2015 Guide to Building iWar with VoIP Support
Written by Angelo Castigliola   
Aug 15, 2015 at 07:14 PM


Nearly 10 years ago, in 2006, Champ Clark III (a.k.a. Da Beave) wrote a cool open source war dialer called iWar.  The really cool thing about about iWar is that it supports IAX2 so that you can make low cost calls using VoIP, which has really never been done before.  Research done by Telephreak using this tool was presented at the 7th annual Hackers On Planet Earth conference H.O.P.E. (“The Last Hope”) in 2008 in a talk called “Hacking International Networks and Systems via VoIP.”  About the same time, the 3rd edition of “Hacking Exposed” was published which also featured iWar. Da Beave co-authored a book of his own that year, “InfoSecurity 2008 Threat Analysis.”

Since then, many things have change, the iWar source code has not.  To get iWar to properly build with IAX2 support, it took a bit to figure out from researching iWar’s mailing list archive, and more help from The Internet Archive Wayback Machine.  iWar’s revival now starts here.

Lighting Quick Build Instructions For the Lazy:

Important:  You will need to build this on a non debian based Linux OS.  The build instructions below was done on Fedora 20 x64 build.

Download the last version of iWar from 2006


Download Da Beave Patched IAX2 client (this is where the Wayback Machine was a life saver..)


Run the following commands:

# tar -xvzf iwar-0.071.tar.gz

# tar -xvzf iaxclient-01-12-2006-beave.tar.gz

# cd iaxclient-01-12-2006-beave/lib

Now edit iaxclient_lib.c and comment out lines 1141-1147 so it looks like the following:


static void iaxc_external_service_audio()


   // To be coded in the future




Now edit libiax2/src/iax.c and comment out line 497 so it looks like the following:

 /* if(stats.frames_in == 0) stats.frames_in = LONG_MAX; */

Run the following commands as root from the iaxclient-01-12-2006-beave/lib directory:

# make

# cp libiaxclient.a /usr/lib

# cp iaxclient.h /usr/include

# ldconfig

# cd ../iwar-0.071

# ./configure

# make

# make install

Stay tuned for the instructions on tying iWar into Asterisk for VoIP war dialing.

Updated 8/19/2015 - More Background Information on iWar IAX2 VoIP Build Challenges:

From researching my challenges, and those had by many other people, mostly struggling to build the iaxclient dependency for iWar, I documented most of the build problems I could find.  I was able to build the iaxclient with the following dependencies versions:

  • libogg-1.3.2

  • libtheora-1.1.1

  • pa_stable_v19_20140130

  • speex-1.2beta1 (Note:  This specific version of speex is needed do to a code change in the releases following this version)

All of the dependencies with the exception of speex were built from source using the current version at the time of writing this post.  If you have already installed the latest version of speedx and are now reading this because iaxclient will not build, go to the /usr/local/lib and do a “rm *speedx*” and now rebuild speex-1.2beta1 and you will be able to build the iaxclient now.

Building iaxclient from source is not good enough.  You now need to patch iaxclient from a patch that is provided in the iWar-0.071/patch directory.  Vincent Passaro has updated the README.IAX2 last year in 2014 as part of his GitHub project to port iWar to OSX.  Vincent makes some interesting notes about build the iaxclient:

“At this point in time, the IAXClient library appears to only compile under Linux, Solaris, MacOS X and Win32 environments. It might not be difficult to port the library to BSD (Open/Free).”

I was unable to apply the iWar-0.007/patch as outlined in Vincent’s updated README.IAX2.  The process would hang when I ran the “patch -p0 < (Where iWar source is)/patches/iax2-stderr-patch” command.  I decided that finding a copy of iaxclient-01-12-2006-beave.tar.gz would be easier.  It was, however, this version of iaxclient needs to be modified slightly in order to probably build.  Please see the “Lighting Quick Build Instructions For the Lazy” instructions above to get around this issue.

Lastly, once I was able to get the already patched version of iaxclient (iaxclient-01-12-2006-beave.tar.gz) to build, iWar would not build on the Unbuntu 14 x64 box I was using.  From reading this thread on iWar mailing list archive, other people are having trouble getting iWar to build on Ubuntu x86 and x64 versions, as well as other Debian based systems.  In this email thread Pierre Emeriaud pointed out he was able to get iaxclient to build on Ubuntu by making similar changes outlined in the Lighting Quick Build Instructions For the Lazy” instructions above.  Pierre provided a diff.tar.gz file with the changes made.  I haven’t had a chance to look at this yet.  I’m assuming Pierre was able to somehow get iWar to build on Ubuntu but the instructions he wrote on that thread was for just building iaxclient-01-12-2006-beave.tar.gz.

