AppSec Europe 2014

There is a big bunch of tools offering HTTP/SSL traffic interception. However, when it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful mystery - completely unsecured mechanisms breaking all good coding practices.

We would like to present our approach and a short guideline how to reverse engineer proprietary protocols - a world full of own implementations of asymmetric cryptography, revertible hash algorithms, lack of user authentication and no function or data access control at all.

To demonstrate, we will show 5 case-studies - most interesting examples from real-life financial industry software, which in our opinion are aquintessence of "security by obscurity". We will talk about homeautomation, embedded pull printing software in multifunction printers (MFP), remote desktop protocols and twisted vulnerabilities in FOREX trading software, which is particularly risky business regarding security.