Every NALU payload consisted of a 4-byte big-endian worth that appeared to explain a size (these 4-byte values had been all lower than, however near the dimension of the packets), adopted by a quantity of bytes that was all the time the lowest a number of of 16 bigger than the 4-byte size worth (i.e., if the 4-byte size worth was between 145 and 160, it might be adopted by 160 bytes). This urged to us the use of the AES encryption scheme, which operates on blocks of 16 bytes. If the size of a message to be encrypted is just not a a number of of 16 bytes, then padding is added to the finish of the message to inflate the size to a a number of of 16. An examination of a reminiscence dump of the Zoom course of throughout a gathering revealed an AES-128 key in reminiscence related to the string conf.skey, which we speculated stood for “conference secret key.”