SEARCH
TOOLBOX
LANGUAGES
Defeating Proprietary Protocols the Smart Way

Defeating Proprietary Protocols the Smart Way

From BruCON 2017

Revision as of 21:53, 1 July 2017 by Larry (talk | contribs)

Jump to: navigation, search

Started six years ago, the project Netzob [www.netzob.org] aims at providing state-of-the-art algorithms for protocol reverse engineering in an open source framework. In this project, we have implemented and extended previous academic works for message format and state machine reversing. We have also designed novel algorithms that properly exploits contextual information to infer the semantic attributes contained in protocols.

The project Netzob does not only focus on protocol reversing, and now addresses many needs related to security (traffic generation of proprietary protocols for the evaluation of security products, ”smart” fuzzing of protocol implementation, automatic generation of protocol parsers, etc.). Netzob is usable through a Python API that allows a semi-automatic approach for reverse engineering. It also deals with several communication vectors (USB, Network, PCAP files, IPC, ...) and can easily be extended thanks to its code architecture.

During this workshop, the following topics will be addressed through practical and realistic exercises: - Common and advanced protocol reverse engineering techniques. This part will cover techniques such as automatic field identifications, contextual clustering, semantic sequence alignment, field’s dependency identification through correlation means, …

- “Smart” fuzzing of undocumented or proprietary protocols. This part will focus on traffic generation and mutation strategies along with various techniques to produce a fine grained definition domain configuration of each fields and state machine transition to fuzz.

- Vulnerability assessment by means of state machine comparison. This part will focus on the automatic extraction of the state machine of a protocol. Once achieved, attendees will learn how to leverage this technique on multiple implementations of the same protocol to find vulnerabilities.