-20 MF last column: C11, C12, KP1, KP2, ST * 21 2400 * 22 2600 * 23 2400 + 2600 * 24 DIALTONE * 25 RING * 26 BUSY * 27 silence * -1 invalid */

define D0 0

define D1 1

define D2 2

define D3 3

define D4 4

define D5 5

define D6 6

define D7 7

define D8 8

define D9 9

define DSTAR 10

define DPND 11

define DA 12

define DB 13

define DC 14

define DD 15

define DC11 16

define DC12 17

define DKP1 18

define DKP2 19

define DST 20

define D24 21

define D26 22

define D2426 23

define DDT 24

define DRING 25

define DBUSY 26

define DSIL 27

/* translation of above codes into text / char *dtran[] = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "", "#", "A", "B", "C", "D", "+C11 ", "+C12 ", " KP1+", " KP2+", "+ST ", " 2400 ", " 2600 ", " 2400+2600 ", " DIALTONE ", " RING ", " BUSY ","" };

define RANGE 0.1 /* any thing higher than RANGE*peak is "on" */

define THRESH 100.0 /* minimum level for the loudest tone */

define FLUSH_TIME 100 /* 100 frames = 3 seconds */

<--> <++> dtmf/detect.c

/* * detect.c * This program will detect MF tones and normal * dtmf tones as well as some other common tones such * as BUSY, DIALTONE and RING. * The program uses a goertzel algorithm to detect * the power of various frequency ranges. * * input is assumed to be 8 bit samples. The program * can use either signed or unsigned samples according * to a compile time option: * * cc -DUNSIGNED detect.c -o detect * * for unsigned input (soundblaster) and: * * cc detect.c -o detect * * for signed input (amiga samples) * if you dont want flushes, -DNOFLUSH * * Tim N. */

include

include

include "detect.h"

/* * calculate the power of each tone according * to a modified goertzel algorithm described in * digital signal processing applications using the * ADSP-2100 family by Analog Devices * * input is 'data', N sample values * * ouput is 'power', NUMTONES values * corresponding to the power of each tone */ calc_power(data,power)

ifdef UNSIGNED

unsigned char *data;

else

char *data;

endif

float *power; { float u0[NUMTONES],u1[NUMTONES],t,in; int i,j;

for(j=0; j<NUMTONES; j++) { u0[j] = 0.0; u1[j] = 0.0; } for(i=0; i<N; i++) { /* feedback */

ifdef UNSIGNED

in = ((int)data[i] - 128) / 128.0;

else

in = data[i] / 128.0;

endif

for(j=0; j<NUMTONES; j++) {
  t = u0[j];
  u0[j] = in + coef[j] * u0[j] - u1[j];
  u1[j] = t;
}

} for(j=0; j<NUMTONES; j++) /* feedforward */ power[j] = u0[j] * u0[j] + u1[j] * u1[j] - coef[j] * u0[j] * u1[j]; return(0); }

/* * detect which signals are present. * * return values defined in the include file * note: DTMF 3 and MF 7 conflict. To resolve * this the program only reports MF 7 between * a KP and an ST, otherwise DTMF 3 is returned */ decode(data) char *data; { float power[NUMTONES],thresh,maxpower; int on[NUMTONES],on_count; int bcount, rcount, ccount; int row, col, b1, b2, i; int r[4],c[4],b[8]; static int MFmode=0;

calc_power(data,power); for(i=0, maxpower=0.0; i<NUMTONES;i++) if(power[i] > maxpower) maxpower = power[i]; /* for(i=0;i<NUMTONES;i++) printf("%f, ",power[i]); printf("\n"); */

if(maxpower < THRESH) /* silence? / return(DSIL); thresh = RANGE * maxpower; / allowable range of powers */ for(i=0, oncount=0; i<NUMTONES; i++) { if(power[i] > thresh) { on[i] = 1; oncount ++; } else on[i] = 0; }

