[guardian-dev] The sound of an encrypted audio stream

Lee Azzarello lee at guardianproject.info
Wed Jul 24 19:21:52 EDT 2013 

I added a file to the same place I put the first recording.

http://ge.tt/9FG7Tem

It's in Wireshark's pcapng format. There isn't any private information
in there other than my rfc1918 IP address, user-agent and the public
IP of ostel.co :) You can open it up in Wireshark and step through.
The cacert test is interesting but they seem to want to test random
number generators. These packets are the product of a PRNG. Is that
the same thing? I'd be interested in testing the binary content for
bias. There should be the same number of 1s as 0s if it is random,
right? I haven't done this kind of test before in practice. I'll try
and figure it out.

-lee

On Wed, Jul 24, 2013 at 6:25 PM, Tim Prepscius <timprepscius at gmail.com> wrote:
> Could you pastebin or post the packets concatenated somewhere without
> trying to filter them through a codec?
>
> My curiosity has been peaked. (peeked? poked? beep/borp)
>
> -tim
>
>
> On 7/24/13, Tim Prepscius <timprepscius at gmail.com> wrote:
>> Shouldn't this be impossible?
>>
>> I was under the impression that there is usually a pre-requisite
>> header packet and then the codecs do different magics to compress the
>> audio.  Some codecs, I believe, allow the compression scheme to change
>> depending on the audio properties they encounter.  Which I would
>> assume would also take some header information.
>>
>> If the stream is encrypted this meta-data would be lost?
>> It would be like taking an encrypted gzip file and trying to gunzip it?
>>
>>
>>
>> If it were a pure wav file, you could figure out sample rate, and dump
>> the data into an audio stream..
>>
>>
>> Are you dealing with the packets of a encrypted compressed audio stream?
>>
>> It might be interesting to determine the "randomness" of data?
>> I would think, that if it is not random, there is a problem... ???
>>
>>
>>
>> -tim
>>
>>
>> On 7/24/13, Lee Azzarello <lee at guardianproject.info> wrote:
>>> Hello,
>>>
>>> As a follow up, I made a bunch of audio and video calls between Jitsi
>>> on OS X and the same build of Linphone Android while running Wireshark
>>> on the OS X side. I have a few minutes of encrypted audio packets,
>>> which are marked as UDP packets and have ASCII headers at the
>>> beginning of the sequence indicating a ZRTP dialog. What follows looks
>>> like noise.
>>>
>>> While Wireshark has a plethora of tools for VoIP analysis and wiretap
>>> playback, none of them apply to encrypted packets of any kind.
>>> Following the endpoints of the ZRTP/SRTP streams is possible but
>>> here's the catch. The encrypted audio is transported with an unknown
>>> codec. Since calls through ostel.co have encrypted SIP packets and the
>>> client's codec agreement is passed during the SIP stage of a call,
>>> there is no way to determine the codec for the call by searching the
>>> SIP packets for keywords. The set of possible codec combinations is
>>> large, though I can see a brute force process to push bits into some
>>> function testing for truth on all known codecs. Expensive but
>>> possible.
>>>
>>> So, I want to try and reconstruct an encrypted audio stream from a
>>> packet capture and save that as a valid sound file. I can control the
>>> codecs and extract the raw packet data, but the reconstruction is
>>> something that I believe would require a custom utility. I don't know
>>> where to go from there. Halp?
>>>
>>> Thanks,
>>> Lee
>>>
>>> On Tue, Jul 23, 2013 at 11:01 PM, Travis Biehn <tbiehn at gmail.com> wrote:
>>>> Seriously cool Lee, I always wondered about this myself :) Thanks for
>>>> taking
>>>> the time to post this.
>>>>
>>>>
>>>> On Tue, Jul 23, 2013 at 5:36 PM, Lee Azzarello
>>>> <lee at guardianproject.info>
>>>> wrote:
>>>>>
>>>>> I recorded the sound with a microphone. It was coming out of my
>>>>> Android device running a debug build of Linphone. I can describe the
>>>>> process to reproduce it.
>>>>>
>>>>> But now...for the TWIST!
>>>>>
>>>>> There was no human speech happening when I made this recording. No
>>>>> vowels, no consonants, no phrases. The only sound in the room was a
>>>>> fan...producing noise (though from the angle of my desk, unlikely
>>>>> white noise).
>>>>>
>>>>> There's a chance the sound was not what I thought. Perhaps it was a
>>>>> codec error, though it didn't sound like a looping buffer. I kept it
>>>>> on for over a minute. Wireshark has a bunch of VoIP protocol
