Reverse Engineering a Mysterious UDP Stream in My Hotel
http://wiki.gkbrk.com/Hotel_Music.html
gkbrk · 10 years ago
33 comments
http://wiki.gkbrk.com/Hotel_Music.html
gkbrk · 10 years ago
33 comments
nowprovision · 10 years ago
ah damn, not a network guy but couldn't they put lifts on their own subnets and avoid populuting the constrained airway. good read :)
lynxaegon · 10 years ago
haha! Best reverse engineering of elevator music ever :)
janci · 10 years ago
Now I know what to do in a hotel!
jaimehrubiks · 10 years ago
I laughed hard
haloboy777 · 10 years ago
Thanx for the link... XD
nickpsecurity · 10 years ago
Dude that's awesome! Thanks for the link.
detaro · 10 years ago
Reminds me how surprised I was when I found out that many IP phone installations use multi-cast strictly to distribute on-hold music to all phones, instead of the phones pulling files from a server or storing it locally.
digi_owl · 10 years ago
My first thought is that it is related to RIAA or equivalent rules, rather than something technical.
gvb · 10 years ago
Two reasons:
1. Multicast is 1:N so one stream can be played on all phones. Pulling the files from a server would be N:N so your network bandwidth would be consumed unnecessarily due to all the phones streaming the same data. Also, the phones are going to have limited memory so storing music locally is not going to scale well (phone memory is a cost that gets multiplied by N phones).
2. Synchronization, especially for the elevator scenario: if the music outside the elevator door isn't synchronized to the music inside the elevator, it will be rather disconcerting.
BTW, I suspect the streaming audio you saw was "background music" that could be played from the phones speakers. "Ambiance audio" would tie in with #2 synchronization; having adjacent phones playing unsynchronized "ambiance audio" would also be jarring.
Music on hold will be inserted by the PBX (head end), not the individual phones. Inserting "music on hold" by the phone would mean that music would be sent by the PBX to the phone back to the PBX and then to the "on hold" line where having the PBX insert it involves only the link from the PBX to the "on hold" line.
detaro · 10 years ago
Yeah, it's efficient and easy to update. Was just surprised since applications for multicast crossing subnet borders are fairly scarce, so I guess multicast routing got configured just for that, and is one of these things you don't see mentioned very often. Thanks for the details!
Aloha · 10 years ago
Not hold music - I don't know of a single PBX (IP or otherwise) where hold is accomplished in the phone - but many phone systems can do background music and paging, this would be a great use for multicast.
mhd · 10 years ago
You had to follow that shaggy dog a long time, but it finally led you to the girl from Ipanema.
binaryanomaly · 10 years ago
Hehe, nice story! Congrats ;)
omash · 10 years ago
That was just the carrier, hiding the steganographic payload.
Endy · 10 years ago
I bet the payload is in that NES cartridge. Check the data against the NES cart header list, or just try loading it in NESticle. That's what I would have started with, rather than focusing on the meaningless LAME MP3 data.
kalleboo · 10 years ago
There is no NES cartridge data. It looks like OP is using an outdated magic file with a bug that was fixed in april https://fossies.org/diffs/file/5.26_vs_5.27/magic/Magdir/con...
matiasb · 10 years ago
It was an ex-NSA agent talking to his mom :)
KillerRAK · 10 years ago
I applaud the effort and your curiosity. Any good tunes on that stream? Perhaps you're working on a remix?
m00dy · 10 years ago
Nice story
tharshan09 · 10 years ago
Can you send your own UDP packets to the elevator then?
alfiedotwtf · 10 years ago
This is why I read the comments.
kriro · 10 years ago
This is the correct follow up question. Nothing like sending out some ants via mail.
https://www.schneier.com/blog/archives/2008/03/the_security_...
vacri · 10 years ago
The hole in Schneier's story is that you can't just send them any old letter. It has to be a card that you've purchased from them.
