Fax wiretapping: Difference between revisions

From Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
=== Intro ===
=== Intro ===
[[File:Fax wiretap setup.jpg|thumb|Fax wiretapping setup]]A discussion came up about the common claim that "Fax is insecure", but nobody could initially find actual evidence of it or a way for a mere mortal to turn an audio recording of a fax transmission into the image that was sent using publicly available tools, only "talk to our representative" enterprise solutions that might implement decoders.
[[File:Fax wiretap setup.jpg|thumb|Fax wiretapping setup]]A discussion came up about the common claim that "Fax is insecure", but nobody could initially find actual evidence of it or a way for a mere mortal to turn an audio recording of a fax transmission over a POTS line into the image that was sent using publicly available tools, only "talk to our representative" enterprise solutions that seemed like they might implement decoders.


A litte search subsequently revealed [https://superuser.com/questions/217785/how-to-convert-audio-file-of-fax-transmission-to-image-in-linux this page] that suggested using the <code>fax_decode</code> program from the the spandsp library from the [https://www.soft-switch.org/ soft-switch] project could work and was reported functional using test audio files, those however had the transmit and receive channels separated and only the transmit channel was fed to the program. That's not how a wiretap would come out (both are mixed), so having the needed equipment to run a test it seemed like a fun morning project.
A litte search subsequently revealed [https://superuser.com/questions/217785/how-to-convert-audio-file-of-fax-transmission-to-image-in-linux this page] that suggested using the <code>fax_decode</code> program from the the <code>spandsp</code> library from the [https://www.soft-switch.org/ soft-switch] project could work and was reported functional using test audio files, those however had the transmit and receive channels separated and only the transmit channel was fed to the program. That's not how a wiretap would come out (both are mixed), so having the needed equipment to run a test it seemed like a fun morning project.


=== Hardware ===
=== Hardware ===
A test setup was made with my fax-capable MFP connected to a Cisco SPA122 ATA that is set to be able to dial to another one connected to a Windows XP laptop with built-in modem running the Windows fax console. Faxing from the MFP to the PC (and vice versa) was known to work correctly from previous endeavors, although sometimes needing multiple retries due to packet losses on the VoIP side causing occasional audio drops.
A test setup was made with my fax-capable MFP connected to a Cisco SPA122 ATA that is set to be able to dial to another ATA connected to a Windows XP laptop with built-in modem running the Windows fax console. Faxing from the MFP to the PC (and vice versa) was known to work correctly from previous endeavors, although sometimes needing multiple retries due to packet losses on the VoIP side causing occasional audio drops.
[[File:Fax wiretap setup detail.jpg|thumb|Recorder and tap detail]]
[[File:Fax wiretap setup detail.jpg|thumb|Recorder and tap detail]]
The phone line cable between the PC and ATA was cut and a very crude tap was made using a 220nF capacitor from each line and fed into a Zoom H6 audio recorder. The fax would still go through, and the entire audio could be recorded in what seemed like a satisfactory manner.
The phone line cable between the PC and ATA (i.e. receiving side) was cut and a very crude tap was made using a 220nF capacitor from each line and fed into a Zoom H6 audio recorder. The fax would still go through, and the entire audio could be recorded in what seemed like a satisfactory manner.


=== Software ===
=== Software ===
The spandsp library (<code>spandsp-0.0.6.tar.gz</code>) was downloaded under an ubuntu WSL instance and built following the instructions
The spandsp library (<code>spandsp-0.0.6.tar.gz</code>) was downloaded in an ubuntu WSL instance and built following the instructions that include building the test programs:


<code>./configure --enable-tests</code>
<code>./configure --enable-tests</code>

Latest revision as of 22:03, 8 May 2022

Intro

Fax wiretapping setup

A discussion came up about the common claim that "Fax is insecure", but nobody could initially find actual evidence of it or a way for a mere mortal to turn an audio recording of a fax transmission over a POTS line into the image that was sent using publicly available tools, only "talk to our representative" enterprise solutions that seemed like they might implement decoders.

A litte search subsequently revealed this page that suggested using the fax_decode program from the the spandsp library from the soft-switch project could work and was reported functional using test audio files, those however had the transmit and receive channels separated and only the transmit channel was fed to the program. That's not how a wiretap would come out (both are mixed), so having the needed equipment to run a test it seemed like a fun morning project.

Hardware

A test setup was made with my fax-capable MFP connected to a Cisco SPA122 ATA that is set to be able to dial to another ATA connected to a Windows XP laptop with built-in modem running the Windows fax console. Faxing from the MFP to the PC (and vice versa) was known to work correctly from previous endeavors, although sometimes needing multiple retries due to packet losses on the VoIP side causing occasional audio drops.

Recorder and tap detail

The phone line cable between the PC and ATA (i.e. receiving side) was cut and a very crude tap was made using a 220nF capacitor from each line and fed into a Zoom H6 audio recorder. The fax would still go through, and the entire audio could be recorded in what seemed like a satisfactory manner.

Software

The spandsp library (spandsp-0.0.6.tar.gz) was downloaded in an ubuntu WSL instance and built following the instructions that include building the test programs:

./configure --enable-tests

make

As expected the configuration step spat out missing dependencies one after the other, after a while the list of things that ended up needed was retrieved with

sudo apt install build-essential libaudiofile-dev libpcap-dev libxml2-dev fftw-dev libsndfile1-dev libtiff-dev xsltproc libtiff-tools netpbm sox

With these installed the library could be built, with the fax_decode program found in the tests subdirectory.

The recorded file needs to be converted to 8kHz 16-bit mono PCM, and can then be processed simply with

fax_decode file.wav

And... yes! A fax_decode.tif file was now found in the folder, with our glorious test fax extracted from the audio.

Results

The decoded fax (converted to png)

A folder can be found here with:

  • The original audio recording for 2 transmissions
  • The 8kHz version of each of those
  • The decoded images for them
  • 2 faxes as received by the Windows fax console for quality comparison (yes it's just the same) - they are not of the same transmissions as it turns out sometimes the fax console would give up reception due to an interruption but the sender continued transmission, resulting in the decoding from the tap actually being successful while the "legit" reception wasn't...
Retrieved from "https://wiki.thatoldtech.net/index.php?title=Fax_wiretapping&oldid=62"