tags:

views:

1078

answers:

8
+5  Q: 

How Can I Reverse Engineer a Network Protocol (Metatrader 4)?

I need to reverse engineer the Metatrader 4 network protocol. MT4 Server doesn't have an API and I have found zero documentation about its protocol.

Any ideas about where I can start?

I never done this type of work before, but I know it's doable, somebody already did it and developed a proprietary API library to talk back and forth with any MT4 server.

My plan is to opensource a MT4-python API library that can be used without having to run a metatrader client at all (MT4 Expert Advisors are not an option).

A: 

Perhaps doing so isn't necessary? Have you attempted to contact the company and ask?

Malfist  2009-11-21 20:50:59
As a business, how would you react to someone wanting to open source your IP? Hope that their business model isn't dependent on client licensing...
OMG Ponies  2009-11-21 20:54:57
It sounds like the sell servers, the protocol is just secondary. It may drive more customers to the company because they know they can make programs to interact with the server. I would probably do it.
Malfist  2009-11-21 21:00:06
I haven't tried to contact metaquotes. My guess is they won't be willing to help me but it might worth to try it.Their business is licensing the server / dealing desk technology to brokers. Their client (metatrader client) is actually free but not open source.
Seb  2009-11-21 23:06:44
+5  A: 

its not too hard. You just have to be very methodological. You will need wireshark to sniff the packets. Just run through all the features of the metatrader client and capture all the packets. Then compare the payloads to find similarities.

I often reverse engineer protocols when there is not enough documentation explaining advanced features.

Andrew Keith  2009-11-21 20:53:32
+3  A: 

If the protocol is unencrypted, you can use programs like WireShark (formerly Ethereal) or Microsoft Network Monitor to trace your incoming and outgoing messages.

Then, try performing different operations and see how their packets compare. Another good strategy is to try the same operation many times with minor tweaks to see how it changes the packets.

If the protocol is encrypted (especially if it's a proprietary encryption protocol), it's going to be much harder. You'd need to use much more sophisticated reverse engineering tools like IDA Pro to determine where the socket data is coming from before it's encrypted.

Good luck! Reverse engineering is an uncommon skill, but it can be way fun.

fastcall  2009-11-21 20:59:40
+2  A: 

More robust than using WireShark to simply view network traffic, you could inject a DLL into the target application and hook all network activity. This involves patching the IAT (Import Address Table) with one of your functions which matches the signature of the target function. In your function, you can log/process/analyze/whatever the network data, and then forward it on to the correct function.

You can find a description of this process here: http://www.codeproject.com/KB/DLL/DLL%5FInjection%5Ftutorial.aspx

Evän Vrooksövich  2009-11-21 21:22:27
Interesting approach
Seb  2009-11-21 22:58:36
A: 

I would suggest oSpy if you haven't done any reverse engineering yet. As it's simpler to understand than wireshark ( at least, in my opinion ) and powerfull enough.

jinzo  2009-11-21 21:30:26
I really like they have lots of screencasts. I will be giving oSpy a try. Tnx
Seb  2009-11-21 23:00:58
+2  A: 

Using Wireshark, as others have all ready suggested, is definitely a great place to start. And in many cases, if the application is small and simple enough, it will be all that you need.

If the application is encrypting the traffic, or just simply doing something a bit funky, it might be useful to attach to it with a debugger and set break-points on the networking APIs. The book Reverse Engineering Code With IDA Pro has a great section on doing this, if I recall. It also helps you break down a few simple network applications like Yahoo! Messenger to get a feel for this kind of work.

Really, being methodical is key.

mrduclaw  2009-11-21 21:43:00
Reverse Engineering Code With IDA Pro looks pretty good. I just ordered. Tnx
Seb  2009-11-21 22:56:38
A: 

How's the reverse engineering going? I was planning to do something similiar - I want to run a MQ4 client on Linux. Contact me if you want help/partner/tester.

Joel  2009-12-20 16:06:17
A: 

any luck with this? need any help?

bostonBob  2010-08-15 03:21:59

related questions

Wrapping Visual C++ in C#
Open source ER diagramming tool for mysql
What are the best ways to understand an unfamiliar database?
Is reverse engineering evil?
Best way to inject functionality into a binary...
Good techniques for understanding someone else's code
How is the photoshop cutout filter implemented?
Best way to reverse-engineer a web service interface from a WSDL file?
How to reverse engineer undocumented legacy application?
Is there a C++ decompiler?
What's a good C decompiler?
Reverse engineering war stories
How do I decompile a .NET EXE into readable C# source code?
Creating a new rrd database based on an existing one
how are serial generators / cracks developed?
Is it legal to reverse engineer binary file formats
How would you go about reverse engineering a set of binary data pulled from a device?
Reverse Engineering C# code using StarUML
What are the best tools for reverse engineering z80 machine code?
Sequence Diagram Reverse Engineering
Stored procedures reverse engineering
How do I disassemble a VC++ application?
best tool to reverse-engineer a WinXP PS/2 touchpad driver?
Reverse engineer (oracle) schema to ERD
Annotating YouTube videos programatically