 So let's get started. This is called weaponize your feature codes. My name is Master Chen. So let's get started. First with who I am, I'm a Grey Noise podcast founder and co-host. There's our website if you want to listen to some of our episodes later, not during the talk. So check us out. We do a weekly podcast here in Vegas once a week. I'm born and raised here in Vegas. This is why I need to be drunk on stage. It's just natural. So anyway, born raised here, but the podcast is done weekly here at the local Sin Shop, which is actually the next bullet point. I'm a member of the Sin Shop hacker space here in Vegas. We do some cool hardware hacking. So check out that website as well. I am the secretary over at the Sin Shop. It's actually next to the Nevada DMV. Perfect place. I spoke at B-Sides in 2014 and actually this year as well. In 2014 it was what I learned as a condom man and two days ago I did a talk on Vegas surveillance. So the cameras now are on me. That's awesome. Last year I did a talk at the Sky Talks on automating your stocking using Twitter to follow somebody who's originally blocked you. So if you want those talk notes, follow me on Twitter. And I can DM those to you since that talk was not recorded. And I do write some articles for 2600. Do we have any 2600 readers out there? Do we have any telefreakers out there? No worries. I guess they figured they'd livestream the talk later. Alright, cool. And actually I kind of want to know a little bit about my audience. So how many people, this is your first DEF CON? Holy shit. Welcome everybody. This is a cool crowd. So I've been going to DEF CON since DC 12. I'd like to say I'm a veteran but this is my first time on a DC stage. So I'm like, oh fuck. Alright. How many times, this is your first time in Vegas. Be careful. Alright, so why this talk? Well, I got really involved with phone freaking out like DEF CON 15. And at that time I was like, shit, I missed the boat because all of this stuff is done. You know, the beige box, the blue box, the any colored box, they just don't work anymore because everybody's transitioning to VoIP. And you know, it's just I can't do the cool shit that was done in the 80s and 90s. But wait, like I just said, there's VoIP. So that's why I can still be considered a phone freak, hopefully. Now, if you're wondering about the drawings, I look for stock images on Google because I was like, man, I need, you know, I need a picture of somebody missing the boat. And so every stock photo that I found, I was like, oh, this kind of sucks. Like, it's not something that I like. I don't want to put around my slides. So I had my best friend who's in the audience there, Ninja Nerd BGM. I had him draw some stick figures for me because that's what we used to do in high school. So there is me on the dock missing the boat. There's more in the talk. Alright, so today we'll be focusing on call flooding using our feature codes, text message bombing or SMS flooding using feature codes, as well as caller ID spoofing. Again, now, not all of this is new, but we're going to try to implement it in a new and more efficient way. And there's also potential for other feature codes. So before we actually do some of the demos, we have the basic terminology. We're talking about vertical service codes. So of course, who's ever heard of like star six nine, right? Like we've all heard of star six nine. You know who called you last if they didn't block the caller ID. Or star six seven two block your caller ID, right? So that's what we mean when we say vertical service codes or feature codes. Vertical service codes is what you use to manipulate your little part of the phone network. And the next basic terminology is PBX or private branch exchange. Usually this is now done through software where before it was a big, you know, big rack with circuit switching and whatnot. So it's cool that software has condensed that. So. Okay, before again, well before everything's before the demo. Before we go into the demos, we have also the history of the feature codes. So it was developed by AT&T. It was called the custom local area signaling service. And again, it was developed in the sixties and seventies. And it was designed to do such things as block caller ID. Who called me last? Call forwarding is another one. That's like star seven two. Excuse me. Star seven two. So class was trademarked by AT&T. So the other telcos came up with vertical service code to mean the same thing. Now why is it called vertical service code? It's because you're dealing with your central office or your specific carrier. So for instance, you can't dial star six nine to manipulate an AT&T central office if you are on the Verizon network. And I'm just using that as an example. But when we say vertical, it's like if your service is