Ask Your Question
0

Decrypt SRTP with inline encryption

asked 2020-06-25 16:27:28 +0000

majgab8852 gravatar image

Hi there,

I have a secure SIP session with SRTP audio captured in Wireshark. I am able to decrypt the SIP TLS using the server private key. In the SIP SDP I can see that inline SRTP encryption is used:

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:L4q/1bF2POBE3S+WDTYFhotluE28Lm0DEIOD51Ew UNENCRYPTED_SRTCP

Based on the RFC 4568, the key after the "inline" part is the 40 byte long Base64 encoded master+salt concatenation, which, when decoded, should become 30 bytes. However when I tried any of the online Base64 decoders, I got very random output, not what I expected. Using Java code to decode the Base64, I even got some negative bytes. I'm not sure how to decode the key, or if I can use it as it is? I tried inputting this whole string to Wireshark as the "Pre-Shared-Key" for the DTLS protocol, however the audio is still encrypted.

Is there a way to decrypt this SRTP stream in Wireshark?

edit retag flag offensive close merge delete

Comments

Base64 is generally used to safely transmit binary values in a textual context, in this case the master+salt is a 30 byte binary blob. For reference this decodes to the following hex representation 2f8abfd5b1763ce044dd2f960d3605868b65b84dbc2e6d03108383e75130.

Using python3:

>>> import base64
>>> b64 = 'L4q/1bF2POBE3S+WDTYFhotluE28Lm0DEIOD51Ew'
>>> blob = base64.b64decode(b64)
>>> blob.hex()
'2f8abfd5b1763ce044dd2f960d3605868b65b84dbc2e6d03108383e75130'
grahamb gravatar imagegrahamb ( 2020-06-25 16:45:20 +0000 )edit

Thanks for the explanation, now I get it! I would upvote, but I'm just a newbie so I can't :)

majgab8852 gravatar imagemajgab8852 ( 2020-06-25 18:37:03 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-06-25 16:32:07 +0000

Jaap gravatar image

Not at the moment, since libsrtp has never been integrated with Wireshark. Filing an enhancement request bug, with sample capture files attached, may help to get someone to develop it. I know there are already some preparations for SRTP in the code, but nothing for decryption.

edit flag offensive delete link more

Comments

Thanks, I see. Fortunately it is not mandatory for me to decrypt the SRTP, but it would have been nice. And I certeanly can't upload any traces to a bug, because the voices here are confidential recordings of real voice calls made in our IVR.

majgab8852 gravatar imagemajgab8852 ( 2020-06-25 18:38:11 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-06-25 16:27:28 +0000

Seen: 29 times

Last updated: Jun 25