:::: MENU ::::

Dawit's Tech Blog

My name is Dawit and I write about Technology stuffs.

Posts Tagged / Mobile VoIP

  • Jan 28 / 2017
  • 0
InfoSec, Security, Social Media, Traffic Analysis

WeChat Android Application Traffic Analysis and Pattern/Signature Extraction

Nowadays, many media-rich entertainment and Communication applications have emerged on the Internet, which often use obfuscation techniques such as encrypted data transmission, random/changing ports, or proprietary communication protocols to prevent detection or filtering by network or content owners who believe the traffic is threatening their (infrastructural, service availability or intellectual) property and as a norm many of the application adopt Open Source based application development i.e. the protocols, libraries, databases and platforms they use are almost similar, widely used and few features proprietary. For example, WeChat they have tried to use standard ports (TCP & UDP) but the packet structure is different from the actual HTTP and HTTPS, and Random Ports.

Instant messaging (IM) has become one of the main applications of mobile phones, with plenty of “apps” available and literally billions of messages exchanged every day. With the widespread diffusion of mobile Internet traffic plans, IM and VoIP applications are rapidly replacing other forms of mobile communication, such as text messages, voice data/calls and, in some situations, even e-mails. As conversations are rapidly converging to IM applications, it is natural to start asking how secure this communication channel actually is, and if users can really trust IM apps and their back-end infrastructure. I decided to pick one of these applications and look “under the hood”, in order to see how the developers tried to ensure the confidentiality of in-transit communications.

WeChat is a feature-rich and sophisticated mobile application, which allows users to communicate via text messages, video and voice calls, to share photos and attach recorded voice/videos Msgs, and much more. The app is available for several mobile platforms. Why WeChat? According to Google Play Store as of Sept 2016, WeChat for Android alone has more than 500 million downloads. and it has been advertised on International TV Channels (DStv and others).

WeChat Version 6.3.22 (Latest Version)

  • Signaling VoIP
    • Udp port == 8080, 80
      • Offset[0] ==0xa1
      • Offset[1] ==0x08
      • Offset[7] ==0x10
      • Offset[9] ==0x18
      • Offset[10] ==0x28
      • Offset[11] ==0x22
      • Offset[12] ==0x28
    • Udp port == 32780, 34003, 40768, 42410, 40049
      • Offset[0] ==0xa3
      • Offset[5] ==0x08
      • Offset[11] ==0x10
      • Offset[13] ==0x18
      • Offset[14] ==0x28
      • Offset[15] ==0x22
      • Offset[16] ==0x28

Continue Reading

  • Oct 17 / 2016
  • 1
Cyber War, InfoSec, Security, Traffic Analysis, VoIP Fraud

MobileVOIP Cheap VoIP Calls (Version June 14, 2016)

The Current trend and Latest VoIP applications are becoming umbrella for many services (Umbrella Apps like Fringe and others) can make voip calls to different application whatever they get active online to whatsapp, viber, imo and many others. and also due to the availability of “OUT” Services like “Viber Out”, “WeChat Out” and others can make cheap international voip calls which is making telecom industries to lose billion of dollar revenue per year. Handling such kind of gray traffic will not only maximize revenue of telecoms industry but also ensuring national interest and national security.

Domain Nameserver Information

  • finarea.ch 77.72.169.217
  • finarea.ch 77.72.174.217
  • mobilevoip.com has address 77.72.174.21

Domain Name System (DNS) Mobilevoip.com and www.mobilevoip.com

  • 72.174.21
  • 239.213.7 –> Rackspace Hosting

Server Location: Switzerland

CIDR / Public IP Address Blocks

  • 72.168.0/21 àComnet International
  • 72.174.0/24 àFinarea SA VoIP Provider
    77.72.169.0/24
  • 239.224.0/19 à Telia Company AB
  • 219.0.0/16 à TATA Communications (Canada) Ltd

Continue Reading