It's not much of a revelation: "If I actively purchase a token to have something inoffensive sent to an address, why, the company will send it without verifying that the person who handed over the money is the recipient!".
sp332 · 10 years ago
It's not about getting them delivered for free. It's about targeted anonymous harassment (or a prank, depending on your point of view). See also https://shipyourenemiesglitter.com/ or http://poopsenders.com/ neither of which are free.
vacri · 10 years ago
I fail to see a significant difference between purchasing an ant farm and using the card to anonymously send the sealed tube of ants to a victim... and just anonymously posting something yourself to the victim.
kqr · 10 years ago
The difference is that if you're anonymously mailing ants to a person you're doing it out of malice. The bad person is the person directly responsible for sending the ants out.
The company doesn't want to mail ants to the wrong people, but they have no safeguards against it either. They're not acting out of malice, but they're peforming a malign action anyway. They're relying on your good spirit to ensure the ants end up in the right place.
vacri · 10 years ago
There is no difference to the victim if the company sends the ants directly, or if you receive the ants and then re-post it.
This is one of those ridiculous scenarios that security folks dream up. I imagine Schneier doesn't live in a concrete bunker with a blast door, because a regular door can conceivably be broken open with a sledgehammer. The vast majority of homes do not have a sledgehammer-proof door, because it's not actually a problem. Same with the shipping of ants.
kqr · 10 years ago
There is no difference to the victim, but there is a difference to the company. In one case they are guilty of shipping live ants to an unsuspecting victim, and in the other case they're not even related to the incident.
TheGeminon · 10 years ago
It would be possible to send packets to the elevator, but the elevator playing them would be another issue. If there is no authentication at all (as it it just plays all packets it receives on UDP 2046) I would imagine you would get an interesting mix of "valid" elevator music and your own "invalid" music.
On the other hand, those first 8 bytes of the packet may be some authentication/verification scheme which would have to be reverse engineered. Also, it may only play UDP packets coming from 234.0.0.2:2046, which would likely mean you would have to convince the DHCP server to assign you that address instead of its intended host.
jasonjayr · 10 years ago
Or just inject them into the network w/ spoofed source addresses.
DyslexicAtheist · 10 years ago
yeah and deliver some badass mixes of The girl from Ipanema. :-)
Though I wonder if he had time to look at the packets long or careful enough. Would have been interesting to inspect all these devices closer too. Were there also other sessions established maybe that could hint at controlling them? E.g. such as volume of the sound? I doubt that the actual elevator would be controlled could be controlled remotely:
gurkendoktor · 10 years ago
If anyone else is scratching their head about the references to The Girl From Ipanema in this thread... :)
> "Garota de Ipanema" ("The Girl from Ipanema") is a Brazilian bossa nova jazz song.
> Numerous recordings have been used in films, sometimes as an elevator music cliché.
DyslexicAtheist · 10 years ago
indeed :-) https://thequickword.wordpress.com/2014/08/25/your-code-is-l...
joantune · 10 years ago
Erm, you need to see how UDP works again, because you can pertain to be whomever
pmikesell · 10 years ago
No, he or she it totally correct:
> those first 8 bytes of the packet may be some authentication/verification scheme
The server could verify the auth on a per packet basis and only play the sound if it matches. There's no reason you couldn't have an authentication scheme on top of a UDP transport, you just can't rely on the tcp sequence numbering to prevent bad actors from injecting into the stream. But so what, you could implement your own thing. You could go so far as to simulate TCP over UDP if you really wanted to.
It's kind of weird for you to address him/her in the condescending tone, especially when you're not exactly correct.
Dylan16807 · 10 years ago
> totally correct
The part you quoted is correct. The sentence after it is not at all correct. And that final sentence was the one joantune was responding to.
In other words, you are the person being wrong and condescending. ;)
Godel_unicode · 10 years ago
See also: replay attack.
niccaluim · 10 years ago
Wasn't there an article a while back by a guy who stayed at a "smart" hotel and discovered he could turn the lights on and off in other people's rooms? If that's any indication of how this industry is treating security, I say "play some Skynyrd."
