Fax wiretapping: Difference between revisions
No edit summary |
No edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=== Intro === | === Intro === | ||
[[File:Fax wiretap setup.jpg|thumb|Fax wiretapping setup]]A discussion came up about the common claim that "Fax is insecure", but nobody could initially find actual evidence of it or a way for a mere mortal to turn an audio recording of a fax transmission into the image that was sent using publicly available tools, only "talk to our representative" enterprise solutions that might implement decoders. | [[File:Fax wiretap setup.jpg|thumb|Fax wiretapping setup]]A discussion came up about the common claim that "Fax is insecure", but nobody could initially find actual evidence of it or a way for a mere mortal to turn an audio recording of a fax transmission over a POTS line into the image that was sent using publicly available tools, only "talk to our representative" enterprise solutions that seemed like they might implement decoders. | ||
A litte search subsequently revealed [https://superuser.com/questions/217785/how-to-convert-audio-file-of-fax-transmission-to-image-in-linux this page] that suggested using the <code>fax_decode</code> program from the the spandsp library from the [https://www.soft-switch.org/ soft-switch] project could work and was reported functional using test audio files, those however had the transmit and receive channels separated and only the transmit channel was fed to the program. That's not how a wiretap would come out (both are mixed), so having the needed equipment to run a test it seemed like a fun morning project. | A litte search subsequently revealed [https://superuser.com/questions/217785/how-to-convert-audio-file-of-fax-transmission-to-image-in-linux this page] that suggested using the <code>fax_decode</code> program from the the <code>spandsp</code> library from the [https://www.soft-switch.org/ soft-switch] project could work and was reported functional using test audio files, those however had the transmit and receive channels separated and only the transmit channel was fed to the program. That's not how a wiretap would come out (both are mixed), so having the needed equipment to run a test it seemed like a fun morning project. | ||
=== Hardware === | === Hardware === | ||
A test setup was made with my fax-capable MFP connected to a Cisco SPA122 ATA that is set to be able to dial to another | A test setup was made with my fax-capable MFP connected to a Cisco SPA122 ATA that is set to be able to dial to another ATA connected to a Windows XP laptop with built-in modem running the Windows fax console. Faxing from the MFP to the PC (and vice versa) was known to work correctly from previous endeavors, although sometimes needing multiple retries due to packet losses on the VoIP side causing occasional audio drops. | ||
[[File:Fax wiretap setup detail.jpg|thumb|Recorder and tap detail]] | [[File:Fax wiretap setup detail.jpg|thumb|Recorder and tap detail]] | ||
The phone line cable between the PC and ATA was cut and a very crude tap was made using a 220nF capacitor from each line and fed into a Zoom H6 audio recorder. The fax would still go through, and the entire audio could be recorded in what seemed like a satisfactory manner. | The phone line cable between the PC and ATA (i.e. receiving side) was cut and a very crude tap was made using a 220nF capacitor from each line and fed into a Zoom H6 audio recorder. The fax would still go through, and the entire audio could be recorded in what seemed like a satisfactory manner. | ||
=== Software === | === Software === | ||
The spandsp library (<code>spandsp-0.0.6.tar.gz</code>) was downloaded | The spandsp library (<code>spandsp-0.0.6.tar.gz</code>) was downloaded in an ubuntu WSL instance and built following the instructions that include building the test programs: | ||
<code>./configure --enable-tests</code> | <code>./configure --enable-tests</code> | ||
| Line 25: | Line 25: | ||
<code>fax_decode file.wav</code> | <code>fax_decode file.wav</code> | ||
And... yes! A <code>fax_decode.tif</code> file was now found in the folder, with our glorious test fax extracted from the audio. | |||
=== Results === | |||
[[File:Fax decode9.png|thumb|The decoded fax (converted to png)]]A folder can be found [https://cloud.thatoldtech.net/index.php/s/AqZoFmbz5jniDEs here] with: | |||
* The original audio recording for 2 transmissions | |||
* The 8kHz version of each of those | |||
* The decoded images for them | |||
* 2 faxes as received by the Windows fax console for quality comparison (yes it's just the same) - they are not of the same transmissions as it turns out sometimes the fax console would give up reception due to an interruption but the sender continued transmission, resulting in the decoding from the tap actually being successful while the "legit" reception wasn't... | |||
Latest revision as of 22:03, 8 May 2022
Intro
A discussion came up about the common claim that "Fax is insecure", but nobody could initially find actual evidence of it or a way for a mere mortal to turn an audio recording of a fax transmission over a POTS line into the image that was sent using publicly available tools, only "talk to our representative" enterprise solutions that seemed like they might implement decoders.
A litte search subsequently revealed this page that suggested using the fax_decode program from the the spandsp library from the soft-switch project could work and was reported functional using test audio files, those however had the transmit and receive channels separated and only the transmit channel was fed to the program. That's not how a wiretap would come out (both are mixed), so having the needed equipment to run a test it seemed like a fun morning project.
Hardware
A test setup was made with my fax-capable MFP connected to a Cisco SPA122 ATA that is set to be able to dial to another ATA connected to a Windows XP laptop with built-in modem running the Windows fax console. Faxing from the MFP to the PC (and vice versa) was known to work correctly from previous endeavors, although sometimes needing multiple retries due to packet losses on the VoIP side causing occasional audio drops.
The phone line cable between the PC and ATA (i.e. receiving side) was cut and a very crude tap was made using a 220nF capacitor from each line and fed into a Zoom H6 audio recorder. The fax would still go through, and the entire audio could be recorded in what seemed like a satisfactory manner.
Software
The spandsp library (spandsp-0.0.6.tar.gz) was downloaded in an ubuntu WSL instance and built following the instructions that include building the test programs:
./configure --enable-tests
make
As expected the configuration step spat out missing dependencies one after the other, after a while the list of things that ended up needed was retrieved with
sudo apt install build-essential libaudiofile-dev libpcap-dev libxml2-dev fftw-dev libsndfile1-dev libtiff-dev xsltproc libtiff-tools netpbm sox
With these installed the library could be built, with the fax_decode program found in the tests subdirectory.
The recorded file needs to be converted to 8kHz 16-bit mono PCM, and can then be processed simply with
fax_decode file.wav
And... yes! A fax_decode.tif file was now found in the folder, with our glorious test fax extracted from the audio.
Results
A folder can be found here with:
- The original audio recording for 2 transmissions
- The 8kHz version of each of those
- The decoded images for them
- 2 faxes as received by the Windows fax console for quality comparison (yes it's just the same) - they are not of the same transmissions as it turns out sometimes the fax console would give up reception due to an interruption but the sender continued transmission, resulting in the decoding from the tap actually being successful while the "legit" reception wasn't...