Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Zoom own audio decryption


  • Please log in to reply
1 reply to this topic

#1 Thamori

Thamori

  •  Avatar image
  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 05 June 2023 - 03:52 AM

Hello Community, i am currently working on a project, in which i am trying to see the audio packages sent by my computer in a zoom call. I am doing this to manually check if there is a signal.


Alert: i am an extreme newbie to this whole field as i didnt get in touch with any of that. (currently studying bioinformatics)So sorry for any wrong terms and high simplification!!


The situation i think i figured out is the following:


In wireshark i found tcp and udp packages which seem to be the concerning ones for my case (audio via zoom).


Now I need to get the audio out of them. I dont want to steal anything, its just the audio I sent. I tried decoding it to RTP but it gives errors so i guess the data is encrypted.


Zoom seems to use AES-256 GCM encryption. But I have absolutely no clue if I can decrypt it manually (should be possible as my computer already encrypted it?!). If I could decrypt it I think the next step would be decoding it to RTP and then using the Wireshark analysis to get the waveforms.




Do you think it is anyhow possible to get the audio packages that are being sent - must be as my device is recording and encrypting it and i am the “owner”?


Do you have any tips?


 i am really lost tbh


Thanks so much for any help 🙂


Thamori

 



BC AdBot (Login to Remove)

 


#2 ctigga

ctigga

  •  Avatar image
  • Members
  • 204 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 AM

Posted 05 June 2023 - 06:38 PM

Hello and welcome to the forum!

 

I've have not analyzed Zoom's internal operation before, but the behavior you describe sounds plausible to me.

(I suspect there are sources online that have already done a thorough technical security analysis on Zoom, but I'm not familiar with any off the top of my head)

 

Most definitely the audio data will(should!) be encrypted since it is sent over the Internet between your PC and the Zoom server(s).

AES256 GCM is a symmetric algorithm so, as you surmised, if you have the key to encrypt the data then you can use that same key to decrypt the encrypted data.

I'd expect the UDP packets to contain the audio data, but there may be some redundancy since GCM is being used.

After decrypting the the packet, it may not be straight RTP (if that is even used in Zoom?)  The encodings used could be completely custom or deviate/extend from the standard RTP protocol.

 

Initial thoughts:

1) If you're only interested in analyzing the audio data, I'd just build (or find an existing) simple audio driver that hooks output audio from the Zoom process.  That approach would eliminate dependency on the Zoom internals and should allow you access to the audio wave data for your project.

 

2) If you need to work at the low level (encrypting/decrypting/network protocols) layer for some reason, you'll likely need to find a good analysis of Zoom's protocol and/or break out a low level debugger.  Debugging/reverse engineering isn't terribly difficult, but it can have a bit of a learning curve and is probably not the path you want since if you're considering yourself to be an "extreme newbie" ;)

 

Good luck on your project!


Edited by ctigga, 05 June 2023 - 06:39 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users