Zoom own audio decryption

Hello Community, i am currently working on a project, in which i am trying to see the audio packages sent by my computer in a zoom call. I am doing this to manually check if there is a signal.

Alert: i am an extreme newbie to this whole field as i didnt get in touch with any of that. (currently studying bioinformatics)So sorry for any wrong terms and high simplification!!

The situation i think i figured out is the following:

In wireshark i found tcp and udp packages which seem to be the concerning ones for my case (audio via zoom).

Now I need to get the audio out of them. I dont want to steal anything, its just the audio I sent. I tried decoding it to RTP but it gives errors so i guess the data is encrypted.

Zoom seems to use AES-256 GCM encryption. But I have absolutely no clue if I can decrypt it manually (should be possible as my computer already encrypted it?!). If I could decrypt it I think the next step would be decoding it to RTP and then using the Wireshark analysis to get the waveforms.

Do you think it is anyhow possible to get the audio packages that are being sent - must be as my device is recording and encrypting it and i am the “owner”?

Do you have any tips?

 i am really lost tbh

Thanks so much for any help 🙂

Thamori

Hello and welcome to the forum!

I've have not analyzed Zoom's internal operation before, but the behavior you describe sounds plausible to me.

(I suspect there are sources online that have already done a thorough technical security analysis on Zoom, but I'm not familiar with any off the top of my head)

Most definitely the audio data will(should!) be encrypted since it is sent over the Internet between your PC and the Zoom server(s).

AES256 GCM is a symmetric algorithm so, as you surmised, if you have the key to encrypt the data then you can use that same key to decrypt the encrypted data.

I'd expect the UDP packets to contain the audio data, but there may be some redundancy since GCM is being used.

After decrypting the the packet, it may not be straight RTP (if that is even used in Zoom?)  The encodings used could be completely custom or deviate/extend from the standard RTP protocol.

Initial thoughts:

1) If you're only interested in analyzing the audio data, I'd just build (or find an existing) simple audio driver that hooks output audio from the Zoom process.  That approach would eliminate dependency on the Zoom internals and should allow you access to the audio wave data for your project.

2) If you need to work at the low level (encrypting/decrypting/network protocols) layer for some reason, you'll likely need to find a good analysis of Zoom's protocol and/or break out a low level debugger.  Debugging/reverse engineering isn't terribly difficult, but it can have a bit of a learning curve and is probably not the path you want since if you're considering yourself to be an "extreme newbie" ;)

Good luck on your project!

Edited by ctigga, 05 June 2023 - 06:39 PM.