none
How to decode an encrypted protocol data?

    Pregunta

  • An IM protocol or some MMRPG game protocol, the communication data are encrypted.

    C  ____connect______ Server

    |<--------key_c,Key_s------|

    |----------login packet----->|  // login packet encrypted by key_c

    |<-----result packet---------|  //result packet encrypted by key_s

    ......

     

    how can i decode the encrypted packet? if i know the encryption algorithm.

     

    thanks.

     

    jueves, 24 de febrero de 2011 7:49

Respuestas

  • You could use the NMAPI to write some code to decode the traffic.  In fact, we have a Network Monitor Expert on http://www.codeplex.com/NMDecrypt which does this alread for certain types of SSL and TLS traffic.  If this is similar traffic I would encourage you to update that expert.  If this seems the way to go, let me know and I'll tell you how you can get involved with this open source project.

    If you need to write something separately, because it's not SSL/TLS, then I can provide more detail as to how this is done.  But I think you could still follow the model presented in the NMDecrypt Expert.

    Paul

    jueves, 24 de febrero de 2011 15:00

Todas las respuestas

  • You could use the NMAPI to write some code to decode the traffic.  In fact, we have a Network Monitor Expert on http://www.codeplex.com/NMDecrypt which does this alread for certain types of SSL and TLS traffic.  If this is similar traffic I would encourage you to update that expert.  If this seems the way to go, let me know and I'll tell you how you can get involved with this open source project.

    If you need to write something separately, because it's not SSL/TLS, then I can provide more detail as to how this is done.  But I think you could still follow the model presented in the NMDecrypt Expert.

    Paul

    jueves, 24 de febrero de 2011 15:00
  • 'thank Paul,I'm studying NMDecrypt .

    I have an idea about NPL plugin.why not let us write the plugin do these things?

    We can write a DLL export some functions, like NPL plugin "AddToProperty","BuildConveration".

     

    viernes, 25 de febrero de 2011 5:53
  • We never provided a way to plugin into NPL.  While the idea sounds good, one of our strenghs is isolating the parser from DLL type code.  This reduces the surface attacks for bad/malicoious code which is important as captures are often need from production type servers.  Exposing a DLL interface could make it possible for somebody to exploit this data.

    However, using the API you can do something similar, albiet a bit disconnected from the original data and in a post processing type step.  If you need more help just let us know.

    viernes, 25 de febrero de 2011 16:02