Decrypt SRTP traffic in WebRTC call (Audio)

[Chandramouli-P]

Hello,

I am trying to decrypt SRTP traffic from a WebRTC call. As part of extracting the actual keys, I have gone through RFC5764 and finally, I believe that I have extracted the keys from the code base. But, I am facing two issues while decrypting the .pcap using these keys using rtp_decoder (libsrtp). Please find the below data:

Extracted Keys:
Server SRTP Master Key: 031bc5fed658271e4f612240074c3aee6b2b9073fa1c77e0c28169524e425287
Server SRTP Master Salt: efdf044df29da031490b4ee9
Client SRTP Master Key: 30fe74f23edcd7816e6609cc5f81400f146ce6b557657fcc6383aeeb17510de4
Client SRTP Master Salt: 55950d4e9b809416b9e681a4

libsrtp/test$ ./rtp_decoder -a -t 10 -e 256 -k "031bc5fed658271e4f612240074c3aee6b2b9073fa1c77e0c28169524e425287efdf044df29da031490b4ee9" < dev2.pcap > dev.txt
Using libsrtp3 3.0.0-pre [0x3000000]
security services: confidentiality message authentication
setting tag len 10
error: too few digits in key/salt (should be 92 digits, found 88)

./rtp_decoder -a -t 10 -e 256 -b "30fe74f23edcd7816e6609cc5f81400f146ce6b557657fcc6383aeeb17510de455950d4e9b809416b9e681a4" < dev2.pcap > dev.txt
Using libsrtp3 3.0.0-pre [0x3000000]
security services: confidentiality message authentication
setting tag len 10
set master key/salt to df47deef87f6dde75c77bf35e9eebad3d71ce5ff35e34d1fd78e9c7ba6f9e7be/b9edf71ceb7f3769e79bd7be75d1
Starting decoder
_* buffer overflow detected *: terminated_

This is where I am stuck. Could you suggest and help me to resolve? Thank you.

Best Regards,
Chandramouli.

[pabuhler]

The Server SRTP Master Salt length is 12 and not 14 which makes me suspect this is GCM-256, in which case the tag len is 16. If I add "-g" and change 10 to 16 then it accepts the key and tries to decrypt. Since I do not have the actual pcap I can not verify.

./rtp_decoder -a -g -t 16 -e 256 -k "031bc5fed658271e4f612240074c3aee6b2b9073fa1c77e0c28169524e425287efdf044df29da031490b4ee9" < dev2.pcap > dev.txt

In the second example you use -b instead of -k, in that case the key should be in base64 and not hex. It does not crash for me but I do not have the pcap so maybe it does not get far enough. If you could provide the pcap, even if it contains a single packet than I can try to reproduce, it would be good to not crash even when the key is in the wrong format.

[Chandramouli-P]

Hello Pascal,

Is this okay If I share my .pcap file here? Thank you.

Best Regards,
Chandramouli.

[pabuhler]

@Chandramouli-P it is fine for me.

[Chandramouli-P]

Hello Pascal,

Good morning and thank you for your suggestions. I tried as you suggested, but no luck. Today, I captured new .pcap file and tried the same. I received same error even though I tried with all the combinations. I am sending you the keys here along with .pcap file and the output that I received along with commands. Could you please try and look into it?

19-06-2025 17:16:58
DTLS-SRTP successfully negotiated using AEAD_AES_256_GCM
Server SRTP Master Key: f1da4f98c579637d359deeeb643d70633a1e03dadec2ca4f4c2bf8c76dad015b
Server SRTP Master Salt: 1e838a62b390761adbf49d0f
Client SRTP Master Key: e8e3ea5a46682069ce5bba56984aecb0f317579fac163d51f94d4610d203395d
Client SRTP Master Salt: e48bb1a990a019bdb79330ad

./rtp_decoder -a -g -t 16 -e 256 -k "f1da4f98c579637d359deeeb643d70633a1e03dadec2ca4f4c2bf8c76dad015b1e838a62b390761adbf49d0f" < SRTPDecryption3-DirectCapture.pcap > dev-server.txt
Using libsrtp3 3.0.0-pre [0x3000000]
security services: confidentiality message authentication
setting tag len 16
set tag len 16
set master key/salt to f1da4f98c579637d359deeeb643d70633a1e03dadec2ca4f4c2bf8c76dad015b/1e838a62b390761adbf49d0f
Starting decoder
RTP packets decoded: 628
Packet decode errors: 897

./rtp_decoder -a -g -t 16 -e 256 -k "e8e3ea5a46682069ce5bba56984aecb0f317579fac163d51f94d4610d203395de48bb1a990a019bdb79330ad" < SRTPDecryption3-DirectCapture.pcap > dev--client.txt
Using libsrtp3 3.0.0-pre [0x3000000]
security services: confidentiality message authentication
setting tag len 16
set tag len 16
set master key/salt to e8e3ea5a46682069ce5bba56984aecb0f317579fac163d51f94d4610d203395d/e48bb1a990a019bdb79330ad
Starting decoder
RTP packets decoded: 644
Packet decode errors: 881

Have a good day. Thank you.

