![]() Bits at position five to eight, the CSRC count ( CC), show that no contributing source ( CSRC) identifiers follow the fixed header. The fourth bit, the extension field ( X), indicates that no other header follows the fixed RTP header. The third bit, the padding field ( P), indicates that there is no padding included in the packet. The first two bits contain the RTP version ( V) which is equal to version two in this case. ![]() There are also many TCP and UDP packets in the Wireshark recording, which could not be related with a high-level protocol. STUN is a signaling protocol which handles necessary steps for establishing a peer-to-peer connection between clients. Wireshark detects the usage of the Session Traversal Utilities for NAT (STUN). The shell command is as follows (works on MacOS), where has to be replaced with the UUID of the inspected iOS device: rvictl -s For recording the network traffic of the iOS device, I created a remote virtual network interface. This part examines the network traffic of the WhatsApp client during a call, which was recorded with Wireshark. How I installed a Jailbreak on my iOS device is out of scope. Disassembling binary files: Hopper Disassembler and radare2.I used the following tools for analyzing an iOS WhatsApp client: Consequently, there is no foundation for serious security related analysis. While there is an official white paper describing the encryption of WhatsApp, there is no detailed overview of how its protocols work or how the security features are implemented. So it is an interesting target for teaching security analysis. WhatsApp got a lot attention due to security vulnerabilities and hacks. In this article I want to demonstrate how I revealed parts of the WhatsApp VoIP protocol with the help of a jailbroken iOS device and a set of forensic tools.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |