0% found this document useful (0 votes)

412 views

Netzob Documentation

Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be used to simulate realistic and controllable traffic.

Uploaded by

rnatella

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

412 views

Netzob Documentation

Uploaded by

rnatella

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 84

Netzob Documentation

Release 0.4.1

Frdric Guihry, Georges Bossert

January 04, 2014

Contents

1 2

Contact information Netzob Overview 2.1 Overview of Netzob . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tutorials 3.1 Getting started with Netzob . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 Auto generation of Peach pit les/fuzzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3 Export Wireshark dissectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation Guides 4.1 Installation Guide . . . . . . . . . . . 4.2 Installation documentation . . . . . . . 4.3 Installation documentation on Debian . 4.4 Installation documentation on Gentoo . 4.5 Installation documentation on Windows User Guide 5.1 Importing Data . . . . . . . . . . . . . 5.2 Protocol inference . . . . . . . . . . . 5.3 Generating trafc and simulating actors 5.4 Exporting protocol model . . . . . . .

3 5 5 9 9 12 17 21 21 21 23 24 25 27 27 29 33 34 35 35 77 79

. . . . .

. . . .

Developer Guide 6.1 netzob Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Indices and tables

Python Module Index

Netzob Documentation, Release 0.4.1

Netzob is an open source tool for reverse engineering, trafc generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be used to simulate realistic and controllable trac. The main features of Netzob are: Vocabulary Inference Netzob includes a complete model to represents the message format of a protocol (aka its vocabulary). Using specic algorithms, it allows to learn it from provided traces. Grammar Inference The state machine of a protocol (aka its grammar) denes the valid sequences of exchanged messages. Netzob allows to learn it semi-automaticaly using specic algorithms. Protocol simulation To support the inferring process, a dynamic analysis is perfomed based on simulated actors. These can initiate and take part in a complex communication following the infered protocol.

Contents

Netzob Documentation, Release 0.4.1

Contents

CHAPTER 1

Contact information

Website http://www.netzob.org Email [email protected] Mailing list Two lists are available, use the SYMPA web interface to register. IRC You can hang-out with us on Freenodes IRC channel #netzob @ freenode.org. Wiki Discuss strategy on Netzobs wiki Twitter Follow Netzobs ofcial accounts (@Netzob)

Netzob Documentation, Release 0.4.1

Chapter 1. Contact information

CHAPTER 2

Netzob Overview

2.1 Overview of Netzob

Netzob has been initiated by security auditors of AMOSSYS and the CIDre research team of Suplec to address the reverse engineering of communication protocols. Originaly, the development of Netzob has been initiated to support security auditors and evaluators in their activities of modeling and simulating undocumented protocols. The tool has then been extended to allow smart fuzzing of unknown protocol. The following picture depicts the main modules of Netzob: Figure 2.1: Architecture of Netzob Import module: Data import is available in two ways: either by leveraging the channel-specic captors (currently network and IPC Inter-Process Communication), or by using specic importers (such as PCAP les, structured les and OSpy les). Protocol inference modules: The vocabulary and grammar inference methods constitute the core of Netzob. It allows both passive and active reverse engineering of communication ows through automated and manuals mechanisms. Simulation module: Given vocabulary and grammar models previously inferred, Netzob can understand and generate communication trafc between multiple actors. It can act as either a client, a server or both. Export module: This module permits to export an inferred model of a protocol in formats that are understandable by third party software or by a human. Current work focuses on export format compatible with main trafc dissectors (Wireshark and Scapy) and fuzzers (Peach and Sulley). And here is a screenshot of the main graphical interface:

The following sections will describe in more details the available mechanisms.

2.1.1 Import and capture data

Netzob Documentation, Release 0.4.1

etc.) and the format (PCAP, hex, raw binary ows, etc.). The gure below describes the multiple communication channels and therefore possible snifng points Netzob aims at addressing. Figure 2.2: Multiple communication ows arround an application The current version (version 0.4) of Netzob deals with the following data sources : Live network communications Captured network communications (PCAPs) Inter-Process Communications (IPCs) Text and binary les API ows through oSpy le format support Otherwise, if you plan to reverse a protocol implemented over an supported communication channel, Netzobs can manipulates any communications ow through an XML representation. Therefore, this situation only requires a specic development to capture the targeted ow and to save it using a compatible XML. Figure 2.3: Importing data from an unknown communication channel using the XML denition

2.1.2 Inferring message format and state machine with Netzob

The vocabulary of a communication protocol denes all the words which are integrated in it. For example, the vocabulary of a malwares communication protocol looks like a set of possible commands : {attack www.google.fr, dnspoison this.dns.server.com, execute uname -a, ...}. Another example of a vocabulary is the set of valids words in the HTTP protocol : { GET /images/logo.png HTTP/1.1 ..., HTTP/1.1 200 OK ..., ...}. Netzobs vocabulary inferring process has been designed in order to retrieve the set of all possible words used in a targeted protocol and to identify their structures. Indeed words are made of different elds which are dened by their value and types. Hence a word can be described using the structure of its elds. We describe the learning process implemented in Netzob to semi-automatically infer the vocabulary and the grammar of a protocol. This process, illustrated in the following picture, is performed in three main steps: 1. Clustering messages and partitioning these messages in elds. 2. Characterizing message elds and abstracting similar messages in symbols. 3. Inferring the transition graph of the protocol. Figure 2.4: The main functionalities

Step 1: clustering Messages and Partitioning in Fields To discover the format of a symbol, Netzob supports different partitioning approaches. In this article we describe the most accurate one, that leverages sequence alignment processes. This technique permits to align invariants in a set of messages. The Needleman-Wunsh algorithm performs this task optimally. Needleman-Wunsh is particularly effective on protocols where dynamic elds have variable lengths (as shown on the following picture). When partitioning and clustering processes are done, we obtain a relevant rst approximation of the overall message formats. The next step consists in determining the characteristics of the elds. 6 Chapter 2. Netzob Overview

Netzob Documentation, Release 0.4.1

Figure 2.5: Sequence alignment with Needleman-Wunsh algorithm If the size of those elds is xed, as in TCP and IP headers, it is preferable to apply a basic partitioning, also provided by Netzob. Such partitioning works by aligning each message by the left, and then separating successive xed columns from successive dynamic columns. To regroup aligned messages by similarity, the Needleman-Wunsh algorithm is used in conjunction with a clustering algorithm. The applied algorithm is UPGMA. Step 2 : characterization of Fields The eld type identication partially derives from the partitioning inference step. For elds containing only invariants, the type merely corresponds to the invariant value. For other elds, the type is automatically materialized, in rst approximation, with a regular expression, as shown on next gure. This form allows to easily validate the data conformity with a specic type. Moreover, Netzob offers the possibility to visualize the denition domain of a eld. This helps to manually rene the type associated with a eld. Figure 2.6: Characterization of eld type Some intra-symbol dependencies are automatically identied. The size eld, present in many protocol formats, is an example of intra-symbol dependency. A search algorithm has been designed to look for potential size elds and their associated payloads. By extension, this technique permits to discover encapsulated protocol payloads. Environmental dependencies are also identied by looking for specic values retrieved during message capture. Such specic values consist of characteristics of the underlying hardware, operating system and network conguration. During the dependency analysis, these characteristics are searched in various encoding. Step 3: inferring the Transition Graph of the Protocol The third step of the learning process discovers and extracts the transition graph from a targeted protocol (also called the grammar). More formally, the grammar of a communication protocol denes the set of valid sentences which can be produced by a communication. A sentence is a sorted set of words which may be received or emmited by a protocol handler. An exemple of a simple sentence is :
["attack www.google.fr", "attack has failed", "attack www.kernel.org", "root access granted."]

which can be described using the following simple automata with S0 the initial state : Figure 2.7: Schema of a simple grammar The learning process step is achieved by a set of active experiments that stimulate a real client or server implementation using successive sequences of input symbols and analyze its responses. In Netzob, the automata used to represent or model a communication protocol is an extended version of a Mealy automata which includes semi-stochastic transitions, contextualized and parametrized inputs and outputs. The rst academic presention of this model is included in a dedicated scientic paper provided in the documentation section. The model is inferred through a dedicated active process which consists in stimulating an implementation and to analyze its responses. In this process, we use the previously infered vocabulary to discover and to learn the grammar of the communication protocol. Each stimulation is computed following an extension of the Angluin L algorithm*.

2.1. Overview of Netzob

Netzob Documentation, Release 0.4.1

2.1.3 Protocol simulation

One of our main goal is to generate realistic network trafc from undocummented protocols. Therefore, we have implemented a dedicated module that, given vocabulary and grammar models previously infered, can simulate a communication protocol between multiple bots and masters. Besides their use of the same model, each actors is independent from the others and is organized around three main stages. The rst stage is a dedicated library that reads and writes from the network channel. It also parses the ow in messages according to previous protocols layers. The second stage uses the vocabulary to abstract received messages into symbols and vice-versa to specialize emitted symbols into messages. A memory buffer is also available to manage dependency relations. The last stage implements the grammar model and computes which symbols must be emitted or received according to the current state and time.

2.1.4 Smart fuzzing with Netzob

A typical example of dynamic vulnerability analysis is the robustness tests. It can be used to reveal software programming errors which can leads to software security vulnerabilities. These tests provide an efcient and almost automated solution to easily identify and study exposed surfaces of systems. Nevertheless, to be fully efcient, the fuzzing approaches must cover the complete denition domain and combination of all the variables which exist in a protocol (IP adresses, serial numbers, size elds, payloads, message identifer, etc.). But fuzzing typical communication interface requires too many test cases due to the complex variation domains introduced by the semantic layer of a protocol. In addition to this, an efcient fuzzing should also cover the state machine of a protocol which also brings another huge set of variations. The necessary time is nearly always too high and therefore limits the efciency of this approach. With all these contraints, achieving robustness tests on a target is feasible only if the expert has access to a specially designed tool for the targeted protocol. Hence the emergence of a large number of tools to verify the behavior of an application on one or more communication protocols. However in the context of proprietary communications protocols for which no specications are published, fuzzers do not provide optimal results. Netzob helps the security evaluator by simplifying the creation of a dedicated fuzzer for a proprietary or undocumented protocol. It allows the expert to execute a semi-automated inferring process to create a model of the targeted protocol. This model can afterward be rened by the evaluator. Finally, the created model is included in the fuzzing module of Netzob which considers the vocabulary and the grammar of the protocol to generate optimized and specic test cases. Both mutation and generation are available for fuzzing.

2.1.5 Export protocol model

The following export formats are currently provided by Netzob: XML format human readable (Wireshark like) Peach fuzzer export: this allows to combine efciency of Peach Fuzzer on previously undocummented protocols. Besides, you can write your own exporter to manipulate the inferred protocol model in your favorite tool. Netzob has been initiated by security auditors of AMOSSYS and the CIDre research team of Suplec to address the reverse engineering of communication protocols. A detailed overview of the project is available here.

Chapter 2. Netzob Overview

CHAPTER 3

Tutorials

3.1 Getting started with Netzob

The goal of this tutorial is to present the usage of each main component of Netzob (inference of message format, construction of the state machine and generation of trafc) through an undocumented protocol. You can download the protocol material here : Protocol PCAP : contains messages of the targeted protocol ; Protocol implementation : provide the server and client implementation of the protocol. You can follow the tutorial with only the PCAP le. But, you will need the implementation if you want to generate trafc and allow Netzob to discuss with a real implementation.

3.1.1 Setting the Workspace

Just after installing Netzob, when you start it, you have to set the workspace directory (as in Eclipe).

3.1.2 Your rst project

To create a project, navigate to the menu File > New project. Here, you can choose a project name which should be unique in the workspace. Side note: by default, Netzob chooses a location inside a dedicated directory located in the projects directory of your current workspace. The newly created project is automatically selected which allow you to start working on it. You can switch to another project at anytime through the use of the menu File > Open project from workspace. Do not forget to save your project before!

Netzob Documentation, Release 0.4.1

3.1.3 Capture traces

The rst step in the inferring process of a protocol in Netzob is to capture and to import messages as samples. There are different methods to retrieve messages depending of the communication channel used (les, network, IPC, USB, etc.) and the format (PCAP, hex, raw binary ows, etc.). For this tutorial, you can import network messages with the provided PCAP le. But we recommand to use the provided implementation to generate samples of trafc and capture them with Netzob. You can to this with the Netwok Capturer plugin, which is accessible is the menu File > Capture messages > Capture network traffic.

As shown on the picture, you have to launch the capture at the Layer 4 on the localhost lo interface. As the targeted protocol works over UDP, youll be able to capture only the UDP payloads. Then launch the server of the targeted protocol and then the client. This one will send different commands to the server and wait for the response. Once you have captured one session, you have to select the messages you want to import (you should import everything) and click the Import messages button. A popup will ask you if you want to allow duplicate messages. Its better to not do so, to avoid unnecessary messages. We recommend to repeat this import process 4 times, in order to have enough variation between messages.

3.1.4 Infer vocabulary

Lets now start the inference of the message format (vocabulary). The next picture shows the whole vocabulary inference interface and the intended meaning of each component.

The main window shows each message in raw hexadecimal format. You can play with visualization attributes : right click on the symbol, then select Visualization and the attribute you want to change (hex, decimal or even string format, the unit size and potentially the sign and endianess). The following picture shows the rendering of the messages in hex format (on the left) and string format (on the right). You can then see that messages contain some interesting strings (api_identify, api_encrypt, api_decrypt, etc.).

You can use the lter functionality to display messages that contain a specic pattern. Here, we lter with the api_identify pattern. This lter permits to easily retrieve the messages associated with a potential identication command. You can see that a # character is present in each messages. You can try to split the messages by forcing their partitioning with a specic delimiter. To do so, use the Force partitioning functionality available in the symbol list (either with a right click on a symbol, or by selecting a symbol with its checkbox and then clicking on the Force partitioning button right above). Using the # string delimiter, youll have the following result: You may also want to play with Sequence alignment. This partitionment allows to align messages according to their common patterns. After playing with the different partitionment available, you are able to retrieve the different commands associated with the targeted protocol, as shown on the following picture. According to the name of the commands, you can see that a api_encrypt command is available. Lets have a look at its message format, which looks like:

Chapter 3. Tutorials

Netzob Documentation, Release 0.4.1

[command]#[dataToEncrypt][padding]

Netzob allows you to indicate that a specic eld has a mutable content, which means its data is not xed (such as the # delimiter) nor part of a set of xed elements (such as the command string).To specify the structure of a eld and its attributes, right click on a eld and select Edit Variable. A popup dialog displays a rooted tree that corresponds to the inferred structure of the eld. For example, you should have all the observed values of the eld (materialized through DataVariable leafs) under an AlternateVariable node variable. Regarding the targeted protocol, as we want to allow any data for the current eld, we rst have to delete the AlternateVariableNode and modify the root node to a DataVariable that has a mutable behavior, as shown on the following picture. You can visualize the associated message format on bottom-left corner. Its should display something like this: Now that we have rened the api_encrypt command message, we have to do the same for other commands that also take as parameter a user data: api_identify, api_authentify and api_decrypt, but also for some response messages such as resp_decrypt and resp_encrypt. At this time, you have a satisfactory approximation the vocabulary. You can now start to construct the state machine of the protocol.

3.1.5 Infer Grammar

In this tutorial, we wont explain the automatic inference (learning) of the state machine. As the targeted protocol has a basic state machine, we will simply show how to model it in Netzob. A basic state machine contains states and transitions. In Netzob, we use a complex structure to model the grammar of a protocol. This model allows to specify information such as the response time between an input symbol and an output symbol, or even the probability of the different output messages given an uniq input message. This model is called an SMMDT (Stochastic Mealy Machine with Deterministic Transitions). The grammar perspective interface of Netzob allows you to create: states (initial or not); semi-stochastic transitions (i.e. normal transitions); open channel transitions; close channel transitions. Regarding our targeted protocol, we construct the associated model with the following information: 1 open channel transition and an initial state; 1 close channel transition and a nal state; 4 main states: init, identied, authenticated, closed; depending on the current state, we are able or not to launch certain commands; some commands will trigger transitions (api_identify, api_authentify and api_bye). Once modeled, this looks like: Now that Netzob knows both the vocabulary and the grammar of the targeted protocol, we are able to generate trafc that respect the protocol model.

3.1. Getting started with Netzob

Netzob Documentation, Release 0.4.1

3.1.6 Generate trafc

Lets go to the Simulator perspective of Netzob. The simulator allows you to create either a client, a server or both. You can tell Netzob to talk with a real client or server implementation, or you can just launch a client and a server inside Netzob and let them talk together. Lets now create a client. We have to specify the following information: client name; initiator or not (i.e. who opens the communication channel ?): it will usally be yes for a client; client or server side: client; protocol: UDP for te targeted protocol; bind IP: nothing here, as the client nds its own interface; bind port: nothing here, as the client nds its own port; target IP: 127.0.0.1; target port: 4242. Now start the real server implementation, select the client in Netzob and click the Start button on the top-right corner. This will generate and send commands to the real server, and youll be able to see the exchanged messages in the interface, as shown on the following picture. After this introductive tutorial, well be glade to have feedbacks and to help you (see our mailing list [email protected] or ou IRC channel #netzob on Freenode). If you want to go further and start contributing to Netzob, thats perfect. There are many simple or complex tasks everyone can do: translation, documentation, bug x, feature proposal or implementation.

3.2 Auto generation of Peach pit les/fuzzers

3.2.1 Principle
Peach is an open-source framework of fuzzing. It allows testers to create smart fuzzers adapted to their needs through XML conguration les called *Peach pit les*. Making such les needs knowledge of the format message and state machine of the targeted protocol as well as the actor Peach has to fuzz. Fortunately, Netzob allows the user to reverse engineer undocumented and proprietary protocols from provided traces in a semi-automatic way. Netzob provides an exporter plugin for Peach that allows to transform the inferred data model and state machine of a targeted protocol into a Peach pit le automatically. This tutorial shows how to take advantage of the Peach exporter plugin provided in Netzob to automatically construct Peach pit conguration les.

3.2.2 Prerequisite
You need Netzob in version 0.4.1 or above.

Chapter 3. Tutorials

Netzob Documentation, Release 0.4.1

This tutorial assumes that the user have previously followed the Getting started with Netzob tutorial and have a complete Netzob project (or at least some format messages). The protocol implementation contains several vulnerabilities that should be detected during fuzzing. Moreover it assumes that the user has Peach 2.3.8 installed.

3.2.3 Export
To export the project go in File > Export the project > Peach pit file. The window below should appears : The window is composed of three panels. The left one lists all fuzzer available. They differ on the state representation. There are three kinds of fuzzer available: Randomized state order fuzzer: one state is created for each symbols of Netzob and at each step, the fuzzer changes of state for a randomly chosen one. Randomized transitions stateful fuzzer: one state is created for each symbols of Netzob and the transitions bewteen these states are based on those Netzob allows, weight by their probability. One-state fuzzer: one state is created corresponding to the chosen symbol. When the fuzzer is on a particular state, it sends fuzzed data that corresponds to the associated symbol to the target. Choose one of them. The right panel shows the fuzzer. It gives the user a small idea of what he is doing and what changes between two congurations. The bottom panel has two options: The rst options Fuzzing based on tells on which Netzob data model the fuzzing is based: Variable: use the Netzob variables to make Peach data models. It makes more fuzzy but less smart fuzzer. Regex: use the Netzob Regex (which are displayed on the top of the symbol visualization), it is the simplest solution. The second options Mutate static fields tells if the static elds in the Netzob data model are fuzzed or not. The Export button exports the fuzzer into a user dened le. Use this fuzzer into Peach Export this fuzzer directly through the Export button to a le named test.xml into the directory of Peach. It should create a PeachzobAddons.py le, which is essential for Peach to leverage Netzob capabilities as xup. The test.xml le should look like this. Look closely to the few XML comments.

<?xml version="1.0" encoding="utf-8"?> <Peach xmlns="http://phed.org/2008/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:s <Include ns="default" src="file:defaults.xml"/> <Import import="PeachzobAddons"/> <DataModel name="dataModel 1"> <Blob name="Field 0_0" valueType="hex" value="6170695f"/>

3.2. Auto generation of Peach pit les/fuzzers

Netzob Documentation, Release 0.4.1

</Blob> <Blob name="Field 2_0" valueType="hex" value="2300000000000000000000000000000000000000000000"/> <Blob name="Field 3_0" valueType="hex" value="00"/> </DataModel> <DataModel name="dataModel 2"> <Blob name="Field 0_0" valueType="hex" value="6170695f6279652300000000000000000000000000000000000

</DataModel> <DataModel name="dataModel 3"> <Blob name="Field 0_0" valueType="hex" value="6170695f6964656e74696679236672656400000000000000000 </DataModel> <DataModel name="dataModel 4"> <Blob name="Field 0_0" valueType="hex" value="6170695f61757468656e74696679236d7950617373776421000

</DataModel> <DataModel name="dataModel 5"> <Blob name="Field 0_0" valueType="hex" value="6170695f656e637279707423313233343536746573740000000 </DataModel> <DataModel name="dataModel 6"> <Blob name="Field 0_0" valueType="hex" value="6170695f6465637279707423737071767774362731360000000 </DataModel> <DataModel name="dataModel 7"> <Blob name="Default-1_0" valueType="hex" value="00000000"/> <Blob name="Default-2-1_0" valueType="hex" value="23"/> <Blob name="Default-2-2-1-1_0" valueType="hex"> <Fixup class="PeachzobAddons.Or">

Chapter 3. Tutorials

Netzob Documentation, Release 0.4.1

<StateModel initialState="state 0" name="stateModel"> <State name="state 0"> <Action ref="state 1" type="changeState" when="random.randint(1,8)==1"/> <Action ref="state 2" type="changeState" when="random.randint(1,7)==1"/> <Action ref="state 3" type="changeState" when="random.randint(1,6)==1"/> <Action <Action <Action <Action <Action </State> ref="state ref="state ref="state ref="state ref="state 4" 5" 6" 7" 9" type="changeState" when="random.randint(1,5)==1"/> type="changeState" when="random.randint(1,4)==1"/> type="changeState" when="random.randint(1,3)==1"/> type="changeState" when="random.randint(1,2)==1"/> type="changeState"/>

3.2. Auto generation of Peach pit les/fuzzers

Netzob Documentation, Release 0.4.1

This tutorial will not talk about Peach agents but conguring one of them could be useful. In the Test block, there is as many publishers as the Netzob simulator has actors. One publisher is needed, remove the others. If there is no publishers, create one according to the model above. On this example, the tester remove the second publisher.

3.2.4 Launch the fuzzing

You rst have to start the targeted server:
./server

Assuming that the user exports the test.xml le into the Peach directory, you can now start the fuzzer:
python peach.py test.xml

After few seconds, you should trigger a segfault or a stack smashing detection.

Chapter 3. Tutorials

Netzob Documentation, Release 0.4.1

-> Read: api_identify#fred Command: api_identify Arg: fred <- Send: Return value: 0 Size of data buffer: 13 Data buffer: DATA: 72 65 73 70 5f 69 64 65 6e 74 69 66 79 -> Read: api_identify#f Command: api_identify Arg: f

"resp_identify"

*** stack smashing detected ***: ./server terminated ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0xcec045] /lib/i386-linux-gnu/libc.so.6(+0x103ffa)[0xcebffa] ./server[0x8048a3c] ./server[0x8048eb4] ./server[0x8048985] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xc014d3] ./server[0x8048831] ======= Memory map: ======== 00289000-0028a000 r-xp 00000000 00:00 0 [vdso] 002fb000-00317000 r-xp 00000000 08:03 2605207 /lib/i386-linux-gnu/libgcc_s.so.1 00317000-00318000 r--p 0001b000 08:03 2605207 /lib/i386-linux-gnu/libgcc_s.so.1 00318000-00319000 rw-p 0001c000 08:03 2605207 /lib/i386-linux-gnu/libgcc_s.so.1 00bb4000-00bd4000 r-xp 00000000 08:03 673152 /lib/i386-linux-gnu/ld-2.15.so 00bd4000-00bd5000 r--p 0001f000 08:03 673152 /lib/i386-linux-gnu/ld-2.15.so 00bd5000-00bd6000 rw-p 00020000 08:03 673152 /lib/i386-linux-gnu/ld-2.15.so 00be8000-00d8b000 r-xp 00000000 08:03 672879 /lib/i386-linux-gnu/libc-2.15.so 00d8b000-00d8c000 ---p 001a3000 08:03 672879 /lib/i386-linux-gnu/libc-2.15.so 00d8c000-00d8e000 r--p 001a3000 08:03 672879 /lib/i386-linux-gnu/libc-2.15.so 00d8e000-00d8f000 rw-p 001a5000 08:03 672879 /lib/i386-linux-gnu/libc-2.15.so 00d8f000-00d92000 rw-p 00000000 00:00 0 08048000-0804a000 r-xp 00000000 08:03 6488874 /home/sygus/travaux/netzob/target_protocol/server 0804a000-0804b000 r--p 00001000 08:03 6488874 /home/sygus/travaux/netzob/target_protocol/server 0804b000-0804c000 rw-p 00002000 08:03 6488874 /home/sygus/travaux/netzob/target_protocol/server 09e0d000-09e2e000 rw-p 00000000 00:00 0 [heap] b778b000-b778c000 rw-p 00000000 00:00 0 b77a8000-b77ac000 rw-p 00000000 00:00 0 bf90f000-bf930000 rw-p 00000000 00:00 0 [stack] Abandon (core dumped)

3.3 Export Wireshark dissectors

3.3.1 Principle
Wireshark is an open-source packet analyzer able to identify protocols and to highlight elds from the data stream. Its main drawback is that it is only usefull on documented/standard protocols. Within Netzob, which achieves semiautomatic reverse engineering of protocols, we have developed an exporter plugin that allows automatic generation of Wireshark dissectors from proprietary or undocumented protocols. Dissectors are built in LUA programming language.

