def __init__(self, cdb):
self.header = Struct.Group(None, Struct.UInt8("opcode"))
params = self.header.decode(cdb)
self.name = self._opcodes[self.header.opcode]
if self.name in self._structs:
fmt, children = self._structs[self.name]
self.params = Struct.Group(None, *children())
self.params.decode(params)
self.summary = fmt % self.params.__dict__
else:
self.params = None
self.summary = ''
def handleTCP(self, event, data, datalen):
"""Decode an IPPROTO_TCP packet header, and log the payload."""
datalen -= 0x14
tcpHeader = Struct.Group(None,
Struct.UInt16BEHex("source"),
Struct.UInt16BEHex("dest"),
Struct.UInt32BE("seq"),
Struct.UInt32BE("ack_seq"),
Struct.UInt16BEHex("flags"),
Struct.UInt16BE("window"),
Struct.UInt16BEHex("checksum"),
Struct.UInt16BEHex("urg_ptr"))
data = tcpHeader.decode(data)
event.pushDecoded("iPhone TCP [%s -> %s] len=0x%04x" % (
self.portNumbers[tcpHeader.source],
self.portNumbers[tcpHeader.dest],
datalen,
))
event.appendDecoded("\nTCP Header:\n%s" % str(tcpHeader))
event.appendDecoded("\nTCP Payload:\n%s" % Types.hexDump(data))
# Look for a protocol-specific handler
for port in tcpHeader.source, tcpHeader.dest:
fn = getattr(self, "port_%s" % self.portNumbers[port], None)
if fn:
fn(event, data, datalen)
def handleEvent(self, event):
if not event.isDataTransaction():
return
header = Struct.Group(None,
Struct.UInt8("eventCode"),
Struct.UInt8("numParameters"),
)
params = header.decode(event.data)
event.pushDecoded("BT Event: %s" % self.eventNames[header.eventCode])
def handleEvent(self, event):
if not event.isDataTransaction():
return
if not event.data.startswith("USBC"):
return
header = Struct.Group(None, Struct.UInt32("sig"), Struct.UInt32("tag"),
Struct.UInt32("datalen"), Struct.UInt8("flag"),
Struct.UInt8("lun"), Struct.UInt8("cdblen"))
cdb = header.decode(event.data)
command = SCSICommand(cdb)
event.pushDecoded("Storage Command: %s" % command)
event.appendDecoded("\n%s" % command.params)
def decode_HCICommand(self, setup):
header = Struct.Group(None,
Struct.UInt16("opcode"),
Struct.UInt8("numParameters"),
)
params = header.decode(setup.event.data[8:])
if header.opcode is None:
ocf = ogf = None
else:
ocf = header.opcode & 0x03FF
ogf = header.opcode >> 10
ogfName = self.hciOpcodes.get(ogf, (ogf, {}))[0]
ocfName = self.hciOpcodes.get(ogf, (ogf, {}))[1].get(ocf, ocf)
setup.event.pushDecoded("BT Command: %s [%s]" % (ocfName, ogfName))
def handleEvent(self, event):
if not event.isDataTransaction():
return
if not event.data.startswith("USBS"):
return
header = Struct.Group(None, Struct.UInt32("sig"), Struct.UInt32("tag"),
Struct.UInt32("residue"), Struct.UInt8("status"))
header.decode(event.data)
if header.residue:
residue = ', residue=%d' % header.residue
else:
residue = ''
event.pushDecoded("Storage Status (%s%s)" %
(self._statusCodes[header.status], residue))
event.appendDecoded("\n%s" % header)
def handleEvent(self, event):
if not event.isDataTransaction():
return
header = Struct.Group(None,
Struct.UInt16("handle"),
Struct.UInt16("dataTotalLength"),
)
params = header.decode(event.data)
if header.handle is None:
return
boundaryFlag = (header.handle >> 12) & 3
broadcastFlag = (header.handle >> 14) & 3
handle = header.handle & 0x0FFF
event.pushDecoded("BT ACL: handle=0x%04x len=0x%04x (%s%s)" %
(handle, header.dataTotalLength,
self.packetBoundaryNames[boundaryFlag],
self.broadcastFlagNames[broadcastFlag]))
def handleGenericPacket(self, event):
"""Decode the usbmuxd header."""
muxHeader = Struct.Group(None,
Struct.UInt32BE("protocol"),
Struct.UInt32BE("length"))
data = muxHeader.decode(event.data)
description = "iPhone usbmuxd: "
if muxHeader.length is None:
description += "ERROR"
else:
self.remainingLength = muxHeader.length - event.datalen
description += "proto=%s len=0x%04x" % (self.ipProto[muxHeader.protocol],
muxHeader.length)
if self.remainingLength:
description += " (0x%04x remaining)" % self.remainingLength
event.pushDecoded(description)
if self.ipProto[muxHeader.protocol] == 'TCP':
self.handleTCP(event, data, muxHeader.length - 0x08)