Best Regards,
Chandramouli.

[Chandramouli-P]

Hello Pascal,

As github is not accepting to upload .pcap format, I just renamed to .txt and sending it to you. Please rename it to .pcap. Thank you.

Best Regards,
Chandramouli.

SRTPDecryption3-DirectCapture.txt

[Chandramouli-P]

Hello Pascal,

Good morning. Did you get a chance to go thorough? Any help would be appreciated. Thank you.

Best Regards,
Chandramouli.

[pabuhler]

Hi, I tried with keys you provided and the pcap but could not get anything to decrypt. I tried different combinations but it did not help.
I can confirm that the DTLS negotiation in the pcap was for SRTP_AEAD_AES_256_GCM, are you sure the key is correct?

I also tried to reproduce the crash with the command you provide but it did not crash. Where you using the latest version?

[Chandramouli-P]

Hello Pascal,

Good morning and thank you for your time and reply. After going through RFC5764, I am capturing the keys using the below code:

   ---------------------------------------------------------------------------------------------------------------------- 
                                              Previous Code
   -----------------------------------------------------------------------------------------------------------------------

   client.crypto_suite = server.crypto_suite = cs;

    memcpy(client.master_key, &keys[i], cs->master_key_len);
    i += cs->master_key_len;
    memcpy(server.master_key, &keys[i], cs->master_key_len);
    i += cs->master_key_len;
    memcpy(client.master_salt, &keys[i], cs->master_salt_len);
    i += cs->master_salt_len;
    memcpy(server.master_salt, &keys[i], cs->master_salt_len);

   // ADDED BY CHANDRAMOULI TO EXTRACT THE ACTUAL KEYS WHICH WILL BE USED FOR ENCRYPTION/DECRYPTION

    FILE* key_file = fopen("/tmp/srtp_keys.log", "w");
    if (key_file) {

            fprintf(key_file, "\n");
            fprintf(key_file, "Server SRTP Master Key: ");
            for (i = 0; i < cs->master_key_len; i++) {
                    fprintf(key_file, "%02x", server.master_key[i]);
            }

           fprintf(key_file, "\n");
           fprintf(key_file, "Server SRTP Master Salt: ");
            for (i = 0; i < cs->master_salt_len; i++) {
                    fprintf(key_file, "%02x", server.master_salt[i]);
            }

            fprintf(key_file, "\n");
            fprintf(key_file, "Client SRTP Master Key: ");
            for (i = 0; i < cs->master_key_len; i++) {
                    fprintf(key_file, "%02x", client.master_key[i]);
            }

            fprintf(key_file, "\n");
            fprintf(key_file, "Client SRTP Master Salt: ");
            for (i = 0; i < cs->master_salt_len; i++) {
                    fprintf(key_file, "%02x", client.master_salt[i]);
            }

            fprintf(key_file, "\nDTLS-SRTP successfully negotiated using %s", cs->name);

    fprintf(key_file, "\n");
    fclose(key_file);
    }

    // END

   ---------------------------------------------------------------------------------------------------------------------- 
                                              Existing code continuous ...
   -----------------------------------------------------------------------------------------------------------------------

    if (d->active) {
            /* we're the client */
            crypto_init(&ps->crypto, &client);
            if (ps->selected_sfd)
                    crypto_init(&ps->selected_sfd->crypto, &server);
    }
    else {
            /* we're the server */
            crypto_init(&ps->crypto, &server);
            if (ps->selected_sfd)
                    crypto_init(&ps->selected_sfd->crypto, &client);
    }

   ---------------------------------------------------------------------------------------------------------------------- 
                                              Existing code continuous ...
   -----------------------------------------------------------------------------------------------------------------------

Please let me know, If I am doing anything wrong to capture the keys. Thank you.

Best Regards,
Chandramouli.

[Chandramouli-P]

Hello Pascal,

Good morning. Did you get a chance to go thorough? Any help would be appreciated. Thank you.

Best Regards,
Chandramouli.

[pabuhler]

Hi,
You code looks OK but it did not decrypt for me. This can be for different reasons but is hard to debug.
Are you sure the keys you provided are for the same capture file?
I would suggest doing a new clean capture and try to decode once more.
Maybe having a unique filename for the keys in case it is being overwritten.
If you provide new keys and new capture I given it another attempt to decode but in the end the tool's work if the keys and arguments are correct.