TheDong · 10 years ago
You're referencing this blog post: https://mjg59.dreamwidth.org/40505.html
niccaluim · 10 years ago
That's the one. Thanks!
kw71 · 10 years ago
> Also, it may only play UDP packets coming from 234.0.0.2:2046, which would likely mean you would have to convince the DHCP server to assign you that address instead of its intended host.
This does not agree with my understanding.
234.0.0.2 is probably the destination address. I think if a DHCP server gave out an address in this range it would be misconfigured.
In 802.3 and 802.11 I think multicast packets are actually broadcast, so this is why you don't need to join the group.
runjake · 10 years ago
This is not how multicast traffic works. Yes, 234.0.0.2:2046 is apparently the destination. The receivers probably just listen for this destination address and plays whatever it receives. DHCP server wouldn't matter here.
These multicast packets also aren't L2 broadcast addresses. For more info, see:
Godel_unicode · 10 years ago
Group membership matters in multicast, although I agree probably not in this case. If there's a hub-spoke topology and you a spoofing on a leaf switch which doesn't propagate this could be a fun problem for engineering (looking up and reading about IGMP is left as an exercise for the reader)
chris_wot · 10 years ago
Well, it doesn't appear that IP spoofing has been setup too well on the switches, because the switch seems to be doing what either an el cheapo switch will do, or do what Cisco switches do which is take the multicast traffic and flood it out the vlan broadcast domain.
Hell, if that's UDP traffic it doesn't necessarily even look like it requires a response, so you could spoof the source IP address and the server might not even care...
13of40 · 10 years ago
> convince the DHCP server
Or you could just manually configure your computer to use that address.
delinka · 10 years ago
Or you can craft packets all day long with any source address you like and dump them onto the network.
Godel_unicode · 10 years ago
That (DST) is a Multicast address, DHCP doesn't play here.
bipson · 10 years ago
> After watching thousands of these packets scroll through the console, I noticed that the first ~15 bytes were the same.
Godel_unicode · 10 years ago
You seem like someone who would be well served by a perusal of the below wikipedia page. Briefly, these packets are destined for an IP address in the 224.0.0.0/4 IP space, meaning multicast. SRC address is neither important nor verified (and since it's UDP on the same broadcast domain, there's really very little that can be done to stop the packets being processed unless the hotel has a very smart access point. They never do).
PhasmaFelis · 10 years ago
> * It would be possible to send packets to the elevator, but the elevator playing them would be another issue. If there is no authentication at all (as it it just plays all packets it receives on UDP 2046) I would imagine you would get an interesting mix of "valid" elevator music and your own "invalid" music.*
At that point (assuming it's the kind of elevator music that uses low-intensity instrumental versions of pop hits), it would be really fun to get the original versions of the songs they're playing and sync up the position and playback rate.
Khaine · 10 years ago
Couldn't you just spoof coming from the IP address which is trivial with UDP?
supersan · 10 years ago
That would definitely be another interesting read! I'm not a networking guy, but I definitely want to know if it is possible to stop the packets from going to their final IP? Can they be intercepted and replaced with other data?
This feels as exciting as what they do with video feeds in Hollywood movies, i.e. where the hacker puts in her own camera loops replacing live feed.
corndoge · 10 years ago
Probably difficult to intercept the packets, but since they're apparently broadcast over the whole hotel network, it would likely be straightforward to send your own out to be mixed in with the real packets and get some sick elevator glitch muzak going.
13of40 · 10 years ago
With custom equipment I bet you could listen for the packet header and broadcast a colliding signal every time a legitimate one was being sent. Since it's UDP, there would be no retry and neither the sender nor the receiver would be the wiser.
brianwawok · 10 years ago
It could be a NAQ protocol and resend if a sequence number gets missed.