AT&T or if your service is Verizon, that's who you'll be dealing with when you're dealing with these vertical service codes. Now with this demonstration, I have my own PBX. So I am the telco. Okay, so this might be a little bit hard to see, but I took this from Wikipedia. And basically you see on the left hand side all the vertical service codes for North America according to the North American plan, numbering plan association. Now I've zoomed into the part here where I've noticed that, you know, star three zero has something and then it kind of just skips to the star five X area. So what I'm going to do is I'm going to add the feature codes into right in between there. We're going to be using star four X today. So what do we mean by weaponized? Oh, let's talk about this drawing in a second. What do we mean by weaponized? Well, obviously the star codes are not meant to be malicious. Like you're not going to star six nine and root somebody or cause a DDoS or whatever. So when we take something that's not meant to be a weapon and then we turn it into a weapon, it's called weaponizing. Now the scope of damage of course is simple annoyance, like, you know, getting a million text messages all by a couple of dialing digits. And it could be all the way to business and personal relationship ruining. And so we could talk about some of the hypotheticals there later. Imagine, you know, like, well, I'm going to save that example for later. So the materials you will need, we're going to do this like a science project. You'll need a Linux machine. Now this can be physical or virtual. It could be a VM. But Astros, which is what we're using today for the software PBX, is run primarily on Linux. It runs well on Linux. I've never ran it on a Windows machine and I don't really care to. So materials you will need is a Linux box, according to, you know, my research. And then you'll need a hard or soft phone. Now harder soft phone is going to be a VoIP, a ready phone, but it could be like an application on your phone such as Bria, Xlite, Zoiper, which is what I'll be using today. Or it could be a hard phone such as Polycom, Cisco, Yalink, et cetera, et cetera. So as long as they're tied to the PBX that has that feature code, it'll work. And you'll also need imagination. So I don't watch SpongeBob, but I kind of like that image. So that's why I use it. Oh, wait, I didn't talk about this one. So as you can see, all these feature codes are being shot at me, like star six nine, star five six, and it kind of looks like it's being shot at me from a penis. I think the intention was like a bazooka of some sort. Yeah, thanks. Thanks, dude. But it looks like a penis. I mean, I'm gonna be real with you, you know. So the structure of our feature code in an asterisk dial plan, you have what's called the context and that separates your functions according to it, you know, asterisk has its own scripting language. So this part here where it says context label, that's what it will look like in the code. And think of it like your functions or your, your functions or your operations that are your subroutines in your programming language. We will start all of our feature codes today with star four X and X meaning anything from one to nine, okay. The four is the star four is the feature code that we've picked or that I've picked today. And that's where it'll look like. So in the code, like for an example, star four two and then seven eight six seven five three oh nine. Nobody has that number. I'm not doxing anybody. So that will be the example. That'll be the structure of your dialing when you're, when you're dialing out with your outbound routes. Is anybody in here familiar with asterisk at all on a daily basis? Are you guys like VoIP administrators out there or anybody? Okay, so you're finding this interesting just because all right, cool. All right. So our first one is the call flood and I will be flooding my own phone here in a second. So basically as you can see up here, again, the top starts with the context label and that's our subroutine. So you'll see that everything in here, it's going to be grabbing input. It's going to then, my server is then going to take that input and put it into a call file. Okay, now the call file is then going to go into the asterisk spool and then out, out to your upstream carrier. And it'll send, you know, let's see. So down here you'll see call amounts, C-A-L-L-A-M-T all in caps. That's the variable and it's accepting three digit dials. So I can send anywhere from one call to 999 calls at one time. So that's, that's just my own limit that I've set. I figured it will be nice a little bit, you know, so I've limited to at least 999 as a max. And so this, this next part is the call flood shell script. So after we enter the information into the 10 