-4

What are the best tools available in order to reverse engineer a communication protocol?

westbeam87
  • 429
  • 4
  • 12
  • 1
    **Brain Mk I**. What level of protocol are we talking about? Wire, wireless, application-level? – Deer Hunter Sep 30 '15 at 10:41
  • Related: [Finding Vulnerabilities in Software](http://security.stackexchange.com/a/92003/52676) and [Malware Analysis](http://security.stackexchange.com/a/84715/52676) (essentially reverse engineering) – RoraΖ Sep 30 '15 at 11:41

1 Answers1

3

Assuming it is communicating over a network:

  • Wireshark and/or Tcpdump to capture and analyse data.
  • Hex Editor to define headers, footers and other data structures within the packet streams. A lot of the traffic will most likely not be human readable characters.
  • TCPReplay to replay the traffic, allowing you to modify and re-test.
  • WireEdit, allows you to modify PCAP (capture files) and save them.
  • Reverse engineering tools for the communicating application such as OllyDBG, Immunity Debugger, GDB.
  • A text editor to edit your systems host file. Useful to intercept and reply to communication destined to remote servers. Play back the traffic you want and see how the protocol behaves.
Chris Dale
  • 16,149
  • 10
  • 57
  • 97