search

cisco / libsrtp

Library for SRTP (Secure Realtime Transport Protocol)
Other
1.2k stars 472 forks source link

Rtp decoder support ssrc and roc #561

Closed pabuhler closed 2 years ago

pabuhler commented 2 years ago

rtp_decoder is a useful tool for decrypting SRTP in pcap files, unfortunately it did not work if the capture does not include the RTP stream from before the first timethe sequence number wraps and the ROC becomes greater then 0. This Pr add support for specifying the ROC on the command line so that rtp_decoder can decrypt partial RTP stream captures.

kyzer-davis commented 2 years ago

I tested in my lab and the decode did not work for my test truncated PCAP Manual 1 ROC+SSRC. Furthermore Manual 0 ROC+SSRC, or default 0 ROC no SSRC on non-truncated PCAP also failed.

Working with @pabuhler to identify what when wrong since this did work on his fork prior to this PR.

kyzer-davis commented 2 years ago

Confirmed #562 was actually the cause, this PR works as expected with that out of the way.

Manually Truncated, SSRC + ROC 1 to start ./rtp_decoder -m rtp -f "udp src port 22670" -c AEAD_AES_256_GCM -s 0xc78223d0 -r 1 -b 8PnqYd8696LzE8xxvHtfzEge3dVtUKmDQjCmYrqVqtN7d/gITyFoqxZoRAs= * < ./SecureG711_truncated.pcap | text2pcap -t "%M:%S." -4 10.10.10.10,10.10.10.20 -u 22670,19854 - - > ./audio-output-decoded-roc-test.pcap

RTP packets decoded: 82652
Packet decode errors: 0
Read 82652 potential packets, wrote 82652 packets (19009984 bytes).

Full PCAP, SSRC + ROC 0 ./rtp_decoder -m rtp -f "udp src port 22670" -c AEAD_AES_256_GCM -s 0xc78223d0 -r 0 -b 8PnqYd8696LzE8xxvHtfzEge3dVtUKmDQjCmYrqVqtN7d/gITyFoqxZoRAs= * < ./SecureG711.pcap | text2pcap -t "%M:%S." -4 10.10.10.10,10.10.10.20 -u 22670,19854 - - > ./audio-output-decoded-test.pcap

RTP packets decoded: 91402
Packet decode errors: 0
Read 91402 potential packets, wrote 91402 packets (21022484 bytes).

Full PCAP, default ROC (no -r -s) ./rtp_decoder -m rtp -f "udp src port 22670" -c AEAD_AES_256_GCM -b 8PnqYd8696LzE8xxvHtfzEge3dVtUKmDQjCmYrqVqtN7d/gITyFoqxZoRAs= * < ./SecureG711.pcap | text2pcap -t "%M:%S." -4 10.10.10.10,10.10.10.20 -u 22670,19854 - - > ./audio-output-decoded-test-561.pcap

RTP packets decoded: 91402
Packet decode errors: 0
Read 91402 potential packets, wrote 91402 packets (21022484 bytes).