5

I have installed a WebRTC server application, which is designed for Contact Center solutions: communicates with internal PCs in pure RTP (agents), and with external PCs (customers) using encrypted WebRTC. WebRTC is encrypted with Diffie-Hellman. I would like to be able to decrypt the WebRTC RTP stream, and eventually replay it, to be able to debug quality related problems (sometimes quality is OK between agent and server, but very low on customer device, and not sure whether to blame the network, the server or the customer device). In such a debugging scenario, I will have full access to the server (root access in linux, able to tcpdump and do basically anything), and most of the time I will have full access to the customer device (e.g. Administrator access on my laptop).

What I have done so far is I added SSLKEYLOGFILE environment variable, and Chrome started printing a lot of data in it, like this:

CLIENT_HANDSHAKE_TRAFFIC_SECRET 5fc29d95842ec41a2faa367ad799e25ec020eb2bba47a2ae4b25dd45b26715fe f3eb56ec637c241f6a7bffed601b362bb39035c9a204d6259bf221d7428cef50

CLIENT_TRAFFIC_SECRET_0 5fc29d95842ec41a2faa367ad799e25ec020eb2bba47a2ae4b25dd45b26715fe e848e23888913118a3a717c137f0299d4bdea98a7c0513eca728dca63ab07f77

SERVER_TRAFFIC_SECRET_0 5fc29d95842ec41a2faa367ad799e25ec020eb2bba47a2ae4b25dd45b26715fe f22862cd1d888f083ce7c55207c2d044db8dab24be5d5304b53f3b08588436a4

EXPORTER_SECRET 5fc29d95842ec41a2faa367ad799e25ec020eb2bba47a2ae4b25dd45b26715fe 015444c5a2ef5c7a691a10ca168fc0c8e4e0d00127d3c2f1cdda27ec671b3c94

CLIENT_RANDOM 9265831d9c50fc1a45d1ba06bfda5c10bea1c82104ec0170add0187ad1cb76b5 736c310b97a1c1e887d57f222d3e74ee022d91ad9fdcaa9006e2a21eeb4fd863c5fa76b9a61aabda44906b84501c960a

My problem is, that based on online articles, I should be able to find the 'Random Bytes' as seen in Wireshark in this file, however I cannot. I tried session id, random bytes, basically all similar looking strings that I saw in Wireshark, but I can't seem to find them in the SSLKEYLOGFILE. Nevertheless I added SSLKEYLOGFILE into Wireshark to DTLS protocol as (Pre-)Master-Secret file, but the traffic is not decrypted. The Wireshark SSL debug file doesn't print anything that resembles an error (although I'm not sure what to look for). I can see various messages:

dissect_ssl enter frame #22 (first time)
packet_from_server: is from server - FALSE
  conversation = 0000027E892C55E0, ssl_session = 0000027E892C5C80
  record: offset = 0, reported_length_remaining = 581
ssl_try_set_version found version 0x0303 -> state 0x10
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 576, ssl state 0x10
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available

ssl_decrypt_record found padding 8 final len 327
checking mac (len 307, version 303, ct 23 seq 1)
tls_check_mac mac type:SHA1 md 2
Mac[20]:
| c9 62 43 71 5c 9f 91 31 0d 98 cc 3b 9a 37 2f 1a |.bCq\..1...;.7/.|
| 0b 61 3d dd                                     |.a=.            |
ssl_decrypt_record: mac failed

  checking keylog line: CLIENT_HANDSHAKE_TRAFFIC_SECRET 1c88cbccba12f83b5752f3dc49cd4294dbb77f0a6992f728d129af34e4d70350 39741b6d2d8cecaa23477ecd1929d7f21560397fe48aec4c11ec92d263cfa542
    matched client_handshake

tls13_load_secret TLS version 0x303 is not 1.3

So basically I'm stuck at this point. What am I missing? Do I need to export something from server side also? Or more Wireshark configuration?

EDIT:

You can check SSLKEYLOGFILE, Wireshark debug log, and raw capture here: https://drive.google.com/open?id=1-1XnRVvrTqQiHq8bF3KTLKZzKAC9zRb0

In the capture, 10.35.119.32 is the server IP which handles RTP, 16004 is the WebRTC port (there is unencrypted RTP also from/to this server, which is the agent RTP as I mentioned, on port 17xxx).

Bruno Rohée
  • 5,221
  • 28
  • 39
Gábor Major
  • 151
  • 4
  • 1
    "WebRTC is encrypted with Diffie-Hellmann" - No it isn't. Diffie-Hellmann is a way to agree a shared secret, which is then used as the seed for a key-derivation function from which the key for symmetric encryption is generated. If you haven't patched WebRTC/libsrtp, the traffic is encrypted with AES. – Martin Bonner supports Monica May 29 '19 at 08:32
  • @MartinBonner yes, pardon me, I expressed myself badly. I meant the same, actual cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b). But with this I'm still not sure how I would be able to get the video stream from WebRTC. Further complicates things that audio and video are in same stream, on same port. – Gábor Major May 29 '19 at 08:52

1 Answers1

1

Providing my comment as an answer since my reputation is to low for commenting.

When using a SSL key log file it maps "identifiers" to master secrets.

It tries to map by the following identifiers:

  • Session ID ( that is the Session ID filed if a Server Hello handshake message)
  • ClientRandom ( 32 bytes within the Random filed of a Client Hello handshake message)

Debug log:

ssl_finalize_decryption state = 0x17
ssl_restore_master_key can't find master secret by Session ID
ssl_restore_master_key can't find master secret by Client Random
  Cannot find master secret
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key

So you're right. It can't find the master key.

I would try my luck here Wireshark forum

What OS, Browser (Version are you using).

blabla_trace
  • 236
  • 1
  • 9
  • Thanks. Browser is Chrome 74, OS is Windows 10 x64. At least this is what I used for testing, I also have Opera on the same laptop which also writes to same SSLKEYLOG file. I tried to make a test from Opera now, I had the same result, Can't find master secret. – Gábor Major May 29 '19 at 11:46