3.3. Export Wireshark dissectors

Netzob Documentation, Release 0.4.1

Netzob provides a powerful datamodel in which elds are described with the following information: Regular expression (xed or dynamic size) Name (textual representation) Format Size Endianess Signing All this information is gathered to generate a script including a dissector used by Wireshark.

3.3.2 Language
Wireshark can be statically extended with C modules similar to core dissectors. Optionally, Wireshark can be congured to embed a Lua interpretor. For modularity purposes, the Lua engine has been choosed to extend Wireshark with Netzob generated dissectors.

3.3.3 Prerequisite
You need Netzob in version 0.4.1 or above. The wireshark exporter functionality is provided as a netzob core plugin (which is included in the 0.4.1 version). This tutorial assumes that the user have previously inferred the specication of the targeted protocol. An example of protocol inference is avaibale in the Getting started with Netzob tutorial.

3.3.4 Usage
1. Check that Wireshark supports Lua

2. Select a project Given a partitioned symbol in a project you can generate a wireshark dissector using the Export project menu item, then by selecting Wireshark.

You should get a popup with the LUA script automatically generated: 3. Import into wireshark Two methods are available: Evaluate the Lua script in a Wireshark instance. In wireshark, select Tools > Lua > Evaluate and paste the generated code. Start wireshark with a specic Lua script. Start wireshark with the following parameters: wireshark -X lua_script:PATH_OF_LUA_SCRIPT This will automatically import the Lua script on start.

Chapter 3. Tutorials

Netzob Documentation, Release 0.4.1

4. Dissect data packets Within the lower panel of Wireshark, you should get the dissected packets:

3.3.5 Limitations
Variable size elds cannot be easily exported to the datamodel used by Wireshark when we dont know the expected size. In this case, an error message will popup preventing Netzob from generating the dissector. If this happen, you have to complete the protocol model in order to nd the expected size of the dynamic eld.

3.3.6 Improvements
These ideas could be use to enhance dissection: Use relations (eld / size, repeat ...) Look at future biteld core implementation

3.3.7 What next ?

After this tutorial, well be glade to have feedbacks and to help you (see our mailing list [email protected] or our IRC channel #netzob on Freenode). If you want to go further and start contributing to Netzob, thats perfect. There are many simple or complex tasks everyone can do: translation, documentation, bug x, feature proposal or implementation. Get started with Netzob The goal of this tutorial is to present the usage of each main component of Netzob (inference of message format, construction of the state machine and generation of trafc) through an undocumented protocol. Auto-generation of Peach pit les/fuzzers This tutorial shows how to take advantage of the Peach exporter plugin provided in Netzob to automatically generate Peach pit conguration les, thus allowing to do smart fuzzing on undocumented protocols. Auto-generation of Wireshark dissectors This tutorial shows how to leverage Netzob format message inference in order to automatically generate Wireshark dissectors for proprietary or undocumented protocols.

3.3. Export Wireshark dissectors

Netzob Documentation, Release 0.4.1

Chapter 3. Tutorials

CHAPTER 4

Installation Guides

4.1 Installation Guide

Python package installation Python package installation Python package installation Python package installation

4.2 Installation documentation

This page presents how to install Netzob as a Python package.

4.2.1 Dependency requirements

As a classic python project, Netzob is provided with its setup.py. This le denes what and how to install the project on a Python hosting OS. This le depends on setuptools which like few other modules cannot be automatically installed. This is the reason why you have to manually install the following bunch of prerequisites before initiating Netzobs install process: python python-dev python-impacket libxml2-dev libxslt-dev python-setuptools gtk3 graphviz We also highly recommend to install the following additional dependencies:

Netzob Documentation, Release 0.4.1

python-babel (for the translations) python-sphinx (for the documentation)

4.2.2 Install Netzob with easy_install

$ easy_install netzob

4.2.3 Install Netzob from .tar.gz package

First retrieve the Netzob package:
$ wget http://www.netzob.org/repository/XXX/Netzob-XXX.tar.gz

where XXX corresponds to the version you want to install (see http://www.netzob.org/download for available versions). Then, you can either install a package locally (developer mode) or on the system. Install Netzob locally (developer mode) Once the required dependencies are installed, you can install Netzob on its current directory:
$ python setup.py build $ python setup.py develop --user

Install Netzob on the system You can also install Netzob as a Python system package:
$ python setup.py build $ python setup.py develop $ python setup.py install

4.2.4 Start Netzob

Once installed, running Netzob is as simple as executing:
$ ./netzob

Or if youve installed Netzob as a Python system package, just type:

$ netzob

4.2.5 Netzob help options

Netzob handles some command line options:
Options: --version show programs version number and exit -h, --help show this help message and exit -w WORKSPACE, --workspace=WORKSPACE Path to the workspace -b, --bug-reporter Activate the bug reporter -d DEBUGLEVEL, --debugLevel=DEBUGLEVEL

Chapter 4. Installation Guides

Netzob Documentation, Release 0.4.1

Activate debug information (DEBUG, INFO, WARNING, ERROR, CRITICAL) Manage Netzobs plugins: --plugin-list List the available plugins

4.2.6 Miscellaneous
Conguration requirements for Network and PCAP input:
$ sudo setcap cap_net_raw=ep /usr/bin/python2.XX

Conguration requirements for IPC input on Ubuntu:

$ sudo bash -c echo 0 > /proc/sys/kernel/yama/ptrace_scope

4.2.7 Building the documentation

The folder doc/documentation contains all the documentation of Netzob. The user manual can be generated based on RST sources located in folder doc/documentation/source with the following command:
$ sphinx-build -b html doc/documentation/source/ doc/documentation/build/

4.3 Installation documentation on Debian

4.3.1 Using Netzobs APT Repository
A dedicated APT repository (apt.netzob.org) is available for downloading and installing Netzob. Steps: 1. edit you /etc/apt/sources.list to add the netzobs repository URL, 2. import the GPG key used to sign the repository, 3. install netzob threw apt-get. Edit /etc/apt/sources.list You need to register the repository in your APT client by adding the following entry (stable or unstable) in your /etc/apt/sources.list or through a dedicated le in /etc/apt/sources.list.d/. Then you need to import the gpg public key used to sign the repository. Unstable & testing (Wheezy)
deb http://apt.netzob.org/debian/ unstable main deb-src http://apt.netzob.org/debian/ unstable main

Stable (Squeeze)
deb http://apt.netzob.org/debian/ squeeze-backports main deb-src http://apt.netzob.org/debian/ squeeze-backports main

4.3. Installation documentation on Debian

Netzob Documentation, Release 0.4.1

Import GPG key The repository is signed, so APT may complain until you register the archive key 0xE57AEA26 to your APT keyring. The ngerprint of the key is D865 DCF0 9B9A 195C 49F0 E3F3 F750 1A13 E57A EA26 and has been signed by the followings: 0xA255A6A3 : Georges Bossert <[email protected]> 0x561F7A47 : Frederic Guihery <[email protected]> 0x04B1A89C : Olivier Tetard <[email protected]> To import the key of the APT repository you can execute the following commands :
# wget https://dev.netzob.org/misc/debian_archive.asc -O -| gpg --import # gpg --export -a 0xF7501A13E57AEA26 | sudo apt-key add -

Install netzob You can install it with the following commands :

# apt-get update # apt-get install netzob

4.3.2 Using the provided Debian package

Installing Netzob directly from the debian package (deb le) implies you manually install the necessary packages in order to handle the required dependencies. Therefore, the following commands can be executed to install them :

# apt-get install python python-ptrace python-hachoir-subfile python-matplotlib python-dpkt strace ls

Once the requirements are fulllled you can download the debian le (i386 or amd64) and install it using the following command for an i386 architecture (32 bits) :
# dpkg -i netzob_0.3.0-1_i386.deb

or for an AMD64 (64 bits) :

# dpkg -i netzob_0.3.0-1_amd64.deb

4.4 Installation documentation on Gentoo

4.4.1 From ofcial portage (not yet available)
Some build scripts have been published for future integration in Portage. While the scripts have not yet been accepted please refer to the alternative procedure.
# emerge -av netzob

4.4.2 From Gentoo overlay (recommended, automatic)

Alternative non ofcial repositories are available on Gentoo which are called overlays. The tool used to synchronize with these repositories is called layman 1. Installing layman

Chapter 4. Installation Guides

Netzob Documentation, Release 0.4.1

# emerge app-portage/layman

2. Adding lootr repository containing Netzob ebuild scripts

# layman -a lootr

3. Installing Netzob from this repository

# emerge -av dev-python/netzob

4.4.3 From netzob repository (expert users only, manual installation)

First step is to clone the netzob repository:
# (~) git clone https://dev.netzob.org/git/netzob-gentoo.git

Then, declare this repository in the portage conguration le /etc/make.conf by adding this line:
PORTDIR_OVERLAY="/home/USER/netzob-gentoo/"

Synchronize portage
# emerge --sync

Finally emerge Netzob package: tildarched (testing-like) systems:

# emerge -av netzob

stable systems:
# ACCEPT_KEYWORDS="~x86" emerge -av netzob

4.5 Installation documentation on Windows

This documentation only applies for Netzob 0.3.3.

4.5.1 Installation of dependencies

Steps: 1. Install Python 2.7 (download the installer from python.org) 2. Install SetupTools (download the installer from pypi.python.org) 3. Install PyGTK (download the installer from gnome.org) 4. Install WinPCap 4.1.2 (download the installer from winpcap.org) 5. Install Pcapy 0.10.5 (provided on Netzobs website ; original source: oss.coresecurity.com) 6. Install following dependencies with SetupTools (be sure to have C:\Python27\Scripts\easy_install.exe in your PATH): (a) easy_install numpy

4.5. Installation documentation on Windows

Netzob Documentation, Release 0.4.1

(b) easy_install impacket (c) easy_install lxml==2.3

(d) easy_install -f "http://downloads.sourceforge.net/project/matplotlib/matplotlib/matplotlib-1 (e) easy_install bitarray==0.3.5

4.5.2 Installation of Netzob

1. Install Netzob ! Remark: If you have disabled Windows UAC, a error can be raised by Windows when executing Netzobs installer: Failed to start elevated process (ShellExecute returned 3). So you have to run the installer with administrator privilege : right-click on the executable and choose run as administrator. Python package installation Debian package installation Gentoo package installation Windows package installation

Chapter 4. Installation Guides

CHAPTER 5

User Guide

Read the Netzob User Guide.

5.1 Importing Data

Communication protocols can be found is every parts of a system, as shown on the following picture:

Netzob can handle multiple kinds of input data. Hence, you can analyze network trafc, IPC communications, les structures, etc. Import can either be done by using a dedicated captor or by providing already captured messages in a specic format. Current accepted formats are: PCAP les Structured les Netzob XML les (used by Netzob for its internal representation of messages) Current supported captors are:

Netzob Documentation, Release 0.4.1

Network captor, based on the XXX library Intra Process communication captor (API calls), based on API hooking Inter Process Communication captor (pipes, shared memory and local sockets), based on system call hooking Imported messages are manipulated by Netzob through specic Python objects which contains metadata that describes contextual parameters (timestamp or even IP source/destination for example). All the Python object that describe messages derived from an abstract object : AbstractMessage. The next part of this section details the composition of each message object.

5.1.1 AbstractMessage
All the messages inherits from this denition and therefore has the following parameters : a unique ID a data eld represented with an array of hex

5.1.2 NetworkMessage
A network message is dened with the following parameters : a timestamp the ip source the ip target the protocol (TCP/UDP/ICMP...) the layer 4 source port the layer 4 target port Denition of a NetworkMessage :

5.1.3 FileMessage
A le message is dened with the following parameters : a lename the line number in the le the creation date of the le the last modication date of the le the owner of the le the size of the le Denition of a NetworkMessage : Denition of the factory for XML processing of a FileMessage :

Chapter 5. User Guide

Netzob Documentation, Release 0.4.1

5.2 Protocol inference

5.2.1 Denition of a communication protocol
A communication protocol is as language. A language is dened through~: its vocabulary (the set of valid words or, in our context, the set of valid messages) ; its grammar (the set of valid sentences which, in our context, can be represented as a protocol state machine, like the TCP state machine). A word of the vocabular is called a symbol. A symbol represents an abstract view of a set of similar messages. Similar messages refer to messages having the same semantic (for example, a TCP SYN message, a SMTP HELLO message, an ICMP ECHO REQUEST message, etc.). A symbol is structured following a format, which species a sequence of elds (like the IP format). A eld can be splitted into sub-elds. For example, a payload is a eld of a TCP message. Therefore, by dening a layer as a kind of payload (which is a specic eld), we can retrieve the so-called Ethernet, IP, TCP and HTTP layers from a raw packet ; each layer having its own vocabular and grammar. Fields size can be xed or variable. Fields content can be static of dynamic. Fields content can be basic (a 32 bits integer) or complex (an array). A eld has four attributes~: the type denes its denition domain or set of valid values (16 bits integer, string, etc.) ; the data description denes the structuration of the eld (ASN.1, TSN.1, EBML, etc.) ; the data encoding denes ... (ASCII, little endian, big endian, XML, EBML, DER, XER, PER, etc.) ; the semantic denes ... (IP address, port number, URL, email, checksum, etc.). Fields content can be~: static ; dependant of another eld (or a set of elds) of the same message (intra-message dependency) ; dependant of a eld (or a set of elds) of a previous message in the grammar (inter-message dependency) ; dependant of the environment ; dependant of the application behaviour (which could depend on the user behaviour) ; random (the initial value of the TCP sequence number for example).