digit dial or into the feature code, it's going to be made into that text file and this script right here takes that text file and forwards it to the spooler for as many times as I've specified. So the counter is equal basically to the call amount that I've given. So it could be 500, it could be 600, it could be 1 if I'm nice, I'm never nice. For testing, for testing. So, and that's basically what the code looks like. All this is on GitHub and the link is at the end of the presentation. So now it's demo time. And as those who might may know, live demos, they just were great. So we're going to see if the demo gods are in my favor. I'll let you guys interpret the stick figure there. I think that's what the face of God might look like. Or whatever. Okay, so the way this is going to work is I'm going to dial from my soft phone, it's the soft phone's Zoyper application. I will dial from here, it'll go out to my PBX and then out and it'll come back around to my cell phone provider. So I am calling myself, I am going to flood myself. And so you'll be able to hear all these calls as I explain the next part. So let's go ahead and do this. Star for zero. Let's say, what's a good number? 50? I'm going to send myself 50 calls here. I was ready. Now I did put this on full volume, so in a second you'll be hearing call after call after call after call. And that's okay because as long as the demo works, oh, let's dismiss this one. Oh, the first one came in, that's great. Okay, well there definitely be more as you will hear in just a second. So basically the caller ID if you saw in the previous slide, the caller ID is set to 302-000-0001. So the caller ID is not coming from my phone or from my application, it's changed, it's spoofed, you know. Let's see here. Let's see what the voicemail sounds like. Because it's leaving me voicemails right now. Are you ready for this? Monkey's having sex. Now you don't want to work? Okay. Let's try that again, let's try that again. Okay, so for those who don't know, oh, there's another call. Okay, so I'm going to have to dismiss this for the rest of my talk. Okay, so basically what you're hearing there, the monkey's, that's another voicemail. The live demo worked and now it's interrupting my speech. Oh, there's another text. Hey, it just works. It works. All right, so what you're hearing is the monkey's having sex. So basically when the caller answers the phone, that is what they will be hearing. Now if they ignore the call like I'm doing, 302-000-0001 and that might get annoying. I should have picked like 10. Oh, shut up bitch. Okay, so what you're hearing though is basically if you answer the phone, if you answer that call as the target, I'm going to put this on silent now, like maybe everybody else should be doing. No, I'm just kidding, I don't care. Okay, so basically when you answer the call, that's what you'll be hearing. And even if you ignore the call, that's going to go to your voicemail. So you either have the choice to check the voicemail or to then delete it, which if you don't have visual voicemail, it could get really difficult. So here we go and I got to go to like silent on this one. But basically, excuse me, sorry. Oh, it's interrupting me. Okay, yeah, now it's off. Now it's like no calls, no vibration. So that's a way to call flood. Okay, so I sent 50 calls to myself and as you can see, it's just going to keep going until this call stream is done and ready. But you can send upwards of 900 and 999 and if you program two more than just the four digit input, it can go much further and much longer than that. So you can probably disrupt somebody's phone service for a good eight-hour shift or full day. It's completely dependent on you and how you want to program. By the way, I am not a lawyer. I anal. So be careful. All right, so the demo worked. That's cool. Thank you, demo gods, wherever you are. The beard, it looks good on you. Okay, so let's talk about the star four zero feature code mitigation techniques. How do we stop an attack like this? Well, if you have an asterisk box, you can take that call or ID and then drop any call from that caller ID. So if you're the target and you're getting spammed, you can say, let's drop all the calls from this particular caller ID and it will drop the call. Now that could easily be remitigated or like a chess board. I can say, okay, let me change the caller ID with every call. So the first call would come from three zero two, zero zero zero, zero zero one. The second call would come from zero zero zero two, zero zero zero three, et cetera, et cetera, et cetera. So even if you're blocking that caller ID, I will get through. And if you block all the three zero two area code or whatever area code I'm using, a lot of people don't want to do that, especially if you're a business