Re: Automatic Poke

[Mohammad-Reza Nabipoor]

Hi Philippe.


On Fri, Mar 10, 2023 at 08:38:35PM -0500, Philippe Marchesseault wrote:
> Hello all,
> 
> I am starting a new project that will make use of libPoke. It is a tool
> that will try to automatically reverse engineer the structure of a
> collection of opaque blobs. The idea is that if you have enough blobs with
> the same structure, you can have the computer try grammar permutations that
> fit the blob collection. The tool will generate a portion of Poke grammar
> for you to modify and improve on.
> 
> The workflow I have in mind is this:
> 1-Organize your blobs by grammar.
> 2-Run the tool, it will generate grammar. Maybe with different choices?
> 3-Edit the generated grammar
> 4-Repeat step 2
> 
> Nice Features:
> - User provides hints of data you know is in the blob (from log files,
> visual inspection, ...)
> - Automatically detect embedded files with magic headers
> -...
> 
> I hope to generate the grammars in the Poke DSL, and use the libPoke VM to
> interpret and apply the grammars to multiple blobs and score how they
> perform. How should I go about this? Is this even a good idea? Does it make
> sense?
> 

I have no experience in reverse engineering, but this subject seems to be
an active area of research esp. for reverse engineering the communication
protocols.  For the methodology, it's a better idea to search for research
papers, presentations on confs like Black Hat, available tools, etc.
Then you'll have more concrete ideas/strategies, and we are here to discuss
how to use Poke and libpoke to implement your ideas :)

Two examples of such paper and tool (for reverse engineering network protocols):

  - State of the art of network protocol reverse engineering tools
    https://hal.inria.fr/hal-01496958/document
  - https://github.com/netzob/netzob

I think Poke DSL could be a good tool for this job; but you have to start
the project and then we'll see!


Happy Poking!