ChuckMcM · 10 years ago
This would be the obvious follow up, then you can make your own "elevator music" and send it out. But that probably depends on understanding what's in the first 8 bytes too :-)
thaumasiotes · 10 years ago
I don't see why, since the first ~15 bytes of each packet are constant. It might be necessary to understand them if they ever varied...
detaro · 10 years ago
Depends on the network topology and setup. If the speakers also are using the Wifi, then probably yes.
vinhboy · 10 years ago
I assume if his wifi can pick it up with wireshark, then whatever is receiving should be able to pick up whatever his wifi send out. Right?
detaro · 10 years ago
Not necessarily, the speakers could be in a different network, then they do not listen to what he sends directly. if the AP/router knows the multicast source is not in the wifi (and it probably does) it won't accept packets from there and not forward it to other networks.
Since it is multicast seeing the packet doesn't mean the path to a specific receiver goes through your network.
kilroy123 · 10 years ago
I would certainly try this if I was him.
There was another recent post about a hotel that had android devices controlling the lights, in the entire hotel. Which had no auth protection at all. I'd bet money, it would be the same for the elevator music.
tonyedgecombe · 10 years ago
I was in an elevator a while ago when there was a ringing followed by a voice trying to sell PPI services (a regular source of spam in the UK). The emergency system was just an embedded phone.
diplomatpuppy · 10 years ago
In the US too - the reasoning is that it's simple and should work in a power outage as the telephone company usually can power it from the central office. Conversely, VoIP would depend on too many technologies working well to be reliable enough for emergency use.
superuser2 · 10 years ago
I've definitely seen elevator phones attached to the PBX with VoIP trunking, but all the components were on battery backups.
jlgaddis · 10 years ago
At a previous employer (large .edu), we moved to VoIP several years ago but keep several PSTN lines -- including all of the emergency ones, such as for the elevator. We could have moved them to VoIP as well but we figured, in a true emergency, it was one less thing to have to worry about.
godzillabrennus · 10 years ago
In Chicago building codes mandate elevators have a pstn line in place.
Even luxury homes with small elevators.
hexane360 · 10 years ago
Well, I mean people have died from being stuck in their own elevators: http://www.cbsnews.com/news/elderly-couple-dies-trapped-in-h...
walrus01 · 10 years ago
Most large cities' building codes mandate auto-start/auto-transfer backup generators for elevators in buildings over a certain height. It is sometimes possible to put critical equipment on a generator backed circuit (such as a 48-port 802.3af PoE switch providing power to phones).
walrus01 · 10 years ago
This can be harder to do than it looks at first glance - the electrical cable "snake" that follows elevators up and down their shaft is frequently implemented with only POTS/cat3 grade wiring. Getting a SIP phone to work in one can require a local source of power in the elevator (usually a 120VAC to 12VDC power supply for the phone rather than PoE) and a VDSL2 bridge for 100BaseTX over the old style phone wiring.
superuser2 · 10 years ago
Right, I'm talking about a plain analog phone connected to one of the ATAs on a Cisco PBX. I was doing some other work on the rack and remember a cable flag that said "ELEVATOR" :).
jcrawfordor · 10 years ago
An interesting thing to think about in elevators is who exactly the elevator phone calls, as well. In large buildings it sometimes rings a location staffed 24/7, like a security desk. In most buildings, though, for better reliability the phone actually rings a dedicated outside answering service for elevator phones. Sometimes this is provided by the manufacturer of the elevator as part of an "all-inclusive" service package, and sometimes they're hired by the property manager, but in a lot of cases the elevator company that does the maintenance programs the elevator phones to call their contracted answering service so as to ensure that they'll be the ones sent out to do the repairs. It's a bit like the plumber leaving you a fridge magnet with their 24/7 line.
kalleboo · 10 years ago
Yeah, I got stuck in the elevator in my apartment building and had to use the phone, it went to the local Otis service line.
discardorama · 10 years ago
In our university, some guy figured out the phone numbers of the phones in the elevators. Sometimes we'd dial that number and have a random conversation with a random person. Other times we'd dial and just listen in. Caught a few juicy tidbits of conversations between faculty, but nothing major.
webmonkeyuk · 10 years ago
Exactly the same at my university except the the phone in the lift would ring and have to be picked up by someone.
We'd wait until the lift was totally crammed with people, call it and then ask to speak to someone we knew was in the lift!
TeMPOraL · 10 years ago
We seem to have a similar system in Poland. My friend was coming home once and the elevator started talking to him, trying to sell him some service. Following the moment of surprise, he managed to regain sanity fast enough to catch some of it on video.
Turns out the emergency system on this elevator is too an embedded phone...
superuser2 · 10 years ago
Yep. That's standard. In a building with a PBX they are not typically assigned external numbers, but elevator phones are in general just like any other phone in the office. Maybe an automatic dial on going off-hook.
Aloha · 10 years ago
elevator phones are very very rarely on the PBX at all, and are for safety simply, local exchange lines.
stevetrewick · 10 years ago
An example of why. I once worked on a team tasked with auditing the phone lines in an office building to identify potential cost savings on lines with outgoing access.
We came across two on the PBX that no one could identify. Numbers not in the internal directory. No tags in the PBX terminal. Rang them repeatedly with no answer.
So we disabled them on the grounds that if they were in use we would soon get a call from someone enquiring why their line was dead. Nothing all week. Went home for the weekend.
You can probably see how this ended, and that's (just one of the reasons) why you don't route them through your PBX.
walrus01 · 10 years ago
More like an example of how their provisioning and documentation process is broken, you can absolutely have critical things on SIP (and PoE powered security cameras, etc), just don't forget to document it correctly.
stevetrewick · 10 years ago
Sure. Absolutely. But if they'd been straight PSTN lines the abject process failure you've correctly described wouldn't have been able to put lives at risk because we'd have had to call the telco who most assuredly would have known what the lines were for, and we wouldn't have been able to shut them off. Safety critical systems need to not rely on humans doing boring, complicated things correctly for long periods of time.
fowl2 · 10 years ago
> the telco who most assuredly would have known what the lines were for
yeah, about that...
walrus01 · 10 years ago
Much more likely the telco would just have the business name for billing info for a POTS line and would happily shut it off.
Namidairo · 10 years ago
Have you tried throwing the raw recording against SoX? Worked pretty well when I had an unknown recording to play for which I had guessed the format. (Which turned out to be IMA-ADPCM with reversed byte ordering)
SoonDead · 10 years ago
Excellent story, although the URL spoiled it for me, might worth changing it to something more vague.
slinkyavenger · 10 years ago
It's about the journey, not the destination. But are you seriously suggesting he change it to a clickbait URL?
brianpan · 10 years ago
The story is the journey, and there is no story without suspense. The URL is the dust jacket- some people are going to see the URL even before the title. No one said anything about clickbait. Any URL without the spoiler is better.
SoonDead · 10 years ago
I'm suggesting he change it to Hotel_UDP.html from Hotel_Music.html so it does not spoil that it's music.
known · 10 years ago
I'd start with
tcpflow -p -C -i eth0 port 80 | grep -oE '(GET|POST|HEAD) .* HTTP/1.[01]|Host: .*'
jlgaddis · 10 years ago
cf. ngrep [0]
[0]: https://en.wikipedia.org/wiki/Ngrep
(Yes, I chose to link to Wikipedia instead of its home page on SourceForge.)
x0 · 10 years ago
Beautiful. Where has this been all my life.
eeeeeeeeeeeee · 10 years ago
ngrep is awesome
deepsun · 10 years ago
Does it drain battery of mobile devices not listening to the port?
Have you tried multicasting your own audio to the same port? That might have been fun.
umanwizard · 10 years ago
Waking up the WiFi hardware is not particularly expensive, and there is usually going to be tons of multicast stuff going around any crowded wifi network anyway. So it doesn't seem like this would be a big concern for battery.
david-given · 10 years ago
I did a bunch of multicast programming in the early days of Android, and I discovered that:
- most Android devices back then required a special OS call to tall the wireless chipset to listen to multicast packets at all --- otherwise they'd just ignore them and not wake up;
- in about half the devices, this switch didn't actually work;
- in an astonishing amount of consumer routers, multicast routing doesn't actually work;
- multicast on mobile is so, so, so not worth the effort.
