def handle_ul(self, ipbuf):
# check if we have a TCP SYN
ip_proto, ip_pay = ord(ipbuf[9]), ipbuf[20:]
if ip_proto != 6:
# not TCP
return
if ip_pay[13] != '\x02':
# not TCP SYN
return
# build the TCP SYN-ACK: invert src / dst ports, seq num (random), ack num (SYN seq num + 1)
tcpsrc, tcpdst, seq = unpack('!HHI', ip_pay[:8])
tcp_synack = TCP(src=tcpdst, dst=tcpsrc, flags=['SYN', 'ACK'])
tcp_synack[2] = randint(1, 4294967295) # seq num
tcp_synack[3] = (seq + 1) % 4294967296 # ack num
tcp_synack[15] = 0x1000 # window
# build the IPv4 header: invert src / dst addr
ipsrc, ipdst = map(inet_ntoa, (ipbuf[12:16], ipbuf[16:20]))
iphdr = IPv4(src=ipdst, dst=ipsrc)
p = Block()
p.append(iphdr)
p.append(tcp_synack)
p[1].hierarchy = 1 # TCP, payload of IP
# send back the TCP SYN-ACK
self.GTPUd.transfer_to_int(bytes(p))
def get_program(self, ind=-1):
if self._ph and self._stream:
b = Block('program')
# get all program segments
if ind == -1:
for ph in self._ph:
# program header
b.append(ph)
b[-1].set_hierarchy(0)
# program segment
b.append(program())
b[-1].set_hierarchy(1)
b[-1].map(self._stream[b[-2].p_offset():b[-2].p_offset() +
b[-2].p_filesz()])
# get a given program segment
elif ind in range(len(self._ph)):
b.append(self._ph[ind])
b[-1].set_hierarchy(0)
# program segment
b.append(program())
b[-1].set_hierarchy(1)
b[-1].map(self._stream[b[-2].p_offset():b[-2].p_offset() +
b[-2].p_filesz()])
#
return b
#
else:
print('No ELF stream has been mapped yet...')
def get_section(self, ind=-1):
if self._sh and self._stream:
b = Block('section')
# get all sections
if ind == -1:
for sh in self._sh:
# section header
b.append(sh)
b[-1].set_hierarchy(0)
# section content
b.append(section())
b[-1].set_hierarchy(1)
b[-1].map(
self._stream[b[-2].sh_offset():b[-2].sh_offset() +
b[-2].sh_size()])
# get a given section
elif ind in range(len(self._sh)):
b.append(self._sh[ind])
b[-1].set_hierarchy(0)
# section content
b.append(section())
b[-1].set_hierarchy(1)
b[-1].map(self._stream[b[-2].sh_offset():b[-2].sh_offset() +
b[-2].sh_size()])
#
return b
#
else:
print('No ELF stream has been mapped yet...')
def __init__(self, arch='Elf32'):
Block.__init__(self, Name='ELF')
if arch != 'Elf32':
print('pfff... no 64 bit yet')
raise()
else:
self._arch=arch
self.append(Elf32_Ehdr())
def __init__(self,
SPIi=8 * '\x00',
SPIr=8 * '\x00',
type=34,
flag='\x08',
msgID=0):
Block.__init__(self, Name="IKEv2")
self.append(IKEv2_hdr(SPIi, SPIr, type, flag, msgID))
def __init__(self, arch='Elf32'):
Block.__init__(self, Name='ELF')
if arch != 'Elf32':
print('pfff... no 64 bit yet')
raise ()
else:
self._arch = arch
self.append(Elf32_Ehdr())
def get_section(self, ind=-1):
if self._sh and self._stream:
b = Block('section')
# get all sections
if ind == -1:
for sh in self._sh:
# section header
b.append( sh )
b[-1].set_hierarchy(0)
# section content
b.append( section() )
b[-1].set_hierarchy(1)
b[-1].map( self._stream[b[-2].sh_offset():b[-2].sh_offset()+b[-2].sh_size()] )
# get a given section
elif ind in range(len(self._sh)):
b.append(self._sh[ind])
b[-1].set_hierarchy(0)
# section content
b.append( section() )
b[-1].set_hierarchy(1)
b[-1].map( self._stream[b[-2].sh_offset():b[-2].sh_offset()+b[-2].sh_size()] )
#
return b
#
else:
print('No ELF stream has been mapped yet...')