Vincent’s Complete Build Instructions for iWar’s iaxclient Dependency:

Vincent Passaro's README.IAX2 Updated in 2014 From his GitHub project to port iWar to OSX.

iWar is the first (to my knowledge) "war dialer" to support VoIP.
In particular the IAX2 (Intra-Asterisk eXchange) protocol.  IAX2 support
can be build into iWar using the wonderful "iaxclient" library,  which
is available at http://iaxclient.sourceforge.net.  Using IAX2 will allow
you to "war dial" without any additional equipment (ie - hardware modem).

At this point in time,  the IAXClient library appears to only
compile under Linux,  Solaris,  MacOS X and Win32 environments.   It might
not be difficult to port the library to BSD (Open/Free).

Download instructions:

First,  you'll need to pull down the IAXClient source code.  
At this time,  IAXClient source code is only available via CVS.  Lately,
the Sourceforge CVS servers have been anything but reliable, so I've
included several methods to get the source.

1. IAXClient CVS HEAD.

  This is the cutting edge of development for the IAXClient.   With that,
  it may or may not function correctly.  To get the source via CVS,
  do the following:

  $ cvs -d:pserver: :/cvsroot/iaxclient login

  When prompted for a password,  hit "enter".   The IAXClient site says
  to type "anonymous" as the password.  If "enter" doesn't work,  try

  To download the source,  type:

  $ cvs -z3 -d:pserver: :/cvsroot/iaxclient \
    co -P iaxclient

  This should begin downloading the source.

2. IAXClient via "snapshot".

   There is a older IAXClient "snapshot" available.   iWar appears to be
   compatible with the current CVS HEAD (as of 01-12-2006),  but this
   snapshot was used during development due to some stability problems.
   The snapshot is at:


   This snapshot requires a small custom patch (which I wrote).  The
   patch is available with iWar in the (iWar directory)/patches/
   iax2-stderr-patch). To apply the patch,  do the follow:

   $ tar -zxvf iaxclient.tar.gz   # unpack the archive
   $ cd iaxclient/lib/libiax2/src
   $ patch -p0 < (Where iWar source is)/patches/iax2-stderr-patch

3.  Downloading Beave's pre-patched IAXClient.

   I've made available the version I used to develop iWar with.  This is
   pre-patched and ready to compile.  You can download this from:




   Once downloaded,  untar the archive:

   $ tar -zxvf iaxclient-01-12-2006-beave.tar.gz

Build Instructions:
No matter your download method,  build instructions are all the same:

   cd iaxclient/lib
   make                # or gmake if under BSD

   Now we install the library/headers needed by iWar.   As "root" type:

   # cp libiaxclient.a /usr/lib
   # cp iaxclient.h /usr/include
   # ldconfig

   If everything has gone well,  you can now continue to compile iWar
   as normal!

Write Comment (0 comments)
Last Updated ( Aug 19, 2015 at 03:37 PM )

Five Capabilities Needed For Effective Incident Response
Written by Angelo Castigliola   
Oct 06, 2014 at 07:11 AM

In Jim Aldridge’s Black Hack Asia Briefing 2014 talk “Beyond ‘Check The Box’: Powering Intrusion Investigations” Aldridge lays out the five basic capabilities for an effective Incident Response:

  • Mapping an IP address to a hostname
  • Identifying the systems to which a specific account authenticated
  • Determining the systems that communicated with a specific Internet IP address
  • Tracking domain name resolution attempts
  • Identifying indicators of compromise across the environment  

Six questions the lead IR responder is asked by executives:

  • What information was exposed?
  • Do I need to notify regulators or customers?
  • What is the extent of the compromise
  • How much money did we lose?
  • How did the attacker gain entry?
  • How do we effectively stop the attack and remove the attacker? 

 Questions the lead IR responder needs to answer during an investigation:

  • When and what was the earliest evidence of compromise?
  • How did the attacker gain entry?
  • What is the latest evidence of attacker activity?
  • What systems are (or were previous) under the attacker’s control?
  • What systems did the attacker access?
  • What actions did the attacker execute on the systems with which he interacted?
  • How does the attacker maintain access to the environment?
  • How does the attacker operate inside of the environment?
  • What tools has the attacker deployed?
  • What accounts did the attacker compromise?

Aldridge talk continues with providing strategies, for obtaining the five capabilities outlined above, so an Incident Responder can effectively answer the questions.  Obviously the sooner an organization has the capabilities the better they will be at responding to a breach incident.