/* printf("%4d: ",on_count); for(i=0;i<NUMTONES;i++) putchar('0' + on[i]); printf("\n"); */

if(on_count == 1) { if(on[B7]) return(D24); if(on[B8]) return(D26); return(-1); }

if(on_count == 2) { if(on[X1] && on[X2]) return(DDT); if(on[X2] && on[X3]) return(DRING); if(on[X3] && on[X4]) return(DBUSY);

b[0]= on[B1]; b[1]= on[B2]; b[2]= on[B3]; b[3]= on[B4];
b[4]= on[B5]; b[5]= on[B6]; b[6]= on[B7]; b[7]= on[B8];
c[0]= on[C1]; c[1]= on[C2]; c[2]= on[C3]; c[3]= on[C4];
r[0]= on[R1]; r[1]= on[R2]; r[2]= on[R3]; r[3]= on[R4];

for(i=0, bcount=0; i<8; i++) {
  if(b[i]) {
    bcount++;
    b2 = b1;
    b1 = i;
  }
}
for(i=0, rcount=0; i<4; i++) {
  if(r[i]) {
    rcount++;
    row = i;
  }
}
for(i=0, ccount=0; i<4; i++) {
  if(c[i]) {
    ccount++;
    col = i;
  }
}

if(rcount==1 && ccount==1) {   /* DTMF */
  if(col == 3)  /* A,B,C,D */
    return(DA + row);
  else {
    if(row == 3 && col == 0 ) 
       return(DSTAR);
    if(row == 3 && col == 2 )
       return(DPND);
    if(row == 3)
       return(D0);
    if(row == 0 && col == 2) {   /* DTMF 3 conflicts with MF 7 */
      if(!MFmode)
        return(D3);
    } else 
      return(D1 + col + row*3);
  }
}

if(bcount == 2) {       /* MF */
  /* b1 has upper number, b2 has lower */
  switch(b1) {
    case 7: return( (b2==6)? D2426: -1); 
    case 6: return(-1);
    case 5: if(b2==2 || b2==3)  /* KP */
              MFmode=1;
            if(b2==4)  /* ST */
              MFmode=0; 
            return(DC11 + b2);
    /* MF 7 conflicts with DTMF 3, but if we made it
     * here then DTMF 3 was already tested for 
     */
    case 4: return( (b2==3)? D0: D7 + b2);
    case 3: return(D4 + b2);
    case 2: return(D2 + b2);
    case 1: return(D1);
  }
}
return(-1);

}

if(on_count == 0) return(DSIL); return(-1); }

read_frame(fd,buf) int fd; char *buf; { int i,x;

for(i=0; i<N; ) { x = read(fd, &buf[i], N-i); if(x <= 0) return(0); i += x; } return(1); }

/* * read in frames, output the decoded * results */ dtmftoascii(fd1, fd2) int fd1; FILE *fd2; { int x,last= DSIL; char frame[N+5]; int silence_time;

while(read_frame(fd1, frame)) { x = decode(frame); /* if(x== -1) putchar('-'); if(x==DSIL) putchar(' '); if(x!=DSIL && x!=-1) putchar('a' + x); fflush(stdout); continue; */

if(x >= 0) {
  if(x == DSIL)
    silence_time += (silence_time>=0)?1:0 ;
  else
    silence_time= 0;
  if(silence_time == FLUSH_TIME) {
    fputs("\n",fd2);
    silence_time= -1;   /* stop counting */
  }

  if(x != DSIL && x != last &&
     (last == DSIL || last==D24 || last == D26 ||
      last == D2426 || last == DDT || last == DBUSY ||
      last == DRING) )  { 
    fputs(dtran[x], fd2);

ifndef NOFLUSH

    fflush(fd2);

endif

  }
  last = x;
}

} fputs("\n",fd2); }

main(argc,argv) int argc; char **argv; { FILE *output; int input;

input = 0; output = stdout; switch(argc) { case 1: break; case 3: output = fopen(argv[2],"w"); if(!output) { perror(argv[2]); return(-1); } /* fall through */ case 2: input = open(argv[1],0); if(input < 0) { perror(argv[1]); return(-1); } break; default: fprintf(stderr,"usage: %s [input [output]]\n",argv[0]); return(-1); } dtmftoascii(input,output); fputs("Done.\n",output); return(0); }

