First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Decrypt SRTP with inline encryption

Hi there,

I have a secure SIP session with SRTP audio captured in Wireshark. I am able to decrypt the SIP TLS using the server private key. In the SIP SDP I can see that inline SRTP encryption is used:

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:L4q/1bF2POBE3S+WDTYFhotluE28Lm0DEIOD51Ew UNENCRYPTED_SRTCP

Based on the RFC 4568, the key after the "inline" part is the 40 byte long Base64 encoded master+salt concatenation, which, when decoded, should become 30 bytes. However when I tried any of the online Base64 decoders, I got very random output, not what I expected. Using Java code to decode the Base64, I even got some negative bytes. I'm not sure how to decode the key, or if I can use it as it is? I tried inputting this whole string to Wireshark as the "Pre-Shared-Key" for the DTLS protocol, however the audio is still encrypted.

Is there a way to decrypt this SRTP stream in Wireshark?

majgab8852's avatar
3
majgab8852
asked 2020-06-25 16:27:28 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Base64 is generally used to safely transmit binary values in a textual context, in this case the master+salt is a 30 byte binary blob. For reference this decodes to the following hex representation 2f8abfd5b1763ce044dd2f960d3605868b65b84dbc2e6d03108383e75130.

Using python3:

>>> import base64
>>> b64 = 'L4q/1bF2POBE3S+WDTYFhotluE28Lm0DEIOD51Ew'
>>> blob = base64.b64decode(b64)
>>> blob.hex()
'2f8abfd5b1763ce044dd2f960d3605868b65b84dbc2e6d03108383e75130'
grahamb's avatar grahamb (2020-06-25 16:45:20 +0000) edit
more
  • delete

Thanks for the explanation, now I get it! I would upvote, but I'm just a newbie so I can't :)

majgab8852's avatar majgab8852 (2020-06-25 18:37:03 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Not at the moment, since libsrtp has never been integrated with Wireshark. Filing an enhancement request bug, with sample capture files attached, may help to get someone to develop it. I know there are already some preparations for SRTP in the code, but nothing for decryption.

Jaap's avatar
13.7k
Jaap
answered 2020-06-25 16:32:07 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks, I see. Fortunately it is not mandatory for me to decrypt the SRTP, but it would have been nice. And I certeanly can't upload any traces to a bug, because the voices here are confidential recordings of real voice calls made in our IVR.

majgab8852's avatar majgab8852 (2020-06-25 18:38:11 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer