Viber Communication Security - Bad Request
Viber Communication Security - Bad Request
Viber Communication Security - Bad Request
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Experiments Chapter 3<br />
Time Source ip Dest ip udp Payload<br />
01.765650000 192.168.2.2 79.125.85.225 4b990100010077cab3315922..<br />
01.789661000 79.125.85.225 192.168.2.2 4b99020077cab33159228d12..<br />
01.814890000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
01.814973000 79.125.85.225 192.168.2.2 4b99020077cab33159228d12..<br />
02.054238000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
02.256731000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
02.503092000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
. . . .<br />
31.497124000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
31.704656000 192.168.2.2 145.18.248.29 4b99030077cab33159228d12<br />
33.042943000 192.168.2.2 79.125.85.225 4b99050077cab33159228d12<br />
Table 2: Message exchange between clients and server.<br />
060ccc02 2 204 12 6<br />
1df81291 145 18 248 29<br />
3fc81df8 248 29 200 63<br />
12913fc8 200 63 145 18<br />
06000000 0 0 0 6<br />
Table 3: Little Endian translations to decimal octets from payload of 0x0200 value message.<br />
The extra byte that follows the 0x0600 message type alternates between 0x00 and 0x01 between<br />
every measurement. This could provide some frame loss checking, for example if the server receives<br />
two messages with that byte set to 0x01 after each other it would know that it missed a whole<br />
measurement with 0x00 set as the value.<br />
The last message type that was captured has a value of 0x0a00 and has a considerably longer payload.<br />
The message is sent to the server every couple of seconds and may contain some information about<br />
network performance, bytes exchanged and possibly even key information if decent encryption will<br />
be used. Table 5 contains a list of data in 32-bit words in the payload. Time was too short to sort<br />
out the meaning of every byte but some patterns did emerge.<br />
Voice Messages The second packet stream starts its payload with the 0x4b19 sequence. It contains<br />
the actual voice data and of course some header information. After the first two bytes which<br />
are unique for each call follow two bytes that are the same for each call: 0x8067. Also included is a<br />
sequence number which increases with every packet and a time field that increases with 0x00001000<br />
every quarter of a second. The opening and ending sequence from Table 5 follows that and the end of<br />
the header consist of one byte which varies a lot over the course a call and apparently has no relation<br />
any of the frame characteristics like length. This could possibly be an indication of the quality of<br />
the network as the client itself is experiencing it.<br />
22