[guardian-dev] The sound of an encrypted audio stream

Lee Azzarello lee at guardianproject.info
Wed Jul 24 18:57:50 EDT 2013 

I can do that. I have to filter out the other stuff, the full dump has
all packets traveling over the network interface.

-lee

On Wed, Jul 24, 2013 at 6:25 PM, Tim Prepscius <timprepscius at gmail.com> wrote:
> Could you pastebin or post the packets concatenated somewhere without
> trying to filter them through a codec?
>
> My curiosity has been peaked. (peeked? poked? beep/borp)
>
> -tim
>
>
> On 7/24/13, Tim Prepscius <timprepscius at gmail.com> wrote:
>> Shouldn't this be impossible?
>>
>> I was under the impression that there is usually a pre-requisite
>> header packet and then the codecs do different magics to compress the
>> audio.  Some codecs, I believe, allow the compression scheme to change
>> depending on the audio properties they encounter.  Which I would
>> assume would also take some header information.
>>
>> If the stream is encrypted this meta-data would be lost?
>> It would be like taking an encrypted gzip file and trying to gunzip it?
>>
>>
>>
>> If it were a pure wav file, you could figure out sample rate, and dump
>> the data into an audio stream..
>>
>>
>> Are you dealing with the packets of a encrypted compressed audio stream?
>>
>> It might be interesting to determine the "randomness" of data?
>> I would think, that if it is not random, there is a problem... ???
>>
>>
>>
>> -tim
>>
>>
>> On 7/24/13, Lee Azzarello <lee at guardianproject.info> wrote:
>>> Hello,
>>>
>>> As a follow up, I made a bunch of audio and video calls between Jitsi
>>> on OS X and the same build of Linphone Android while running Wireshark
>>> on the OS X side. I have a few minutes of encrypted audio packets,
>>> which are marked as UDP packets and have ASCII headers at the
>>> beginning of the sequence indicating a ZRTP dialog. What follows looks
>>> like noise.
>>>
>>> While Wireshark has a plethora of tools for VoIP analysis and wiretap
>>> playback, none of them apply to encrypted packets of any kind.
>>> Following the endpoints of the ZRTP/SRTP streams is possible but
>>> here's the catch. The encrypted audio is transported with an unknown
>>> codec. Since calls through ostel.co have encrypted SIP packets and the
>>> client's codec agreement is passed during the SIP stage of a call,
>>> there is no way to determine the codec for the call by searching the
>>> SIP packets for keywords. The set of possible codec combinations is
>>> large, though I can see a brute force process to push bits into some
>>> function testing for truth on all known codecs. Expensive but
>>> possible.
>>>
>>> So, I want to try and reconstruct an encrypted audio stream from a
>>> packet capture and save that as a valid sound file. I can control the
>>> codecs and extract the raw packet data, but the reconstruction is
>>> something that I believe would require a custom utility. I don't know
>>> where to go from there. Halp?
>>>
>>> Thanks,
>>> Lee
>>>
>>> On Tue, Jul 23, 2013 at 11:01 PM, Travis Biehn <tbiehn at gmail.com> wrote:
>>>> Seriously cool Lee, I always wondered about this myself :) Thanks for
>>>> taking
>>>> the time to post this.
>>>>
>>>>
>>>> On Tue, Jul 23, 2013 at 5:36 PM, Lee Azzarello
>>>> <lee at guardianproject.info>
>>>> wrote:
>>>>>
>>>>> I recorded the sound with a microphone. It was coming out of my
>>>>> Android device running a debug build of Linphone. I can describe the
>>>>> process to reproduce it.
>>>>>
>>>>> But now...for the TWIST!
>>>>>
>>>>> There was no human speech happening when I made this recording. No
>>>>> vowels, no consonants, no phrases. The only sound in the room was a
>>>>> fan...producing noise (though from the angle of my desk, unlikely
>>>>> white noise).
>>>>>
>>>>> There's a chance the sound was not what I thought. Perhaps it was a
>>>>> codec error, though it didn't sound like a looping buffer. I kept it
>>>>> on for over a minute. Wireshark has a bunch of VoIP protocol
>>>>> analyzers, including a utility that will try and recover an audio file
>>>>> from captured RTP packets. That'll be an interesting comparison.
>>>>>
>>>>> -lee
>>>>>
>>>>> On Tue, Jul 23, 2013 at 5:20 PM, Hans-Christoph Steiner
>>>>> <hans at guardianproject.info> wrote:
>>>>> >
