def __send_unencrypted_ack(self):
chlo = ACKPacket()
conf.L3socket = L3RawSocket
chlo.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
chlo.setfieldval(
"Packet Number",
PacketNumberInstance.get_instance().get_next_packet_number())
# print("First Ack Packet Number {}".format(int(str(PacketNumberInstance.get_instance().highest_received_packet_number), 16)))
chlo.setfieldval(
'Largest Acked',
int(
str(PacketNumberInstance.get_instance().
highest_received_packet_number), 16))
chlo.setfieldval(
'First Ack Block Length',
int(
str(PacketNumberInstance.get_instance().
highest_received_packet_number), 16))
associated_data = extract_from_packet(chlo, end=15)
body = extract_from_packet(chlo, start=27)
message_authentication_hash = FNV128A().generate_hash(
associated_data, body, True)
chlo.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / chlo
send(p)
class PingPacket(Packet):
name = "Ping Packet"
fields_desc = [
XByteField("Public Flags", 0x18),
StrFixedLenField("CID", string_to_ascii(""), 8),
LEShortField("Packet Number", 768),
# Message authentication hash
StrFixedLenField("Message Authentication Hash", string_to_ascii(""), 12),
]
class AEADPacket(Packet):
"""
Class that holds the raw data for the AEAD Packets
"""
name = "AEAD Packet"
fields_desc = [
XByteField("Public Flags", 0x0),
XLongField("CID", int("d75487b7da970f81", 16)),
XStrFixedLenField("Diversification Nonce", string_to_ascii(""), 32),
ByteField("Packet Number", 0),
XStrFixedLenField("Message Authentication Hash", string_to_ascii(""),
12),
]
class AEADRequestPacketVersion(Packet):
"""
Class that holds the raw data for the AEAD Packets
But without the div nonce, used for sending the requests.
"""
name = "AEAD Packet"
fields_desc = [
XByteField("Public Flags", 0x19),
StrFixedLenField("CID", string_to_ascii(""), 8),
PacketField("Version", "Q039", "Q039"),
LEShortField("Packet Number", 0),
XStrFixedLenField("Message Authentication Hash", string_to_ascii(""), 12),
]
def send_encrypted_request(self):
"""
Make an AEAD GET Request to example.org
:return:
"""
self.logger.info("Making GET Request")
# Generate forward secure keys if it hasn't already been done.
current_app_key = SessionInstance.get_instance().app_keys
if current_app_key['type'] != "FORWARD" or current_app_key[
'mah'] != SessionInstance.get_instance().last_received_shlo:
if len(SessionInstance.get_instance().peer_public_value) == 0:
pass
else:
key = dhke.generate_keys(
SessionInstance.get_instance().peer_public_value, True,
self.logger)
SessionInstance.get_instance().app_keys['type'] = "FORWARD"
SessionInstance.get_instance().app_keys[
'mah'] = SessionInstance.get_instance().last_received_shlo
SessionInstance.get_instance().app_keys['key'] = key
get_request = "800300002501250000000500000000FF418FF1E3C2E5F23A6BA0AB9EC9AE38110782848750839BD9AB7A85ED6988B4C7"
packet_number = PacketNumberInstance.get_instance(
).get_next_packet_number()
ciphertext = CryptoManager.encrypt(bytes.fromhex(get_request),
packet_number,
SessionInstance.get_instance(),
self.logger)
# Send it to the server
a = AEADRequestPacket()
a.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
a.setfieldval("Public Flags", 0x18)
a.setfieldval('Packet Number', packet_number)
a.setfieldval("Message Authentication Hash",
string_to_ascii(ciphertext[0:24]))
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121,
sport=61250) / a / Raw(load=string_to_ascii(ciphertext[24:]))
self.sniffer.add_observer(self)
send(p)
self.wait_for_signal_or_expiration()
self.processed = False
self.sniffer.remove_observer(self)
class AckNotificationPacket(Packet):
"""
Holds the ack packet which will be send to the server.
"""
name = "Ack Notification Packet"
fields_desc = [
XByteField("Public Flags", 0x18),
StrFixedLenField("CID", string_to_ascii(""), 8),
LEShortField("Packet Number", 512),
# Message authentication hash
StrFixedLenField("Message Authentication Hash", string_to_ascii(""),
12),
]
def send_full_chlo(self):
chlo = FullCHLOPacket()
chlo.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
chlo.setfieldval('SCID_Value',
SessionInstance.get_instance().server_config_id)
chlo.setfieldval('STK_Value',
SessionInstance.get_instance().source_address_token)
# Lets just create the public key for DHKE
dhke.set_up_my_keys()
chlo.setfieldval(
"Packet Number",
PacketNumberInstance.get_instance().get_next_packet_number())
chlo.setfieldval(
'PUBS_Value',
string_to_ascii(
SessionInstance.get_instance().public_values_bytes))
associated_data = extract_from_packet(chlo, end=15)
body = extract_from_packet(chlo, start=27)
message_authentication_hash = FNV128A().generate_hash(
associated_data, body)
chlo.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
conf.L3socket = L3RawSocket
SessionInstance.get_instance(
).chlo = extract_from_packet_as_bytestring(
chlo, start=31
) # CHLO from the CHLO tag, which starts at offset 26 (22 header + frame type + stream id + offset)
# print("Send full CHLO")
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / chlo
# Maybe we cannot assume that is just a version negotiation packet?
# ans, _ = sr(p)
self.sniffer.add_observer(self)
send(p)
self.wait_for_signal_or_expiration()
self.processed = False
self.sniffer.remove_observer(self)
class ACKPacket(Packet):
name = "ACKPacket"
fields_desc = [
XByteField("Public Flags", 0x19),
StrFixedLenField("CID", string_to_ascii(""), 8),
StrFixedLenField("Version", "Q039", 4),
LEShortField("Packet Number", 512),
# Message authentication hash
StrFixedLenField("Message Authentication Hash", string_to_ascii(""), 12),
XByteField("Frame Type", 0x40),
XByteField("Largest Acked", 2),
LEShortField("Largest Acked Delta Time", 45362),
XByteField("First Ack Block Length", 2),
ByteField("Num Timestamp", 0),
]
class FullCHLOPacketNoPadding(Packet):
"""
Full client hello packet
Taken from Wireshark Capture example-local-clemente-aesgcm
"""
name = "FullCHLO"
fields_desc = [
XByteField("Public Flags", 0x19),
StrFixedLenField("CID", string_to_ascii(""), 8),
PacketField("Version", "Q039", "Q039"),
LEShortField("Packet Number", 1024),
# Message authentication hash
StrFixedLenField("Message Authentication Hash", string_to_ascii(""),
12),
]
class SecondACKPacket(Packet):
name = "ACKPacket 2"
fields_desc = [
XByteField("Public Flags", 0x19),
StrFixedLenField("CID", string_to_ascii(""), 8),
PacketField("Version", "Q039", "Q039"),
LEShortField("Packet Number", 768),
# Message authentication hash
StrFixedLenField("Message Authentication Hash",
string_to_ascii("08c9ea3eed281184a3fd65a5"), 12),
XByteField("Frame Type", 0x40),
ByteField("Largest Acked", 2),
LEShortField("Largest Acked Delta Time", 1108),
ByteField("First Ack Block Length", 2),
ByteField("Num Timestamp", 0),
]
class ThirdACKPacket(Packet):
name = "ThirdACKPacket"
fields_desc = [
XByteField("Public Flags", 0x18),
XLongField("CID", int("d75487b7da970f81", 16)),
LEShortField("Packet Number", 1280),
# Message authentication hash
StrFixedLenField("Message Authentication Hash", string_to_ascii(""), 12),
XByteField("Frame Type", 0x56)
]
def close_connection(self):
"""
We do this the unfriendly way, since GoAway does not work. friendly way by means of a Go Away
:return:
"""
frame_data = "02" # frame type
frame_data += "00000000" # error code, no error
# frame_data += "00000000" # latest responded stream Id
frame_data += "0000" # No reason therefore length of 0
# encrypt it
packet_number = PacketNumberInstance.get_instance(
).get_next_packet_number()
ciphertext = CryptoManager.encrypt(bytes.fromhex(frame_data),
packet_number,
SessionInstance.get_instance(),
self.logger)
a = AEADRequestPacket()
a.setfieldval("Public Flags", 0x18)
a.setfieldval('Packet Number', packet_number)
a.setfieldval("Message Authentication Hash",
string_to_ascii(ciphertext[0:24]))
a.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
self.logger.info("Closing connection {}".format(
SessionInstance.get_instance().connection_id))
self.logger.info("With ciphertext {}".format(ciphertext))
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121,
sport=61250) / a / Raw(load=string_to_ascii(ciphertext[24:]))
# ans, _ = sr(p, count=3)
send(p)
self.wait_for_signal_or_expiration()
self.processed = False
self.sniffer.remove_observer(self)
time.sleep(1)
def send_chlo(self, only_reset):
# print("Only reset? {}".format(only_reset))
self.reset(only_reset)
if only_reset:
self.learner.respond("RESET")
return
# print(SessionInstance.get_instance().connection_id)
# print("Sending CHLO")
chlo = QUICHeader()
conf.L3socket = L3RawSocket
chlo.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
chlo.setfieldval(
"Packet Number",
PacketNumberInstance.get_instance().get_next_packet_number())
associated_data = extract_from_packet(chlo, end=15)
body = extract_from_packet(chlo, start=27)
message_authentication_hash = FNV128A().generate_hash(
associated_data, body)
chlo.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
# Store chlo for the key derivation
SessionInstance.get_instance(
).chlo = extract_from_packet_as_bytestring(chlo)
self.sniffer.add_observer(self)
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / chlo
send(p)
self.wait_for_signal_or_expiration()
self.processed = False
self.sniffer.remove_observer(self)
def send_ping(self):
print("Sending ping message...")
ping = PingPacket()
ping.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
packet_number = PacketNumberInstance.get_instance(
).get_next_packet_number()
ciphertext = CryptoManager.encrypt(bytes.fromhex("07"), packet_number,
SessionInstance.get_instance())
ping.setfieldval('Packet Number', packet_number)
ping.setfieldval("Message Authentication Hash",
string_to_ascii(ciphertext[:24]))
conf.L3socket = L3RawSocket
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121,
sport=61250) / ping / Raw(load=string_to_ascii(ciphertext[24:]))
# Maybe we cannot assume that is just a version negotiation packet?
send(p)
def send_second_ack(self):
chlo = SecondACKPacket()
conf.L3socket = L3RawSocket
chlo.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
chlo.setfieldval(
"Packet Number",
PacketNumberInstance.get_instance().get_next_packet_number())
associated_data = extract_from_packet(chlo, end=15)
body = extract_from_packet(chlo, start=27)
message_authentication_hash = FNV128A().generate_hash(
associated_data, body)
chlo.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / chlo
send(p)
def make_get_request(self):
get_request = "800300002501250000000500000000FF418FF1E3C2E5F23A6BA0AB9EC9AE38110782848750839BD9AB7A85ED6988B4C7"
packet_number = PacketNumberInstance.get_instance(
).get_next_packet_number()
ciphertext = CryptoManager.encrypt(bytes.fromhex(get_request),
packet_number, self.__instance)
# Send it to the server
a = AEADRequestPacket()
a.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
a.setfieldval("Public Flags", 0x18)
a.setfieldval('Packet Number', packet_number)
a.setfieldval("Message Authentication Hash",
string_to_ascii(ciphertext[0:24]))
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121,
sport=61250) / a / Raw(load=string_to_ascii(ciphertext[24:]))
# self.__sniffer.add_observer(self)
send(p)
class FullCHLOPacket(Packet):
"""
Full client hello packet
Taken from Wireshark Capture example-local-clemente-aesgcm
"""
name = "FullCHLO"
fields_desc = [
XByteField("Public Flags", 0x19),
StrFixedLenField("CID", string_to_ascii(""), 8),
StrFixedLenField("Version", "Q039", 4),
LEShortField("Packet Number", 1024),
# Message authentication hash
StrFixedLenField("Message Authentication Hash", string_to_ascii(""), 12),
XByteField("Frame Type", 0x84),
XByteField("StreamId", 1),
LEShortField("Offset", 4100),
StrFixedLenField("Tag1", "CHLO", 4),
LEShortField("Tag Number", 17),
ShortField("Padding", 0),
# List of tags
StrFixedLenField("PAD", "PAD", 3),
ByteField("Xtra_1", 0),
LEIntField("tag_offset_end_1", 637),
StrFixedLenField("SNI", "SNI", 3),
ByteField("Xtra_2", 0),
LEIntField("tag_offset_end_2", 652),
StrFixedLenField("STK", "STK", 3),
ByteField("Xtra_3", 0),
LEIntField("tag_offset_end_3", 708),
StrFixedLenField("SNO", "SNO", 3),
ByteField("Xtra_4", 0),
LEIntField("tag_offset_end_4", 760),
StrFixedLenField("VER", "VER", 3),
ByteField("Xtra_5", 0),
LEIntField("tag_offset_end_5", 764),
StrFixedLenField("CCS", "CCS", 3),
ByteField("Xtra_6", 0),
LEIntField("tag_offset_end_6", 780),
StrFixedLenField("NONC", "NONC", 4),
LEIntField("tag_offset_end_7", 812),
StrFixedLenField("AEAD", "AEAD", 4),
LEIntField("tag_offset_end_8", 816),
StrFixedLenField("SCID", "SCID", 4),
LEIntField("tag_offset_end_9", 832),
StrFixedLenField("PDMD", "PDMD", 4),
LEIntField("tag_offset_end_10", 836),
StrFixedLenField("ICSL", "ICSL", 4),
LEIntField("tag_offset_end_11", 840),
StrFixedLenField("PUBS", "PUBS", 4),
LEIntField("tag_offset_end_12", 872),
StrFixedLenField("MIDS", "MIDS", 4),
LEIntField("tag_offset_end_13", 876),
StrFixedLenField("KEXS", "KEXS", 4),
LEIntField("tag_offset_end_14", 880),
StrFixedLenField("XLCT", "XLCT", 4),
LEIntField("tag_offset_end_15", 888),
StrFixedLenField("CFCW", "CFCW", 4),
LEIntField("tag_offset_end_16", 892),
StrFixedLenField("SFCW", "SFCW", 4),
LEIntField("tag_offset_end_17", 896),
XByteField("Padding0", 0x00),
XByteField("Padding1", 0x00),
XByteField("Padding2", 0x00),
XByteField("Padding3", 0x00),
XByteField("Padding4", 0x00),
XByteField("Padding5", 0x00),
XByteField("Padding6", 0x00),
XByteField("Padding7", 0x00),
XByteField("Padding8", 0x00),
XByteField("Padding9", 0x00),
XByteField("Padding10", 0x00),
XByteField("Padding11", 0x00),
XByteField("Padding12", 0x00),
XByteField("Padding13", 0x00),
XByteField("Padding14", 0x00),
XByteField("Padding15", 0x00),
XByteField("Padding16", 0x00),
XByteField("Padding17", 0x00),
XByteField("Padding18", 0x00),
XByteField("Padding19", 0x00),
XByteField("Padding20", 0x00),
XByteField("Padding21", 0x00),
XByteField("Padding22", 0x00),
XByteField("Padding23", 0x00),
XByteField("Padding24", 0x00),
XByteField("Padding25", 0x00),
XByteField("Padding26", 0x00),
XByteField("Padding27", 0x00),
XByteField("Padding28", 0x00),
XByteField("Padding29", 0x00),
XByteField("Padding30", 0x00),
XByteField("Padding31", 0x00),
XByteField("Padding32", 0x00),
XByteField("Padding33", 0x00),
XByteField("Padding34", 0x00),
XByteField("Padding35", 0x00),
XByteField("Padding36", 0x00),
XByteField("Padding37", 0x00),
XByteField("Padding38", 0x00),
XByteField("Padding39", 0x00),
XByteField("Padding40", 0x00),
XByteField("Padding41", 0x00),
XByteField("Padding42", 0x00),
XByteField("Padding43", 0x00),
XByteField("Padding44", 0x00),
XByteField("Padding45", 0x00),
XByteField("Padding46", 0x00),
XByteField("Padding47", 0x00),
XByteField("Padding48", 0x00),
XByteField("Padding49", 0x00),
XByteField("Padding50", 0x00),
XByteField("Padding51", 0x00),
XByteField("Padding52", 0x00),
XByteField("Padding53", 0x00),
XByteField("Padding54", 0x00),
XByteField("Padding55", 0x00),
XByteField("Padding56", 0x00),
XByteField("Padding57", 0x00),
XByteField("Padding58", 0x00),
XByteField("Padding59", 0x00),
XByteField("Padding60", 0x00),
XByteField("Padding61", 0x00),
XByteField("Padding62", 0x00),
XByteField("Padding63", 0x00),
XByteField("Padding64", 0x00),
XByteField("Padding65", 0x00),
XByteField("Padding66", 0x00),
XByteField("Padding67", 0x00),
XByteField("Padding68", 0x00),
XByteField("Padding69", 0x00),
XByteField("Padding70", 0x00),
XByteField("Padding71", 0x00),
XByteField("Padding72", 0x00),
XByteField("Padding73", 0x00),
XByteField("Padding74", 0x00),
XByteField("Padding75", 0x00),
XByteField("Padding76", 0x00),
XByteField("Padding77", 0x00),
XByteField("Padding78", 0x00),
XByteField("Padding79", 0x00),
XByteField("Padding80", 0x00),
XByteField("Padding81", 0x00),
XByteField("Padding82", 0x00),
XByteField("Padding83", 0x00),
XByteField("Padding84", 0x00),
XByteField("Padding85", 0x00),
XByteField("Padding86", 0x00),
XByteField("Padding87", 0x00),
XByteField("Padding88", 0x00),
XByteField("Padding89", 0x00),
XByteField("Padding90", 0x00),
XByteField("Padding91", 0x00),
XByteField("Padding92", 0x00),
XByteField("Padding93", 0x00),
XByteField("Padding94", 0x00),
XByteField("Padding95", 0x00),
XByteField("Padding96", 0x00),
XByteField("Padding97", 0x00),
XByteField("Padding98", 0x00),
XByteField("Padding99", 0x00),
XByteField("Padding100", 0x00),
XByteField("Padding101", 0x00),
XByteField("Padding102", 0x00),
XByteField("Padding103", 0x00),
XByteField("Padding104", 0x00),
XByteField("Padding105", 0x00),
XByteField("Padding106", 0x00),
XByteField("Padding107", 0x00),
XByteField("Padding108", 0x00),
XByteField("Padding109", 0x00),
XByteField("Padding110", 0x00),
XByteField("Padding111", 0x00),
XByteField("Padding112", 0x00),
XByteField("Padding113", 0x00),
XByteField("Padding114", 0x00),
XByteField("Padding115", 0x00),
XByteField("Padding116", 0x00),
XByteField("Padding117", 0x00),
XByteField("Padding118", 0x00),
XByteField("Padding119", 0x00),
XByteField("Padding120", 0x00),
XByteField("Padding121", 0x00),
XByteField("Padding122", 0x00),
XByteField("Padding123", 0x00),
XByteField("Padding124", 0x00),
XByteField("Padding125", 0x00),
XByteField("Padding126", 0x00),
XByteField("Padding127", 0x00),
XByteField("Padding128", 0x00),
XByteField("Padding129", 0x00),
XByteField("Padding130", 0x00),
XByteField("Padding131", 0x00),
XByteField("Padding132", 0x00),
XByteField("Padding133", 0x00),
XByteField("Padding134", 0x00),
XByteField("Padding135", 0x00),
XByteField("Padding136", 0x00),
XByteField("Padding137", 0x00),
XByteField("Padding138", 0x00),
XByteField("Padding139", 0x00),
XByteField("Padding140", 0x00),
XByteField("Padding141", 0x00),
XByteField("Padding142", 0x00),
XByteField("Padding143", 0x00),
XByteField("Padding144", 0x00),
XByteField("Padding145", 0x00),
XByteField("Padding146", 0x00),
XByteField("Padding147", 0x00),
XByteField("Padding148", 0x00),
XByteField("Padding149", 0x00),
XByteField("Padding150", 0x00),
XByteField("Padding151", 0x00),
XByteField("Padding152", 0x00),
XByteField("Padding153", 0x00),
XByteField("Padding154", 0x00),
XByteField("Padding155", 0x00),
XByteField("Padding156", 0x00),
XByteField("Padding157", 0x00),
XByteField("Padding158", 0x00),
XByteField("Padding159", 0x00),
XByteField("Padding160", 0x00),
XByteField("Padding161", 0x00),
XByteField("Padding162", 0x00),
XByteField("Padding163", 0x00),
XByteField("Padding164", 0x00),
XByteField("Padding165", 0x00),
XByteField("Padding166", 0x00),
XByteField("Padding167", 0x00),
XByteField("Padding168", 0x00),
XByteField("Padding169", 0x00),
XByteField("Padding170", 0x00),
XByteField("Padding171", 0x00),
XByteField("Padding172", 0x00),
XByteField("Padding173", 0x00),
XByteField("Padding174", 0x00),
XByteField("Padding175", 0x00),
XByteField("Padding176", 0x00),
XByteField("Padding177", 0x00),
XByteField("Padding178", 0x00),
XByteField("Padding179", 0x00),
XByteField("Padding180", 0x00),
XByteField("Padding181", 0x00),
XByteField("Padding182", 0x00),
XByteField("Padding183", 0x00),
XByteField("Padding184", 0x00),
XByteField("Padding185", 0x00),
XByteField("Padding186", 0x00),
XByteField("Padding187", 0x00),
XByteField("Padding188", 0x00),
XByteField("Padding189", 0x00),
XByteField("Padding190", 0x00),
XByteField("Padding191", 0x00),
XByteField("Padding192", 0x00),
XByteField("Padding193", 0x00),
XByteField("Padding194", 0x00),
XByteField("Padding195", 0x00),
XByteField("Padding196", 0x00),
XByteField("Padding197", 0x00),
XByteField("Padding198", 0x00),
XByteField("Padding199", 0x00),
XByteField("Padding200", 0x00),
XByteField("Padding201", 0x00),
XByteField("Padding202", 0x00),
XByteField("Padding203", 0x00),
XByteField("Padding204", 0x00),
XByteField("Padding205", 0x00),
XByteField("Padding206", 0x00),
XByteField("Padding207", 0x00),
XByteField("Padding208", 0x00),
XByteField("Padding209", 0x00),
XByteField("Padding210", 0x00),
XByteField("Padding211", 0x00),
XByteField("Padding212", 0x00),
XByteField("Padding213", 0x00),
XByteField("Padding214", 0x00),
XByteField("Padding215", 0x00),
XByteField("Padding216", 0x00),
XByteField("Padding217", 0x00),
XByteField("Padding218", 0x00),
XByteField("Padding219", 0x00),
XByteField("Padding220", 0x00),
XByteField("Padding221", 0x00),
XByteField("Padding222", 0x00),
XByteField("Padding223", 0x00),
XByteField("Padding224", 0x00),
XByteField("Padding225", 0x00),
XByteField("Padding226", 0x00),
XByteField("Padding227", 0x00),
XByteField("Padding228", 0x00),
XByteField("Padding229", 0x00),
XByteField("Padding230", 0x00),
XByteField("Padding231", 0x00),
XByteField("Padding232", 0x00),
XByteField("Padding233", 0x00),
XByteField("Padding234", 0x00),
XByteField("Padding235", 0x00),
XByteField("Padding236", 0x00),
XByteField("Padding237", 0x00),
XByteField("Padding238", 0x00),
XByteField("Padding239", 0x00),
XByteField("Padding240", 0x00),
XByteField("Padding241", 0x00),
XByteField("Padding242", 0x00),
XByteField("Padding243", 0x00),
XByteField("Padding244", 0x00),
XByteField("Padding245", 0x00),
XByteField("Padding246", 0x00),
XByteField("Padding247", 0x00),
XByteField("Padding248", 0x00),
XByteField("Padding249", 0x00),
XByteField("Padding250", 0x00),
XByteField("Padding251", 0x00),
XByteField("Padding252", 0x00),
XByteField("Padding253", 0x00),
XByteField("Padding254", 0x00),
XByteField("Padding255", 0x00),
XByteField("Padding256", 0x00),
XByteField("Padding257", 0x00),
XByteField("Padding258", 0x00),
XByteField("Padding259", 0x00),
XByteField("Padding260", 0x00),
XByteField("Padding261", 0x00),
XByteField("Padding262", 0x00),
XByteField("Padding263", 0x00),
XByteField("Padding264", 0x00),
XByteField("Padding265", 0x00),
XByteField("Padding266", 0x00),
XByteField("Padding267", 0x00),
XByteField("Padding268", 0x00),
XByteField("Padding269", 0x00),
XByteField("Padding270", 0x00),
XByteField("Padding271", 0x00),
XByteField("Padding272", 0x00),
XByteField("Padding273", 0x00),
XByteField("Padding274", 0x00),
XByteField("Padding275", 0x00),
XByteField("Padding276", 0x00),
XByteField("Padding277", 0x00),
XByteField("Padding278", 0x00),
XByteField("Padding279", 0x00),
XByteField("Padding280", 0x00),
XByteField("Padding281", 0x00),
XByteField("Padding282", 0x00),
XByteField("Padding283", 0x00),
XByteField("Padding284", 0x00),
XByteField("Padding285", 0x00),
XByteField("Padding286", 0x00),
XByteField("Padding287", 0x00),
XByteField("Padding288", 0x00),
XByteField("Padding289", 0x00),
XByteField("Padding290", 0x00),
XByteField("Padding291", 0x00),
XByteField("Padding292", 0x00),
XByteField("Padding293", 0x00),
XByteField("Padding294", 0x00),
XByteField("Padding295", 0x00),
XByteField("Padding296", 0x00),
XByteField("Padding297", 0x00),
XByteField("Padding298", 0x00),
XByteField("Padding299", 0x00),
XByteField("Padding300", 0x00),
XByteField("Padding301", 0x00),
XByteField("Padding302", 0x00),
XByteField("Padding303", 0x00),
XByteField("Padding304", 0x00),
XByteField("Padding305", 0x00),
XByteField("Padding306", 0x00),
XByteField("Padding307", 0x00),
XByteField("Padding308", 0x00),
XByteField("Padding309", 0x00),
XByteField("Padding310", 0x00),
XByteField("Padding311", 0x00),
XByteField("Padding312", 0x00),
XByteField("Padding313", 0x00),
XByteField("Padding314", 0x00),
XByteField("Padding315", 0x00),
XByteField("Padding316", 0x00),
XByteField("Padding317", 0x00),
XByteField("Padding318", 0x00),
XByteField("Padding319", 0x00),
XByteField("Padding320", 0x00),
XByteField("Padding321", 0x00),
XByteField("Padding322", 0x00),
XByteField("Padding323", 0x00),
XByteField("Padding324", 0x00),
XByteField("Padding325", 0x00),
XByteField("Padding326", 0x00),
XByteField("Padding327", 0x00),
XByteField("Padding328", 0x00),
XByteField("Padding329", 0x00),
XByteField("Padding330", 0x00),
XByteField("Padding331", 0x00),
XByteField("Padding332", 0x00),
XByteField("Padding333", 0x00),
XByteField("Padding334", 0x00),
XByteField("Padding335", 0x00),
XByteField("Padding336", 0x00),
XByteField("Padding337", 0x00),
XByteField("Padding338", 0x00),
XByteField("Padding339", 0x00),
XByteField("Padding340", 0x00),
XByteField("Padding341", 0x00),
XByteField("Padding342", 0x00),
XByteField("Padding343", 0x00),
XByteField("Padding344", 0x00),
XByteField("Padding345", 0x00),
XByteField("Padding346", 0x00),
XByteField("Padding347", 0x00),
XByteField("Padding348", 0x00),
XByteField("Padding349", 0x00),
XByteField("Padding350", 0x00),
XByteField("Padding351", 0x00),
XByteField("Padding352", 0x00),
XByteField("Padding353", 0x00),
XByteField("Padding354", 0x00),
XByteField("Padding355", 0x00),
XByteField("Padding356", 0x00),
XByteField("Padding357", 0x00),
XByteField("Padding358", 0x00),
XByteField("Padding359", 0x00),
XByteField("Padding360", 0x00),
XByteField("Padding361", 0x00),
XByteField("Padding362", 0x00),
XByteField("Padding363", 0x00),
XByteField("Padding364", 0x00),
XByteField("Padding365", 0x00),
XByteField("Padding366", 0x00),
XByteField("Padding367", 0x00),
XByteField("Padding368", 0x00),
XByteField("Padding369", 0x00),
XByteField("Padding370", 0x00),
XByteField("Padding371", 0x00),
XByteField("Padding372", 0x00),
XByteField("Padding373", 0x00),
XByteField("Padding374", 0x00),
XByteField("Padding375", 0x00),
XByteField("Padding376", 0x00),
XByteField("Padding377", 0x00),
XByteField("Padding378", 0x00),
XByteField("Padding379", 0x00),
XByteField("Padding380", 0x00),
XByteField("Padding381", 0x00),
XByteField("Padding382", 0x00),
XByteField("Padding383", 0x00),
XByteField("Padding384", 0x00),
XByteField("Padding385", 0x00),
XByteField("Padding386", 0x00),
XByteField("Padding387", 0x00),
XByteField("Padding388", 0x00),
XByteField("Padding389", 0x00),
XByteField("Padding390", 0x00),
XByteField("Padding391", 0x00),
XByteField("Padding392", 0x00),
XByteField("Padding393", 0x00),
XByteField("Padding394", 0x00),
XByteField("Padding395", 0x00),
XByteField("Padding396", 0x00),
XByteField("Padding397", 0x00),
XByteField("Padding398", 0x00),
XByteField("Padding399", 0x00),
XByteField("Padding400", 0x00),
XByteField("Padding401", 0x00),
XByteField("Padding402", 0x00),
XByteField("Padding403", 0x00),
XByteField("Padding404", 0x00),
XByteField("Padding405", 0x00),
XByteField("Padding406", 0x00),
XByteField("Padding407", 0x00),
XByteField("Padding408", 0x00),
XByteField("Padding409", 0x00),
XByteField("Padding410", 0x00),
XByteField("Padding411", 0x00),
XByteField("Padding412", 0x00),
XByteField("Padding413", 0x00),
XByteField("Padding414", 0x00),
XByteField("Padding415", 0x00),
XByteField("Padding416", 0x00),
XByteField("Padding417", 0x00),
XByteField("Padding418", 0x00),
XByteField("Padding419", 0x00),
XByteField("Padding420", 0x00),
XByteField("Padding421", 0x00),
XByteField("Padding422", 0x00),
XByteField("Padding423", 0x00),
XByteField("Padding424", 0x00),
XByteField("Padding425", 0x00),
XByteField("Padding426", 0x00),
XByteField("Padding427", 0x00),
XByteField("Padding428", 0x00),
XByteField("Padding429", 0x00),
XByteField("Padding430", 0x00),
XByteField("Padding431", 0x00),
XByteField("Padding432", 0x00),
XByteField("Padding433", 0x00),
XByteField("Padding434", 0x00),
XByteField("Padding435", 0x00),
XByteField("Padding436", 0x00),
XByteField("Padding437", 0x00),
XByteField("Padding438", 0x00),
XByteField("Padding439", 0x00),
XByteField("Padding440", 0x00),
XByteField("Padding441", 0x00),
XByteField("Padding442", 0x00),
XByteField("Padding443", 0x00),
XByteField("Padding444", 0x00),
XByteField("Padding445", 0x00),
XByteField("Padding446", 0x00),
XByteField("Padding447", 0x00),
XByteField("Padding448", 0x00),
XByteField("Padding449", 0x00),
XByteField("Padding450", 0x00),
XByteField("Padding451", 0x00),
XByteField("Padding452", 0x00),
XByteField("Padding453", 0x00),
XByteField("Padding454", 0x00),
XByteField("Padding455", 0x00),
XByteField("Padding456", 0x00),
XByteField("Padding457", 0x00),
XByteField("Padding458", 0x00),
XByteField("Padding459", 0x00),
XByteField("Padding460", 0x00),
XByteField("Padding461", 0x00),
XByteField("Padding462", 0x00),
XByteField("Padding463", 0x00),
XByteField("Padding464", 0x00),
XByteField("Padding465", 0x00),
XByteField("Padding466", 0x00),
XByteField("Padding467", 0x00),
XByteField("Padding468", 0x00),
XByteField("Padding469", 0x00),
XByteField("Padding470", 0x00),
XByteField("Padding471", 0x00),
XByteField("Padding472", 0x00),
XByteField("Padding473", 0x00),
XByteField("Padding474", 0x00),
XByteField("Padding475", 0x00),
XByteField("Padding476", 0x00),
XByteField("Padding477", 0x00),
XByteField("Padding478", 0x00),
XByteField("Padding479", 0x00),
XByteField("Padding480", 0x00),
XByteField("Padding481", 0x00),
XByteField("Padding482", 0x00),
XByteField("Padding483", 0x00),
XByteField("Padding484", 0x00),
XByteField("Padding485", 0x00),
XByteField("Padding486", 0x00),
XByteField("Padding487", 0x00),
XByteField("Padding488", 0x00),
XByteField("Padding489", 0x00),
XByteField("Padding490", 0x00),
XByteField("Padding491", 0x00),
XByteField("Padding492", 0x00),
XByteField("Padding493", 0x00),
XByteField("Padding494", 0x00),
XByteField("Padding495", 0x00),
XByteField("Padding496", 0x00),
XByteField("Padding497", 0x00),
XByteField("Padding498", 0x00),
XByteField("Padding499", 0x00),
XByteField("Padding500", 0x00),
XByteField("Padding501", 0x00),
XByteField("Padding502", 0x00),
XByteField("Padding503", 0x00),
XByteField("Padding504", 0x00),
XByteField("Padding505", 0x00),
XByteField("Padding506", 0x00),
XByteField("Padding507", 0x00),
XByteField("Padding508", 0x00),
XByteField("Padding509", 0x00),
XByteField("Padding510", 0x00),
XByteField("Padding511", 0x00),
XByteField("Padding512", 0x00),
XByteField("Padding513", 0x00),
XByteField("Padding514", 0x00),
XByteField("Padding515", 0x00),
XByteField("Padding516", 0x00),
XByteField("Padding517", 0x00),
XByteField("Padding518", 0x00),
XByteField("Padding519", 0x00),
XByteField("Padding520", 0x00),
XByteField("Padding521", 0x00),
XByteField("Padding522", 0x00),
XByteField("Padding523", 0x00),
XByteField("Padding524", 0x00),
XByteField("Padding525", 0x00),
XByteField("Padding526", 0x00),
XByteField("Padding527", 0x00),
XByteField("Padding528", 0x00),
XByteField("Padding529", 0x00),
XByteField("Padding530", 0x00),
XByteField("Padding531", 0x00),
XByteField("Padding532", 0x00),
XByteField("Padding533", 0x00),
XByteField("Padding534", 0x00),
XByteField("Padding535", 0x00),
XByteField("Padding536", 0x00),
XByteField("Padding537", 0x00),
XByteField("Padding538", 0x00),
XByteField("Padding539", 0x00),
XByteField("Padding540", 0x00),
XByteField("Padding541", 0x00),
XByteField("Padding542", 0x00),
XByteField("Padding543", 0x00),
XByteField("Padding544", 0x00),
XByteField("Padding545", 0x00),
XByteField("Padding546", 0x00),
XByteField("Padding547", 0x00),
XByteField("Padding548", 0x00),
XByteField("Padding549", 0x00),
XByteField("Padding550", 0x00),
XByteField("Padding551", 0x00),
XByteField("Padding552", 0x00),
XByteField("Padding553", 0x00),
XByteField("Padding554", 0x00),
XByteField("Padding555", 0x00),
XByteField("Padding556", 0x00),
XByteField("Padding557", 0x00),
XByteField("Padding558", 0x00),
XByteField("Padding559", 0x00),
XByteField("Padding560", 0x00),
XByteField("Padding561", 0x00),
XByteField("Padding562", 0x00),
XByteField("Padding563", 0x00),
XByteField("Padding564", 0x00),
XByteField("Padding565", 0x00),
XByteField("Padding566", 0x00),
XByteField("Padding567", 0x00),
XByteField("Padding568", 0x00),
XByteField("Padding569", 0x00),
XByteField("Padding570", 0x00),
XByteField("Padding571", 0x00),
XByteField("Padding572", 0x00),
XByteField("Padding573", 0x00),
XByteField("Padding574", 0x00),
XByteField("Padding575", 0x00),
XByteField("Padding576", 0x00),
XByteField("Padding577", 0x00),
XByteField("Padding578", 0x00),
XByteField("Padding579", 0x00),
XByteField("Padding580", 0x00),
XByteField("Padding581", 0x00),
XByteField("Padding582", 0x00),
XByteField("Padding583", 0x00),
XByteField("Padding584", 0x00),
XByteField("Padding585", 0x00),
XByteField("Padding586", 0x00),
XByteField("Padding587", 0x00),
XByteField("Padding588", 0x00),
XByteField("Padding589", 0x00),
XByteField("Padding590", 0x00),
XByteField("Padding591", 0x00),
XByteField("Padding592", 0x00),
XByteField("Padding593", 0x00),
XByteField("Padding594", 0x00),
XByteField("Padding595", 0x00),
XByteField("Padding596", 0x00),
XByteField("Padding597", 0x00),
XByteField("Padding598", 0x00),
XByteField("Padding599", 0x00),
XByteField("Padding600", 0x00),
XByteField("Padding601", 0x00),
XByteField("Padding602", 0x00),
XByteField("Padding603", 0x00),
XByteField("Padding604", 0x00),
XByteField("Padding605", 0x00),
XByteField("Padding606", 0x00),
XByteField("Padding607", 0x00),
XByteField("Padding608", 0x00),
XByteField("Padding609", 0x00),
XByteField("Padding610", 0x00),
XByteField("Padding611", 0x00),
XByteField("Padding612", 0x00),
XByteField("Padding613", 0x00),
XByteField("Padding614", 0x00),
XByteField("Padding615", 0x00),
XByteField("Padding616", 0x00),
XByteField("Padding617", 0x00),
XByteField("Padding618", 0x00),
XByteField("Padding619", 0x00),
XByteField("Padding620", 0x00),
XByteField("Padding621", 0x00),
XByteField("Padding622", 0x00),
XByteField("Padding623", 0x00),
XByteField("Padding624", 0x00),
XByteField("Padding625", 0x00),
XByteField("Padding626", 0x00),
XByteField("Padding627", 0x00),
XByteField("Padding628", 0x00),
XByteField("Padding629", 0x00),
XByteField("Padding630", 0x00),
XByteField("Padding631", 0x00),
XByteField("Padding632", 0x00),
XByteField("Padding633", 0x00),
XByteField("Padding634", 0x00),
XByteField("Padding635", 0x00),
XByteField("Padding636", 0x00),
StrFixedLenField("Server Name Indication", "www.example.org", 15),
StrFixedLenField("STK_Value", string_to_ascii("f7214fe6649467547b2c4e006d97c716097d05ac737b34f426404fd965e2290677fecb437701364808ec4af796bacea645afd897525ef16f"), 56),
StrFixedLenField("SNO_Value", string_to_ascii("e4d458e2594b930f6d4f77711215adf9ebe99096c479dbf765f41d28646c4b87a0ec735e63cc4f19b9207d369e36968b2b2071ed"), 52),
LEIntField("Version_Value", 0),
StrFixedLenField("CCS_Value", string_to_ascii("01e8816092921ae87eed8086a2158291"), 16),
StrFixedLenField("NONC_Value", string_to_ascii("5ac349e90091b5556f1a3c52eb57f92c12640e876e26ab2601c02b2a32f54830"), 32),
StrFixedLenField("AEAD_Value", "AESG", 4),
# Set the server config id to the value received in the REJ packet.
StrFixedLenField("SCID_Value", "", 16),
StrFixedLenField("PDMD_Value", "X509", 4),
LEIntField("ICSL_Value", 30),
StrFixedLenField("PUBS_Value", string_to_ascii("1403c2f3138a820f8114f282c4837d585bd00782f4ec0e5f1d39c06c49cc8043"), 32),
LEIntField("MIDS_Value", 65000),
StrFixedLenField("KEXS_Value", "C255", 4),
StrFixedLenField("XLCT_Value", string_to_ascii("8d884a6c79a0e6de"), 8),
LEIntField("CFCW_Value", 65000),
LEIntField("SFCW_Value", 65000),
]
def send_full_chlo_to_existing_connection(self):
"""
Is it sent encrypted?
:return:
"""
try:
previous_session = SessionModel.get(SessionModel.id == 1)
self.logger.info(previous_session)
self.logger.info("Server config Id {}".format(
previous_session.server_config_id))
self.logger.info(SessionInstance.get_instance().app_keys)
SessionInstance.get_instance(
).last_received_rej = "-1" # I want to force the sniffer to generate a new set of keys.
SessionInstance.get_instance().zero_rtt = True
# The order is important!
tags = [
{
'name':
'PAD',
'value':
'00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'
},
{
'name': 'SNI',
'value': '7777772e6578616d706c652e6f7267'
},
{
'name': 'STK',
'value': previous_session.source_address_token
},
{
'name': 'SNO',
'value': previous_session.server_nonce
},
{
'name': 'VER',
'value': '00000000'
},
{
'name': 'CCS',
'value': '01e8816092921ae87eed8086a2158291'
},
{
'name':
'NONC',
'value':
'5ac349e90091b5556f1a3c52eb57f92c12640e876e26ab2601c02b2a32f54830'
},
{
'name': 'AEAD',
'value': '41455347' # AESGCM12
},
{
'name': 'SCID',
'value': previous_session.server_config_id
},
{
'name': 'PDMD',
'value': '58353039'
},
{
'name': 'ICSL',
'value': '1e000000'
},
{
'name':
'PUBS',
'value':
'96D49F2CE98F31F053DCB6DFE729669385E5FD99D5AA36615E1A9AD57C1B090C'
},
{
'name': 'MIDS',
'value': '64000000'
},
{
'name': 'KEXS',
'value': '43323535' # C25519
},
{
'name': 'XLCT',
'value': '8d884a6c79a0e6de'
},
{
'name': 'CFCW',
'value': '00c00000'
},
{
'name': 'SFCW',
'value': '00800000'
},
]
d = DynamicCHLOPacket(tags)
body = d.build_body()
PacketNumberInstance.get_instance().reset()
conn_id = random.getrandbits(64)
SessionInstance.get_instance(
).server_nonce = previous_session.server_nonce
SessionInstance.get_instance().connection_id_as_number = conn_id
SessionInstance.get_instance().connection_id = str(
format(conn_id, 'x').zfill(8))
SessionInstance.get_instance().peer_public_value = bytes.fromhex(
previous_session.public_value)
self.logger.info("Using connection Id {}".format(
SessionInstance.get_instance().connection_id))
SessionInstance.get_instance().shlo_received = False
# SessionInstance.get_instance().zero_rtt = True # This one should only be set if the Zero RTT CHLO does not result in a REJ.
#
a = FullCHLOPacketNoPadding()
a.setfieldval(
'Packet Number',
PacketNumberInstance.get_instance().get_next_packet_number())
a.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
# # Lets just create the public key for DHKE
dhke.set_up_my_keys()
associated_data = extract_from_packet(a, end=15)
body_mah = [body[i:i + 2] for i in range(0, len(body), 2)]
message_authentication_hash = FNV128A().generate_hash(
associated_data, body_mah)
conf.L3socket = L3RawSocket
SessionInstance.get_instance(
).chlo = extract_from_packet_as_bytestring(
a, start=27
) # CHLO from the CHLO tag, which starts at offset 26 (22 header + frame type + stream id + offset)
SessionInstance.get_instance().chlo += body[4:]
# dhke.generate_keys(bytes.fromhex(previous_session.public_value), False)
# ciphertext = CryptoManager.encrypt(bytes.fromhex(SessionInstance.get_instance().chlo), 1)
#
a.setfieldval('Message Authentication Hash',
string_to_ascii(message_authentication_hash))
#
# print("Send full CHLO from existing connection")
#
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121, sport=61250) / a / Raw(load=string_to_ascii(body))
# # Maybe we cannot assume that is just a version negotiation packet?
self.sniffer.add_observer(self)
send(p)
self.wait_for_signal_or_expiration()
self.processed = False
self.sniffer.remove_observer(self)
except Exception:
self.send_chlo(False)
def send_ack_for_encrypted_message(self):
ack = AckNotificationPacket()
conf.L3socket = L3RawSocket
ack.setfieldval(
'CID',
string_to_ascii(SessionInstance.get_instance().connection_id))
next_packet_number_int = PacketNumberInstance.get_instance(
).get_next_packet_number()
next_packet_number_byte = int(next_packet_number_int).to_bytes(
8, byteorder='little')
next_packet_number_nonce = int(next_packet_number_int).to_bytes(
2, byteorder='big')
# print("Sending encrypted ack for packet number {}".format(next_packet_number_int))
ack.setfieldval("Packet Number", next_packet_number_int)
highest_received_packet_number = format(
int(
PacketNumberInstance.get_instance().
get_highest_received_packet_number(), 16), 'x')
ack_body = "40"
ack_body += str(highest_received_packet_number).zfill(2)
ack_body += "0062"
ack_body += str(highest_received_packet_number).zfill(2)
ack_body += "00"
# not sure yet if we can remove this?
keys = SessionInstance.get_instance().keys
request = {
'mode':
'encryption',
'input':
ack_body,
'key':
keys['key1'].hex(), # For encryption, we use my key
'additionalData':
"18" + SessionInstance.get_instance().connection_id +
next_packet_number_byte.hex()
[:4], # Fixed public flags 18 || fixed connection Id || packet number
'nonce':
keys['iv1'].hex() + next_packet_number_nonce.hex().ljust(16, '0')
}
# print("Ack request for encryption {}".format(request))
ciphertext = CryptoConnectionManager.send_message(
ConnectionEndpoint.CRYPTO_ORACLE,
json.dumps(request).encode('utf-8'), True)
ciphertext = ciphertext['data']
# print("Ciphertext in ack {}".format(ciphertext))
ack.setfieldval("Message Authentication Hash",
string_to_ascii(ciphertext[:24]))
SessionInstance.get_instance().nr_ack_send += 1
p = IP(dst=SessionInstance.get_instance().destination_ip) / UDP(
dport=6121,
sport=61250) / ack / Raw(load=string_to_ascii(ciphertext[24:]))
send(p)
class QUICHeader(Packet):
"""
The header for the QUIC CHLO packet
Taken from Wireshark capture example-local-clemente-aesgcm
"""
name = "QUIC"
fields_desc = [
XByteField("Public Flags", 0x19),
StrFixedLenField("CID", string_to_ascii(""), 8),
StrFixedLenField("Version", "Q039", 4),
LEShortField("Packet Number", 256),
# Message Authentication Hash, 12 bytes
StrFixedLenField("Message Authentication Hash",
string_to_ascii("5f67187558566e93f02ce5d0"), 12),
XByteField("Frame Type", 0x80), # Stream
ByteField("Stream ID", 1),
# LEShortField("Data Length", 5125),
StrFixedLenField("Tag1", "CHLO", 4),
LEShortField("Tag Number", 9),
ShortField("Padding", 0),
StrFixedLenField("PAD", "PAD", 3),
ByteField("Xtra", 0),
LEIntField("tag_offset_end", 905),
StrFixedLenField("SNI", "SNI", 3),
ByteField("Xtra 2", 0),
LEIntField("tag_offset_end_2", 920),
StrFixedLenField("VER", "VER", 3),
ByteField("Xtra 3", 0),
LEIntField("tag_offset_end_3", 924),
StrFixedLenField("CCS", "CCS", 3),
ByteField("Xtra 4", 0),
LEIntField("tag_offset_end_4", 940),
# StrFixedLenField("MSPC", "MSPC", 4),
# ByteField("Xtra 5", 0),
# LEIntField("tag_offset_end_5", 1104),
StrFixedLenField("PDMD", "PDMD", 4),
# ByteField("Xtra 6", 0),
LEIntField("tag_offset_end_6", 944),
# StrFixedLenField("SMHL", "SMHL", 4),
# ByteField("Xtra 7", 0),
# LEIntField("tag_offset_end_7", 1112),
StrFixedLenField("ICSL", "ICSL", 4),
# ByteField("Xtra 8", 0),
LEIntField("tag_offset_end_8", 948),
# StrFixedLenField("CTIM", "CTIM", 4),
# ByteField("Xtra 9", 0),
# LEIntField("tag_offset_end_9", 1124),
# StrFixedLenField("NONP", "NONP", 4),
# ByteField("Xtra 10", 0),
# LEIntField("tag_offset_end_10", 1156),
StrFixedLenField("MIDS", "MIDS", 4),
# ByteField("Xtra 11", 0),
LEIntField("tag_offset_end_11", 952),
# StrFixedLenField("SCLS", "SCLS", 4),
# ByteField("Xtra 12", 0),
# LEIntField("tag_offset_end_12", 1164),
StrFixedLenField("CSCT", "CSCT", 4),
# ByteField("Xtra 13", 0),
# LEIntField("tag_offset_end_13", 1164),
# StrFixedLenField("CFCW", "CFCW", 4),
# ByteField("Xtra 14", 0),
LEIntField("tag_offset_end_14", 956),
StrFixedLenField("SFCW", "SFCW", 4),
# ByteField("Xtra 15", 0),
LEIntField("tag_offset_end_15", 960),
# Now have 905 times the value 2d
# StrFixedLenField("Padding", string_to_ascii("0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"), 905),
XByteField("Padding0", 0x00),
XByteField("Padding1", 0x00),
XByteField("Padding2", 0x00),
XByteField("Padding3", 0x00),
XByteField("Padding4", 0x00),
XByteField("Padding5", 0x00),
XByteField("Padding6", 0x00),
XByteField("Padding7", 0x00),
XByteField("Padding8", 0x00),
XByteField("Padding9", 0x00),
XByteField("Padding10", 0x00),
XByteField("Padding11", 0x00),
XByteField("Padding12", 0x00),
XByteField("Padding13", 0x00),
XByteField("Padding14", 0x00),
XByteField("Padding15", 0x00),
XByteField("Padding16", 0x00),
XByteField("Padding17", 0x00),
XByteField("Padding18", 0x00),
XByteField("Padding19", 0x00),
XByteField("Padding20", 0x00),
XByteField("Padding21", 0x00),
XByteField("Padding22", 0x00),
XByteField("Padding23", 0x00),
XByteField("Padding24", 0x00),
XByteField("Padding25", 0x00),
XByteField("Padding26", 0x00),
XByteField("Padding27", 0x00),
XByteField("Padding28", 0x00),
XByteField("Padding29", 0x00),
XByteField("Padding30", 0x00),
XByteField("Padding31", 0x00),
XByteField("Padding32", 0x00),
XByteField("Padding33", 0x00),
XByteField("Padding34", 0x00),
XByteField("Padding35", 0x00),
XByteField("Padding36", 0x00),
XByteField("Padding37", 0x00),
XByteField("Padding38", 0x00),
XByteField("Padding39", 0x00),
XByteField("Padding40", 0x00),
XByteField("Padding41", 0x00),
XByteField("Padding42", 0x00),
XByteField("Padding43", 0x00),
XByteField("Padding44", 0x00),
XByteField("Padding45", 0x00),
XByteField("Padding46", 0x00),
XByteField("Padding47", 0x00),
XByteField("Padding48", 0x00),
XByteField("Padding49", 0x00),
XByteField("Padding50", 0x00),
XByteField("Padding51", 0x00),
XByteField("Padding52", 0x00),
XByteField("Padding53", 0x00),
XByteField("Padding54", 0x00),
XByteField("Padding55", 0x00),
XByteField("Padding56", 0x00),
XByteField("Padding57", 0x00),
XByteField("Padding58", 0x00),
XByteField("Padding59", 0x00),
XByteField("Padding60", 0x00),
XByteField("Padding61", 0x00),
XByteField("Padding62", 0x00),
XByteField("Padding63", 0x00),
XByteField("Padding64", 0x00),
XByteField("Padding65", 0x00),
XByteField("Padding66", 0x00),
XByteField("Padding67", 0x00),
XByteField("Padding68", 0x00),
XByteField("Padding69", 0x00),
XByteField("Padding70", 0x00),
XByteField("Padding71", 0x00),
XByteField("Padding72", 0x00),
XByteField("Padding73", 0x00),
XByteField("Padding74", 0x00),
XByteField("Padding75", 0x00),
XByteField("Padding76", 0x00),
XByteField("Padding77", 0x00),
XByteField("Padding78", 0x00),
XByteField("Padding79", 0x00),
XByteField("Padding80", 0x00),
XByteField("Padding81", 0x00),
XByteField("Padding82", 0x00),
XByteField("Padding83", 0x00),
XByteField("Padding84", 0x00),
XByteField("Padding85", 0x00),
XByteField("Padding86", 0x00),
XByteField("Padding87", 0x00),
XByteField("Padding88", 0x00),
XByteField("Padding89", 0x00),
XByteField("Padding90", 0x00),
XByteField("Padding91", 0x00),
XByteField("Padding92", 0x00),
XByteField("Padding93", 0x00),
XByteField("Padding94", 0x00),
XByteField("Padding95", 0x00),
XByteField("Padding96", 0x00),
XByteField("Padding97", 0x00),
XByteField("Padding98", 0x00),
XByteField("Padding99", 0x00),
XByteField("Padding100", 0x00),
XByteField("Padding101", 0x00),
XByteField("Padding102", 0x00),
XByteField("Padding103", 0x00),
XByteField("Padding104", 0x00),
XByteField("Padding105", 0x00),
XByteField("Padding106", 0x00),
XByteField("Padding107", 0x00),
XByteField("Padding108", 0x00),
XByteField("Padding109", 0x00),
XByteField("Padding110", 0x00),
XByteField("Padding111", 0x00),
XByteField("Padding112", 0x00),
XByteField("Padding113", 0x00),
XByteField("Padding114", 0x00),
XByteField("Padding115", 0x00),
XByteField("Padding116", 0x00),
XByteField("Padding117", 0x00),
XByteField("Padding118", 0x00),
XByteField("Padding119", 0x00),
XByteField("Padding120", 0x00),
XByteField("Padding121", 0x00),
XByteField("Padding122", 0x00),
XByteField("Padding123", 0x00),
XByteField("Padding124", 0x00),
XByteField("Padding125", 0x00),
XByteField("Padding126", 0x00),
XByteField("Padding127", 0x00),
XByteField("Padding128", 0x00),
XByteField("Padding129", 0x00),
XByteField("Padding130", 0x00),
XByteField("Padding131", 0x00),
XByteField("Padding132", 0x00),
XByteField("Padding133", 0x00),
XByteField("Padding134", 0x00),
XByteField("Padding135", 0x00),
XByteField("Padding136", 0x00),
XByteField("Padding137", 0x00),
XByteField("Padding138", 0x00),
XByteField("Padding139", 0x00),
XByteField("Padding140", 0x00),
XByteField("Padding141", 0x00),
XByteField("Padding142", 0x00),
XByteField("Padding143", 0x00),
XByteField("Padding144", 0x00),
XByteField("Padding145", 0x00),
XByteField("Padding146", 0x00),
XByteField("Padding147", 0x00),
XByteField("Padding148", 0x00),
XByteField("Padding149", 0x00),
XByteField("Padding150", 0x00),
XByteField("Padding151", 0x00),
XByteField("Padding152", 0x00),
XByteField("Padding153", 0x00),
XByteField("Padding154", 0x00),
XByteField("Padding155", 0x00),
XByteField("Padding156", 0x00),
XByteField("Padding157", 0x00),
XByteField("Padding158", 0x00),
XByteField("Padding159", 0x00),
XByteField("Padding160", 0x00),
XByteField("Padding161", 0x00),
XByteField("Padding162", 0x00),
XByteField("Padding163", 0x00),
XByteField("Padding164", 0x00),
XByteField("Padding165", 0x00),
XByteField("Padding166", 0x00),
XByteField("Padding167", 0x00),
XByteField("Padding168", 0x00),
XByteField("Padding169", 0x00),
XByteField("Padding170", 0x00),
XByteField("Padding171", 0x00),
XByteField("Padding172", 0x00),
XByteField("Padding173", 0x00),
XByteField("Padding174", 0x00),
XByteField("Padding175", 0x00),
XByteField("Padding176", 0x00),
XByteField("Padding177", 0x00),
XByteField("Padding178", 0x00),
XByteField("Padding179", 0x00),
XByteField("Padding180", 0x00),
XByteField("Padding181", 0x00),
XByteField("Padding182", 0x00),
XByteField("Padding183", 0x00),
XByteField("Padding184", 0x00),
XByteField("Padding185", 0x00),
XByteField("Padding186", 0x00),
XByteField("Padding187", 0x00),
XByteField("Padding188", 0x00),
XByteField("Padding189", 0x00),
XByteField("Padding190", 0x00),
XByteField("Padding191", 0x00),
XByteField("Padding192", 0x00),
XByteField("Padding193", 0x00),
XByteField("Padding194", 0x00),
XByteField("Padding195", 0x00),
XByteField("Padding196", 0x00),
XByteField("Padding197", 0x00),
XByteField("Padding198", 0x00),
XByteField("Padding199", 0x00),
XByteField("Padding200", 0x00),
XByteField("Padding201", 0x00),
XByteField("Padding202", 0x00),
XByteField("Padding203", 0x00),
XByteField("Padding204", 0x00),
XByteField("Padding205", 0x00),
XByteField("Padding206", 0x00),
XByteField("Padding207", 0x00),
XByteField("Padding208", 0x00),
XByteField("Padding209", 0x00),
XByteField("Padding210", 0x00),
XByteField("Padding211", 0x00),
XByteField("Padding212", 0x00),
XByteField("Padding213", 0x00),
XByteField("Padding214", 0x00),
XByteField("Padding215", 0x00),
XByteField("Padding216", 0x00),
XByteField("Padding217", 0x00),
XByteField("Padding218", 0x00),
XByteField("Padding219", 0x00),
XByteField("Padding220", 0x00),
XByteField("Padding221", 0x00),
XByteField("Padding222", 0x00),
XByteField("Padding223", 0x00),
XByteField("Padding224", 0x00),
XByteField("Padding225", 0x00),
XByteField("Padding226", 0x00),
XByteField("Padding227", 0x00),
XByteField("Padding228", 0x00),
XByteField("Padding229", 0x00),
XByteField("Padding230", 0x00),
XByteField("Padding231", 0x00),
XByteField("Padding232", 0x00),
XByteField("Padding233", 0x00),
XByteField("Padding234", 0x00),
XByteField("Padding235", 0x00),
XByteField("Padding236", 0x00),
XByteField("Padding237", 0x00),
XByteField("Padding238", 0x00),
XByteField("Padding239", 0x00),
XByteField("Padding240", 0x00),
XByteField("Padding241", 0x00),
XByteField("Padding242", 0x00),
XByteField("Padding243", 0x00),
XByteField("Padding244", 0x00),
XByteField("Padding245", 0x00),
XByteField("Padding246", 0x00),
XByteField("Padding247", 0x00),
XByteField("Padding248", 0x00),
XByteField("Padding249", 0x00),
XByteField("Padding250", 0x00),
XByteField("Padding251", 0x00),
XByteField("Padding252", 0x00),
XByteField("Padding253", 0x00),
XByteField("Padding254", 0x00),
XByteField("Padding255", 0x00),
XByteField("Padding256", 0x00),
XByteField("Padding257", 0x00),
XByteField("Padding258", 0x00),
XByteField("Padding259", 0x00),
XByteField("Padding260", 0x00),
XByteField("Padding261", 0x00),
XByteField("Padding262", 0x00),
XByteField("Padding263", 0x00),
XByteField("Padding264", 0x00),
XByteField("Padding265", 0x00),
XByteField("Padding266", 0x00),
XByteField("Padding267", 0x00),
XByteField("Padding268", 0x00),
XByteField("Padding269", 0x00),
XByteField("Padding270", 0x00),
XByteField("Padding271", 0x00),
XByteField("Padding272", 0x00),
XByteField("Padding273", 0x00),
XByteField("Padding274", 0x00),
XByteField("Padding275", 0x00),
XByteField("Padding276", 0x00),
XByteField("Padding277", 0x00),
XByteField("Padding278", 0x00),
XByteField("Padding279", 0x00),
XByteField("Padding280", 0x00),
XByteField("Padding281", 0x00),
XByteField("Padding282", 0x00),
XByteField("Padding283", 0x00),
XByteField("Padding284", 0x00),
XByteField("Padding285", 0x00),
XByteField("Padding286", 0x00),
XByteField("Padding287", 0x00),
XByteField("Padding288", 0x00),
XByteField("Padding289", 0x00),
XByteField("Padding290", 0x00),
XByteField("Padding291", 0x00),
XByteField("Padding292", 0x00),
XByteField("Padding293", 0x00),
XByteField("Padding294", 0x00),
XByteField("Padding295", 0x00),
XByteField("Padding296", 0x00),
XByteField("Padding297", 0x00),
XByteField("Padding298", 0x00),
XByteField("Padding299", 0x00),
XByteField("Padding300", 0x00),
XByteField("Padding301", 0x00),
XByteField("Padding302", 0x00),
XByteField("Padding303", 0x00),
XByteField("Padding304", 0x00),
XByteField("Padding305", 0x00),
XByteField("Padding306", 0x00),
XByteField("Padding307", 0x00),
XByteField("Padding308", 0x00),
XByteField("Padding309", 0x00),
XByteField("Padding310", 0x00),
XByteField("Padding311", 0x00),
XByteField("Padding312", 0x00),
XByteField("Padding313", 0x00),
XByteField("Padding314", 0x00),
XByteField("Padding315", 0x00),
XByteField("Padding316", 0x00),
XByteField("Padding317", 0x00),
XByteField("Padding318", 0x00),
XByteField("Padding319", 0x00),
XByteField("Padding320", 0x00),
XByteField("Padding321", 0x00),
XByteField("Padding322", 0x00),
XByteField("Padding323", 0x00),
XByteField("Padding324", 0x00),
XByteField("Padding325", 0x00),
XByteField("Padding326", 0x00),
XByteField("Padding327", 0x00),
XByteField("Padding328", 0x00),
XByteField("Padding329", 0x00),
XByteField("Padding330", 0x00),
XByteField("Padding331", 0x00),
XByteField("Padding332", 0x00),
XByteField("Padding333", 0x00),
XByteField("Padding334", 0x00),
XByteField("Padding335", 0x00),
XByteField("Padding336", 0x00),
XByteField("Padding337", 0x00),
XByteField("Padding338", 0x00),
XByteField("Padding339", 0x00),
XByteField("Padding340", 0x00),
XByteField("Padding341", 0x00),
XByteField("Padding342", 0x00),
XByteField("Padding343", 0x00),
XByteField("Padding344", 0x00),
XByteField("Padding345", 0x00),
XByteField("Padding346", 0x00),
XByteField("Padding347", 0x00),
XByteField("Padding348", 0x00),
XByteField("Padding349", 0x00),
XByteField("Padding350", 0x00),
XByteField("Padding351", 0x00),
XByteField("Padding352", 0x00),
XByteField("Padding353", 0x00),
XByteField("Padding354", 0x00),
XByteField("Padding355", 0x00),
XByteField("Padding356", 0x00),
XByteField("Padding357", 0x00),
XByteField("Padding358", 0x00),
XByteField("Padding359", 0x00),
XByteField("Padding360", 0x00),
XByteField("Padding361", 0x00),
XByteField("Padding362", 0x00),
XByteField("Padding363", 0x00),
XByteField("Padding364", 0x00),
XByteField("Padding365", 0x00),
XByteField("Padding366", 0x00),
XByteField("Padding367", 0x00),
XByteField("Padding368", 0x00),
XByteField("Padding369", 0x00),
XByteField("Padding370", 0x00),
XByteField("Padding371", 0x00),
XByteField("Padding372", 0x00),
XByteField("Padding373", 0x00),
XByteField("Padding374", 0x00),
XByteField("Padding375", 0x00),
XByteField("Padding376", 0x00),
XByteField("Padding377", 0x00),
XByteField("Padding378", 0x00),
XByteField("Padding379", 0x00),
XByteField("Padding380", 0x00),
XByteField("Padding381", 0x00),
XByteField("Padding382", 0x00),
XByteField("Padding383", 0x00),
XByteField("Padding384", 0x00),
XByteField("Padding385", 0x00),
XByteField("Padding386", 0x00),
XByteField("Padding387", 0x00),
XByteField("Padding388", 0x00),
XByteField("Padding389", 0x00),
XByteField("Padding390", 0x00),
XByteField("Padding391", 0x00),
XByteField("Padding392", 0x00),
XByteField("Padding393", 0x00),
XByteField("Padding394", 0x00),
XByteField("Padding395", 0x00),
XByteField("Padding396", 0x00),
XByteField("Padding397", 0x00),
XByteField("Padding398", 0x00),
XByteField("Padding399", 0x00),
XByteField("Padding400", 0x00),
XByteField("Padding401", 0x00),
XByteField("Padding402", 0x00),
XByteField("Padding403", 0x00),
XByteField("Padding404", 0x00),
XByteField("Padding405", 0x00),
XByteField("Padding406", 0x00),
XByteField("Padding407", 0x00),
XByteField("Padding408", 0x00),
XByteField("Padding409", 0x00),
XByteField("Padding410", 0x00),
XByteField("Padding411", 0x00),
XByteField("Padding412", 0x00),
XByteField("Padding413", 0x00),
XByteField("Padding414", 0x00),
XByteField("Padding415", 0x00),
XByteField("Padding416", 0x00),
XByteField("Padding417", 0x00),
XByteField("Padding418", 0x00),
XByteField("Padding419", 0x00),
XByteField("Padding420", 0x00),
XByteField("Padding421", 0x00),
XByteField("Padding422", 0x00),
XByteField("Padding423", 0x00),
XByteField("Padding424", 0x00),
XByteField("Padding425", 0x00),
XByteField("Padding426", 0x00),
XByteField("Padding427", 0x00),
XByteField("Padding428", 0x00),
XByteField("Padding429", 0x00),
XByteField("Padding430", 0x00),
XByteField("Padding431", 0x00),
XByteField("Padding432", 0x00),
XByteField("Padding433", 0x00),
XByteField("Padding434", 0x00),
XByteField("Padding435", 0x00),
XByteField("Padding436", 0x00),
XByteField("Padding437", 0x00),
XByteField("Padding438", 0x00),
XByteField("Padding439", 0x00),
XByteField("Padding440", 0x00),
XByteField("Padding441", 0x00),
XByteField("Padding442", 0x00),
XByteField("Padding443", 0x00),
XByteField("Padding444", 0x00),
XByteField("Padding445", 0x00),
XByteField("Padding446", 0x00),
XByteField("Padding447", 0x00),
XByteField("Padding448", 0x00),
XByteField("Padding449", 0x00),
XByteField("Padding450", 0x00),
XByteField("Padding451", 0x00),
XByteField("Padding452", 0x00),
XByteField("Padding453", 0x00),
XByteField("Padding454", 0x00),
XByteField("Padding455", 0x00),
XByteField("Padding456", 0x00),
XByteField("Padding457", 0x00),
XByteField("Padding458", 0x00),
XByteField("Padding459", 0x00),
XByteField("Padding460", 0x00),
XByteField("Padding461", 0x00),
XByteField("Padding462", 0x00),
XByteField("Padding463", 0x00),
XByteField("Padding464", 0x00),
XByteField("Padding465", 0x00),
XByteField("Padding466", 0x00),
XByteField("Padding467", 0x00),
XByteField("Padding468", 0x00),
XByteField("Padding469", 0x00),
XByteField("Padding470", 0x00),
XByteField("Padding471", 0x00),
XByteField("Padding472", 0x00),
XByteField("Padding473", 0x00),
XByteField("Padding474", 0x00),
XByteField("Padding475", 0x00),
XByteField("Padding476", 0x00),
XByteField("Padding477", 0x00),
XByteField("Padding478", 0x00),
XByteField("Padding479", 0x00),
XByteField("Padding480", 0x00),
XByteField("Padding481", 0x00),
XByteField("Padding482", 0x00),
XByteField("Padding483", 0x00),
XByteField("Padding484", 0x00),
XByteField("Padding485", 0x00),
XByteField("Padding486", 0x00),
XByteField("Padding487", 0x00),
XByteField("Padding488", 0x00),
XByteField("Padding489", 0x00),
XByteField("Padding490", 0x00),
XByteField("Padding491", 0x00),
XByteField("Padding492", 0x00),
XByteField("Padding493", 0x00),
XByteField("Padding494", 0x00),
XByteField("Padding495", 0x00),
XByteField("Padding496", 0x00),
XByteField("Padding497", 0x00),
XByteField("Padding498", 0x00),
XByteField("Padding499", 0x00),
XByteField("Padding500", 0x00),
XByteField("Padding501", 0x00),
XByteField("Padding502", 0x00),
XByteField("Padding503", 0x00),
XByteField("Padding504", 0x00),
XByteField("Padding505", 0x00),
XByteField("Padding506", 0x00),
XByteField("Padding507", 0x00),
XByteField("Padding508", 0x00),
XByteField("Padding509", 0x00),
XByteField("Padding510", 0x00),
XByteField("Padding511", 0x00),
XByteField("Padding512", 0x00),
XByteField("Padding513", 0x00),
XByteField("Padding514", 0x00),
XByteField("Padding515", 0x00),
XByteField("Padding516", 0x00),
XByteField("Padding517", 0x00),
XByteField("Padding518", 0x00),
XByteField("Padding519", 0x00),
XByteField("Padding520", 0x00),
XByteField("Padding521", 0x00),
XByteField("Padding522", 0x00),
XByteField("Padding523", 0x00),
XByteField("Padding524", 0x00),
XByteField("Padding525", 0x00),
XByteField("Padding526", 0x00),
XByteField("Padding527", 0x00),
XByteField("Padding528", 0x00),
XByteField("Padding529", 0x00),
XByteField("Padding530", 0x00),
XByteField("Padding531", 0x00),
XByteField("Padding532", 0x00),
XByteField("Padding533", 0x00),
XByteField("Padding534", 0x00),
XByteField("Padding535", 0x00),
XByteField("Padding536", 0x00),
XByteField("Padding537", 0x00),
XByteField("Padding538", 0x00),
XByteField("Padding539", 0x00),
XByteField("Padding540", 0x00),
XByteField("Padding541", 0x00),
XByteField("Padding542", 0x00),
XByteField("Padding543", 0x00),
XByteField("Padding544", 0x00),
XByteField("Padding545", 0x00),
XByteField("Padding546", 0x00),
XByteField("Padding547", 0x00),
XByteField("Padding548", 0x00),
XByteField("Padding549", 0x00),
XByteField("Padding550", 0x00),
XByteField("Padding551", 0x00),
XByteField("Padding552", 0x00),
XByteField("Padding553", 0x00),
XByteField("Padding554", 0x00),
XByteField("Padding555", 0x00),
XByteField("Padding556", 0x00),
XByteField("Padding557", 0x00),
XByteField("Padding558", 0x00),
XByteField("Padding559", 0x00),
XByteField("Padding560", 0x00),
XByteField("Padding561", 0x00),
XByteField("Padding562", 0x00),
XByteField("Padding563", 0x00),
XByteField("Padding564", 0x00),
XByteField("Padding565", 0x00),
XByteField("Padding566", 0x00),
XByteField("Padding567", 0x00),
XByteField("Padding568", 0x00),
XByteField("Padding569", 0x00),
XByteField("Padding570", 0x00),
XByteField("Padding571", 0x00),
XByteField("Padding572", 0x00),
XByteField("Padding573", 0x00),
XByteField("Padding574", 0x00),
XByteField("Padding575", 0x00),
XByteField("Padding576", 0x00),
XByteField("Padding577", 0x00),
XByteField("Padding578", 0x00),
XByteField("Padding579", 0x00),
XByteField("Padding580", 0x00),
XByteField("Padding581", 0x00),
XByteField("Padding582", 0x00),
XByteField("Padding583", 0x00),
XByteField("Padding584", 0x00),
XByteField("Padding585", 0x00),
XByteField("Padding586", 0x00),
XByteField("Padding587", 0x00),
XByteField("Padding588", 0x00),
XByteField("Padding589", 0x00),
XByteField("Padding590", 0x00),
XByteField("Padding591", 0x00),
XByteField("Padding592", 0x00),
XByteField("Padding593", 0x00),
XByteField("Padding594", 0x00),
XByteField("Padding595", 0x00),
XByteField("Padding596", 0x00),
XByteField("Padding597", 0x00),
XByteField("Padding598", 0x00),
XByteField("Padding599", 0x00),
XByteField("Padding600", 0x00),
XByteField("Padding601", 0x00),
XByteField("Padding602", 0x00),
XByteField("Padding603", 0x00),
XByteField("Padding604", 0x00),
XByteField("Padding605", 0x00),
XByteField("Padding606", 0x00),
XByteField("Padding607", 0x00),
XByteField("Padding608", 0x00),
XByteField("Padding609", 0x00),
XByteField("Padding610", 0x00),
XByteField("Padding611", 0x00),
XByteField("Padding612", 0x00),
XByteField("Padding613", 0x00),
XByteField("Padding614", 0x00),
XByteField("Padding615", 0x00),
XByteField("Padding616", 0x00),
XByteField("Padding617", 0x00),
XByteField("Padding618", 0x00),
XByteField("Padding619", 0x00),
XByteField("Padding620", 0x00),
XByteField("Padding621", 0x00),
XByteField("Padding622", 0x00),
XByteField("Padding623", 0x00),
XByteField("Padding624", 0x00),
XByteField("Padding625", 0x00),
XByteField("Padding626", 0x00),
XByteField("Padding627", 0x00),
XByteField("Padding628", 0x00),
XByteField("Padding629", 0x00),
XByteField("Padding630", 0x00),
XByteField("Padding631", 0x00),
XByteField("Padding632", 0x00),
XByteField("Padding633", 0x00),
XByteField("Padding634", 0x00),
XByteField("Padding635", 0x00),
XByteField("Padding636", 0x00),
XByteField("Padding637", 0x00),
XByteField("Padding638", 0x00),
XByteField("Padding639", 0x00),
XByteField("Padding640", 0x00),
XByteField("Padding641", 0x00),
XByteField("Padding642", 0x00),
XByteField("Padding643", 0x00),
XByteField("Padding644", 0x00),
XByteField("Padding645", 0x00),
XByteField("Padding646", 0x00),
XByteField("Padding647", 0x00),
XByteField("Padding648", 0x00),
XByteField("Padding649", 0x00),
XByteField("Padding650", 0x00),
XByteField("Padding651", 0x00),
XByteField("Padding652", 0x00),
XByteField("Padding653", 0x00),
XByteField("Padding654", 0x00),
XByteField("Padding655", 0x00),
XByteField("Padding656", 0x00),
XByteField("Padding657", 0x00),
XByteField("Padding658", 0x00),
XByteField("Padding659", 0x00),
XByteField("Padding660", 0x00),
XByteField("Padding661", 0x00),
XByteField("Padding662", 0x00),
XByteField("Padding663", 0x00),
XByteField("Padding664", 0x00),
XByteField("Padding665", 0x00),
XByteField("Padding666", 0x00),
XByteField("Padding667", 0x00),
XByteField("Padding668", 0x00),
XByteField("Padding669", 0x00),
XByteField("Padding670", 0x00),
XByteField("Padding671", 0x00),
XByteField("Padding672", 0x00),
XByteField("Padding673", 0x00),
XByteField("Padding674", 0x00),
XByteField("Padding675", 0x00),
XByteField("Padding676", 0x00),
XByteField("Padding677", 0x00),
XByteField("Padding678", 0x00),
XByteField("Padding679", 0x00),
XByteField("Padding680", 0x00),
XByteField("Padding681", 0x00),
XByteField("Padding682", 0x00),
XByteField("Padding683", 0x00),
XByteField("Padding684", 0x00),
XByteField("Padding685", 0x00),
XByteField("Padding686", 0x00),
XByteField("Padding687", 0x00),
XByteField("Padding688", 0x00),
XByteField("Padding689", 0x00),
XByteField("Padding690", 0x00),
XByteField("Padding691", 0x00),
XByteField("Padding692", 0x00),
XByteField("Padding693", 0x00),
XByteField("Padding694", 0x00),
XByteField("Padding695", 0x00),
XByteField("Padding696", 0x00),
XByteField("Padding697", 0x00),
XByteField("Padding698", 0x00),
XByteField("Padding699", 0x00),
XByteField("Padding700", 0x00),
XByteField("Padding701", 0x00),
XByteField("Padding702", 0x00),
XByteField("Padding703", 0x00),
XByteField("Padding704", 0x00),
XByteField("Padding705", 0x00),
XByteField("Padding706", 0x00),
XByteField("Padding707", 0x00),
XByteField("Padding708", 0x00),
XByteField("Padding709", 0x00),
XByteField("Padding710", 0x00),
XByteField("Padding711", 0x00),
XByteField("Padding712", 0x00),
XByteField("Padding713", 0x00),
XByteField("Padding714", 0x00),
XByteField("Padding715", 0x00),
XByteField("Padding716", 0x00),
XByteField("Padding717", 0x00),
XByteField("Padding718", 0x00),
XByteField("Padding719", 0x00),