because then that blocks potentially real business. If I was to block all of the seven or two area codes, none of Vegas would be able to call me. And so that's a business disruption. So you can drop the calls, but why would you want to if that's disrupting your business? And you don't know how long the attack is going. So while that is a mitigation technique, it's kind of on a faulty ground there. Now what about people who are not hiding behind the PBX? Like for instance, this phone's still going and I can't stop it. That's okay. Hopefully it's done in an hour. But if you're not hiding behind a PBX where you can control the call flow, what then? How would you then drop the calls or stop that attack? I'd like to discuss that with people who know more than me actually. Okay, so our next feature code is star four one. And it's going to be the SMS flood. So instead of sending a call flood now, we will be sending a text message bomb or you know, same idea, but instead of 500 calls, we're sending 500 text messages. Okay. So the code is set up the same way. We're taking star four one as the input. And this next part after that break in the code, you'll see that that's a star 228. So I'm going to use that as an extension to tell my feature or my call or my, I'm sorry, text message flutter. I will denote that as AT&T. 288, ATT. So sprint would be like SPR, whatever that DTMF dial tone would be or whatever that DTMF touch tone would be. I am personally a Google Fi subscriber so to flood this it would be 466, which is what we'll be using in just a second. So this is how we start our text message flood. Now I will turn the volume back on so you can hear how many times I get a text message because I'm a masochist. Who wants to pick a number? I can't believe I'm doing this to myself. I like where your head is at. I'm just kidding. 256. Okay. Let's see. I guess I could be that mean to myself. Awesome. Challenge accepted. Okay. What was that? Okay. Okay. So again, I am using my own phone as the test subject. So I'm calling out and it's coming right back to my phone. So I will be dialing star 41702 redacted. And then we'll go from there. Okay. So 200 times. All right. So it will tell me who I'm targeting and for how many times. So while I'm waiting for that to come in, again, to explain this feature code it's going to dial out of my PBX. It's actually starting a call flooding script that then attacks the email gateway to my MMS service. So it's a big loop. Here we go. The text is from, actually let me do this part. The text is from your mom at Pornhub.com. Yeah. So obviously the email is spoofed. Okay. So I am sending an MMS from my PBX server back through to the Google Fi email gateway which then goes to my cell phone. And it will just keep going like that. And for a very long time. I'm kind of waiting for more. Yeah, it's going. It's going. Yeah, there you go. Ding. Let's ding this a couple more times. I forgot what number we picked. Oh, 200. That's right. 200. There's another one. Your mom at Pornhub.com. So you can see how this becomes very annoying. You can see how this becomes very annoying. See, I just sent you three right there, right? All right. So let's talk about practical use. So it's a text message bomb. It's an SMS flood. It's pretty annoying. But how can this be utilized on a really big attack surface? So let's say instead of just sending your mom at Pornhub.com, what if we send a message with a malicious link? Like if you want to stop the flood, click on this link. We're lying to the target. So you're not actually going to stop the flood by clicking on the malicious link. But what if we told them that? What if we said, hey, if you want to stop this flood, click the malicious link? So they click the malicious link. It installs whatever you want to install or, you know, however you want to set that up, that's out of the scope of this talk. But the links you can send. You can send these links and if they're noob enough or green enough, they'll click on that because they want to stop the call flood. They don't want 200 messages and they don't know that it's 200. They just know that they have a flood of text messages going on right now. So they'll probably do anything to stop it, especially if you're sending upwards of 4,000, 5,000, any upward limit. That's still going. There you go. It's still going. The good news though is that the calls stopped. So that's the thing. We can send this through malicious link or we can use this to send a malicious link. And again, we're lying. But that's an easy way to install that link right there. Now another cool, well, cool is not the right word. Another creepy thing. That's a better word. Creepy thing is the 3 a.m. text from a mistress. So let's say for instance, and this is just an example, I promise. 