Аннотация:It’s no surprise that typical hacker’s professional path hits against custom crypto protocols from time to time. There’re lots of application-specific crypto-hardened protocols written from scratch which could be found in banking, SCADA, and other types of not-so-common hardware and software systems. Here we propose a methodology for cracking such systems using top-down approach with GOST-hardened banking application as an example. We show how easy it is sometimes to break complex crypto because of developers having broken or inconsistent knowledge of modern application level protocols.