That's a great writeup. Is it possible to create a really long passphrase whose hash can't be reversed easily? Perhaps a diceware passphrase with six randomly chosen words?
The difficulty of breaking Deepsound is basically equivalent to the difficulty of reversing a SHA-1 hash. For dictionary words and shorter passwords, consider them broken instantaneously through pre-computed lookup tables.
For more complex passphrases (and remember, only the first 32 characters count here), exponential growth probably works in your favor, even with today's Bitcoin-fueled hyper-accelerated SHA-1 implementations.
Even then, the scheme where they use the password directly as the AES key is flawed. For example, in ASCII, every octet's most-significant bit is zero, so 32 bits of your AES key are fixed. I don't know if this enables practical attacks, but anyone who cares about securing their data shouldn't rely on amateur cryptography like this.
Edit: Oh right, and aside from the password aspect, it uses ECB mode for the encrypted content. That’s not good.
https://ryan.govost.es/2018/03/09/deepsound.html