I expect that multicast is way better supported these days. I would be totally unsurprised if it were not.
indolering · 10 years ago
> I expect that multicast is way better supported these days. I would be totally unsurprised if it were not.
I wouldn't be, how often is multicast really used? Coming from the broadcast era, it seemed like a no-brainer. But the internet is built for n:n communication. Special cases for n:1 cost more in terms of engineering effort than would be saved in bandwidth and processing overhead.
SmellyGeekBoy · 10 years ago
Some IPTV services in the UK use it (at least BT and TalkTalk with their YouView packages and probably off-the-shelf YouView as well). I had a bit of a nightmare trying to get it working with BT TV when I upgraded from their godawful HomeHub to an ASUS router.
Pretty much every time I've upgraded my router firmware I've lost TV service and had to reconfigure it. Apparently multicast is hard, even if you're a networking company!
daveheq · 10 years ago
I love knowing I get spammed with elevator music over WiFi at a hotel the whole time.
meowface · 10 years ago
It's somehow fitting, isn't it? When you consider the purpose of "muzak".
jdblair · 10 years ago
A relaxed computer is a happy computer.
kw71 · 10 years ago
Next time you see a multicast stream, try playing it with vlc.
robterrell · 10 years ago
That was my thought, too -- I would have just tried vlc and missed all the coding fun.
Laforet · 10 years ago
Me too. I had a friend who was convinced that he's being attacked when a steady stream of UDP packets started reaching his router for days. Asked him to open it in VLC and it turned out to be local news from his ISP's misconfigiured IPTV service.
Endy · 10 years ago
Maybe. But what interests me most is that NES header data.
rspeer · 10 years ago
It's the same data as the MP3 data he found, just truncated at a different offset. Apparently it doesn't take much to make `file` think it's detecting an NES ROM.
kalleboo · 10 years ago
It looks like OP is using an outdated magic file with a bug that was fixed in april https://fossies.org/diffs/file/5.26_vs_5.27/magic/Magdir/con...
ReedJessen · 10 years ago
This is really well written. Good length for one quick bus ride. I was on pins an needles until the end. Great blog post.
djabatt · 10 years ago
Great network engineering. I think we all need a set of tools that allow us to find if we are being bugged by all the networked smartTV's, printers VOIP phones etc. Not to mention the Amazon Echo. I dig it if someone had a Wireshark/Python app that allowed everyone to listen to with Amazon Echo was sending to Amazon.
darpa_escapee · 10 years ago
The hacker in me would love to see an analysis of the traffic, but the consumer in me hopes that the Echo sends and receives encrypted data.
dkopi · 10 years ago
Binwalk is a great tool for finding potential files within a given binary stream: https://github.com/devttys0/binwalk It has an incredible list of supported file types.
jaybosamiya · 10 years ago
Foremost is also extremely useful for the same purpose, and I've found it more useful at least in my work during CTFs
https://en.wikipedia.org/wiki/Foremost_%28software%29
A `sudo apt-get install foremost` works on Ubuntu to install it, IIRC
x0 · 10 years ago
Binwalk is great, I love extracting stuff from big binary blobs of router firmware, or dumping all the memory on a Linux computer with LiME (https://github.com/504ensicsLabs/LiME) and using Binwalk to see what's in there!
cmarcond06 · 10 years ago
Is this legal? What if the media was from Hotel Cameras?
Endy · 10 years ago
He listened to a public stream, there's no indication that they were attempting to secure it in any way. So, legal. Now, if he had done as others have suggested and injected "malicious" packets into the stream, then we'd have a question.
icebraining · 10 years ago
At least around here, if it was from cameras, the hotel would be the one committing an illegality.
Endy · 10 years ago
You don't have an expectation of privacy in hallways and elevators.
icebraining · 10 years ago
Yes, I know that's the US concept. Around here the view is a little less binary, as the law recognizes a difference between being seen (or even being filmed occasionally, by an handheld camera) and surveillance cameras, which can be used to track your movements.