3 a.m. you know that your target is cheating on his wife. So you send 300 messages at 3 a.m. saying I miss you. Then guess who starts asking questions. I don't suggest it. This is just a hypothetical scenario. Okay. But obviously you can see how this does not just become annoying, but then it becomes potentially relationship ruining. Because then the person loses that trust. It becomes more of a social engineering slash fishing game, right? So now the why for the significant other is like, who was that? Who was that? Who's calling you from, you know, et cetera, et cetera. And so that's how we can make this a little bit more powerful and going a little bit beyond code. So that's the end of the star four one feature code. It's still going. So maybe it's not the end of it. I don't know why I picked 200. Oh yeah, that's why because I'm on stage. All right. So SMS flood mitigation. Okay. So it's up to the carrier to limit SMS and how fast and how often it comes through. So that's kind of out of the hands of the target. Obviously this is kind of just still going on. I have 53 currently. So I have about 150 more. Now you could also use Google Voice because I found out that the email gateway posted by Google Voice does not send those messages. So as I try to send from a Google Voice number or I'm sorry, to a Google Voice number, Google just drops it. You can't get through that email gateway at least by this method. And so it won't go through. I tested that and again my method, it's verified that it does not work for Google Voice. But the funny thing is it works for Google Fi, Project Fi. You can still send these messages and they still work. Is that because Google Fi is running off of the T-Mobile and Sprint networks? Maybe that part I haven't investigated. But you are still susceptible if you are a Project Fi user. Now as far as the other carriers with permission, I've tested Verizon, AT&T, and of course the numbers were a lot smaller, like three just to make sure it works. But I've tested on all these major carriers and it does work. It's just exploiting the email gateway that they have posted as public information on their website. Now what's another mitigation technique? You can turn off your phone, just kidding because it won't work. You turn on the phone and you'll start getting those messages again. Yeah, you won't forget me. So that's the Star 4.1 feature code. Okay, so this next one, I call it a spoofie ghost. We will be spoofing caller ID. Oh, there you go. Ding again. Maybe I should turn this on silent again. No, no, let's keep it. Let's keep that going. So a spoofie ghost. It's the same idea. We are taking the feature code and we are taking input from the dial pattern and then changing the caller ID to what matches there. Okay. So actually the target will be, I'll be using Star 4.2. The target will be the 10 digit phone number that goes after that feature code and then it'll ask for my target, which will be myself. So I'll ask for the target and then it'll go and call me with whatever number I specify. So just to let you guys know, I know it's going to be hard and I don't have a video of the caller ID, but I will be spoofing from 702-867-5309. Who knows why? Thank you. Okay, just making sure. You're in a VoIP talk. You need to know your numbers. So let's do this demo because it's demo time. All right, here we go. Star 4.2. It's a please wait while I connect your call. Oh, I actually did that backwards. I'm sorry. I dialed all zeros instead of the other way around. Okay, so this time I called from all eights. It's ringing. Okay, it's hard to see, but it's 702-888-888-888. So basically what we're doing here is making it easier to launch attacks. And that's the whole point of this talk, is to make it easier to launch attacks. And I'll get to that in just one second. So again, spoofing, caller ID spoofing is not new. It's been around for a long time, but it's still practical. We can use caller ID spoofing in social engineering attacks. And you can still use it for voice mail hacking on certain carriers, but that's quickly becoming a thing of the past. But hey, it's still something that can be used to gain trust and run an exploit of the human variety. So what was all that imagination talk I said earlier? See, it's not SpongeBob, but it's my friend's drawing. Let's see, there's a dinosaur in there, an upside-down purple fish, not a gold fish. But apparently there's an imagination. I wonder what goes on in his head. Actually, I don't. I don't wonder what's going on in his head. So what about all that other talk? We had star 4-1, we had star 4-0, we had star 4-1 and star 4-2. I am working on using star 4-3 as a voice mail brute-forcer. But what about star 4-4 through star 4-9? These aren't used by the North American numbering plan association. So