Fax wiretapping

From Wiki
Revision as of 22:00, 8 May 2022 by Admin (talk | contribs)
Jump to navigation Jump to search

Intro

Fax wiretapping setup

A discussion came up about the common claim that "Fax is insecure", but nobody could initially find actual evidence of it or a way for a mere mortal to turn an audio recording of a fax transmission into the image that was sent using publicly available tools, only "talk to our representative" enterprise solutions that seemed like they might implement decoders.

A litte search subsequently revealed this page that suggested using the fax_decode program from the the spandsp library from the soft-switch project could work and was reported functional using test audio files, those however had the transmit and receive channels separated and only the transmit channel was fed to the program. That's not how a wiretap would come out (both are mixed), so having the needed equipment to run a test it seemed like a fun morning project.

Hardware

A test setup was made with my fax-capable MFP connected to a Cisco SPA122 ATA that is set to be able to dial to another one connected to a Windows XP laptop with built-in modem running the Windows fax console. Faxing from the MFP to the PC (and vice versa) was known to work correctly from previous endeavors, although sometimes needing multiple retries due to packet losses on the VoIP side causing occasional audio drops.

Recorder and tap detail

The phone line cable between the PC and ATA was cut and a very crude tap was made using a 220nF capacitor from each line and fed into a Zoom H6 audio recorder. The fax would still go through, and the entire audio could be recorded in what seemed like a satisfactory manner.

Software

The spandsp library (spandsp-0.0.6.tar.gz) was downloaded under an ubuntu WSL instance and built following the instructions

./configure --enable-tests

make

As expected the configuration step spat out missing dependencies one after the other, after a while the list of things that ended up needed was retrieved with

sudo apt install build-essential libaudiofile-dev libpcap-dev libxml2-dev fftw-dev libsndfile1-dev libtiff-dev xsltproc libtiff-tools netpbm sox

With these installed the library could be built, with the fax_decode program found in the tests subdirectory.

The recorded file needs to be converted to 8kHz 16-bit mono PCM, and can then be processed simply with

fax_decode file.wav

And... yes! A fax_decode.tif file was now found in the folder, with our glorious test fax extracted from the audio.

Results

The decoded fax (converted to png)

A folder can be found here with:

  • The original audio recording for 2 transmissions
  • The 8kHz version of each of those
  • The decoded images for them
  • 2 faxes as received by the Windows fax console for quality comparison (yes it's just the same) - they are not of the same transmissions as it turns out sometimes the fax console would give up reception due to an interruption but the sender continued transmission, resulting in the decoding from the tap actually being successful while the "legit" reception wasn't...
Retrieved from "https://wiki.thatoldtech.net/index.php?title=Fax_wiretapping&oldid=60"