Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET STRAP 2 UK EYES ONLY
8 Audio Exfiltration
8.1 Close Access Audio File Retrieval
Audio Files are recorded by the implant when the audioRecordingMode” Setting is set 1-3. These files
are stored locally on the TV hard drive. They can be retrieved by inserting a USB stick into the TV. The
USB stick inserted into the TV will be authenticated by the presence of a filename on the stick, and a
unique string held with-in the file. These values are set in the “usbDownloadKeyFile and
“usbDownloadKeyFileGUIDSettings.
To Retrieve Files from the TV:
1. Create a file with the same name as the usbDownloadKeyFileSetting in the configuration file
2. Edit this file with a text editor and enter theusbDownloadKeyFileGUIDSetting unique string
3. Save the file onto a USB stick. Preferably the stick should have an LED that flashes
4. Turn on the target TV
5. Insert the USB stick into the TV. A pop-up may appear asking what you want to do with the TV.
IGNORE this.
6. Watch the USB stick LED flashing. Once the LED stops flashing all files should have been
transferred. Transferred files are deleted from the TV storage area.
7. To ensure that files have been copied, you can open the USB stick to look at files using the remote.
8. Remove the USB stick from the TV.
9. The files on the USB stick can now be decrypted using the ECDLIVE tool.
8.2 Remote Access Audio File Retrieval
Audio files that are stored locally on the disk can also be retrieved over a Wi-Fi hotspot. Remote File
Retrieval is enabled when the “audioRecordingMode” setting is set to 2. The hotspot that EXTENDING
will use for exfiltration is configured in the Settings file and controlled by the “wifiSSIDname and
“WPAPreSharedKey” Settings. The IP address and port that the files will be transmitted to is configured
by the baseURL” and basePort. Make sure a Web Server has been configured to receive the files. See
Setting up the Web Server.
To exfiltrate the audio files:
1. Set up a Wi-Fi hotspot with the SSID and password as set in the configuration file. See Setting up
the Wi-Fi Hotspot Section.
2. The Wi-Fi hotspot can be set up on a laptop, phone or a Wi-Fi router.
3. When the Wi-Fi hotspot is turned on with-in range of the TV, EXTENDING will connect to it and begin
to exfiltrate files to the IP address baseURLand port “basePort as configured in the Settings file.
4. To receive the files the device with the “baseURL” must be running a Web Server on the “basePort
port number. See Setting up the Web Server.
5. Audio files will be transferred to <WebServer>/wifiConnect/audio on the receiving device.
6. Files can be decrypted using the ECDLIVE tool. The files should be placed in the “./store” directory
and the command ECDLIVE.exe –usb run
7. When the WiFi hotspot or web server is turned off EXTENDING will stop transferring files.
PAGE 21 OF 31
SECRET STRAP 2 UK EYES ONLY

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh