def Crc16Encap(pload): validPloadLen = False # Encap if pload[0:2] == '01': # Validate crc-16 of encap packet ex: checksum(56012503FF) == 7958 ?? p = '56'+pload[0:-4] # if the encapsulated CC is 70...Check the payload if pload[2:4] == '70': # from 4 to -4 because its checks after CC 70 and before crc_ccitt encapCC = Configuration(pload[4:-4]) if encapCC == True: if Checksums.crc_ccitt(p) == pload[-4:]: validPloadLen = True elif Checksums.crc_ccitt(p) == pload[-4:]: validPloadLen = True else: validPloadLen = False return validPloadLen
def INTRUSION_DETECTION(self, packet_receive): time_now = set_time(str(datetime.datetime.now())) validSrc = validDst = validCC = validLen = False validPloadLen = loopBack = False validRouted = True if ZWaveReq in packet_receive: # If home ID is accurate, proceed if ( hex(packet_receive[ZWaveReq].homeid).split("x")[1] == self.homeIdentification and Checksums.verify_checksum(packet_receive, ZWaveReq) == True ): (self.srcID, self.dstID, self.length, self.cmdcl, self.header, self.pload, self.routed) = parse_Packet( packet_receive, 1 ) # length of the packet must be <= 64 bytes if singlecast if self.length <= 64: validLen = True # check for valid source id for row in devices_cmdclasses: if self.routed == 1: validRouted = parse_Routed(self) validLen = True validSrc = True validDst = True validCC = True validPloadLen = True parse_Packet(packet_receive, 2) # if header is 1, packet is singlecast. If routed is 1 # evaluate frame as a routed packet instead elif self.header == 1: if int(self.srcID) == int(row[0]): validSrc = True # if destination id is valid, continue if int(self.dstID) == int(row[0]): validDst = True # if source id is valid, check for supported # command class for cc in row[1:]: if self.cmdcl == "1": validCC = True break elif self.cmdcl == "0": validCC = True break elif self.cmdcl == cc: validCC = True break # if the command class is valid, evaluate the # command and then remaining payload if validCC == True: validPloadLen = validatePayload(self) # if the source ID and destination ID are equal, it # is a loopback error and not possible under normal # network operations. Misuse case! if self.srcID == self.dstID: loopBack = True elif self.header == 5: if self.srcID == "1": validSrc = True if self.length <= 22: validLen = True if self.cmdcl == "20": validCC = True if len(self.pload) <= 22: validPloadLen = True validDst = True # This allows discovery of headers that are not supposed to # be used per ITU-T G.9959 Recommendation. # e.g., RaZberry Pi uses Header 5 in some cases. Header 5 # is reserved and should not be used. else: print "Header is ", self.header validLen = True validSrc = True validDst = True validCC = True validPloadLen = True # MSDU length is incorrect. if validLen == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True: logFile = open("IDS_Log", "a") logFile.write("[" + time_now + "] " + "Packet is too long. Length = " + str(self.length) + "\n") logFile.close() # Source ID is not recognized elif validSrc == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True: logFile = open("IDS_Log", "a") logFile.write("[" + time_now + "] " + "Source ID is invalid. Source ID = " + str(self.srcID) + "\n") logFile.close() # Source ID is not recognized elif validDst == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True: logFile = open("IDS_Log", "a") logFile.write( "[" + time_now + "] " + "Destination ID is invalid. Destination ID = " + str(self.dstID) + "\n" ) logFile.close() # Source ID does exists. Now, check if the correct # command class is used. elif validCC == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True: logFile = open("IDS_Log", "a") logFile.write( "[" + time_now + "] " + "Command Class is invalid. Command Class = " + str(self.cmdcl) + "\n" ) logFile.close() # Command class is supported but payload length is incorrect. elif validPloadLen == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True: logFile = open("IDS_Log", "a") logFile.write( "[" + time_now + "] " + "Payload length is invalid. Payload length = " + str(len(self.pload)) + "\n" ) logFile.close() # Invalid Routed Frame elif validRouted == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True: logFile = open("IDS_Log", "a") logFile.write("[" + time_now + "] " + "Invalid Routed Frame" + str(len(self.pload)) + "\n") logFile.close() # if the packet checks out, verify checksum to ensure the packet # is not malformed else: if Checksums.verify_checksum(packet_receive, ZWaveReq) == True: logFile = open("IDS_Log", "a") logFile.write( # "[" + time_now + "] " + "Good Packet: " + str(parse_Packet(packet_receive, 3)) + "-> End Good packet\n" ) logFile.close() if self.srcID == "1" or loopBack == True: capture_packet = ( "[" + time_now + "] " + self.srcID + " " + self.dstID + " " + str(self.length) + " " + self.cmdcl + " " + self.pload ) logFile = open("Captured_Packets_Log", "a") logFile.write(capture_packet + "\n") logFile.close()