in reply to Re: Socket unpack
in thread Socket unpack

Thats my problem. The spec. is unknown for me and there`s no guide on it.

I am trying to automate something that is not documented.

Is it possible to find out the field size/byte order ...etc ?

Replies are listed 'Best First'.
Re^3: Socket unpack
by ikegami (Patriarch) on Feb 16, 2010 at 08:43 UTC

    Yes and no. How can you tell what the following means? 

    00 00 00 40 00 10 43 55 00 00 00 01 00 00 00 00

    [download]

    Judging by the placement of the NULs, what are probably big-endian 4-byte numbers stand out. 

    00 00 00 40 00 10 43 55 00 00 00 01 00 00 00 05
-----------             ----------- -----------

    [download]

    If it was stored in little-endian byte order, it would look like 

    40 00 00 00 55 43 10 00 01 00 00 00 05 00 00 00
-----------             ----------- -----------

    [download]

    00 00 00 40 is likely a 32-bit field with value 64. Do you have an idea of what data you are getting? Are you expecting 64 for anything or 64 of something? If you change the input, do you see a corresponding change there?

    But maybe 00 00 00 40 is two 16-bit fields. Or two bytes and one 16-bit, or ...

    Do you see any repeating patterns? You could be looking at a list of records. For example, 

    06 00 00 00 00 00 00 00 3C 00 00 00 7A 2D 01 01   ........<...z-..
EC 4E 14 DE FF FF FF FF FF FF FF FF 7A 2D 01 01   .N..........z-..
ED 4E 14 DE FF FF FF FF FF FF FF FF 39 5A 01 27   .N..........9Z.'
E8 62 F4 EA FF FF FF FF FF FF FF FF 39 5A 01 27   .b..........9Z.'
E7 62 F4 EA FF FF FF FF FF FF FF FF 39 5A 01 27   .b..........9Z.'
76 5D AE E5 FF FF FF FF FF FF FF FF 39 5A 01 27   v]..........9Z.'
...

    [download]

    appears to contains 16 byte records (starting after 12 bytes). There are 60 such records, so the preceding 3C 00 00 00 must be the number of records that follow.

    You could study the sender's source code, disassembling a binary if necessary. If you have access to another receiver, you could also study it.

    If you need to send something back, you'll need to study an existing client, or at least the communication between an exiting client and server.

    Nothing simple ahead.

[reply]
[d/l]
[select]

      That`s way beyond my experience and skills.

      Is there some kind of a book or guide that explains it all.

      Do you suggest any reading

[reply]

        I'm not aware of any book on reverse engineering. Reverse engineering is to me not unlike debugging, except that you have no access to the source code of either end of the communication. You will need to monitor all communication between the two parts of your program, and try to associate the communication with certain actions that you can identify, like "if I press this button, it sends the following byte sequence". Then you will need to try to replay that communication on your own.

        So far, you haven't even told us what application you are trying to automate, and what setting it is, so we can't likely help you further.

[reply]
Re^3: Socket unpack
by Khen1950fx (Canon) on Feb 16, 2010 at 08:29 UTC
    I am trying to automate something that is not documented

    Are you sure? Perl is probably the most highly documented language around. So, I'd suggest reading perlipc for starters. Then post some code that you've tried.

[reply]
      It's the communication protocol that's not documented.
[reply]

In Section Seekers of Perl Wisdom