Solved

Android encrypted wav file.

Posted on 2013-01-17
6
184 Views
Last Modified: 2014-11-06
Well One of my users encrypted a voice file they made with an App called Tapatalk on their Andriod 2.2 phone and had encryption on it. (They do not know what type they said just standard) They only have the file in a backup of the phone and that phone no longer exists.

Does anyone know how to get the encryption off the file so we can hear the contents again.
0
Comment
Question by:dgreenjr26
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Expert Comment

by:H
Comment Utility
I would recommend installing Tapatalk on an android device, copy the encrypted file into the wav file directory. Tapatalk uses password based encryption. So you should be able to decrypt the wave file using the original password in tapatalk.
0
 

Author Comment

by:dgreenjr26
Comment Utility
Unfortunately we tried this. The encryption was on the Android not Tapatalk. Any other suggestions?
0
 
LVL 8

Expert Comment

by:H
Comment Utility
Oh well that's a different story. android uses linux dm-crypt for its standard encryption. This is touching on some Grey-Hat areas. But you will need to find some Brute-force decryption software and run the file through it. May take awhile. The faster the system/hardware/io the faster the decryption will take. I have read articles in the past that linux dm-crypt can be brute-forced decrypted. hint: search google for LUKS...Be careful with these tools. Lots of them are not safe and the websites are not all safe as well.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 61

Expert Comment

by:btan
Comment Utility
If you have these files in the link below -brute force may still be viable

http://forensics.spreitzenbarth.de/2012/02/28/cracking-pin-and-password-locks-on-android/

But since the phone is not avail and only encrypted file is left, I am thinking back of Android actual encryption used for the filesystem is 128 AES with CBC and ESSIV:SHA256. The master key is encrypted with 128 bit AES via calls to the openssl library. Disk encryption on Android is based on dm-crypt, which is a kernel feature that works at the block device layer. Not easily to simulate and recover w/o device. Going further the actual work is also done by "cryptfs" with command option such as are checkpw and etc.

http://source.android.com/tech/encryption/android_crypto_implementation.html

Saw some mention of change the password for the encryption but needed root access. The idea is have the UI sends the command "cryptfs changepw "to re-encrypts the disk master key with the new password.

http://code.google.com/p/android/issues/detail?id=29468

Not sure if this is best approach but not seems easy w/o having to get the password or those others file (in first link) to simulate.
0
 

Author Comment

by:dgreenjr26
Comment Utility
Thank for all the input. But as it was stated no real good solution here. :-(
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
not possible to direct decrypt w/o password unless there is backdoor. prev there is mentioned of issue password store in  plain, so I wonder if that is still valid in this case.
https://support.tapatalk.com/threads/serious-issue-tapatalk-app-saves-passwords-as-plain-text.16507/#post-83505
And it was in past mentioned  the server send base64 encoded password which Base64 cna be decoded easily if there is transaction capture
https://support.tapatalk.com/threads/password-encryption.3665/#post-15653
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now