<--> <++> dtmf/gen.c

/* -------- local defines (if we had more.. seperate file) ----- */

define FSAMPLE 8000 /* sampling rate, 8KHz */

/* * FLOATTOSAMPLE converts a float in the range -1.0 to 1.0 * into a format valid to be written out in a sound file * or to a sound device */

ifdef SIGNED

define FLOATTOSAMPLE(x) ((char)((x) * 127.0))

else

define FLOATTOSAMPLE(x) ((char)((x + 1.0) * 127.0))

endif

define SOUND_DEV "/dev/dsp"

typedef char sample; /* --------------------------------------------------------------- */

include

/* * take the sine of x, where x is 0 to 65535 (for 0 to 360 degrees) */ float mysine(in) short in; { static coef[] = { 3.140625, 0.02026367, -5.325196, 0.5446778, 1.800293 }; float x,y,res; int sign,i;

if(in < 0) { /* force positive / sign = -1; in = -in; } else sign = 1; if(in >= 0x4000) / 90 degrees / in = 0x8000 - in; / 180 degrees - in / x = in * (1/32768.0); y = x; / y holds x^i) */ res = 0; for(i=0; i<5; i++) { res += y * coef[i]; y *= x; } return(res * sign); }

/* * play tone1 and tone2 (in Hz) * for 'length' milliseconds * outputs samples to soundout */ twotones(soundout,tone1,tone2,length) int soundout; unsigned int tone1,tone2,length; {

define BLEN 128

sample cout[BLEN]; float out; unsigned int ad1,ad2; short c1,c2; int i,l,x;

ad1 = (tone1 << 16) / FSAMPLE; ad2 = (tone2 << 16) / FSAMPLE; l = (length * FSAMPLE) / 1000; x = 0; for( c1=0, c2=0, i=0 ; i < l; i++, c1+= ad1, c2+= ad2 ) { out = (mysine(c1) + mysine(c2)) * 0.5; cout[x++] = FLOATTOSAMPLE(out); if (x==BLEN) { write(soundout, cout, x * sizeof(sample)); x=0; } } write(soundout, cout, x); }

/* * silence on 'soundout' * for length milliseconds */ silence(soundout,length) int soundout; unsigned int length; { int l,i,x; static sample c0 = FLOATTO_SAMPLE(0.0); sample cout[BLEN];

x = 0; l = (length * FSAMPLE) / 1000; for(i=0; i < l; i++) { cout[x++] = c0; if (x==BLEN) { write(soundout, cout, x * sizeof(sample)); x=0; } } write(soundout, cout, x); }

/* * play a single dtmf tone * for a length of time, * input is 0-9 for digit, 10 for * 11 for # / dtmf(sound_fd, digit, length) int sound_fd; int digit, length; { / Freqs for 0-9, *, # */ static int row[] = { 941, 697, 697, 697, 770, 770, 770, 852, 852, 852, 941, 941 }; static int col[] = { 1336, 1209, 1336, 1477, 1209, 1336, 1477, 1209, 1336, 1447, 1209, 1477 };

twotones(soundfd, row[digit], col[digit], length); }

/* * take a string and output as dtmf * valid characters, 0-9, *, # * all others play as 50ms silence */ dial(soundfd, number) int soundfd; char *number; { int i,x; char c;

for(i=0;number[i];i++) { c = number[i]; x = -1; if(c >= '0' && c <= '9') x = c - '0'; else if(c == '*') x = 10; else if(c == '#') x = 11; if(x >= 0) dtmf(soundfd, x, 50); silence(soundfd,50); } }

main() { int sfd; char number[100];

sfd = open(SOUNDDEV,ORDWR); if(sfd<0) { perror(SOUND_DEV); return(-1); } printf("Enter fone number: "); gets(number); dial(sfd,number); } <--> <++> dtmf/Makefile #

Defines:

UNSIGNED - use unsigned 8 bit samples

otherwise use signed 8 bit samples

#

CFLAGS= -DUNSIGNED

default: detect gen

detect: detect.c $(CC) detect.c -o detect

gen: gen.c $(CC) gen.c -o gen

clobber: clean rm -rf detect gen

clean: rm -rf *.o core a.out <-->

EOF