Reverse Engineering - Reverse Engineering of Protocols

Reverse Engineering of Protocols

Protocols are sets of rules that describe message formats and how messages are exchanged (i.e., the protocol state-machine). Accordingly, the problem of protocol reverse-engineering can be partitioned into two subproblems; message format and state-machine reverse-engineering.

The message formats have traditionally been reverse-engineered through a tedious manual process, which involved analysis of how protocol implementations process messages, but recent research proposed a number of automatic solutions. Typically, these automatic approaches either group observed messages into clusters using various clustering analyses, or emulate the protocol implementation tracing the message processing.

There has been less work on reverse-engineering of state-machines of protocols. In general, the protocol state-machines can be learned either through a process of offline learning, which passively observes communication and attempts to build the most general state-machine accepting all observed sequences of messages, and online learning, which allows interactive generation of probing sequences of messages and listening to responses to those probing sequences. In general, offline learning of small state-machines is known to be NP-complete, while online learning can be done in polynomial time. An automatic offline approach has been demonstrated by Comparetti et al. and an online approach very recently by Cho et al.

Other components of typical protocols, like encryption and hash functions, can be reverse-engineered automatically as well. Typically, the automatic approaches trace the execution of protocol implementations and try to detect buffers in memory holding unencrypted packets.

Read more about this topic:  Reverse Engineering

Famous quotes containing the words reverse and/or engineering:

    They shall beat their swords into plowshares, and their spears into pruninghooks: nation shall not lift up sword against nation, neither shall they learn war any more.
    Bible: Hebrew Isaiah, 2:4.

    The words reappear in Micah 4:3, and the reverse injunction is made in Joel 3:10 (”Beat your plowshares into swords ...”)

    Mining today is an affair of mathematics, of finance, of the latest in engineering skill. Cautious men behind polished desks in San Francisco figure out in advance the amount of metal to a cubic yard, the number of yards washed a day, the cost of each operation. They have no need of grubstakes.
    Merle Colby, U.S. public relief program (1935-1943)