21C3 Schedule Release 1.1.7

21st Chaos Communication Congress
Lectures and workshops

Picture of Nils Magnus Nils Magnus
Day 1
Location Workshop
Start Time 13:00 h
Duration 02:00
ID 26
Type Workshop
Track Hacking
Language english

SAP R/3 Protocol Reverse Engineering

Most hackers perceive SAP R/3 installations as enormous data graves with limited hack value because of its immense size and doubtful design. However, there are usually lots of company relevant data. As it is good and common practise, the more valuable the data, the less it is protected.

SAP installations comprise usually of a database and an application server on the backend. There are numerous schemes well-known to both attack and protect these servers. The user's end is often much less protected, though. User clients (the infamous sapguis) talk with a sparsely documented protocol sometimes called DIAG. In the past SAP claimed DIAG is "encrypted"; more recently the vendor admitted it is only "obscured" but did not publish any details. This makes every hacker suspicious.

During this session we will have a look into the nitty gritty details of the protocol from an outsider's point of view. We will present tools and techniques to extract useful information out of packets and data streams, and look at the actual data. However, since the protocol has not completely reverse engineered, the session is a kind of workshop where we try to find out more details about the protocol.

The session is directed to prefessional network hackers who are aware of extracting and visualizing data from the network. We are looking for experts in the field of shared libraries, Java decompiling and PK* compression methods as these technologies play a role in the scenario.

We will provide a demo installation of both client and server installations of SAP R/3 based on Linux.