Remote Protocol Anaylsis and Research


Our client wants to develop a SaaS product for which he has a unique idea but not sure if it can be done. Task was to capture and analyze undocumented network communication protocols and patterns for specific use cases of various network enabled devices; including iPhone,ipad,ipod, PS3,Wii, XBOX 360 and some Blu-Ray players, in order to develop technical feasibility and algorithm for target software. There were two major obstacles with this project. One was to get a hold of these devices that need to be studied. Wide geographical distance between parties makes it financially infeasible to transfer hardware for analysis. Alternatively it could significantly raise the cost if we had to purchase them locally. Second obstacle was to, somehow, have full visibility into low level networking activities of each device, because each device either provides no or very limited capability into its internals.


By following “Minimum Client Intervention” strategy, We walked our client through, to enable RDP access for a spare windows machine which was already connected to given network through its WiFi interface and additionally has LAN interface which we asked our client to connect to the nearest network switch. Then we remotely accessed and configured his internet facing firewall, allowing us RDP access to target machine from our location. Next with the help of a virtualization software we deployed a virtual Linux box on top of this windows machine and enabled direct SSH access from our location taking RDP out of equation. By utilizing both wired and wireless interfaces of this machine we configure our virtual Linux box as a router for entire network, forcing all devices to communicate to the internet through it. This SSH accessible Man-in-Middle linux router provides us sniffing capabilities inside client’s private network with real time visibility into each packet that pass through it. After which client start pushing buttons on each target device and we start collecting resulting network traffic for later analysis.


This is how without physical access and breaking into each target device, we were able to solve both obstacles and therefore were able to study and provide protocol analysis for various network connected devices, remotely. This research and resulted algorithm was utilized as the basis of his SaaS product which our client is now massively selling too his customers around the globe.