>>>>> analyzers, including a utility that will try and recover an audio file
>>>>> from captured RTP packets. That'll be an interesting comparison.
>>>>>
>>>>> -lee
>>>>>
>>>>> On Tue, Jul 23, 2013 at 5:20 PM, Hans-Christoph Steiner
>>>>> <hans at guardianproject.info> wrote:
>>>>> >
>>>>> > I could also see adaptive audio filters that fill in the vowel sounds
>>>>> > based on
>>>>> > the same kind of algorithm as auto-complete typing.  It could use the
>>>>> > timing
>>>>> > and spectrum of the audio events as one source of information for
>>>>> > filling in
>>>>> > the rest.  A decent DSP math person spending a few months on that
>>>>> > problem
>>>>> > could make some noticeable improvements.  That bar is not very high.
>>>>> >
>>>>> > Lee, where is that sound file from?  Its pretty awesome.
>>>>> >
>>>>> > .hc
>>>>> >
>>>>> > On 07/23/2013 04:57 PM, Josh Steiner wrote:
>>>>> >> Whoa, that is way too recognizably human for comfort.  i could
>>>>> >> totally
>>>>> >> see
>>>>> >> with some training being able to understand that.
>>>>> >>
>>>>> >> -j
>>>>> >>
>>>>> >>
>>>>> >> On Tue, Jul 23, 2013 at 1:47 PM, Lee Azzarello
>>>>> >> <lee at guardianproject.info>wrote:
>>>>> >>
>>>>> >>> Hello all,
>>>>> >>>
>>>>> >>> There have been some conversations recently on IRC and on the web
>>>>> >>> about VBR audio codecs and plaintext recovery.
>>>>> >>>
>>>>> >>> It's an interesting conversation and one which will change a lot in
>>>>> >>> our times. While I was testing some video call clients, I saw a bug
>>>>> >>> between a custom build of Linphone on Android and a nightly of
>>>>> >>> Jitsi
>>>>> >>> on OS X where Linphone tried to play back the encrypted audio
>>>>> >>> through
>>>>> >>> the speaker without first decrypting it.
>>>>> >>>
>>>>> >>> This is what a SRTP audio stream sounds like to a wiretap. The
>>>>> >>> codec
>>>>> >>> is speex at 16 kHZ, I believe it is VBR but I'm not certain.
>>>>> >>>
>>>>> >>> http://ge.tt/9FG7Tem/v/0?c
>>>>> >>>
>>>>> >>> -lee
>>>>> >>> _______________________________________________
>>>>> >>> Guardian-dev mailing list
>>>>> >>>
>>>>> >>> Post: Guardian-dev at lists.mayfirst.org
>>>>> >>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>> >>>
>>>>> >>> To Unsubscribe
>>>>> >>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>>> >>>         Or visit:
>>>>> >>>
>>>>> >>> https://lists.mayfirst.org/mailman/options/guardian-dev/josh%40vitriolix.com
>>>>> >>>
>>>>> >>> You are subscribed as: josh at vitriolix.com
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> _______________________________________________
>>>>> >> Guardian-dev mailing list
>>>>> >>
>>>>> >> Post: Guardian-dev at lists.mayfirst.org
>>>>> >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>> >>
>>>>> >> To Unsubscribe
>>>>> >>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>>> >>         Or visit:
>>>>> >> https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>>>>> >>
>>>>> >> You are subscribed as: hans at guardianproject.info
>>>>> >>
>>>>> >
>>>>> > --
>>>>> > PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
>>>>> > _______________________________________________
>>>>> > Guardian-dev mailing list
>>>>> >
>>>>> > Post: Guardian-dev at lists.mayfirst.org
>>>>> > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>> >
>>>>> > To Unsubscribe
>>>>> >         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>>> >         Or visit:
>>>>> > https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>>>>> >
>>>>> > You are subscribed as: lee at guardianproject.info
>>>>> _______________________________________________
>>>>> Guardian-dev mailing list
>>>>>
>>>>> Post: Guardian-dev at lists.mayfirst.org
>>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>>
>>>>> To Unsubscribe
>>>>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>>>         Or visit:
>>>>> https://lists.mayfirst.org/mailman/options/guardian-dev/tbiehn%40gmail.com
>>>>>
>>>>> You are subscribed as: tbiehn at gmail.com
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Twitter | LinkedIn | GitHub | TravisBiehn.com
>>> _______________________________________________
>>> Guardian-dev mailing list
>>>
>>> Post: Guardian-dev at lists.mayfirst.org
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>
>>> To Unsubscribe
>>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>         Or visit:
>>> https://lists.mayfirst.org/mailman/options/guardian-dev/timprepscius%40gmail.com
>>>
>>> You are subscribed as: timprepscius at gmail.com
>>>
>>

More information about the Guardian-dev mailing list