A bit light on the technical details perhaps, but I recall getting stuck on getting the right airplay parameters, learning how byte endianness works... happy to try to answer any other questions as best I can remember.
Consuming a lot of literature on how different systems work helped me develop intuitions around how you might take something apart. Then it's a matter of trying things and banging your head against the wall a lot, e.g. at some point I was interested in how compilers worked so I tried hacking typescript syntax support into babel (circa 2017 maybe) - I got pretty far! and got a lot better sense of how compilers work.
Step 1 — study popular protocols to understand how client/server interactions typically work.
Step 2 — deploy the network appliance in question to your LAN and intercept its packets with wireshark.
Step 3 — begin inference of protocol from observed behavior and test hypothesis by sending hand-crafted payloads to the server in question.
Step 4 — rinse and repeat until assumptions are proven to be correct with a high degree of reliability.
A good way to ensure you’ve captured the major parts of the protocol is to record about 72 hours of traffic and then replay it through a proxy that directs traffic to your newly created service.
If you can interpret the vast majority of the messages without error, you’re getting close to a reliable implementation.
Step 5 — use this strategy to develop a deep understanding of both protocols in question.
Step 6 — write an “adapter” that can translate protocol A to protocol B and vice versa.
Step 7 — implement the adapter towards whatever use case you have in mind.
> Step 3 — begin inference of protocol from observed behavior and test hypothesis by sending hand-crafted payloads to the server in question.
Curious about common tactics people use for avoiding the ban-hammer from the company at this stage. Surely they can tell the difference between normal operations and this kind of hand crafted probing?
A bit light on the technical details perhaps, but I recall getting stuck on getting the right airplay parameters, learning how byte endianness works... happy to try to answer any other questions as best I can remember.
EDIT: Sorry, I realized that I didn't actually answer the other question. I first got interested in reversing from console hacking, specifically this talk about wii hacking: https://youtu.be/0rjaiNIc4W8 (including marcan of asahi linux fame!). Their group also had more writing at: https://fail0verflow.com/blog/. Also interesting to read about mgba emulator development: https://mgba.io/tag/debugging/, v8 internals: https://mrale.ph, react internals: https://overreacted.io/
Consuming a lot of literature on how different systems work helped me develop intuitions around how you might take something apart. Then it's a matter of trying things and banging your head against the wall a lot, e.g. at some point I was interested in how compilers worked so I tried hacking typescript syntax support into babel (circa 2017 maybe) - I got pretty far! and got a lot better sense of how compilers work.