29C3 2012 / The future of protocol reversing and simulation applied on ZeroAccess botnet The future of protocol reversing and simulation applied on ZeroAccess botnet
Dimitri Kirchner / AMOSSYS
We will present Netzob, an Open Source tool, and show how it helps to semi-automatically reverse undocumented communication protocols (USB, Network, IPC, …). It leverages bio-informatic, automata theory and data dependencies algorithms to infer both the message format and the state machine of a protocol. Most of these algorithms were re-implemented from scratch which allowed us to customize their specifications regarding our needs. These algorithms will be pedagogically explained and their uses for RE purposes will be detailed.
We will also expose the methodology to generate contextualized communications based on the obtained specifications. Hence, the provided simulation module allows the creation of realists servers and clients in a controllable manner.