The hotel could still have them, mind you, but transmitting them in the clear would be a clear violation of the law, which in fact specifically cites the "transmission of the recordings over a network" as something that must be secured.
Animats · 10 years ago
At least they play music. I once stayed in a Howard Johnsons Motor Lodge in Pittsburgh near CMU, where, at corridor intersections, they had speakers to generate some ambient noise to mask voices from the rooms. Most places that do this use white noise, or water sounds. But this was Pittsburgh. They were playing faint machinery noises - whirr, chunk, etc. At first I thought someone had left a PA microphone open in the boiler room or something, but no, it was deliberate.
geoffeg · 10 years ago
Trent Reznor would love to stay at that hotel.
dghughes · 10 years ago
I'm surprised public washrooms don't play music or it seems very few do. I bet so many people in stalls wait for someone to start the air dryer or turn on a tap i.e. strategic pooping. It can be a embarrassing disaster with those modern auto shutoff air hand dryers.
hack_a_laugh · 10 years ago
Alternatively, they could just have speakers that made random fart noises.
DyslexicAtheist · 10 years ago
and at the Google campus they play "Watt is love. Baby don't Herz me no Morse"
Riseed · 10 years ago
This Freakonomics podcast episode discussed (the lack of) bathroom music: http://freakonomics.com/podcast/time-to-take-back-the-toilet...
dfc · 10 years ago
I will save everyone else the trouble of slogging through that podcast. They never actually discuss the lack of bathroom music. The lack of music in public bathrooms is mentioned a number of times but its always a jumping off point for another mini-discussion about something else tangentially related to bathrooms or music in public spaces. You can listen to the entire podcast and you will have no better understanding of the lack of music in public bathrooms.
copperx · 10 years ago
Thank you. You have saved at least one human work-hour. I'll promise I'll do something productive with that hour.
function_seven · 10 years ago
It's been a couple hours. So what'd you do?
Godel_unicode · 10 years ago
I for one used my hour to poop.
wting · 10 years ago
Japan has portable, artificial white noise makers for bathroom privacy. They're called otohime, or "sound princess."
- video: https://www.youtube.com/watch?v=f0eqo6jU9gc
- example gadget: http://www.japantrendshop.com/keitai-otohime-toilet-sound-bl...
- background and wall mounted examples: http://travel.cnn.com/tokyo/shop/sound-princess-loo-001106/
microcolonel · 10 years ago
Oh my god, that name is an amazing pun. Younger princess -> sound princess
arthurcolle · 10 years ago
Can you explain this pun? Not getting it!
angrow · 10 years ago
"otohime" is how to pronounce one of the terms of address for the second daughter of the first Kamakura shogun. The Second daughter, hence, the "younger princess".
The Japanese word for sound is also pronounced "oto". So, a device which makes noise to help you be discreet...
labster · 10 years ago
Plus oto- is a Latin prefix meaning ear. Multilingual puns are the best!
lsaferite · 10 years ago
Interesting. I wonder how Japanese and Latin both ended up using 'oto' for an auditory related word.
labster · 10 years ago
Not sure on that, without invoking some vague talk about universal language mumble Chomsky mumble mumble. It could be by chance, but things like the kiki-bouba experiment suggest that the dice loaded, at the very least.
But things that look like cognates with Japanese do exist. Notably そう ("sou") is pronounced the same as English "so" and means roughly the same thing, at least in phrases like "is that so?" and "Make it so, Number One."
zodiakzz · 10 years ago
Is there no simple smartphone app to achieve this instead of having to carry that around?
PhasmaFelis · 10 years ago
I feel like having a loud, continuous whirring noise buzzing out of your stall wouldn't improve things much in the embarrassment department.
yompers888 · 10 years ago
The toilets in Japan that have noise-making as a feature do flowing water (or urinating I guess) sounds. Still, if you believed the sound, it might be startling when you wondered how long before the person next to you dehydrated to death from over-urination. Probably like herd immunity, it's something that reaches peak utility only when it's ubiquitous.