5.2.2 Modelization in Netzob

Netzob provides a framework for the semi-automated modelization (inference) of communication protocols, i.e. inferring its vocabular and grammar. [INCLURE GRAPH] Vocabular inference Message structure inference (based on sequence alignment) Regoupment of similar message structures Field type inference Field dependencies from the same message and from the environment Field semantic inference

5.2. Protocol inference

Netzob Documentation, Release 0.4.1

Grammar inference Identication of the automata of the protocol Fields dependencies with messages of previous states All the functionalities of the framework are detailled in this chapter. Vocabular inference
Structure inference Regoupment of similar structures

Options during alignment process read-only process (do not require a participation in the communication). Identify the xed and dynamic elds of all the messages. Regroups equivalent messages depending of their elds structures. Clustering (Regroups equivalent messages using) : an UPGMA Algorithm to regroup similar messages an openMP and MPI implementation Sequencing, Alignment (Identication of elds in messages) : Needleman & Wunsch Implementation Needleman and Wunsch algorithm Originaly a bio-informatic algorithm (sequencing DNA) Align two messages and identify common patterns and eld structure Computes an alignment score representing the efciency of the alignment The following picture shows the sequence alignment of two messages.

UPGMA algorithm Identify equivalent messages based on their alignment score. Build a hierarchical organization of the messages with the UPGMA algorithm (Unweighted Pair Group Method with Arithmetic Mean) The following picture shows a regroupment of similar messages based on the result of the clustering process.

Chapter 5. User Guide

Netzob Documentation, Release 0.4.1

Abstraction of a set of message The abstraction is the process of substituting the dynamic elds with their representation as a regex. An example of abstraction is shown on the follinw picture.

Analyses after alignment process aaa Message contextual menu aaa Group contextual menu aaa Rene regexes aaa Slick regexes aaa Concatenate aaa Split column aaa

5.2. Protocol inference

Netzob Documentation, Release 0.4.1

Merge columns aaa Delete message aaa

Field type inference

Visualization options aaa Type structure contextual menu aaa Messages distribution This function shows a graphical representation of the distribution of bytes per offset for each message of the current group. This function helps to identify entropy variation of each elds. Entropy variation combined with byte distribution help the user to infer the eld type. [INCLUDE GRAPH] Data typing Primary types [binary, ascii, num, base64...] Denition domain, unique elements and intervals Data carving (tar gz, png, jpg, ...) Semantic data identication (emails, IP ...) Domain of denition aaa Change type representation aaa
Field dependencies from the same message and from the environment

Fields dependancies identication Length elds and associated payloads Encapsulated messages identications And from the environment... Payload extraction The function Find Size Fields, as its name suggests, is dedicated to nd elds that contain any length value as well as the associated payload. It does this on each group. Netzob supports different encoding of the size eld : big and little endian binary values are supported through size of 1, 2 and 4 bytes. The algorithm used to nd the size elds and their associated payloads is desribed in the table XXX. [INCLUDE ALGORITHM] The following picture represents the application of the function on a trace example. It shows the automated extraction of the IP and UDP payloads from an Ethernet frame.

Chapter 5. User Guide

Netzob Documentation, Release 0.4.1

Field semantic inference

Data carving Data carving is the process of extracting semantic information from elds or messages. Netzob allows the extraction of the following semantic information : URL email IP address [INCLUDE FIGURE] Search aaa Properties aaa Grammar inference
Identication of the automata of the protocol Fields dependencies with messages of previous states

5.3 Generating trafc and simulating actors

Todo

5.3. Generating trafc and simulating actors

Netzob Documentation, Release 0.4.1

5.4 Exporting protocol model

Netzob supports the export of the modelization of the protocol in the following formats: * XML meta representation * Dedicated Scapy Dissector * Dedicated Wireshark Dissector Each export format in described in this chapter.

5.4.1 XML Export 5.4.2 Scapy Dissector

The Scapy documentation about building new dissectors is available at the following address: http://www.secdev.org/projects/scapy/doc/build_dissect.html

5.4.3 Wireshark Dissector

The Wireshark documentation about building new dissectors is available at the following address: http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html

Chapter 5. User Guide

CHAPTER 6

Developer Guide

Read the Developer Guide. See how you can contribute to Netzob API explanation:

6.1 netzob Package

6.1.1 NetzobMainController Module 6.1.2 NetzobMainView Module 6.1.3 NetzobPluginManagement Module
class netzob.NetzobPluginManagement.NetzobPluginManagement(commandLineParser) Bases: object Netzob entry point in order to manage netzob plugins listAvailablePlugins() start()

6.1.4 NetzobResources Module 6.1.5 all Module 6.1.6 release Module

netzob.release.keywords = [Protocol, Inference, Networking, Reverse Engineering, Fuzzing, Security] @deprecated: the ofcial long description is now the full README.rst le

Netzob Documentation, Release 0.4.1

6.1.7 Subpackages
Common Package
ApplicativeData Module Automata Module

class netzob.Common.Automata.Automata(type) Bases: object MMSTD_TYPE = mmstd getType() static loadFromXML(xmlRoot, vocabulary, namespace, version) save(root, namespace)
BugReporter Module CommandLine Module

class netzob.Common.CommandLine.CommandLine Bases: object Reads, validates and parses the command line arguments provided by users configure() Congure the parser based on Netzobs usage and the denition of its options and arguments getConfiguredParser() Return (if available) the parser congured to manage provided arguments and options by user. @return: the parser getOptions() isManagePluginsRequested() Compute and return is the user has requested to manage the plugins isStartGUIRequested() Compute and return if the user requested (through the command line arguments and options) to start the GTK GUI parse() Read and parse the provided arguments and options
DepCheck Module

class netzob.Common.DepCheck.DepCheck Bases: object Dependency checker. Provides multiple static method to check is required and optionnal dependency are available. static checkCExtensions() static checkRequiredDependency()

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

static check_lxml() Test the lxml requirement is fullled

EnvironmentalDependencies Module

class netzob.Common.EnvironmentalDependencies.EnvironmentalDependencies Bases: object captureEnvData() getEnvData()

EnvironmentalDependency Module

class netzob.Common.EnvironmentalDependency.EnvironmentalDependency(name, aType, value) Bases: object getName() getType() getValue() save(root, namespace) setName(name) setType(type) setValue(value)
ExecutionContext Module

class netzob.Common.ExecutionContext.ExecutionContext Bases: object static getCurrentProcesses()

Field Module Grammar Module

class netzob.Common.Grammar.Grammar Bases: object addsequence(sequence) getAutomata() getSequences() static loadGrammar(xmlRoot, vocabulary, namespace, version) save(root, namespace) setAutomata(automata)

6.1. netzob Package

Netzob Documentation, Release 0.4.1

setSequences(sequences) update(vocabulary) update: veries the grammar and its automata is still valid and that none of its symbols has been deprecated
ImportedTrace Module LoggingConfiguration Module

netzob.Common.LoggingConfiguration.LoggingConfiguration(*args, **kwargs) netzob.Common.LoggingConfiguration.singleton(cls, *args, **kwargs) This decorator allows to implement some kind of Singleton design pattern. In our case, we only allow one instanciation.
NetzobException Module

exception netzob.Common.NetzobException.NetzobException(value) Bases: exceptions.Exception Class of handling Netzob specic exceptions exception netzob.Common.NetzobException.NetzobImportException(source, message, statusCode=None, subCode=None) Bases: netzob.Common.NetzobException.NetzobException Raised if an error was encountered while importing data
Order Module

class netzob.Common.Order.Order(value) Bases: object addMessage(message) getMessages() getValue() static loadFromXML(xmlRoot, vocabulary, namespace, version) removeMessage(message) save(root, namespace) setMesages(messages) setValue(value)
Process Module

class netzob.Common.Process.Process(name, pid, user) Bases: object getName() getPid() 38 Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

getSharedLibs() getUser() setName(name) setPid(pid) setUser(user)

Project Module ProjectConfiguration Module Property Module

class netzob.Common.Property.Property(name, format, currentValue) Bases: object getCurrentValue() getFormat() getName() getPossibleValues() hasEntry() isEditable() setCurrentValue(currentValue) setFormat(format) setHasEntry(hasEntry) setIsEditable(isEditable) setName(name) setPossibleValues(possibleValues)
PropertyList Module

class netzob.Common.PropertyList.PropertyList Bases: object This class allow to store Property items that are internally stored in a dict(). Items are accessible like any other list or dict. append(prop) clear() keys() list of keys in PropertyList values() list of values in PropertyList

6.1. netzob Package

Netzob Documentation, Release 0.4.1

ResourcesConfiguration Module Sequence Module

class netzob.Common.Sequence.Sequence(id, name, description) Bases: object addMessage(message, orderNumber) addOrder(order) getDescription() getID() getName() getOrderByValue(value) getSortedOrders() static loadFromXML(xmlRoot, vocabulary, namespace, version) save(root, namespace) setDescription(description) setID(id) setName(name)
Session Module SharedLib Module

class netzob.Common.SharedLib.SharedLib(name, version, path) Bases: object static findNameAndVersion(path) getFunctions() getName() getPath() getVersion() static loadFromXML(rootElement) setFunctions(functions) setName(name) setPath(path) setVersion(version)

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

SignalsManager Module

class netzob.Common.SignalsManager.SignalsManager Bases: object Manage the signals for feature availability SIG_FIELDS_MULTIPLE_SELECTION = eld.multiple_selection SIG_FIELDS_NO_SELECTION = elds.no_selection SIG_FIELDS_SINGLE_SELECTION = eld.single_selection SIG_MESSAGES_MULTIPLE_SELECTION = messages.multiple_selection SIG_MESSAGES_NO_SELECTION = messages.no_selection SIG_MESSAGES_SINGLE_SELECTION = messages.single_selection SIG_PROJECT_CLOSE = project.close SIG_PROJECT_OPEN = project.open SIG_SYMBOLS_MULTIPLE_CHECKED = symbols.multiple_checked SIG_SYMBOLS_MULTIPLE_SELECTION = symbols.multiple_selection SIG_SYMBOLS_NONE_CHECKED = symbols.none_checked SIG_SYMBOLS_NO_SELECTION = symbols.no_selection SIG_SYMBOLS_SINGLE_CHECKED = symbols.single_checked SIG_SYMBOLS_SINGLE_SELECTION = symbols.single_selection attach(methodToExecute, signals) emitSignal(signal, *cb_args, **cb_kwargs) emitSignals(signals) getListenersMethodsForSignal(signal)

6.1. netzob Package

Netzob Documentation, Release 0.4.1

Simulator Module SplashScreen Module Symbol Module Token Module TrashSymbol Module Vocabulary Module Workspace Module XSDResolver Module

class netzob.Common.XSDResolver.XSDResolver Bases: lxml.etree.Resolver addMapping(declaredFilename, realFilename) resolve(url, id, context)

Subpackages

C_Extensions Package WrapperArgsFactory Module WrapperMessage Module Functions Package EncodingFunction Module class netzob.Common.Functions.EncodingFunction.EncodingFunction(type, name) Bases: netzob.Common.Functions.RenderingFunction.RenderingFunction TYPE = EncodingFunction apply(message) getConversionAddressingTable(message) getName() getType() setName(name) setType(type)

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

FunctionApplicationTable Module class netzob.Common.Functions.FunctionApplicationTable.FunctionApplicationTable(splittedData) Bases: object applyFunction(function, i_start, i_end) getInitialConversionAddressingTable() getResult() getSegments(i_start, i_end) getTags(col, i_local) insertTagInEncoded(col, i_local, i_global, tag, currentValue) registerTag(i_col, idTag, i, tag) updateConversionAddressingTable(old_start, old_end, new_start, new_end) updateConversionAddressingTableWithTable(table) RenderingFunction Module class netzob.Common.Functions.RenderingFunction.RenderingFunction(superType) Bases: object getID() getPriority() getSuperType() static loadFromXML(rootElement, namespace, version) loadFromXML: Function which parses an XML and extract from it the denition of a rendering function @param rootElement: XML root of the function @return an instance of a function @throw NameError if XML invalid static save(function, root, namespace_workspace) setPriority(priority) TransformationFunction Module class netzob.Common.Functions.TransformationFunction.TransformationFunction(type, name) Bases: netzob.Common.Functions.RenderingFunction.RenderingFunction TYPE = TransformationFunction apply(message) apply: Apply the function on the provided message getConversionAddressingTable(message) getName() getType() reverse(message) reverse: Apply the reverse function on the provided message save(root, namespace_common) Save under the provided XML root the current transformation function setName(name)

