Version 1

Talk (30 min): How does Zoom Store Recordings?

Reverse Engineering C++ and Custom File Formats

Join online: viscon.ethz.ch/livestream

Like many others, we found ourselves having to move to online meetings - specifically Zoom, after the ETH closed in the beginning of March 2020.
When recording with Zoom, a nice feature is the ability to save the audio of different people to individual files, allowing easy editing in post.
Unfortunately, Zoom decided to trim any silences found in those audio tracks and as such they become impossible to sync in post.
Thus I decided to reverse engineer Zoom, specifically how they store the temporary recording files and hopefully extract the full untouched audio tracks.

In this talk, I will go through the journey taken, to go from not knowing what part of Zoom handles recordings to fully extracting all data from the temporary files.
Attendees will learn important aspects when reverse engineering any software as well as file formats.
Furthermore, they will see common pitfalls and difficulties I encountered, specifically with C++ software.
I will explore all of this, in the context of how the Zoom recording and transcoding architecture works, as well as the custom file format Zoom uses.

In theory Zoom has a really great feature to record every person's audio separately.
This is really great for recording our weekly meetings, as sometimes people are too quiet or too loud and allows us to fix such issues in post.
Unfortunately, when exporting, Zoom will automatically remove any periods of silence from the resulting audio files, making this impossible.
However, Zoom also stores the recording in temporary files, which allowed me to get the original audio as well as video.

In the first section of the talk, I will go into detail on how I was able to reverse engineer the file format and which pitfalls I fell into.
Starting at finding the right library responsible for handling these files to finally cracking the code on the way video was stored.
All in all, attendees will learn a great detail of reversing tricks as well as how they might go about building their own file format.
Nonetheless, only some minor knowledge of general software development and programming is needed to follow along.

Before I delve into the details of the file format, the architecture used to orchestrate recordings and transcoding will be explained.
The architecture - which was also reversed - is an important part of the file format design and as such helps understand how it came about.
After an in depth description of the file format, I will comment on its advantages and disadvantages.
Rounding off the talk, will be a demonstration of the file format.

About Flagbot

„Flagbot“ is ETH's Capture The Flag team.
Every weekend we take part in online (and sometimes onsite) hacking competitions in the world, and we offer students the thrills of being part of one of the top ranking teams fighting tooth and nail against other passionate hackers to get the latest flag.
In 2019 we ranked first in Switzerland and look forward to become the best in the world.
Furthermore, every Monday we provide lectures on modern hacking topics and techniques to get new members up to speed.
Amongst other things, last year we organized our first big event (BjörnCTF), and organized many collaborations with EPFL's CTF team.

Info

Day: 2020-10-08
Start time: 19:00
Duration: 00:40
Room: Online / ETH (BLUE)
Track: Hacktrack

Links:

Concurrent Events