Skip to main content

Technical Reports: CMU-CyLab-07-014

Title:Rosetta: Extracting Protocol Semantics using Binary Analysis with Applications to Protocol Replay and NATRewriting
Authors:Juan Caballero and Dawn Song
Publication Date:October 9, 2007


Rewriting a previously seen dialog between two entities, so that it is accepted by another entity, is important for many applications including: the protocol replay problem and the NAT rewriting problem. Both problems are instances of a larger problem that we call the dialog rewriting problem. The challenge in dialog rewriting is that the dynamic fields, e.g., hostnames, IP addresses, session identifiers or timestamps, in the original dialog need to be rewritten for the modified dialog to succeed. This is particularly difficult because the protocol used in the original dialog might be unknown.

In this paper, our goal is to generate a transformation function that can be used to rewrite the values of the dynamic fields. For this, we propose binary analysis techniques to solve the main two challenges: 1) how to automatically identify the dynamic fields, and 2) how to automatically rewrite the values in the dynamic fields.

We have implemented Rosetta, a system that creates the transformation function using our proposed techniques. Our results show that we are able to identify different types of dynamic fields present in commonly used protocols such as FTP, DNS and ICQ , and that we are able to rewrite the values in the dynamic fields, even when those fields use complex encodings to represent the data, thus enabling the protocol replay and NAT rewriting problems.

Full Report: CMU-CyLab-07-014