You can figure out what the client is doing, but this wouldn’t be a one-way conversation. Client sends a request, server sends a response. The issue is that even if they’re using a standard general-purpose protocol such as HTTP or WebSocket, they still send data over it. You wouldn’t know what that data is. The only possible way to find out would be either to capture packets going between them, which doesn’t work if there’s no server or it’s encrpyted, or by examining the source code, which is not available. Either way, without both halves of the connection or the source code present, you cannot do anything.
i mean it’s all hypothetical in the end since i ve never had the thing before me, but i m saying: due to the size of the device, hard encryption and continuous server connection is not probable and spoofing and reverse engineering of the device probably doable for a person of advanced IT security or reverse engineering knowledge…
It’s not impossible, but not the easiest thing to do. It would take years to do for full compatibility because you’d be completely blind and have to basically try things until it works.
well, i wasn’t suggesting the person blinded by the vendors neglect should be tasked to solve this… but from the article it seems that is exactly what they intend to happen…
You can figure out what the client is doing, but this wouldn’t be a one-way conversation. Client sends a request, server sends a response. The issue is that even if they’re using a standard general-purpose protocol such as HTTP or WebSocket, they still send data over it. You wouldn’t know what that data is. The only possible way to find out would be either to capture packets going between them, which doesn’t work if there’s no server or it’s encrpyted, or by examining the source code, which is not available. Either way, without both halves of the connection or the source code present, you cannot do anything.
i mean it’s all hypothetical in the end since i ve never had the thing before me, but i m saying: due to the size of the device, hard encryption and continuous server connection is not probable and spoofing and reverse engineering of the device probably doable for a person of advanced IT security or reverse engineering knowledge…
It’s not impossible, but not the easiest thing to do. It would take years to do for full compatibility because you’d be completely blind and have to basically try things until it works.
well, i wasn’t suggesting the person blinded by the vendors neglect should be tasked to solve this… but from the article it seems that is exactly what they intend to happen…
I meant blind to the way the protocol works, not literally blind