they're just kind of there for the taking. I'm not stepping on any other administration or I'm not stepping on any other configuration such as star 6-9 or what not. That still is used regularly. But what are we going to do with all these other feature codes? Well, what if we use the feature code like star 4-4 as an end map scan? Star 4-4 IP address as your input. Right? So you could launch the attack without being at a computer. You're doing it from your phone. So that's something that I imagine as far as ways that the feature codes can be used. Another thing that I see in my head is like a combined attack. Like what if we use star 4-6 as both a call flutter and a text message flutter at the same time? Like Rozelle beatboxing. Okay, nobody to kiss that reference. So you have that too. So what are these combined attacks? I mean there's a lot of things you can do. There's a lot of potential. And I leave that up to you guys. In fact, that's my question. Do we have any ideas of another way that we could launch an attack from a star feature code? No. All right. So the idea though here is to launch automated campaigns. So for instance, if you had, and I'm going to go back to the end map example, if you use the IP address as input when you're dialing, you have a script that's already set up to search for these flags or to scan for these flags. You know, like your Christmas tree and all these other scan flags that you want for your end map scan. You take that IP address as input and then you're launching the attack or the scan from your phone without being in front of a computer. So that's something that I thought was kind of cool. That hasn't been coded yet. So that's probably the next thing I'll try. So it's still going. It's still going. Let's see how many I'm at right now. I am at 152. So there's still a little bit more to go. And there's another one. So that's the end of the feature codes. These are my references. The code that I use are the feature codes and the bash scripting. It was just scripting and bash. That's on my GitHub, which you can see there that I prepared for a DEF CON. And so there we are. Are there any questions with today's talk? What was that? Oh. Yeah, you know, I'll keep that there. Go ahead and take pictures. I don't care. Okay. So I don't know if there are microphones running around. I will try to, I have really bad vision. So I will try to see if hands are raised. Yes. I'm sorry. Can you repeat that one more time? Oh, okay. I apologize. That's me being not so detailed. So the way that this attack is working right now, the one that's still going on, I am actually sending it to that MMS gateway. The from address was the yourmomatcornhub.com. Yes. In fact, a long time ago, there was this co-worker that I had who said, I don't need text messaging, 500's enough. You're laughing because you see my face. So 500 is not enough because you have stuff like what we just, what we've just mentioned. Your 500 allotted monthly text messages. And I don't think it's a problem in this room. But if somebody has that, I mean, like you're talking about an average of a half an hour and the rest of your text messages are done for the month? Yes. There would be a lot of work to trace and a lot of involvement with other, oh yeah, absolutely. All this can be done. So yep. Remember that the folk, and I know we have a lot of technical people in here obviously. So the scope of this talk is how do we launch the attack? Now what attack are we talking about? Whether it be like an SMS bomb through VPN and et cetera, et cetera. That's obviously there but it's outside of the scope of this, you know, of this talk. But yes, that's there. How you decide to launch the attack is up to you. The bottom line is that these feature codes are input vectors. So you are inputting information into your computer that then runs the attack. So it's this Linux box that we've set up that runs the attack. So it's running the call flutter. It's running the text message flutter and that's all, you know, taken care of on the server end. Yes. So once you launch the attack, you can't stop it. You better really want your target to get these messages. Now as far as duration goes, that depends on the speed of your computer because of how fast it can send out the spool. It also depends on how your carrier handles that type of calling or, you know, mass calling. And another thing too is when we're talking about call flooding and grabbing all those messages, like for instance, if I wanted to send a hundred calls, I send such a high amount because not all of them will go through. So maybe your upstream provider only lets through 50 because it's just inundated with a whole bunch of call attempts. So it says, okay, I'll send out 50 but not 500. And that's okay. If we want to get the job done, 