I have intercepted data packets between software on my computer and software on a remote server. The idea is to reverse engineer the API between the two and integrate the API into another software module.
The problem is that I can't figure out how to read the data. Here is 92 bytes of hex data to give an example:
10:02:42:6d:95:72:1a:70:be:00:ba:cc:a9:95:72:81:49:dd:00:ae:39:bd:c2:4a:0e:00:d1:fe:a6:01:fc:51:09:42:c1:49:dd:00:59:57:31:b2:3a:ce:00:d1:7e:7c:fa:1d:65:c9:42:41:7c:b6:40:dd:f5:71:52:f1:c7:65:12:be:c0:86:71:03:62:eb:81:49:dd:00:dd:f5:71:dc:7a:ce:00:d1:be:00:ba:1d:65:61:52:c2
This converts to the ASCII str开发者_开发问答ing:
??Bm?r?p??????r?I???9??J???????Q?B?I??YW1?:???~|??e?BA|?@??qR??e????q?b??I????q?z???????eaR?
I know approximately what this data should contain if that helps.
I am just looking for getting started tips to help me break the code.
Assuming the data is only encoded, and not encrypted, one thing that may reveal a lot of information about the data is to compare packets over time. The parts that change over time are probably data while the parts that don't are probably structural information.
Experiment by changing the state of the software (assuming this is possible), any changes observed in the data are clues.
Since you know approximately what the packets should contain this alone might give you enough clues to figure out the data format. Especially if you have fine control over the software's state.
Note: Also remember that multi-byte data has an endianess and assuming the wrong endianess can make things very confusing. Similarly, there are many other ways to encode strings than with ASCII.
If there's a lot of data sent you might also want to check to see if the data is compressed in any way.
This data may not actually be encrypted, so much as it might be encoded.
One of the possible encodings you may be dealing with is a standard known as Basic Encoding Rules (BER). This is a way to encode an Abstract Syntax Notation One (ASN.1) data structure into a binary stream.
Check out http://en.wikipedia.org/wiki/Basic_Encoding_Rules for some insight.
It is worth noting, however, that there are several toolkits for various languages which will make dealing with BER data easier. One of the most extensive I've seen is a Perl library called Convert::ASN1.
Hopefully this is helpful, and I'll try to keep this up to date with more toolkits for this encoding as I come across them.
Additionally, if this is merely encoded, it is also possible that you have binary data simply ASCII delimited using a given value. That value could be the pipe (|) character you see in the output. There are a number of formats which use a wire protocol of this form, for example HL7.
If you are not sure whether the data is encrypted or not, a good test to check is to look into the randomness of the data.
Any encryption algorithm worth its name would output data that appears completely random. So you could iterate over the bytes and check whether the values are uniformly distributed. If they are, you can be pretty sure that the data is really encrypted rather than just encoded.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论