XByteField("Padding720", 0x00),
XByteField("Padding721", 0x00),
XByteField("Padding722", 0x00),
XByteField("Padding723", 0x00),
XByteField("Padding724", 0x00),
XByteField("Padding725", 0x00),
XByteField("Padding726", 0x00),
XByteField("Padding727", 0x00),
XByteField("Padding728", 0x00),
XByteField("Padding729", 0x00),
XByteField("Padding730", 0x00),
XByteField("Padding731", 0x00),
XByteField("Padding732", 0x00),
XByteField("Padding733", 0x00),
XByteField("Padding734", 0x00),
XByteField("Padding735", 0x00),
XByteField("Padding736", 0x00),
XByteField("Padding737", 0x00),
XByteField("Padding738", 0x00),
XByteField("Padding739", 0x00),
XByteField("Padding740", 0x00),
XByteField("Padding741", 0x00),
XByteField("Padding742", 0x00),
XByteField("Padding743", 0x00),
XByteField("Padding744", 0x00),
XByteField("Padding745", 0x00),
XByteField("Padding746", 0x00),
XByteField("Padding747", 0x00),
XByteField("Padding748", 0x00),
XByteField("Padding749", 0x00),
XByteField("Padding750", 0x00),
XByteField("Padding751", 0x00),
XByteField("Padding752", 0x00),
XByteField("Padding753", 0x00),
XByteField("Padding754", 0x00),
XByteField("Padding755", 0x00),
XByteField("Padding756", 0x00),
XByteField("Padding757", 0x00),
XByteField("Padding758", 0x00),
XByteField("Padding759", 0x00),
XByteField("Padding760", 0x00),
XByteField("Padding761", 0x00),
XByteField("Padding762", 0x00),
XByteField("Padding763", 0x00),
XByteField("Padding764", 0x00),
XByteField("Padding765", 0x00),
XByteField("Padding766", 0x00),
XByteField("Padding767", 0x00),
XByteField("Padding768", 0x00),
XByteField("Padding769", 0x00),
XByteField("Padding770", 0x00),
XByteField("Padding771", 0x00),
XByteField("Padding772", 0x00),
XByteField("Padding773", 0x00),
XByteField("Padding774", 0x00),
XByteField("Padding775", 0x00),
XByteField("Padding776", 0x00),
XByteField("Padding777", 0x00),
XByteField("Padding778", 0x00),
XByteField("Padding779", 0x00),
XByteField("Padding780", 0x00),
XByteField("Padding781", 0x00),
XByteField("Padding782", 0x00),
XByteField("Padding783", 0x00),
XByteField("Padding784", 0x00),
XByteField("Padding785", 0x00),
XByteField("Padding786", 0x00),
XByteField("Padding787", 0x00),
XByteField("Padding788", 0x00),
XByteField("Padding789", 0x00),
XByteField("Padding790", 0x00),
XByteField("Padding791", 0x00),
XByteField("Padding792", 0x00),
XByteField("Padding793", 0x00),
XByteField("Padding794", 0x00),
XByteField("Padding795", 0x00),
XByteField("Padding796", 0x00),
XByteField("Padding797", 0x00),
XByteField("Padding798", 0x00),
XByteField("Padding799", 0x00),
XByteField("Padding800", 0x00),
XByteField("Padding801", 0x00),
XByteField("Padding802", 0x00),
XByteField("Padding803", 0x00),
XByteField("Padding804", 0x00),
XByteField("Padding805", 0x00),
XByteField("Padding806", 0x00),
XByteField("Padding807", 0x00),
XByteField("Padding808", 0x00),
XByteField("Padding809", 0x00),
XByteField("Padding810", 0x00),
XByteField("Padding811", 0x00),
XByteField("Padding812", 0x00),
XByteField("Padding813", 0x00),
XByteField("Padding814", 0x00),
XByteField("Padding815", 0x00),
XByteField("Padding816", 0x00),
XByteField("Padding817", 0x00),
XByteField("Padding818", 0x00),
XByteField("Padding819", 0x00),
XByteField("Padding820", 0x00),
XByteField("Padding821", 0x00),
XByteField("Padding822", 0x00),
XByteField("Padding823", 0x00),
XByteField("Padding824", 0x00),
XByteField("Padding825", 0x00),
XByteField("Padding826", 0x00),
XByteField("Padding827", 0x00),
XByteField("Padding828", 0x00),
XByteField("Padding829", 0x00),
XByteField("Padding830", 0x00),
XByteField("Padding831", 0x00),
XByteField("Padding832", 0x00),
XByteField("Padding833", 0x00),
XByteField("Padding834", 0x00),
XByteField("Padding835", 0x00),
XByteField("Padding836", 0x00),
XByteField("Padding837", 0x00),
XByteField("Padding838", 0x00),
XByteField("Padding839", 0x00),
XByteField("Padding840", 0x00),
XByteField("Padding841", 0x00),
XByteField("Padding842", 0x00),
XByteField("Padding843", 0x00),
XByteField("Padding844", 0x00),
XByteField("Padding845", 0x00),
XByteField("Padding846", 0x00),
XByteField("Padding847", 0x00),
XByteField("Padding848", 0x00),
XByteField("Padding849", 0x00),
XByteField("Padding850", 0x00),
XByteField("Padding851", 0x00),
XByteField("Padding852", 0x00),
XByteField("Padding853", 0x00),
XByteField("Padding854", 0x00),
XByteField("Padding855", 0x00),
XByteField("Padding856", 0x00),
XByteField("Padding857", 0x00),
XByteField("Padding858", 0x00),
XByteField("Padding859", 0x00),
XByteField("Padding860", 0x00),
XByteField("Padding861", 0x00),
XByteField("Padding862", 0x00),
XByteField("Padding863", 0x00),
XByteField("Padding864", 0x00),
XByteField("Padding865", 0x00),
XByteField("Padding866", 0x00),
XByteField("Padding867", 0x00),
XByteField("Padding868", 0x00),
XByteField("Padding869", 0x00),
XByteField("Padding870", 0x00),
XByteField("Padding871", 0x00),
XByteField("Padding872", 0x00),
XByteField("Padding873", 0x00),
XByteField("Padding874", 0x00),
XByteField("Padding875", 0x00),
XByteField("Padding876", 0x00),
XByteField("Padding877", 0x00),
XByteField("Padding878", 0x00),
XByteField("Padding879", 0x00),
XByteField("Padding880", 0x00),
XByteField("Padding881", 0x00),
XByteField("Padding882", 0x00),
XByteField("Padding883", 0x00),
XByteField("Padding884", 0x00),
XByteField("Padding885", 0x00),
XByteField("Padding886", 0x00),
XByteField("Padding887", 0x00),
XByteField("Padding888", 0x00),
XByteField("Padding889", 0x00),
XByteField("Padding890", 0x00),
XByteField("Padding891", 0x00),
XByteField("Padding892", 0x00),
XByteField("Padding893", 0x00),
XByteField("Padding894", 0x00),
XByteField("Padding895", 0x00),
XByteField("Padding896", 0x00),
XByteField("Padding897", 0x00),
XByteField("Padding898", 0x00),
XByteField("Padding899", 0x00),
XByteField("Padding900", 0x00),
XByteField("Padding901", 0x00),
XByteField("Padding902", 0x00),
XByteField("Padding903", 0x00),
XByteField("Padding904", 0x00),
StrFixedLenField("Server Name Indication", "www.example.org", 15),
LEIntField("Version_Value", 0),
# Common Certificate Sets
StrFixedLenField("CCS_Value",
string_to_ascii("01e8816092921ae87eed8086a2158291"),
16),
# XByteField("CCS_Value_1", 0x01),
# XByteField("CCS_Value_2", 0xe8),
# XByteField("CCS_Value_3", 0x81),
# XByteField("CCS_Value_4", 0x60),
# XByteField("CCS_Value_5", 0x92),
# XByteField("CCS_Value_6", 0x92),
# XByteField("CCS_Value_7", 0x1a),
# XByteField("CCS_Value_8", 0xe8),
# XByteField("CCS_Value_9", 0x7e),
# XByteField("CCS_Value_10", 0xed),
# XByteField("CCS_Value_11", 0x80),
# XByteField("CCS_Value_12", 0x86),
# XByteField("CCS_Value_13", 0xa2),
# XByteField("CCS_Value_14", 0x15),
# XByteField("CCS_Value_15", 0x82),
# XByteField("CCS_Value_16", 0x91),
# LEIntField("MSPC_Value", 100),
StrFixedLenField("PDMD_Value", "X509", 4),
# LEIntField("SMHL_Value", 1),
LEIntField("ICSL_Value", 30),
# XStrFixedLenField("Client Timestamp", 0xf735b15a00000000, 8),
# XByteField("client_timestamp0", 0xf7),
# XByteField("client_timestamp1", 0x35),
# XByteField("client_timestamp2", 0xb1),
# XByteField("client_timestamp3", 0x5a),
# XByteField("client_timestamp4", 0x00),
# XByteField("client_timestamp5", 0x00),
# XByteField("client_timestamp6", 0x00),
# XByteField("client_timestamp7", 0x00),
#
# # XStrFixedLenField("Client Proof Nonce", 0x2b72158eeb60a01b7a8f9f8b03bebdcac6c1f472019cffbbfad0633d2f3e5505, 32),
# XByteField("Client_nonce0", 0x2b),
# XByteField("Client_nonce1", 0x72),
# XByteField("Client_nonce2", 0x15),
# XByteField("Client_nonce3", 0x8e),
# XByteField("Client_nonce4", 0xeb),
# XByteField("Client_nonce5", 0x60),
# XByteField("Client_nonce6", 0xa0),
# XByteField("Client_nonce7", 0x1b),
# XByteField("Client_nonce8", 0x7a),
# XByteField("Client_nonce9", 0x8f),
# XByteField("Client_nonce10", 0x9f),
# XByteField("Client_nonce11", 0x8b),
# XByteField("Client_nonce12", 0x03),
# XByteField("Client_nonce13", 0xbe),
# XByteField("Client_nonce14", 0xbd),
# XByteField("Client_nonce15", 0xca),
# XByteField("Client_nonce16", 0xc6),
# XByteField("Client_nonce17", 0xc1),
# XByteField("Client_nonce18", 0xf4),
# XByteField("Client_nonce19", 0x72),
# XByteField("Client_nonce20", 0x01),
# XByteField("Client_nonce21", 0x9c),
# XByteField("Client_nonce22", 0xff),
# XByteField("Client_nonce23", 0xbb),
# XByteField("Client_nonce24", 0xfa),
# XByteField("Client_nonce25", 0xd0),
# XByteField("Client_nonce26", 0x63),
# XByteField("Client_nonce27", 0x3d),
# XByteField("Client_nonce28", 0x2f),
# XByteField("Client_nonce29", 0x3e),
# XByteField("Client_nonce30", 0x55),
# XByteField("Client_nonce31", 0x05),
LEIntField("MIDS_Value", 65000),
# LEIntField("SCLS_Value", 1),
LEIntField("CFCW_Value", 65000),
LEIntField("SFCW_Value", 65000),
# Padding Frame Type
# XByteField("Frame Type 2", 0x00),
# XStrFixedLenField("End Padding", 0x00000000000000000000000000000000000000, 19),
# XByteField("end_padding0", 0x00),
# XByteField("end_padding1", 0x00),
# XByteField("end_padding2", 0x00),
# XByteField("end_padding3", 0x00),
# XByteField("end_padding4", 0x00),
# XByteField("end_padding5", 0x00),
# XByteField("end_padding6", 0x00),
# XByteField("end_padding7", 0x00),
# XByteField("end_padding8", 0x00),
# XByteField("end_padding9", 0x00),
# XByteField("end_padding10", 0x00),
# XByteField("end_padding11", 0x00),
# XByteField("end_padding12", 0x00),
# XByteField("end_padding13", 0x00),
# XByteField("end_padding14", 0x00),
# XByteField("end_padding15", 0x00),
# XByteField("end_padding16", 0x00),
# XByteField("end_padding17", 0x00),
# XByteField("end_padding18", 0x00),
]