Back to Details

competition-custom-protocol-replay

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Competition Custom Protocol Replay

竞赛自定义协议重放

Use this skill only as a downstream specialization after 
$ctf-sandbox-orchestrator
is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to 
$ctf-sandbox-orchestrator
first.
Use this skill when the hard part is not merely naming the protocol, but reproducing the exact message order and state needed for acceptance.
Reply in Simplified Chinese unless the user explicitly requests English.
此技能仅可作为下游专用技能,在
$ctf-sandbox-orchestrator
已激活并完成沙箱假设、节点所有权和证据优先级确立后使用。若上述条件尚未满足,请先返回
$ctf-sandbox-orchestrator
当核心难点不只是识别协议名称,而是复现被系统接受所需的精确消息顺序和状态时,使用本技能。
除非用户明确要求英文回复,否则请使用简体中文回复。

Quick Start

快速开始

  1. Identify client and server roles, session boundaries, and reset conditions before decoding field semantics.
  2. Recover framing, lengths, delimiters, sequence numbers, checksums, nonces, and state transitions before broad replay attempts.
  3. Keep one canonical transcript of a successful exchange.
  4. Change one field or one message at a time while replaying.
  5. Reproduce the smallest accepted conversation that proves the decisive branch.
  1. 在解码字段语义前,先确定客户端和服务器角色、会话边界以及重置条件。
  2. 在尝试大范围重放前,先恢复帧结构、长度、分隔符、序列号、校验和、随机数以及状态转换规则。
  3. 留存一份成功交互的标准会话记录。
  4. 重放时每次仅修改一个字段或一条消息。
  5. 复现可证明关键分支的最小可接受会话。

Workflow

工作流

1. Map The Session State Machine

1. 绘制会话状态机

  • Identify handshake, negotiation, authentication, keepalive, command, and teardown phases.
  • Record which fields are static, which are derived, and which depend on prior messages.
  • Keep message order, direction, and timing tied to the same session identity.
  • 识别握手、协商、认证、保活、命令和会话拆除阶段。
  • 记录哪些字段是静态的,哪些是派生生成的,哪些依赖于此前的消息。
  • 将会话的消息顺序、传输方向和时序与同一会话标识绑定。

2. Recover Framing And Integrity

2. 恢复帧结构与完整性校验

  • Reconstruct lengths, delimiters, type bytes, checksums, MACs, counters, compression, or encryption boundaries.
  • Distinguish transport framing from application-level framing.
  • Note exactly where server acceptance changes when one field or step is mutated.
  • 重构长度、分隔符、类型字节、校验和、MAC、计数器、压缩或加密边界。
  • 区分传输层帧结构和应用层帧结构。
  • 精确记录当修改某个字段或步骤时,服务器接受状态发生变化的位置。

3. Build The Minimal Replay Harness

3. 构建最小重放工具

  • Reduce the path to the smallest transcript that reaches the accepted state, parser branch, command effect, or artifact.
  • Preserve both the original captured sequence and the replayed minimal sequence.
  • If the problem is mainly generic PCAP or stream decoding with no stateful replay requirement, switch back to the broader PCAP skill.
  • 精简路径,得到可到达可接受状态、解析器分支、命令效果或目标产物的最小会话记录。
  • 同时保留原始捕获序列和重放用的最小序列。
  • 如果问题主要是通用PCAP或流解码,无需有状态重放,请切换回更通用的PCAP技能。

Read This Reference

参考文档

  • Load 
    references/custom-protocol-replay.md
    for the state-machine checklist, transcript checklist, and evidence packaging.
  • 加载
    references/custom-protocol-replay.md
    获取状态机检查清单、会话记录检查清单和证据打包规则。

What To Preserve

需要留存的内容

  • Canonical transcript, message types, field boundaries, checksums, counters, and session identifiers
  • Original capture slices and the replay harness inputs that produce acceptance
  • The exact mutation that flips the protocol from rejected to accepted, or vice versa
  • 标准会话记录、消息类型、字段边界、校验和、计数器和会话标识符
  • 原始捕获切片和可触发接受状态的重放工具输入
  • 可让协议从被拒绝变为被接受(反之亦然)的精确修改点