>>>>> > I could also see adaptive audio filters that fill in the vowel sounds
>>>>> > based on
>>>>> > the same kind of algorithm as auto-complete typing.  It could use the
>>>>> > timing
>>>>> > and spectrum of the audio events as one source of information for
>>>>> > filling in
>>>>> > the rest.  A decent DSP math person spending a few months on that
>>>>> > problem
>>>>> > could make some noticeable improvements.  That bar is not very high.
>>>>> >
>>>>> > Lee, where is that sound file from?  Its pretty awesome.
>>>>> >
>>>>> > .hc
>>>>> >
>>>>> > On 07/23/2013 04:57 PM, Josh Steiner wrote:
>>>>> >> Whoa, that is way too recognizably human for comfort.  i could
>>>>> >> totally
>>>>> >> see
>>>>> >> with some training being able to understand that.
>>>>> >>
>>>>> >> -j
>>>>> >>
>>>>> >>
>>>>> >> On Tue, Jul 23, 2013 at 1:47 PM, Lee Azzarello
>>>>> >> <lee at guardianproject.info>wrote:
>>>>> >>
>>>>> >>> Hello all,
>>>>> >>>
>>>>> >>> There have been some conversations recently on IRC and on the web
>>>>> >>> about VBR audio codecs and plaintext recovery.
>>>>> >>>
>>>>> >>> It's an interesting conversation and one which will change a lot in
>>>>> >>> our times. While I was testing some video call clients, I saw a bug
>>>>> >>> between a custom build of Linphone on Android and a nightly of
>>>>> >>> Jitsi
>>>>> >>> on OS X where Linphone tried to play back the encrypted audio
>>>>> >>> through
>>>>> >>> the speaker without first decrypting it.
>>>>> >>>
>>>>> >>> This is what a SRTP audio stream sounds like to a wiretap. The
>>>>> >>> codec
>>>>> >>> is speex at 16 kHZ, I believe it is VBR but I'm not certain.
>>>>> >>>
>>>>> >>> http://ge.tt/9FG7Tem/v/0?c
>>>>> >>>
>>>>> >>> -lee
>>>>> >>> _______________________________________________
>>>>> >>> Guardian-dev mailing list
>>>>> >>>
>>>>> >>> Post: Guardian-dev at lists.mayfirst.org
>>>>> >>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>> >>>
>>>>> >>> To Unsubscribe
>>>>> >>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>>> >>>         Or visit:
>>>>> >>>
>>>>> >>> https://lists.mayfirst.org/mailman/options/guardian-dev/josh%40vitriolix.com
>>>>> >>>
>>>>> >>> You are subscribed as: josh at vitriolix.com
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> _______________________________________________
>>>>> >> Guardian-dev mailing list
>>>>> >>
>>>>> >> Post: Guardian-dev at lists.mayfirst.org
>>>>> >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>> >>
>>>>> >> To Unsubscribe
>>>>> >>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>>> >>         Or visit:
>>>>> >> https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>>>>> >>
>>>>> >> You are subscribed as: hans at guardianproject.info
>>>>> >>
>>>>> >
>>>>> > --
>>>>> > PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
>>>>> > _______________________________________________
>>>>> > Guardian-dev mailing list
>>>>> >
>>>>> > Post: Guardian-dev at lists.mayfirst.org
>>>>> > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>> >
>>>>> > To Unsubscribe
>>>>> >         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>>> >         Or visit:
>>>>> > https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>>>>> >
>>>>> > You are subscribed as: lee at guardianproject.info
>>>>> _______________________________________________
>>>>> Guardian-dev mailing list
>>>>>
>>>>> Post: Guardian-dev at lists.mayfirst.org
>>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>>
>>>>> To Unsubscribe
>>>>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>>>         Or visit:
>>>>> https://lists.mayfirst.org/mailman/options/guardian-dev/tbiehn%40gmail.com
>>>>>
>>>>> You are subscribed as: tbiehn at gmail.com
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Twitter | LinkedIn | GitHub | TravisBiehn.com
>>> _______________________________________________
>>> Guardian-dev mailing list
>>>
>>> Post: Guardian-dev at lists.mayfirst.org
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>
>>> To Unsubscribe
>>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>         Or visit:
>>> https://lists.mayfirst.org/mailman/options/guardian-dev/timprepscius%40gmail.com
>>>
>>> You are subscribed as: timprepscius at gmail.com
>>>
>>

More information about the Guardian-dev mailing list