6.1. netzob Package

Netzob Documentation, Release 0.4.1

setType(type) VisualizationFunction Module class netzob.Common.Functions.VisualizationFunction.VisualizationFunction(type, name) Bases: netzob.Common.Functions.RenderingFunction.RenderingFunction TYPE = VisualizationFunction getName() getTags() getType() setName(name) setType(type) Subpackages Encoding Package FormatFunction Module Transformation Package BZ2Function Module Base64Function Module CustomFunction Module GZipFunction Module Visualization Package

BackgroundColorFunction Module class netzob.Common.Functions.Visualization.BackgroundColorFunction.BackgroundColorFunction(n c Bases: netzob.Common.Functions.VisualizationFunction.VisualizationFunction TYPE = BackgroundColorFunction getTags()

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

TextColorFunction Module class netzob.Common.Functions.Visualization.TextColorFunction.TextColorFunction(name, color) Bases: netzob.Common.Functions.VisualizationFunction.VisualizationFunction TYPE = TextColorFunction getTags() MMSTD Package MMSTD Module Subpackages Actors Package AbstractChannel Module MMSTDVisitor Module SimpleCommunicationChannel Module Subpackages NetworkChannels Package InstanciatedNetworkServer Module NetworkClient Module NetworkServer Module Dictionary Package AbstractionLayer Module

6.1. netzob Package

Netzob Documentation, Release 0.4.1

DictionaryEntry Module class netzob.Common.MMSTD.Dictionary.DictionaryEntry.DictionaryEntry(id, name, value) compare(val, indice, negative, dictionary) forget(temporary) generate() getID() getName() getValue() isActive() learn(val, indice) restore() send(negative, dictionary) setID(id) setName(name) undoForget() MMSTDDictionary Module class netzob.Common.MMSTD.Dictionary.MMSTDDictionary.MMSTDDictionary(variables, entries) getEntries() getEntry(id) getVariableByID(id) getVariables() Memory Module _Variable Module class netzob.Common.MMSTD.Dictionary._Variable.Variable(typeVariable, idVar, name) Variable: Denition of a variable dened in a dictionary compare(value, indice, negative, vocabulary, memory) compare: Compare the current variable to the end (starting at the indice-th character) of value. @type value: bitarray.bitarray @param value: a bit array a subarray of which we compare to the current variable binray value. @type indice: integer @param indice: the starting point of comparison in value. @type negative: boolean @param negative: tells if we use the variable or a logical not of it. @type vocabulary: netzob.Common.Vocabulary.Vocabulary @param vocabulary: the vocabulary of the current project. @type memory: netzob.Common.MMSTD.Memory.Memory @param memory: a memory which can contain a former value of the variable. @rtype: integer @return: the number of letters that matches, -1 if it does not match.

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

getDescription(negative, vocabulary, memory) getDescription: Get the full description of the variable. @type negative: boolean @param negative: tells if we use the variable or a logical not of it. @type vocabulary: netzob.Common.Vocabulary.Vocabulary @param vocabulary: the vocabulary of the current project. @type memory: netzob.Common.MMSTD.Memory.Memory @param memory: a memory which can contain a former value of the variable. @rtype: string @return: the full description of the variable. getID() getName() getTypeVariable() getUncontextualizedDescription() getUncontextualizedDescription: Get the uncontextualized description of the variable (no use of memory or vocabulary). @rtype: string @return: the uncontextualized description of the variable. getValue(negative, vocabulary, memory) getValue: Get the current value of the variable it can be the original value if its set and not forget or the value in memory if it has one else its NONE. @type negative: boolean @param negative: tells if we use the variable or a logical not of it. @type vocabulary: netzob.Common.Vocabulary.Vocabulary @param vocabulary: the vocabulary of the current project. @type memory: netzob.Common.MMSTD.Memory.Memory @param memory: a memory which can contain a former value of the variable. @rtype: (bitarray.bitarray, string) @return: the current or memorized value of the variable in both bitarray and string format. getValueToSend(negative, vocabulary, memory) getValueToSend: Get the current value of the variable it can be the original value if its set and not forget or the value in memory if it has one or it generates one and save its value in memory. @type negative: boolean @param negative: tells if we use the variable or a logical not of it. @type vocabulary: netzob.Common.Vocabulary.Vocabulary @param vocabulary: the vocabulary of the current project. @type memory: netzob.Common.MMSTD.Memory.Memory @param memory: a memory which can contain a former value of the variable. @rtype: (bitarray.bitarray, string) @return: the current, memorized value or a generated value of the variable in both bitarray and string format. isMutable() learn(value, indice, negative, vocabulary, memory) learn: Compare the current variable to the end (starting at the indice-th character) of value. Moreover it stores learns from the provided message. @type value: bitarray.bitarray @param value: a bit array a subarray of which we compare to the current variable binray value. @type indice: integer @param indice: the starting point of comparison in value. @type negative: boolean @param negative: tells if we use the variable or a logical not of it. @type vocabulary: netzob.Common.Vocabulary.Vocabulary @param vocabulary: the vocabulary of the current project. @type memory: netzob.Common.MMSTD.Memory.Memory @param memory: a memory which can contain a former value of the variable. @rtype: integer @return: the number of letters that matches, -1 if it does not match. static loadFromXML(xmlRoot, namespace, version) loadFromXML: Load a variable from an XML denition. Calls its proper heir function for it to create the variable. @type xmlRoot: lxml.etree.Element @param xmlRoot: the root of the XML denition. @type namespace: string @param namespace: the namespace (precision) associated to the variable in the XML

6.1. netzob Package

Netzob Documentation, Release 0.4.1

denition. @type version: string @param version: the version of the load needed. @rtype: netzob.Common.MMSTD.Dictionary.Variable.Variable @return: a variable constructed from this XML denition. restore(vocabulary, memory) restore: Restore learned value from the last execution of the variable. @type vocabulary: netzob.Common.Vocabulary.Vocabulary @param vocabulary: the vocabulary of the current project. @type memory: netzob.Common.MMSTD.Memory.Memory @param memory: a memory which can contain a former value of the variable. setID(idVar) setName(name) setTypeVariable(typeVariable) toXML(root, namespace) toXML: Create the xml tree associated to this variable. @type root: lxml.etree.Element @param root: the root of the tree being built. @type namespace: string @param namespace: a namespace used as a precision in the variable tree. Subpackages DataTypes Package AbstractType Module AbstractWordType Module BinaryType Module DecimalWordType Module HexWordType Module IPv4WordType Module IntegerType Module MACWordType Module WordType Module RelationTypes Package

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

AbstractRelationType Module class netzob.Common.MMSTD.Dictionary.RelationTypes.AbstractRelationType.AbstractRelationType(

AbstractRelationType: It denes the type of a relation variable. computeValue(writingToken) computeValue: Compute the value of the variable according to its type.

@type writingToken: netzob.Common.MMSTD.Dictionary.VariableProcessingToken.VariableWritingToken.VariableWriting @param writingToken: a token which contains all critical information on this access. @rtype: bitarray @return: the computed value. getAssociatedDataType() getFactor() getNbBits() getNbChars() getOffset() getType() getType: Return a string describing the current Type. @rtype: string @return: the current type in string format. makeAssociatedDataType(sized, minChars, maxChars, delimiter) Make the associated data type. @type minChars: integer @type sized: boolean @param sized: tell if the variable can be delimited by a size or by a delimiter. @param minChars: the minimum number of elementary character the value of this variable can have. @type maxChars: integer @param maxChars: the maximum number of elementary character the value of this variable can have. @type delimiter: bitarray @param delimiter: a set of bits that tells where the associated variable ends. static makeType(typeString, sized, minChars, maxChars, delimiter, factor, offset) setAssociatedDataType(dataType) toString() BinarySizeRelationType Module WordSizeRelationType Module Values Package AbstractValue Module 6.1. netzob Package 49

Netzob Documentation, Release 0.4.1

Aggregate Module EndValue Module TextValue Module VarValue Module VariableProcessingToken Package

AbstractVariableProcessingToken Module class netzob.Common.MMSTD.Dictionary.VariableProcessingToken.AbstractVariableProcessingToken.

AbstractVariableProcessingToken: A communication token used by variable when they are processed. appendLinkedValue(value) getIndex() getLinkedValue() getMemory() getNegative() getValue() getVocabulary() isOk() setOk(ok) setValue(value) VariableReadingToken Module VariableWritingToken Module Variables Package AbstractLeafVariable Module AbstractNodeVariable Module AbstractVariable Module 50 Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

AggregateVariable Module AlternateVariable Module ComputedRelationVariable Module DataVariable Module RepeatVariable Module _AbstractRelationVariable Module _AggregateVariable Module _AlternateVariable Module class netzob.Common.MMSTD.Dictionary.Variables._AlternateVariable.AlternateVariable(idVar, name, children) Bases: netzob.Common.MMSTD.Dictionary._Variable.Variable AlternateVariable: A node variable that makes an alternative of all its children. addChild(child) compare(value, indice, negative, vocabulary, memory) compare: Compare the current variable to the end (starting at the indice-th character) of value. Return the number of letters that matches, -1 if it does not match. getChildren() getDescription(negative, vocabulary, memory) getDescription: Get the full description of the variable. getUncontextualizedDescription() getUncontextualizedDescription: Get the uncontextualized description of the variable (no use of memory or vocabulary). getValue(negative, vocabulary, memory) getValue: Get the current value of the variable it can be the original value if its set and not forget or the value in memory if it has one else its NONE. getValueToSend(negative, vocabulary, memory) getValueToSend: Get the current value of the variable it can be the original value if its set and not forget or the value in memory if it has one or it generates one and save its value in memory. learn(value, indice, negative, vocabulary, memory) learn: Compare the current variable to the end (starting at the indice-th character) of value. Moreover it stores learns from the provided message. Return the number of letters that matches, -1 if it does not match. static loadFromXML(xmlRoot, namespace, version) loadFromXML: Load an alternate variable from an XML denition. restore(vocabulary, memory) restore: Restore learned value from the last execution of the variable.

6.1. netzob Package

Netzob Documentation, Release 0.4.1

toXML(root, namespace) toXML: Create the xml tree associated to this variable. _BinaryVariable Module _ComputedRelationVariable Module _DecimalWordVariable Module _DirectRelationVariable Module _DynLenStringVariable Module _HexVariable Module _IPVariable Module class netzob.Common.MMSTD.Dictionary.Variables._IPVariable.IPVariable(id, name, defaultVar) Bases: netzob.Common.MMSTD.Dictionary._Variable.Variable generateValue(negative, dictionary) getValue(negative, dictionary) learn(val, indice, isForced, dictionary) string2bin(aStr) _IPv4Variable Module _IntVariable Module _MD5Variable Module _ReferencedVariable Module _WordVariable Module MemOpexs Package

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

MemOpex Module class netzob.Common.MMSTD.MemOpexs.MemOpex.MemOpex(type, id, transitionId) getID() getTransitionID() getType() static loadFromXML(xmlRoot, namespace, version) save(root, namespace) setID(id) setTransitionID(transitionID) Subpackages impl Package ForgetMemOpex Module class netzob.Common.MMSTD.MemOpexs.impl.ForgetMemOpex.ForgetMemOpex(id, transitionId, variableId) Bases: netzob.Common.MMSTD.MemOpexs.MemOpex.MemOpex getVariableID() static loadFromXML(xmlRoot, namespace, version) save(root, namespace) setVariableID(variableID) States Package AbstractState Module class netzob.Common.MMSTD.States.AbstractState.AbstractState(type, id, name) activate() addMemOpex(memOpex) deactivate() executeAsClient(abstractionLayer) executeAsMaster(abstractionLayer) getID() getMemOpexs() getName() getTransitions() getType()

6.1. netzob Package

Netzob Documentation, Release 0.4.1

isActive() static loadFromXML(xmlRoot, namespace, version) registerTransition(transition) removeMemOpex(memOpex) save(root, namespace) setID(id) setName(name) Subpackages impl Package NormalState Module class netzob.Common.MMSTD.States.impl.NormalState.NormalState(id, name) Bases: netzob.Common.MMSTD.States.AbstractState.AbstractState executeAsClient(abstractionLayer) executeAsMaster(abstractionLayer) getID() getName() getTransitions() static loadFromXML(xmlRoot, namespace, version) registerTransition(transition) save(root, namespace) setID(id) setName(name) unregisterTransition(transition) StartState Module class netzob.Common.MMSTD.States.impl.StartState.StartState(id, name) Bases: netzob.Common.MMSTD.States.AbstractState.AbstractState executeAsClient(abstractionLayer) executeAsMaster(abstractionLayer) getID() getName() getTransitions() static loadFromXML(xmlRoot, namespace, version) registerTransition(transition) save(root, namespace)

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

setID(id) setName(name) Symbols Package AbstractSymbol Module class netzob.Common.MMSTD.Symbols.AbstractSymbol.AbstractSymbol(type) getType() Subpackages impl Package DictionarySymbol Module class netzob.Common.MMSTD.Symbols.impl.DictionarySymbol.DictionarySymbol(dictionaryEntry) Bases: netzob.Common.MMSTD.Symbols.AbstractSymbol.AbstractSymbol TYPE = DictionarySymbol getEntry() getID() getName() isEquivalent(symbol) setEntry(entry) setID(id) write(writingToken) write: Grant a writing access to the entry. Retrieve and return the value issued from this access.

