Clean room requires that those creating the implementation don't have access to the original implementation. Having the same person(s) inspect the binaries and create an implementation fails this requirement.
But how can you test if you protocol/document correct?
Yes, Epycs code may have question about legit and some other stuff. But after it going to a beta or stable stage. We can use Epycs protocol documentation to write, for example, epycs.java and make it fully "clean room".
What's required (for purposes of courtroom defense) is a clearly documented procedure in which those who have access to the source being reimplemented (the spec writers and testers) NOT be the coders, and vice versa.
Another example is the SMB/CIFS reimplementation in the case of Samba. Here, because the protocol was an over-the-wire system, analyzing network packets (not covered by source analysis proscriptions) was sufficient to create a Free Software implementation.
Describing just one part of it could be sufficient to sue, but not sufficient to develop a client.
Software patents are intentionally vague, so I doubt anybody could write a working client based on a patent alone (even if whole protocol was claimed to be described).
You are probably correct, but this is an abuse of the patent system, since the quid pro quo for patent protection is the disclosure of the invention to advance the state of the art.