views:

1078

answers:

8

I need to reverse engineer the Metatrader 4 network protocol. MT4 Server doesn't have an API and I have found zero documentation about its protocol.

Any ideas about where I can start?

I never done this type of work before, but I know it's doable, somebody already did it and developed a proprietary API library to talk back and forth with any MT4 server.

My plan is to opensource a MT4-python API library that can be used without having to run a metatrader client at all (MT4 Expert Advisors are not an option).

A: 

Perhaps doing so isn't necessary? Have you attempted to contact the company and ask?

Malfist
As a business, how would you react to someone wanting to open source your IP? Hope that their business model isn't dependent on client licensing...
OMG Ponies
It sounds like the sell servers, the protocol is just secondary. It may drive more customers to the company because they know they can make programs to interact with the server. I would probably do it.
Malfist
I haven't tried to contact metaquotes. My guess is they won't be willing to help me but it might worth to try it.Their business is licensing the server / dealing desk technology to brokers. Their client (metatrader client) is actually free but not open source.
Seb
+5  A: 

its not too hard. You just have to be very methodological. You will need wireshark to sniff the packets. Just run through all the features of the metatrader client and capture all the packets. Then compare the payloads to find similarities.

I often reverse engineer protocols when there is not enough documentation explaining advanced features.

Andrew Keith
+3  A: 

If the protocol is unencrypted, you can use programs like WireShark (formerly Ethereal) or Microsoft Network Monitor to trace your incoming and outgoing messages.

Then, try performing different operations and see how their packets compare. Another good strategy is to try the same operation many times with minor tweaks to see how it changes the packets.

If the protocol is encrypted (especially if it's a proprietary encryption protocol), it's going to be much harder. You'd need to use much more sophisticated reverse engineering tools like IDA Pro to determine where the socket data is coming from before it's encrypted.

Good luck! Reverse engineering is an uncommon skill, but it can be way fun.

fastcall
+2  A: 

More robust than using WireShark to simply view network traffic, you could inject a DLL into the target application and hook all network activity. This involves patching the IAT (Import Address Table) with one of your functions which matches the signature of the target function. In your function, you can log/process/analyze/whatever the network data, and then forward it on to the correct function.

You can find a description of this process here: http://www.codeproject.com/KB/DLL/DLL%5FInjection%5Ftutorial.aspx

Evän Vrooksövich
Interesting approach
Seb
A: 

I would suggest oSpy if you haven't done any reverse engineering yet. As it's simpler to understand than wireshark ( at least, in my opinion ) and powerfull enough.

jinzo
I really like they have lots of screencasts. I will be giving oSpy a try. Tnx
Seb
+2  A: 

Using Wireshark, as others have all ready suggested, is definitely a great place to start. And in many cases, if the application is small and simple enough, it will be all that you need.

If the application is encrypting the traffic, or just simply doing something a bit funky, it might be useful to attach to it with a debugger and set break-points on the networking APIs. The book Reverse Engineering Code With IDA Pro has a great section on doing this, if I recall. It also helps you break down a few simple network applications like Yahoo! Messenger to get a feel for this kind of work.

Really, being methodical is key.

mrduclaw
Reverse Engineering Code With IDA Pro looks pretty good. I just ordered. Tnx
Seb
A: 

How's the reverse engineering going? I was planning to do something similiar - I want to run a MQ4 client on Linux. Contact me if you want help/partner/tester.

Joel
A: 

any luck with this? need any help?

bostonBob