@type writingToken: netzob.Common.MMSTD.Dictionary.VariableProcessingToken.VariableWritingToken.VariableWriting @param writingToken: a token which contains all critical information on this writing access. @rtype: bitarray @return: the value this acces writes. EmptySymbol Module UnknownSymbol Module Transitions Package

6.1. netzob Package

Netzob Documentation, Release 0.4.1

AbstractTransition Module class netzob.Common.MMSTD.Transitions.AbstractTransition.AbstractTransition(type, id, name, inputState, outputState) activate() deactivate() executeAsClient(abstractionLayer) executeAsMaster(abstractLayer) getDescription() getID() getInputState() getName() getOutputState() getType() isActive() isValid(inputSymbol) static loadFromXML(states, vocabulary, xmlRoot, namespace, version) setID(id) setInputState(inputState) setName(name) setOutputState(outputState) toXMLString(idStartState) Subpackages impl Package CloseChannelTransition Module

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

class netzob.Common.MMSTD.Transitions.impl.CloseChannelTransition.CloseChannelTransition(id, name inputState, outputState, disconnectionTime) Bases: netzob.Common.MMSTD.Transitions.AbstractTransition.AbstractTransition TYPE = CloseChannel closeConnection(abstractionLayer) executeAsClient(abstractionLayer) executeAsMaster(abstractionLayer) getDescription() getDisconnectionTime() isValid(receivedSymbol) static loadFromXML(states, xmlTransition, namespace, version) save(root, namespace)

OpenChannelTransition Module class netzob.Common.MMSTD.Transitions.impl.OpenChannelTransition.OpenChannelTransition(id, name, inputState, outputState, connectionTime, maxNum berOfAttempt) Bases: netzob.Common.MMSTD.Transitions.AbstractTransition.AbstractTransition TYPE = OpenChannel executeAsClient(abstractionLayer) executeAsMaster(abstractionLayer)

6.1. netzob Package

Netzob Documentation, Release 0.4.1

getConnectionTime() getDescription() getMaxNumberOfAttempt() isValid(receivedSymbol) static loadFromXML(states, xmlTransition, namespace, version) openConnection(abstractionLayer) save(root, namespace) SemiStochasticTransition Module SimpleTransition Module class netzob.Common.MMSTD.Transitions.impl.SimpleTransition.SimpleTransition(id, name, inputState, outputState, timeBeforeActing, outputSymbol) Bases: netzob.Common.MMSTD.Transitions.AbstractTransition.AbstractTransition executeAsClient(abstractionLayer) executeAsMaster(abstractionLayer) getDescription() getOutputSymbol() getTimeBeforeActing() isValid(receivedSymbol) static parse(xmlTransition, dictionary, states) toXMLString(idStartState) Models Package AbstractMessage Module FileMessage Module 58 Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

IPCMessage Module IRPDeviceIoControlMessage Module IRPMessage Module L2NetworkMessage Module L3NetworkMessage Module L4NetworkMessage Module RawMessage Module Subpackages Factories Package AbstractMessageFactory Module FileMessageFactory Module IPCMessageFactory Module class netzob.Common.Models.Factories.IPCMessageFactory.IPCMessageFactory Bases: object XML_SCHEMA_TYPE = netzob-common:IPCMessage static addPropertiesToElement(xmlMessage, message, namespace) static loadFromXML(rootElement, namespace, version) static save(message, xmlMessage, namespace_project, namespace) IRPDeviceIoControlMessageFactory Module IRPMessageFactory Module L2NetworkMessageFactory Module L3NetworkMessageFactory Module L4NetworkMessageFactory Module OldFormatNetworkMessageFactory Module 6.1. netzob Package 59

Netzob Documentation, Release 0.4.1

RawMessageFactory Module Plugins Package AbstractPluginController Module AbstractPluginView Module class netzob.Common.Plugins.AbstractPluginView.AbstractPluginView(plugin, troller) Bases: object Regroup methods any plugins view must be able to access getController() Returns the controller attached to the current plugin @return: the controller getPlugin() Returns the current plugin denition class @return: the plugin denition CapturerPlugin Module ExporterPlugin Module FileImporterPlugin Module NetzobPlugin Module PluginChecker Module Subpackages Capturers Package AbstractCapturer Module AbstractCapturerController Module AbstractCapturerView Module Exporters Package AbstractExporterController Module AbstractExporterView Module

con-

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

Extensions Package

CapturerMenuExtension Module class netzob.Common.Plugins.Extensions.CapturerMenuExtension.CapturerMenuExtension(netzob, controller, actionName, menuText, menuStock=None, menuAccel=None, menuTooltip=None) Bases: netzob.Common.Plugins.Extensions.GlobalMenuExtension.GlobalMenuExtension executeAction(widget, vocabularyView, data=None) getActions() getUIDefinition() ExportMenuExtension Module class netzob.Common.Plugins.Extensions.ExportMenuExtension.ExportMenuExtension(netzob, controller, actionName, menuText, menuStock=None, menuAccel=None, menuTooltip=None) Bases: netzob.Common.Plugins.Extensions.GlobalMenuExtension.GlobalMenuExtension ExportMenuExtension: A generic export menu extension. executeAction(widget, data=None) executeAction: Start the controller. Called when the menu entry is selected. getActions() getActions:

6.1. netzob Package

Netzob Documentation, Release 0.4.1

@rtype: List @return: the list of all information on the action associated to the menu extension. getUIDefinition() getUIDenition: Return the User Interface denition of this menu extension. @rtype: string @return: an xml string representing the menu extension. GlobalMenuExtension Module class netzob.Common.Plugins.Extensions.GlobalMenuExtension.GlobalMenuExtension Bases: netzob.Common.Plugins.Extensions.NetzobExtension.NetzobExtension NetzobExtension Module class netzob.Common.Plugins.Extensions.NetzobExtension.NetzobExtension Bases: object Importers Package AbstractFileImporterController Module AbstractFileImporterView Module AbstractImporterController Module AbstractImporterView Module Threads Package Job Module class netzob.Common.Threads.Job.Job(generator) Bases: object Wrap a co-routines that yields asynchronous tasks (see Task class). Task Module class netzob.Common.Threads.Task.Task Bases: object Base class for asynchronous tasks. cancel() config(return_cb, exception_cb) Set return and exception callbacks. run() Subpackages Tasks Package

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

SleepTask Module ThreadedTask Module Type Package Endianess Module class netzob.Common.Type.Endianess.Endianess BIG = big-endian LITTLE = little-endian Format Module class netzob.Common.Type.Format.Format ALPHA = alpha ALPHA_NUM = alphanum ASCII = ascii BASE64_DEC = base64dec BASE64_ENC = base64enc BINARY = binary DECIMAL = decimal FLOAT = oat HEX = hex IP = ip IPv4 = ipv4 NUM = num OCTAL = octal STRING = string formatVisualizationUnitSizes = {binary: 1, hex: 4, string: 8} static getExtendedSupportedFormats() static getPossibleFormats(values) getPossibleFormats: Given the provided values, it computes the possible formats the values can be. returns a list of format static getSupportedFormats() static getUnitSize(format)

6.1. netzob Package

Netzob Documentation, Release 0.4.1

Sign Module class netzob.Common.Type.Sign.Sign SIGNED = signed UNSIGNED = unsigned TypeConvertor Module TypeIdentifier Module class netzob.Common.Type.TypeIdentifier.TypeIdentifier getTypes(val) isAscii(val) isBase64(val) isHexString(val) UnitSize Module class netzob.Common.Type.UnitSize.UnitSize BIT = bit BITS16 = 16-bits BITS32 = 32-bits BITS4 = 4-bits BITS64 = 64-bits BITS8 = 8-bits NONE = none static getMaxDigitForTypeAndUnitSize(aType, unitSize) static getPackDefiniton(unitSize) static getSizeInBits(unitSize) unitSizeInBits = {32-bits: 32, 16-bits: 16, 8-bits: 8, bit: 1, 4-bits: 4, 64-bits: 64} Export Package
RawExport Module

class netzob.Export.RawExport.RawExport(netzob) Bases: object getXMLDefinition(symbolID)

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

ScapyExport Module

class netzob.Export.ScapyExport.ScapyExport(netzob) Bases: object getScapyDefinition(symbolID)

TextExport Module

class netzob.Export.TextExport.TextExport(netzob) Bases: object getTextDefinition(symbolID) ExternalLibs Package

xdot Module

Import Package
AbstractImporter Module ApiImport Module ThirdPartyImport Module XMLImport Module Subpackages

GOTPoisoning Package GOTPoisoner Module class netzob.Import.GOTPoisoning.GOTPoisoner.GOTPoisoner(parasite, injector) injectProcess(pid) HijackedFunction Module class netzob.Import.GOTPoisoning.HijackedFunction.HijackedFunction(name, returnType, parameters, source) getEndOfFunction() getName() getParameters() getParasiteFunctionDeclaration() getParasitePrototype()

6.1. netzob Package

Netzob Documentation, Release 0.4.1

getPrototype() getReturnType() getSource() static loadFromXML(rootElement) setName(name) setParameters(parameters) setReturnType(returnType) setSource(source) InjectorGenerator Module class netzob.Import.GOTPoisoning.InjectorGenerator.InjectorGenerator(tmp_folder, parasite) compileInjector() getFolder() getLibName() getLibPath() getParasiteSignature() getShellCode() getSourceCode() produceShellCode() writeInjectorToFile() ParasiteGenerator Module class netzob.Import.GOTPoisoning.ParasiteGenerator.ParasiteGenerator(tmp_folder) addAnHijackedFunctions(function) compileParasite() getFifoFile() getFunctions() getParasitesSignature() getSourceCode() getSourceCodeHeader() getSourceCodeOfWriteFunction() getSourceCodeParasiteCoreFunctions() linkParasite() writeParasiteToFile()

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

PrototypesRepositoryParser Module class netzob.Import.GOTPoisoning.PrototypesRepositoryParser.PrototypesRepositoryParser static loadFromXML(le) ThirdParties Package AbstractThirdPartyImporter Module class netzob.Import.ThirdParties.AbstractThirdPartyImporter.AbstractThirdPartyImporter(id, name) Bases: object getId() getName() parse(paths) OSpy Module TreeViews Package TreeProcessesGenerator Module Inference Package
Subpackages

Grammar Package Angluin Module AutomaticGrammarAbstractionView Module AutomaticGrammarInferenceView Module GrammarInferer Module LearningAlgorithm Module MQCache Module Subpackages EquivalenceOracles Package

6.1. netzob Package

Netzob Documentation, Release 0.4.1

AbstractEquivalenceOracle Module class netzob.Inference.Grammar.EquivalenceOracles.AbstractEquivalenceOracle.AbstractEquivalen Bases: object findCounterExample(mmstd) WMethodNetworkEquivalenceOracle Module Oracles Package AbstractOracle Module class netzob.Inference.Grammar.Oracles.AbstractOracle.AbstractOracle(type) Bases: object start(mmstd) stop() NetworkOracle Module Queries Package MembershipQuery Module Vocabulary Package DataCarver Module SearchResult Module class netzob.Inference.Vocabulary.SearchResult.SearchResult(message, description) Bases: object addSegment(i_start, i_end) getDescription() getMessage() getSegments() getVariationDescription() setDescription(description) setVariationDescription(variationDescription)

Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

SearchTask Module class netzob.Inference.Vocabulary.SearchTask.SearchTask(description, data, type) Bases: object getDescription() getResults() getVariations() registerResults(r, v) registerVariation(data, description) setDescription(description) SearchView Module Searcher Module SizeFieldIdentifier Module _VariableView Module Subpackages Alignment Package AsciiAlign Module NeedlemanAndWunsch Module UPGMA Module Simulator Package
XDotWidget Module

UI Package
ModelReturnCodes Module

Created on 28 juin 2012 @author: fabien

6.1. netzob Package

Netzob Documentation, Release 0.4.1

NetzobAbstractController Module NetzobAbstractPerspectiveController Module NetzobAbstractPerspectiveView Module NetzobAbstractView Module NetzobWidgets Module Subpackages

Common Package AboutDialog Module Subpackages Controllers Package AvailablePluginsController Module BugReporterController Module CustomTransformationFunctionController Module MoveMessageController Module ProjectExportController Module ProjectImportController Module ProjectPropertiesController Module WorkspaceConfigurationController Module WorkspaceSelectorController Module Views Package AvailablePluginsView Module BugReporterCertificateErrorView Module 70 Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

BugReporterView Module CustomTransformationFunctionView Module MoveMessageView Module ProjectExportView Module ProjectImportView Module ProjectPropertiesView Module WorkspaceConfigurationView Module WorkspaceSelectorView Module Export Package Subpackages Controllers Package RawExportController Module ScapyExportController Module TextExportController Module Views Package RawExportView Module ScapyExportView Module TextExportView Module Fuzzing Package Subpackages Grammar Package 6.1. netzob Package 71

Netzob Documentation, Release 0.4.1

Subpackages Controllers Package CreateCloseChannelTransitionController Module CreateOpenChannelTransitionController Module CreateSemiStochasticTransitionController Module CreateStateController Module DeleteStateController Module DeleteTransitionController Module EditStateController Module GrammarController Module Subpackages Menus Package ContextualMenuOnStateController Module Views Package CreateCloseChannelTransitionView Module CreateOpenChannelTransitionView Module CreateSemiStochasticTransitionView Module CreateStateView Module DeleteStateView Module DeleteTransitionView Module EditStateView Module 72 Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

GrammarView Module GrammarXDotWidget Module Subpackages Menus Package ContextualMenuOnStateView Module Import Package ImportFileChooserDialog Module Subpackages Controllers Package ConfirmImportMessagesController Module Views Package ConfirmImportMessagesView Module Simulator Package Subpackages Controllers Package CreateNetworkActorController Module SimulatorController Module Views Package CreateNetworkActorView Module SimulatorView Module TraceManager Package 6.1. netzob Package 73

Netzob Documentation, Release 0.4.1

Subpackages Controllers Package ApplicativeDataImportController Module ApplicativeDataManagerController Module TraceManagerController Module Views Package ApplicativeDataImportView Module ApplicativeDataManagerView Module TraceManagerView Module Vocabulary Package Subpackages Controllers Package EnvironmentDependenciesSearcherController Module FieldAnalysisController Module FilterMessagesController Module FindSizeFieldsController Module MessageTableController Module MessagesDistributionController Module PopupEditFieldController Module RelationsController Module ResearchController Module 74 Chapter 6. Developer Guide

Netzob Documentation, Release 0.4.1

SplitFieldController Module VariableController Module VariableDisplayerController Module VocabularyController Module Subpackages Menus Package ContextualMenuOnFieldController Module ContextualMenuOnLayerController Module Partitioning Package ForcePartitioningController Module ResetPartitioningController Module SequenceAlignmentController Module SimplePartitioningController Module SmoothPartitioningController Module Views Package EnvironmentDependenciesSearcherView Module FieldAnalysisView Module FilterMessagesView Module MessageTableView Module MessagesDistributionView Module PopupEditFieldView Module 6.1. netzob Package 75

Netzob Documentation, Release 0.4.1

RelationsView Module ResearchView Module SearchResultsView Module SplitFieldView Module VariableDisplayerView Module VariableView Module VocabularyView Module Subpackages Menus Package ContextualMenuOnFieldView Module ContextualMenuOnLayerView Module Partitioning Package ForcePartitioningView Module ResetPartitioningView Module SequenceAlignmentView Module SimplePartitioningView Module SmoothPartitioningView Module

Chapter 6. Developer Guide

CHAPTER 7

Indices and tables

Table of content genindex modindex search

Netzob Documentation, Release 0.4.1

Chapter 7. Indices and tables

Python Module Index

netzob.Common.MMSTD.Dictionary.Variables._IPVariabl 52 netzob.Common.Automata, 36 netzob.Common.MMSTD.MemOpexs.impl.ForgetMemOpex, netzob.Common.CommandLine, 36 53 netzob.Common.DepCheck, 36 netzob.Common.EnvironmentalDependencies, netzob.Common.MMSTD.MemOpexs.MemOpex, 53 37 netzob.Common.MMSTD.States.AbstractState, netzob.Common.EnvironmentalDependency, 53 37 netzob.Common.MMSTD.States.impl.NormalState, netzob.Common.ExecutionContext, 37 54 netzob.Common.Functions.EncodingFunction, netzob.Common.MMSTD.States.impl.StartState, 42 54, netzob.Common.Functions.FunctionApplicationTable netzob.Common.MMSTD.Symbols.AbstractSymbol, 43 55 netzob.Common.Functions.RenderingFunction, netzob.Common.MMSTD.Symbols.impl.DictionarySymbol, 43 netzob.Common.Functions.TransformationFunction, 55 netzob.Common.MMSTD.Transitions.AbstractTransition, 43 56 netzob.Common.Functions.Visualization.BackgroundColorFunction , netzob.Common.MMSTD.Transitions.impl.CloseChannelTr 44 56 netzob.Common.Functions.Visualization.TextColorFunction , netzob.Common.MMSTD.Transitions.impl.OpenChannelTra 45 netzob.Common.Functions.VisualizationFunction, 57 netzob.Common.MMSTD.Transitions.impl.SimpleTransiti 44 58 netzob.Common.Grammar, 37 netzob.Common.Models.Factories.IPCMessageFactory , netzob.Common.LoggingConfiguration, 38 59 netzob.Common.MMSTD.Dictionary._Variable, netzob.Common.NetzobException, 38 46 netzob.Common.Order , 38 netzob.Common.MMSTD.Dictionary.DictionaryEntry , netzob.Common.Plugins.AbstractPluginView , 46 60 netzob.Common.MMSTD.Dictionary.MMSTDDictionary, netzob.Common.Plugins.Extensions.CapturerMenuExtens 46 61 netzob.Common.MMSTD.Dictionary.RelationTypes.AbstractRelationType , netzob.Common.Plugins.Extensions.ExportMenuExtensio 49 61 netzob.Common.MMSTD.Dictionary.VariableProcessingToken.AbstractVariableProcessingToken , netzob.Common.Plugins.Extensions.GlobalMenuExtensio 50 62 netzob.Common.MMSTD.Dictionary.Variables._AlternateVariable , netzob.Common.Plugins.Extensions.NetzobExtension , 51 62 79

Netzob Documentation, Release 0.4.1

netzob.Common.Process, 38 netzob.Common.Property, 39 netzob.Common.PropertyList, 39 netzob.Common.Sequence, 40 netzob.Common.SharedLib, 40 netzob.Common.SignalsManager, 41 netzob.Common.Threads.Job, 62 netzob.Common.Threads.Task, 62 netzob.Common.Type.Endianess, 63 netzob.Common.Type.Format, 63 netzob.Common.Type.Sign, 64 netzob.Common.Type.TypeIdentifier, 64 netzob.Common.Type.UnitSize, 64 netzob.Common.XSDResolver, 42 netzob.Export.RawExport, 64 netzob.Export.ScapyExport, 65 netzob.Export.TextExport, 65 netzob.Import.GOTPoisoning.GOTPoisoner, 65 netzob.Import.GOTPoisoning.HijackedFunction, 65 netzob.Import.GOTPoisoning.InjectorGenerator, 66 netzob.Import.GOTPoisoning.ParasiteGenerator, 66 netzob.Import.GOTPoisoning.PrototypesRepositoryParser, 67 netzob.Import.ThirdParties.AbstractThirdPartyImporter, 67 netzob.Inference.Grammar.EquivalenceOracles.AbstractEquivalenceOracle, 68 netzob.Inference.Grammar.Oracles.AbstractOracle, 68 netzob.Inference.Vocabulary.SearchResult, 68 netzob.Inference.Vocabulary.SearchTask, 69 netzob.NetzobPluginManagement, 35 netzob.NetzobResources, 35 netzob.release, 35 netzob.UI.ModelReturnCodes, 69

Python Module Index

The Ultimate DIY Kit! (Instant Download)
96% (79)
The Ultimate DIY Kit! (Instant Download)
27 pages
Authenticating The Birth Certificate
97% (261)
Authenticating The Birth Certificate
8 pages
Blacks Law Dictionary PDF
87% (46)
Blacks Law Dictionary PDF
1,335 pages
Credit Repair Letters To Remove Debt Strawman
98% (270)
Credit Repair Letters To Remove Debt Strawman
75 pages
Committee Report
90% (10)
Committee Report
42 pages
The Official LSAT PrepTest 72 - Wendy Margolis
100% (5)
The Official LSAT PrepTest 72 - Wendy Margolis
83 pages
How To Use Quantum Grammar To Remove Any Debt by Brad Tipton
97% (62)
How To Use Quantum Grammar To Remove Any Debt by Brad Tipton
17 pages
Amazon Counterfeit Lawsuits
75% (171)
Amazon Counterfeit Lawsuits
46 pages
The Dispute Letters Templates PDF
96% (69)
The Dispute Letters Templates PDF
20 pages
Claim Credits Guide
93% (15)
Claim Credits Guide
5 pages
LSP Temporary Emergency Exemption To Specific Federal Motor Carrier Safety Regulations 01-12-2024
No ratings yet
LSP Temporary Emergency Exemption To Specific Federal Motor Carrier Safety Regulations 01-12-2024
1 page
Activating Funding Pure Business Trust
100% (39)
Activating Funding Pure Business Trust
13 pages
Notice Debt Valid For Discovery - Child Support
98% (45)
Notice Debt Valid For Discovery - Child Support
7 pages
Meet Your Strawman: Let's Have A Little Quiz
96% (23)
Meet Your Strawman: Let's Have A Little Quiz
71 pages
Jeffrey Epstein Documents - Unsealed Thursday, July 30
97% (219)
Jeffrey Epstein Documents - Unsealed Thursday, July 30
638 pages
Uniform Commercial Code 2010-2011 Ed
94% (17)
Uniform Commercial Code 2010-2011 Ed
2,418 pages
The Court System and Freemasonry
100% (6)
The Court System and Freemasonry
56 pages
Gilbert Law Summaries On Torts (2008) 726 Pages
100% (1)
Gilbert Law Summaries On Torts (2008) 726 Pages
726 pages
Credit Repair Ebook
100% (9)
Credit Repair Ebook
32 pages
INTERCHANGE 2 - RQUIZ UNITS 11 & 12 - Revisión Del Intento
No ratings yet
INTERCHANGE 2 - RQUIZ UNITS 11 & 12 - Revisión Del Intento
6 pages
SignalR on .NET 6 - the Complete Guide
From Everand
SignalR on .NET 6 - the Complete Guide
Fiodar Sazanavets
No ratings yet
SSN and BC Trusts
100% (23)
SSN and BC Trusts
4 pages
Multiple Choice Questions
100% (1)
Multiple Choice Questions
29 pages
Simplified Roberts Rules of Order
80% (5)
Simplified Roberts Rules of Order
41 pages
Verb Tenses
No ratings yet
Verb Tenses
27 pages
C++ Networking 101
From Everand
C++ Networking 101
Anais Sutherland
No ratings yet
Rust for Network Programming and Automation
From Everand
Rust for Network Programming and Automation
Brian Anderson
No ratings yet
C# for Beginners: Learn in 24 Hours
From Everand
C# for Beginners: Learn in 24 Hours
Alex Nordeen
No ratings yet
Serial Port Complete: COM Ports, USB Virtual COM Ports, and Ports for Embedded Systems
From Everand
Serial Port Complete: COM Ports, USB Virtual COM Ports, and Ports for Embedded Systems
Jan Axelson
3.5/5 (9)
NNG Reference Manual, Second Edition
From Everand
NNG Reference Manual, Second Edition
Garrett D'Amore
No ratings yet
Getting Started with Simulink
From Everand
Getting Started with Simulink
Luca Zamboni
4.5/5 (4)
Software-Defined Networks: A Systems Approach
From Everand
Software-Defined Networks: A Systems Approach
Larry Peterson
5/5 (1)
SRS - How to build a Pen Test and Hacking Platform
From Everand
SRS - How to build a Pen Test and Hacking Platform
alasdair gilchrist
2/5 (1)
Dead or Alive - Cestui Que Trust
97% (29)
Dead or Alive - Cestui Que Trust
6 pages
Change Your Identity PDF
100% (3)
Change Your Identity PDF
394 pages
Vowel Sound Pronunciation
No ratings yet
Vowel Sound Pronunciation
13 pages
Netzob Documentation: Release 0.4.1
No ratings yet
Netzob Documentation: Release 0.4.1
27 pages
A Practical Guide Wireshark Forensics
From Everand
A Practical Guide Wireshark Forensics
alasdair gilchrist
5/5 (4)
XProc 3.0 Programmer Reference
From Everand
XProc 3.0 Programmer Reference
Erik Siegel
No ratings yet
Rust for Network Programming and Automation, Second Edition
From Everand
Rust for Network Programming and Automation, Second Edition
Gilbert Stew
No ratings yet
Rust for Network Programming and Automation, Second Edition: Work around designing networks, TCP/IP protocol, packet analysis and performance monitoring using Rust 1.68
From Everand
Rust for Network Programming and Automation, Second Edition: Work around designing networks, TCP/IP protocol, packet analysis and performance monitoring using Rust 1.68
Gilbert Stew
No ratings yet
Dataflow and Reactive Programming Systems
From Everand
Dataflow and Reactive Programming Systems
Matt Carkci
No ratings yet
Mastering Python Network Automation: Automating Container Orchestration, Configuration, and Networking with Terraform, Calico, HAProxy, and Istio
From Everand
Mastering Python Network Automation: Automating Container Orchestration, Configuration, and Networking with Terraform, Calico, HAProxy, and Istio
Tim Peters
No ratings yet
C# Package Mastery: 100 Essentials in 1 Hour - 2024 Edition
From Everand
C# Package Mastery: 100 Essentials in 1 Hour - 2024 Edition
Tenko
No ratings yet
Python Networking 101: Navigating essentials of networking, socket programming, AsyncIO, network testing, simulations and Ansible
From Everand
Python Networking 101: Navigating essentials of networking, socket programming, AsyncIO, network testing, simulations and Ansible
Odette Windsor
No ratings yet
Programming Concepts in Python
From Everand
Programming Concepts in Python
Robert Burns
No ratings yet
Netzob Tutorial
0% (1)
Netzob Tutorial
162 pages
The Compete Ccna 200-301 Study Guide: Network Engineering Edition
From Everand
The Compete Ccna 200-301 Study Guide: Network Engineering Edition
Joe Spoto
5/5 (4)
Matplotlib for Python Developers
From Everand
Matplotlib for Python Developers
Sandro Tosi
3/5 (1)
SAP interface programming with RFC and VBA: Edit SAP data with MS Access
From Everand
SAP interface programming with RFC and VBA: Edit SAP data with MS Access
Karl Josef Hensel
No ratings yet
Machine Learning with Python: A Comprehensive Guide with a Practical Example
From Everand
Machine Learning with Python: A Comprehensive Guide with a Practical Example
MARTIN NEEL
No ratings yet
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
Learning PyTorch 2.0, Second Edition
From Everand
Learning PyTorch 2.0, Second Edition
Matthew Rosch
No ratings yet
Learning PyTorch 2.0, Second Edition: Utilize PyTorch 2.3 and CUDA 12 to experiment neural networks and deep learning models
From Everand
Learning PyTorch 2.0, Second Edition: Utilize PyTorch 2.3 and CUDA 12 to experiment neural networks and deep learning models
Matthew Rosch
No ratings yet
PyTorch Cookbook: 100+ Solutions across RNNs, CNNs, python tools, distributed training and graph networks
From Everand
PyTorch Cookbook: 100+ Solutions across RNNs, CNNs, python tools, distributed training and graph networks
Matthew Rosch
No ratings yet
PyTorch Cookbook
From Everand
PyTorch Cookbook
Matthew Rosch
No ratings yet
Zenoss Core 3.x Network and System Monitoring
From Everand
Zenoss Core 3.x Network and System Monitoring
Michael Badger
No ratings yet
Building Telephony Systems with OpenSER
From Everand
Building Telephony Systems with OpenSER
Goncalves Flavio E.
No ratings yet
Linux Essentials for Hackers & Pentesters
From Everand
Linux Essentials for Hackers & Pentesters
Linux Advocate Team
No ratings yet
Linux Essentials for Hackers & Pentesters: Kali Linux Basics for Wireless Hacking, Penetration Testing, VPNs, Proxy Servers and Networking Commands
From Everand
Linux Essentials for Hackers & Pentesters: Kali Linux Basics for Wireless Hacking, Penetration Testing, VPNs, Proxy Servers and Networking Commands
Linux Advocate Team
No ratings yet
Cisco Packet Tracer Implementation: Building and Configuring Networks: 1, #1
From Everand
Cisco Packet Tracer Implementation: Building and Configuring Networks: 1, #1
S. R. Jena
No ratings yet
Mastering the Art of Network Programming: Unraveling the Secrets of Expert-Level Programming
From Everand
Mastering the Art of Network Programming: Unraveling the Secrets of Expert-Level Programming
Steve Jones
No ratings yet
.Net Framework and Programming in ASP.NET
From Everand
.Net Framework and Programming in ASP.NET
Priyanka Agarwal
No ratings yet
Rust for Network Programming and Automation: Learn to Design and Automate Networks, Performance Optimization, and Packet Analysis with low-level Rust
From Everand
Rust for Network Programming and Automation: Learn to Design and Automate Networks, Performance Optimization, and Packet Analysis with low-level Rust
Brian Anderson
No ratings yet
Learning NAGIOS 3.0
From Everand
Learning NAGIOS 3.0
Wojciech Kocjan
No ratings yet
Advanced Backend Code Optimization
From Everand
Advanced Backend Code Optimization
Sid Touati
No ratings yet
Digital Engineering: Complex System Design
From Everand
Digital Engineering: Complex System Design
S Mathioudakis
No ratings yet
Versatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS
From Everand
Versatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS
Alcatel-Lucent
No ratings yet
Hack into your Friends Computer
From Everand
Hack into your Friends Computer
Magelan Cyber Security
No ratings yet
Instant Traffic Analysis with Tshark How-to
From Everand
Instant Traffic Analysis with Tshark How-to
Borja Merino
No ratings yet
C++ Networking 101: Unlocking Sockets, Protocols, VPNs, and Asynchronous I/O with 75+ sample programs
From Everand
C++ Networking 101: Unlocking Sockets, Protocols, VPNs, and Asynchronous I/O with 75+ sample programs
Anais Sutherland
No ratings yet
Wireshark Essentials
From Everand
Wireshark Essentials
James H. Baxter
No ratings yet
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
From Everand
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
Mamta Devi
No ratings yet
Accelerated Computing With HIP: Second Edition
From Everand
Accelerated Computing With HIP: Second Edition
Yifan Sun
No ratings yet
Cacti 0.8 Network Monitoring
From Everand
Cacti 0.8 Network Monitoring
Dinangkur Kundu
No ratings yet
TCP/IP: Network+ Protocols And Campus LAN Switching Fundamentals
From Everand
TCP/IP: Network+ Protocols And Campus LAN Switching Fundamentals
Rob Botwright
No ratings yet
Mastering eBPF: From Networking to Security in the Linux Kernel
From Everand
Mastering eBPF: From Networking to Security in the Linux Kernel
Robert Johnson
No ratings yet
Learning OpenCV 3 Application Development
From Everand
Learning OpenCV 3 Application Development
Samyak Datta
No ratings yet
Echo on a Chip - Secure Embedded Systems in Cryptography: A New Perception for the Next Generation of Micro-Controllers handling Encryption for Mobile Messaging
From Everand
Echo on a Chip - Secure Embedded Systems in Cryptography: A New Perception for the Next Generation of Micro-Controllers handling Encryption for Mobile Messaging
Mancy A. Wake
No ratings yet
OpenStack Networking Essentials
From Everand
OpenStack Networking Essentials
James Denton
No ratings yet
Terraform for Developers, Second Edition: Essentials of Infrastructure Automation and Provisioning
From Everand
Terraform for Developers, Second Edition: Essentials of Infrastructure Automation and Provisioning
Kimiko Lee
No ratings yet
Terraform for Developers, Second Edition
From Everand
Terraform for Developers, Second Edition
Kimiko Lee
No ratings yet
Python Networking Solutions Guide: Leverage the Power of Python to Automate and Maintain your Network Environment (English Edition)
From Everand
Python Networking Solutions Guide: Leverage the Power of Python to Automate and Maintain your Network Environment (English Edition)
Tolga Koca
No ratings yet
Fundamentos de Seguridad de la Red
From Everand
Fundamentos de Seguridad de la Red
NUMA EDITORIAL
No ratings yet
System Programming Essentials with Go: System calls, networking, efficiency, and security practices with practical projects in Golang
From Everand
System Programming Essentials with Go: System calls, networking, efficiency, and security practices with practical projects in Golang
Alex Rios
No ratings yet
Kafka Up and Running for Network DevOps: Set Your Network Data in Motion
From Everand
Kafka Up and Running for Network DevOps: Set Your Network Data in Motion
Eric Chou
No ratings yet
Mastering Zabbix - Second Edition
From Everand
Mastering Zabbix - Second Edition
Vacche Andrea Dalle
No ratings yet
ACLU Brief On Behalf of John Oliver
78% (144)
ACLU Brief On Behalf of John Oliver
16 pages
How To Minimize Child Support
100% (2)
How To Minimize Child Support
105 pages
School District 205 Appeal
No ratings yet
School District 205 Appeal
96 pages
2024 05 - Peoples Guide Pro 2025
No ratings yet
2024 05 - Peoples Guide Pro 2025
48 pages
Constitutional Law Outline
100% (5)
Constitutional Law Outline
27 pages
Big Brother Is Watching - Get An Anonymous New Life Identity and Name - Fast Easy Legal
83% (6)
Big Brother Is Watching - Get An Anonymous New Life Identity and Name - Fast Easy Legal
137 pages
State of Emergency 8-1-24
No ratings yet
State of Emergency 8-1-24
13 pages
Anglisi 9
No ratings yet
Anglisi 9
152 pages
Ang Pagsusulit Naman Ngayon Ay Pagbasa. Bibigyan Kita NG Test Booklet at Hiwalay Na Sagutang Papel A Answer Sheet
No ratings yet
Ang Pagsusulit Naman Ngayon Ay Pagbasa. Bibigyan Kita NG Test Booklet at Hiwalay Na Sagutang Papel A Answer Sheet
10 pages
Prime and Composite Numbers
No ratings yet
Prime and Composite Numbers
6 pages
Nvs Lab Attendant Reasoning Ability Converted 9de0464c 5e9463cd
No ratings yet
Nvs Lab Attendant Reasoning Ability Converted 9de0464c 5e9463cd
7 pages
(21310070) Tugas B.inggiris
No ratings yet
(21310070) Tugas B.inggiris
20 pages
Quick Test 2 - LEVEL 7
No ratings yet
Quick Test 2 - LEVEL 7
3 pages
Writing Results Discussion
No ratings yet
Writing Results Discussion
33 pages
EFAL RELAB Gr 10 Learner Worksheets Term 1 - 4-1
No ratings yet
EFAL RELAB Gr 10 Learner Worksheets Term 1 - 4-1
192 pages
English 5 Read and Understand The Questions Carefully. Encircle The Letter of The Correct Answer. 1. It Is Composed of A Subject and A Predicate
No ratings yet
English 5 Read and Understand The Questions Carefully. Encircle The Letter of The Correct Answer. 1. It Is Composed of A Subject and A Predicate
10 pages
5 4 2
No ratings yet
5 4 2
5 pages
Career Objective: Ashish Pratap +919598100760
No ratings yet
Career Objective: Ashish Pratap +919598100760
2 pages
Review of Image, Symbolism, Allegory, Style, Tone, Language, Theme
No ratings yet
Review of Image, Symbolism, Allegory, Style, Tone, Language, Theme
58 pages
Word Formation Theory
100% (5)
Word Formation Theory
4 pages
Argument Essay PowerPoint 2
No ratings yet
Argument Essay PowerPoint 2
32 pages
Test Unit 1 Complet Cae
No ratings yet
Test Unit 1 Complet Cae
4 pages
The Giant Jumperee Day 2 LP
No ratings yet
The Giant Jumperee Day 2 LP
7 pages
Americans' Eating Patterns and Time Spent On Food: The 2014 Eating & Health Module Data
No ratings yet
Americans' Eating Patterns and Time Spent On Food: The 2014 Eating & Health Module Data
51 pages
Beginner Spanish Practice Questions (And Answers)
No ratings yet
Beginner Spanish Practice Questions (And Answers)
2 pages
Effects of The Simplified PVC Reading Approach Through The Implementation of The 'Basa Baya Lahat' Program To The Reading Skills Development of The Struggling Readers
No ratings yet
Effects of The Simplified PVC Reading Approach Through The Implementation of The 'Basa Baya Lahat' Program To The Reading Skills Development of The Struggling Readers
18 pages
Answer Key - Gerunds
No ratings yet
Answer Key - Gerunds
2 pages
Pitfall_concepts_in_the_round_of_Nubia_T
No ratings yet
Pitfall_concepts_in_the_round_of_Nubia_T
26 pages
Demo
No ratings yet
Demo
15 pages
The Rejection of Closure by Lyn Hejinian - Poetry Foundation
No ratings yet
The Rejection of Closure by Lyn Hejinian - Poetry Foundation
18 pages
Worksheet: Communication Skills-Ii
No ratings yet
Worksheet: Communication Skills-Ii
1 page
Structure of A Five Stanza Poem - Ehow
No ratings yet
Structure of A Five Stanza Poem - Ehow
2 pages
22PAM0052 - BASIC ACADEMIC ENGLISH - Part5
No ratings yet
22PAM0052 - BASIC ACADEMIC ENGLISH - Part5
20 pages