Hacker News new | past | comments | ask | show | jobs | submit login
Decrypting AES 256 GCM – Audio Package Finding
1 point by Thamori on June 5, 2023 | hide | past | favorite | 1 comment
Hello, i am currently working on a project, in which i am trying to see the audio packages sent by my computer in a zoom call. I am doing this to manually check if there is a signal.

Alert: i am an extreme newbie to this whole field as i didnt get in touch with any of that. (currently studying bioinformatics)So sorry for any wrong terms and high simplification!!

The situation i think i figured out is the following:

In wireshark i found tcp and udp packages which seem to be the concerning ones for my case (audio via zoom).

Now I need to get the audio out of them. I dont want to steal anything, its just the audio I sent. I tried decoding it to RTP but it gives errors so i guess the data is encrypted.

Zoom seems to use AES-256 GCM encryption. But I have absolutely no clue if I can decrypt it manually (should be possible as my computer already encrypted it?!). If I could decrypt it I think the next step would be decoding it to RTP and then using the Wireshark analysis to get the waveforms.

Do you think it is anyhow possible to get the audio packages that are being sent - must be as my device is recording and encrypting it and i am the “owner”?

Do you have any tips?

i am really lost tbh

Thanks so much for any help

Thamori




You need to get the 256 bit key (probably represented as 32 bytes in your computer's memory - usually crypto random bytes, e.g. key derivation like HKDF). Not sure how Zoom exactly does it, but it is likely that this key is rotated frequently. You might need associated authenticated data too (or AAD) to be sure that you got decryption right.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: