Saturday 6 August 2022

Chat bot 不是这样用的 - Celcom

Celcom Customer Service Messenger/Whatsapp chat robot:

1. 可以用 Live Chat Agent, AGENT, agent, Cool Agent, hi agent me 进入跟真人询问的环节,稍微复杂的就不行了。除了 Agent ,其它都是 I didn't quite understand/get, a bit advanced to me, Hmm..。

2. 五个月前 Live Chat Agent 无效应该是 fixed 了。

3. 输入 Support Inquiry/Case 后输入非号码的文字可以触发 invalid 后的 Live Chat Agent / AGENT 菜单建议。其他如 Account Status 选项出现就不能输入 Support Inquiry,必须等 OTP 失败/EXIT 后才能。

4. 不输入超过 256 字。输入 No 退出。

多少人被拒之门外 😶:

客服是省人工钱 + 避免小孩子乱玩,但是把 bug/投诉 蒙上双眼就 No case 真的不敢苟同。

之所以不拨打 1111 是因为曾一度(现在好像有了)没有 loss phone 选项, 只给你听广告。

另外吐槽一下,都 loss phone 了紧急 de-activate simcard 了还要浪费时间听 "且听我一个字一个字慢慢道来的广告"。

有些(旧?)手机很不友好,还要提前按 press keypad,否则真的摸不着要按哪里。 然后?重新听广告。

Chat bot 也有广告,用户有问题了已经很恼怒还要在迷宫般的 chatbot 重复看广告真的是花惹发。

淘宝也有类似问题,我都回复了几次大马客服手机打不进,却无限循环重复给大马客服手机号,绕了大圈子才升级到较好的人工客服。由于是 bug 客服也不是技术人员,最终仍然解决不了,但起码我得知手机 app 才能登陆到有问题的手机账号。

prestomall 也是花了一阵子才懂,需要手机 app 才能做到想要的换手机号功能。甭管淘宝或 prestomall, 网页版都不被重视是 buggy 的。

Saturday 11 June 2022

How do scammers obtain TAC by calling your phone

Thought experiment. 😶

How do scammers obtain TAC by calling your phone.

1. A camera in a store, bank, or landlord caught you typing a password, phishing, or an 0 day exploit such as StrandHogg 2.0 (,

2. The attacker calls you.

3. You pick up the phone and answer it. 

4. The attacker records your voice.

5. The attacker converts your voice to an inaudible form of Hey Google/Siri pattern (Dolphin Attack,,,

6. The attacker puts or delivers an ultrasound device near you. 

7. Now your phone is triggered to run commands by asking Hey Google or Siri in ultrasound. You don't realise it because humans can't hear ultrasound. See the demonstration video, get TAC by voice (I may use typing since my speaking is bad).  It has not been tested for ultrasound. The commands used: "Silent" -> "Dim the screen" -> "Open SMS app" -> "Send screenshot to 0133743923" -> "Please send" -> "Send".

8. If the attacker already has the victim's bank password, they just need to read the TAC SMS instead of exploiting other commands . Or reset the password via the leaked ATM card ID and password.

Note: Step #6, Direct voice transmission via phone call does not work because Google Assistant will not trigger since the Dialer app already uses a microphone.

Tuesday 19 April 2022

How to open tiktok leaked(scraped?) db


The 8 tiktok json files are split, so you need `cat` to concatenate them to single xz file in order to extract files other than 001.

Then use jq to convert one-liner data file to json formatted file.

[1] cat tiktok.json.xz.00{1..8} > tiktok.json.xz.full; # bash

[2] Extract it in nautilus. Be patient, output size keep increasing until 176GB.

[3] <data jq '.' > tiktok.json

How I research from scratch:

I try jq on file tiktok.json.xz.001 extracted data file first, it failed with error at the end:

    parse error: Unfinished string at EOF at line 1, column 301400064

I need to know why jq failed first before proceed other huge file. 

I view the jq output last video id is 62077733563793408, and use this id to compare original data file.

I use python to read and split that id because normal utility `less`(-n better though) can't handle effectively such very long line.

I knew it failed ~10 lines only. 

So the reason jq failed is because of No closing "}" something which is make sense because it seems like split. 

Last characters of 001 data file:

    "playAddr": "

Before I try jq huge file(188.6 GB concatenated data file), I want to prove the files are continuation otherwise I waste my time on jq parse error.

So the next thing to prove is that 002 file really continue 001 file. 

I need extract the beginning part of 002 file from concatenated extracted data file to compare.

The normal command such as cut is heavy, so I try to use "low level" command `dd`.

The 001 data file is 26071203840 bytes (ls -la to get size, you don't use jq_001.out which already parsed). 

Then full data file simply round a bit within 10MB range to 26070000000 bytes. Then extract the total 10000000 bytes (10MB).

    dd if=full_data bs=1 skip=26070000000 count=10000000 of=skip_data

Again with python, `r =`, id `'62077733563793408' in r` is True. 

Then simply split(only 2 indexes) by '62077733563793408' and print r[1]. 

Then I can see `=0` continue `&bt` (last 3 characters of 001 data file), which proved that 002 has correct opening bytes to be able continuously parsed by jq on concatenated full data file:

It means that safe to proceed `cat`, extract, and `<data jq '.' > tiktok.json`. 

Be patient because it take times (data file 176GB, it took me 1 hour 8 minutes 40 seconds on jq, you can try 001 2GB file first to have expectation time of 14.1GB files).

After completed (195GB output file), I also use same step to compare to proved that the final output json item of parsed file same as data file.

Sunday 16 January 2022

Facebook custom list feed is not really gone

 I thought that custom list feed gone long time ago:

But actually you can still access custom list news feed with this URL format (x.facebook OR m.facebook both can work):


List id can get from , right-click the list item can copy list id of link<LIST_ID>

I discover this because long time ago I created a custom app to launch custom friend list feed by clicking app icon, I wonder why it still working
(I chose this URL format because normal link not worked AND web browser required):

                am start -a android.intent.action.VIEW -d '<LIST ID>'

Or alternatively simply visit , hamburger menu on right can see old menu custom list too. Thanks to this video.