Differences

This shows you the differences between two versions of the page.

Link to this comparison view

voice-decoder [2011/08/29 12:52]
voice-decoder [2011/08/30 15:34] (current)
Line 1: Line 1:
 +====== Decoding Voice ======
  
 +
 +For voice data, GAN is only used as a control channel. The data is transferred over an unencrypted RTP stream.
 +In order to do Over-The-Air encryption, the device receives all key material from the operator AuC.
 +
 +This is based on a RANAP like, undocumented SECURITY MODE COMMAND message:
 +
 +{{:crypto-command.png?200|}}
 +
 +RANAP is encoded using ASN1, however this seems to be based on a TLV encoding:
 +
 +{{:security_command.png?300|}}
 +
 +----
 +
 +After getting the [[ipsec_keys| ipsec keys]] it is possible to extract the voice data from the RTP stream.
 +The voice data itself is encoded in AMR-NB stream format inside the RTP stream.
 +
 +From the decrypted pcap files we dump the raw RTP stream using [[http://dallachiesa.com/code/rtpbreak/|rtpbreak.]]
 +This provides us the raw AMR stream encoded voice data.
 +
 +Based on [[http://sourceforge.net/projects/opencore-amr/|opencore-amr]], we transform this AMR stream into WAV files.
 +
 +Another script automates the complete decoding + dumping process.
 +
 +Toolchain: {{:decrypt-traffic.tar.gz|}}
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki