Now that we have reversed most of the network protocol between the game server and the client, let’s intercept and manipulate it. I personally prefer Python when it’s about to build quick and dirty scripts. Here we need to build an asynchronous proxy that handle binary data. In this case, I will use Python 2.7 with the native libraries asyncore, socket and struct.
Wireshark is one of the best – if not the best – packet analyser available. It allows you to capture the traffic sent from/to your machine and parse its content in order to have a human readable representation of it. At the moment, there are hundreds of supported protocols and media. Considering that the protocol of Pwn Adventure 3 is custom and not widely used, there is no dissector (parser) installed by default in Wireshark for this protocol. Eric – maetrics – Gragsone has already published a custom dissector in Lua, which was helpful for the realisation of this blog series. However, the dissector is missing some information that we covered in the last blog. Instead of re-using and improving the parser, we will start from scratch so I can explain the process and logic to build a Wireshark dissector.
We have seen in the previous post a methodology to reverse a network binary protocol. In the given example, we dissected the packet that updates our location in the game. We will continue reversing the protocol but this time with less details as I hope you now have a better understanding of the process.
In this blog post, we will look at the network traffic generated between the client and the PwnAdventure3 game server in order to reverse the protocol and understand its content. For this, we will use Wireshark and some methodology.
Welcome to this new blog series about Pwn Adventure 3: Pwnie Island! In this series, we will cover different aspects of security that we often have to deal with during our penetration test, such as network analysis, reverse engineering and packet tampering.