Write Comment (0 comments)
Last Updated ( Oct 08, 2014 at 09:55 AM )

Unpatchable Malware
Written by Angelo Castigliola   
Oct 01, 2014 at 01:24 PM

The “BadUSB” research presented at Black Hat 2014 by Karsten Nohl and Jakob Lell demonstrated how they can completely take over a computer simply by plugging in a USB device such as a thumb drive.  They accomplished this by reprogramming the microcontrollers inside the USB device, to repurpose them so they can take full control of a computer.  Since the vulnerability is in the actual hardware of the USB device, it is possible to completely evade antivirus by sending only clean copies when antivirus software reads from the device, or simply not send any data at all.

There is no simple solution to remediate all of the vulnerabilities presented, Nohl and Lell held back releasing any proof-of-concept tools for other security researchers to experiment with.

Adam Caudill and Brandon Wilson have since reversed the same USB vulnerabilities and presented their research at the Derby Con security conference last week.  Unlike Nohl and Lell, they have released proof-of-concept tools.  From an article in Wired:

“The belief we have is that all of this should be public. It shouldn’t be held back. So we’re releasing everything we’ve got,” Caudill told the Derbycon audience on Friday. “This was largely inspired by the fact that [SR Labs] didn’t release their material. If you’re going to prove that there’s a flaw, you need to release the material so people can defend against it.”

“There’s a tough balance between proving that it’s possible and making it easy for people to actually do it,” he says. “There’s an ethical dilemma there. We want to make sure we’re on the right side of it.”

Responsible disclosure is once again in the spotlight for information security.  What should that process look like if there is no easy fix for a vulnerability discovered? 

Write Comment (0 comments)
Last Updated ( Oct 02, 2014 at 02:29 PM )

Summary of 2600 Summer 2014 (31:2)
Written by Angelo Castigliola   
Jul 09, 2014 at 12:49 PM

Despite having heartbleed branding logo all over the cover, in typical 2600 fashion, heartbleed is not mention once, even in the letters.

2600 Summer 2014 The following is a summary of the 2600 Summer 2014 volume 31, number 2:
  • Snowden love..
  • cDc liked heavy metal
  • Tprophet fires some poor guy and raises a Bell CO style “carrier hotel” temperature to 130 degrees because of AZ (true story)
  • Half of an exploit for connecting to Minuteman III nuclear missile silos by broadcasting DTMF tones over UHF frequencies
  • Compression before encryption
  • A 14 line python script to view a web page safely, if lynx is too easy for you
  • The deepest psycho analysis of the movie diehard you will ever read
  • Raspberry pi home lighting
  • Summary of Mandiant APT report
  • 16 year old I'm a hacker now story
  • Homeless computer repair guy stories
  • Apple gets unasked for security audit lulz
  • SanDisk Connect Wireless root password (sqn1351)
  • A way too long story about a standard toilet
  • Ransomware 101 security tips
  • Si-Fi authors who write about Hackinh/Future
  • Standard White hat/Black hat ranting
  • Some fictional story about botnets and raids of virtual worlds wearing  VR helmets

Authors: Emmanuel Goldstein, Bob Hardy, Dabu Ch’wald, D.B. LeCone-Spink, Brett Stevens, The Prophet, Bab Bobby’s Basement Bandits, Spacedawg, Sh0kwave, Gregory Porter, Michael Post, Jim L, Tyler Frisbee, eyenot, lg0p89( two articles), ook, Toilet Fixer 555C, Jason Sherman, the Piano Guy, Andy Kaiser.

Letters submitted by: Yuval Nativ, RP, Daniel, Kevin, A curious person, The Professor, Estragon, Wolf Bronski, Bill Miller, Sol, J Thompson, Dave, Robert, Jerry listening on WBAI, Tyler Frisbee, //j, Oliver, Chris, Brad, Richard Cheshire Phreak & Hacker, Scott, David, zenlunatic, Stacy, Mike, Will(NameBrand), Budo, Seymour, Name Deleted, Jared, John, Shocked998, Hunter, Darwin, 3, Variable Rush, Chris, Sh0kwave, David, Screamer Chaotix, Pic0o, ghostguard, Margaret, nico, Julia Wunder Cybertron Software, Nick Grey, Charlotte & Jess http://c63industries.com

Write Comment (0 comments)
Last Updated ( Jul 10, 2014 at 01:51 PM )

Open Source NSA Spy Gadgets
Written by Angelo Castigliola   
Jun 10, 2014 at 10:02 AM

Michael Ossmann, the researcher behind the radio testing tool HackRF, and the Bluetooth testing tool Ubertooth, is now working on research to recreate the NSA spying devices, from the ANT Catalog, as open source projects.  Michael presented his research at the Hack In The Box security conference in the Netherlands.

Write Comment (0 comments)

<< Start < Previous 1 2 3 4 5 6 7 8 9 10 Next > End >>

Angelo Castigliola     View Photos of Angelo (8)
    Send Angelo a Message
Sec and Sec-Tech Newsletter

Upcoming Events