50 calls gets the message. There you go. So, yes. Not a lot. I don't have the exact numbers. I've been using this VoIP provider for quite a while and I've never really, I mean, it's cheap calling and that's the cool thing about VoIP, right? Is that it's cheap calling. So even if you're talking about outbound, it's really not expensive at all actually. This attack is very cheap as far as the call flooding goes because if the call is not answered, you actually don't get charged for the termination. So you're really talking about a penny a minute if answered. So it's not expensive at all. I'm sorry. So you're asking if I could change it to, I'm sorry, if I can do MMS, like change the address of the MMS. Oh, okay. So this SMS flood is actually an MMS attack vector. So you're using the email gateway. So you can, I'm sorry without using the E what? That's a good question. I will have to find out. I didn't do that for this talk. So I could do research and we could talk about that. Orange shirt, please. Oh, and keep it on the line. Actually, yes, you can. So that's a good way to piss off the attacker, right? Luckily, with all of my testing, that hasn't happened. But I'm testing, you know, it's there. Everybody who's been called knows that I'm calling. But yeah, that's a good way to just rack up the bill. Not yet, but I will now. But you know, that's okay. That's why I come to these things. That's why I come to, it's FCon because you guys have better ideas than I do. So I'm going to limit myself now. Any other questions? So it depends on the channel. I believe like I have a 10 channel trunk. So we're talking about like 10 consistent calls or like like consecutive calls. So if you have like a line of 500 or 500 calls, 10 will go out at a time. Let's make that star 47. Right? Remember, we still have all these feature codes. And again, I am grabbing all these ideas. So hopefully I get to code it first. But yes, that is absolutely possible. You basically, you spoof one, you spoof the other. They call each other and piss each other off. So ex-boyfriend, ex-girlfriend, call it to in the morning. Let's see if I can get any from this side. Any questions, guys? Yes. Yes, actually. You would have to set up an IVR to do that. So an IVR, for those who don't know, it's like an auto attendant. So you answer the call and it's like, so you're saying, press one for billing, press two for not getting owned, press three for an operator. So you can do that, yes. So basically the call would wait for input from the user and they could then pick their poison. Oh, I want to get call flooded today. Let's dial zero for that. Or let's get a thousand text messages. Let's dial two. That's definitely possible. Any other questions? Up front, where? I'm blind. Oh, yes. Respect, I guess. Like, I mean, there really is nothing stopping me from using any of the feature code. The PPX is my own creation as far as like, you know, the way it's set up, the call flow, et cetera. So I could set up star six nine to do an attack like this. I just picked these other feature codes because I didn't want to step on anybody's toes. Not that I would be, but it's almost like a, like a freak or honor code. Like, you know, I'm not going to mess with the system that's already there in place. I'm going to use that system, but let's keep six, you know, star six nine for what it is, you know? It's my own limit. Was there a question in the front? Wait, okay. Sorry, the speaker was like, sorry, the speaker was in the way and I don't mean me, I mean the speaker. If you had that question go and answer or ask it, yeah. I believe we have star four nine. Again, you guys, all of this is a very good question. All of this is potential and this is all within your minds of like, how do I want to code this thing? So basically what I put here is kind of like a, an infrastructure, a way to maybe do it. But remember, we don't have star four or four, we don't have star four or five yet. So what else can we come up with? Absolutely. We can do something like that. That can all be coded. Yes. I'm sorry. Now you're talking about toll fraud. Toll fraud. We'll call the 900 number and let, well no, I'm not going to call 900 number. That's three dollars a minute. But yeah, again, it's all potential, it's all there. Anything that you want to do, now it's up to your creativity. So if this is inspiring to you guys, cool. And I mean that's, that's where it is. We lay down some groundwork and if you guys have some coding ideas, follow me on Twitter, get me on GitHub and let's talk about what we can do next. Let's break some shit in, within reason. Within reason please. So I have five minutes here you guys. I want to just say thank you. Again, this is the biggest crowd I've ever spoken in front of. And it's not even day one of the con.