On another note, I'm surprised to see so many comments worrying about bathroom noises in what I presume is a male-dominated forum. Do these dynamics exist in men's rooms as well? In my workplace, at least, all manner of sounds accompanying bowel movements are ignored, or, judging by occasional laughs, sometimes even encouraged.
kaffeemitsahne · 10 years ago
Nothing embarrassing about pooping in a toilet.
internaut · 10 years ago
Wow that's steampunk!
kohanz · 10 years ago
Ugh, one of the offices I used to work in used such a white-noise "noise abatement system". It gave me terrible headaches that cleared up as soon as I started spending less time in that building. A good friend who designs buildings and such features told me this happens to 10-20% of people. The irony was that it was one of the quietest offices I'd ever worked in - nobody talked to anybody else!
tominous · 10 years ago
I used to work in an office which used fanless thin clients instead of normal desktop PCs. It was fantastic. Since then, normal offices filled with desktop fans have seemed almost painful to my ears. It makes a real difference by the end of the day.
dzhiurgis · 10 years ago
To me it is the air conditioning fans that are roaring.
Today modern laptops emit almost no sound.
Also noise cancelling headphones was a good investment for me. Strange, that device created for use in helicopters proved so useful in office environment.
tripzilch · 10 years ago
If you like, try playing this album some time, as background ambient music:
https://www.youtube.com/watch?v=bfHCt5z1kd8 (Brian Eno - Neroli)
Without fail, it makes everyone in the room talk more calmly, at a quieter volume. It's one of my favourite ambient albums ever (if anyone knows more of something quite like this, I'd love to hear suggestions). It even works on children, I work at a youth centre, just playing it over a relatively shitty PA can calm down an over-active morning in 5-10 minutes.
daveguy · 10 years ago
Spoiler:
Revelation/Disappointment -- it is elevator music.
Or is it? Maybe he gave up too quick. Maybe that is how they disguise the secret spy transmissions!
internaut · 10 years ago
Came here to say this.
There two modes. One for normal people. Parents, cops, investigative journalists, government employees etc.
Then there's the mode for geeks. Then your base case should be that everybody is Norman Bates
i336_ · 10 years ago
Hm... what's in the other 8 bytes that had to be skipped?
punnerud · 10 years ago
Do you know you are a nerd when you laugh out loud after reading this?
My girlfriend: Was that something I would also laugh at? Me: Most likely not ;)
buttershakes · 10 years ago
It's probably a microphone hidden in his room that encodes the data stenographically into elevator music.
More seriously, no investigation as to what happens when you try to inject your own data?
selectiveupvote · 10 years ago
Okay, I got a good laugh out of this one and appreciate it.
caylorme · 10 years ago
Now just copy the headers and send some multi cast audio of your own to hijack the elevator and bathroom audio :) Could make for a good prank
gnicholas · 10 years ago
A story with a decidedly less innocuous outcome: https://medium.com/@nicklum/my-hotel-wifi-injects-ads-does-y...
ngcazz · 10 years ago
As someone who doesn't really grok either Python or IP programming, I really enjoyed how simple yet educative (and ultimately, funny) this blog post was. Definitely will be trying this exercise the next time I end up at a hotel with a laptop.
I wonder how hard it might be to hijack the stream to have the receivers play your own packets.
chris_wot · 10 years ago
Er, if they are transmitting data to a multicast IP address, what's to stop you doing the same?
If they haven't done a check on the IP address that they are receiving the data from, then it would now be trivial to panic people in elevators by recording a fake emergency broadcast.
Not jus that, but what else is that hooked up to? If they are multicasting to your IP address and your IP address isn't the lift, then you can do some IGMP snooping to see what else there is out there. Or you could do a DoS on the lifts to see what happens.
Of course, it might be nothing. But when I get in a lift, I'd hope this sort of thing wasn't possible.
rocky1138 · 10 years ago
Out of general interest, do you have a copy of the mp3 we could listen to? I couldn't find one in the article.
gravypod · 10 years ago
I'd love to see someone spoof those UDP multicast and play death metal or something rather then elevator music.