[mdlug] Reverse-engineering data protocols
Adam Tauno Williams
awilliam at opengroupware.us
Tue Mar 1 14:02:20 EST 2011
On Tue, 2011-03-01 at 13:29 -0500, Ingles, Raymond wrote:
> > From: David McMillan
> > I'm *pretty* certain that this data isn't enciphered to prevent
> > third-party access, but it's not plaintext being pushed through a
> > Telnet-esque connection either. So I'm a bit stuck.
It is almost certainly encoded or packed in some manner; there are many
ways do to that: Base64, MARC/Z39, XDR, LEB128, DCE, and various
combinations of the previous with differing signing, code page
encodings, and endian-ness.
The best thing you can do is grab a stream where you know what the
result is and noodle around in the data with a hex editor (like ghex2)
until you can find at least some primer (this results in that) and work
from there. This gets easier with experience; after while you'll look
at some stream of gook and say... man, that looks like...
--
Adam Tauno Williams <awilliam at whitemice.org> LPIC-1, Novell CLA
<http://www.whitemiceconsulting.com>
OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba
More information about the mdlug
mailing list