Security Skill
Anti Reversing Techniques
Understand anti-reversing, obfuscation, and protection techniques encountered during software…
$15
Protocol Reverse Engineering
Master network protocol reverse engineering including packet analysis, protocol dissection…
A complete methodology for capturing, dissecting, and documenting unknown or proprietary network protocols, from raw packet capture all the way to a publishable specification. It walks Claude through traffic capture (Wireshark, tcpdump, mitmproxy), binary structure decoding, encryption detection, and active validation, turning opaque byte streams into mapped, parseable message formats. The result is interoperability, security research, and debugging power over communication you don't have docs for.
$15 one-time
Add to a kit → Prices include 20% VAT. · Forged on real agency work · one-time, no lock-in
- Type Skill
- Category Security
- Delivery Email · instant
- License One-time
Inside the run · no black box
See the actual work before you buy it.
What is that device actually saying on the wire? From entropy checks to a working Wireshark dissector, an unknown protocol goes from raw capture to documented specification, then gets attacked at the edges.
- Capture traffic across multiple sessions and scenarios with tshark/tcpdump (mitmproxy when TLS interception is needed), using ring buffer capture so long sessions are never lost.
- Isolate the target with chained Wireshark display filters, then run a Shannon entropy check on payloads: below 6.0 means parse directly, above 7.5 means encryption, so the path switches to key recovery (SSLKEYLOGFILE decryption, JA3 fingerprinting) before any parsing.
- Map message boundaries and structure across samples: magic number, version, type and length fields, then test the hypothesis with struct.unpack and TLV decomposition instead of guessing.
- Draw the protocol state machine (INIT, HELLO, WAIT_ACK, CONNECTED, CLOSE) by following streams; transitions that should be impossible reveal either bugs or exploit paths.
- Document the format as a real specification, header offset tables, message type catalog, state diagram, and write a Lua dissector so Wireshark decodes the protocol natively from then on.
- Validate the understanding by building a parser/generator, then attack the edges: boofuzz fuzzing of every field and Scapy replay plus modified-replay tests against sequence and anti-replay handling.
One power source. 6 lines out.
protocol-reverse-engineering · core
core active · 6 lines
- ✓ reverse engineer a propr…
Reverse engineer a proprietary binary protocol
- ✓ capture and analyze unkn…
Capture and analyze unknown network traffic
- ✓ decode tlv and length-pr…
Decode TLV and length-prefixed message formats
- ✓ detect whether a payload
Detect whether a payload is encrypted vs plaintext
- ✓ write a wireshark lua di…
Write a Wireshark Lua dissector for a custom protocol
- ✓ document a protocol spec
Document a protocol spec for interoperability
Yours to keep.
Drag time forward. Watch what stays.
Forever
That's what owning means.
The rented stack
ai writing tool: subscription
expired · access lostanalytics suite: subscription
expired · access lostdesign platform: subscription
expired · access lost(nothing left)
Your forge
-
Turn unlabeled byte dumps into a documented, parseable message format
license: perpetual -
Identify encryption layers fast using entropy thresholds before wasting time
license: perpetual -
Isolate target packets from millions using layered display-filter chains
license: perpetual -
Ship a validated parser and spec a teammate can build against
license: perpetual
subscriptions expire · deeds don't
Everything in the box.
Pick a piece up. Watch it work.
Capture recipes for Wireshark, tshark, tcpdump, and mitmproxy (incl. ring-buffer and MITM)
6 parts · one working system · ships instantly by email
This wasn't forged for everyone.
- Not for you if you'd rather rent a tool than own one.
- Not for you if you want someone else to run your stack.
- Not for you if you're happy guessing.
Security researchers, network engineers, and developers who need to understand, document, or debug protocols that have no public specification.
then this was forged for you.Works with
Universal by design: these run in any AI. Delivered in the open Agent Skills + MCP format (native in Claude); ChatGPT, Gemini, Cursor and Copilot adapt the same files their own way.
- Claude Native format
- ChatGPT Adapts via open standards
- Gemini Adapts via open standards
- Cursor Adapts via open standards
- Copilot Adapts via open standards
Catch what's on your mind.
the air is clear. nothing between you and the forge.
catch a spark: the forge will answer
-
The traffic I need to analyze is TLS-encrypted, is that a dead end?
Not necessarily. The TLS analysis section covers JA3/JA3S fingerprinting, certificate extraction, and pre-master-secret decryption when you control an endpoint, and mitmproxy capture recipes handle the MITM case. Fully opaque third-party encryption you cannot key into stays opaque.
-
How does it tell encrypted payloads from compressed or plaintext ones?
An entropy classifier scores the bytes: below 6.0 reads as plaintext, 6.0 to 7.5 as compressed, above 7.5 as likely encrypted. That check runs early so you do not waste hours trying to parse ciphertext as a message format.
-
Will it reverse engineer a binary executable to extract the protocol logic?
No. The methodology works from the wire: packet capture, binary structure decoding with struct.unpack, active testing with Scapy replay and Boofuzz fuzzing. Disassembling the client binary itself is a different discipline outside this scope.
-
How is it delivered?
By email right after purchase: ready to run, downloaded instantly, no setup wait.
-
One-time or subscription?
A one-time purchase; no subscription or hidden fees. VAT (20%) is included.
-
Can I get a refund?
As a digital product, it can’t be refunded once downloaded. That’s why we show exactly what’s inside and who it’s for, right here.