def get_program(self, ind=-1):
if self._ph and self._stream:
b = Block('program')
# get all program segments
if ind == -1:
for ph in self._ph:
# program header
b.append( ph )
b[-1].set_hierarchy(0)
# program segment
b.append( program() )
b[-1].set_hierarchy(1)
b[-1].map( self._stream[b[-2].p_offset():b[-2].p_offset()+b[-2].p_filesz()] )
# get a given program segment
elif ind in range(len(self._ph)):
b.append(self._ph[ind])
b[-1].set_hierarchy(0)
# program segment
b.append( program() )
b[-1].set_hierarchy(1)
b[-1].map( self._stream[b[-2].p_offset():b[-2].p_offset()+b[-2].p_filesz()] )
#
return b
#
else:
print('No ELF stream has been mapped yet...')
def get_all(self):
if self._sh and self._ph and self._stream:
p = self.get_program()
p.inc_hierarchy()
s = self.get_section()
s.inc_hierarchy()
elf = Block('all')
elf.append(self[0])
elf.extend( p )
elf.extend( s )
return elf
else:
print('Some ELF sub-streams seem missing...')
print('check ._ph for program header, ._sh for section header')
return None
def parseProp(self, s):
# create a Proposal Block where Prop() is the "header":
Proposal = Block("Proposal")
Proposal.append(Prop()) #hierarchy = 0
Proposal[0].map(s)
# get the string with the Proposal content:
s = s[len(Proposal[0]):int(Proposal[0].len)]
Tnum = int(Proposal[0].Tnum)
# loop for the "num" Transforms referenced in the Proposal
while Tnum > 0:
Proposal.append(Trans())
Proposal[-1].hierarchy = 1
Proposal[-1].map(s)
s = s[8:]
Tnum -= 1
# check for errors in the Transform parsing process:
if Tnum > 0 and Proposal[-1].last == 0:
print '[WNG] error in parsing the SA proposal'
elif Tnum == 0 and Proposal[-1].last == 3:
print '[WNG] error in parsing the SA proposal'
if int(Proposal[-1].last) not in (0, 3):
print '[WNG] strange Transorm format...'
# parse possible attributes
# (multiple attributes possible for 1 transform):
attlen = int(Proposal[-1].len) - 8
atts = s[:attlen] # string for Transform's attributes
s = s[attlen:] # string for next Transform
while len(atts) > 0:
#determine type of attribute: TV or TLV:
if int(atts[0].encode('hex'), 16) >= 0x80:
# TV format:
Proposal.append(TransTV())
Proposal[-1].hierarchy = 2
Proposal[-1].map(atts)
atts = atts[4:]
else:
# TLV format:
Proposal.append(TransTLV())
Proposal[-1].hierarchy = 2
Proposal[-1].map(atts)
atts = atts[len(Proposal[-1]):]
# finally returns the Proposal Block for extending the IKEv2 Block with
return Proposal
def parseProp(self, s):
# create a Proposal Block where Prop() is the "header":
Proposal = Block("Proposal")
Proposal.append( Prop() ) #hierarchy = 0
Proposal[0].map( s )
# get the string with the Proposal content:
s = s[ len(Proposal[0]) : int(Proposal[0].len) ]
Tnum = int(Proposal[0].Tnum)
# loop for the "num" Transforms referenced in the Proposal
while Tnum > 0:
Proposal.append( Trans() )
Proposal[-1].hierarchy = 1
Proposal[-1].map( s )
s = s[ 8 : ]
Tnum -= 1
# check for errors in the Transform parsing process:
if Tnum > 0 and Proposal[-1].last == 0:
print '[WNG] error in parsing the SA proposal'
elif Tnum == 0 and Proposal[-1].last == 3:
print '[WNG] error in parsing the SA proposal'
if int(Proposal[-1].last) not in (0, 3):
print '[WNG] strange Transorm format...'
# parse possible attributes
# (multiple attributes possible for 1 transform):
attlen = int(Proposal[-1].len) - 8
atts = s[:attlen] # string for Transform's attributes
s = s[attlen:] # string for next Transform
while len(atts) > 0:
#determine type of attribute: TV or TLV:
if int(atts[0].encode('hex'), 16) >= 0x80:
# TV format:
Proposal.append( TransTV() )
Proposal[-1].hierarchy = 2
Proposal[-1].map( atts )
atts = atts[ 4 : ]
else:
# TLV format:
Proposal.append( TransTLV() )
Proposal[-1].hierarchy = 2
Proposal[-1].map( atts )
atts = atts[ len(Proposal[-1]) : ]
# finally returns the Proposal Block for extending the IKEv2 Block with
return Proposal
def __init__(self, mode='control', protocol='GA_RC',
type=RCMsgType['GA-RC DISCOVERY REQUEST']):
Block.__init__(self, Name='UMA')
if mode == 'user':
if protocol == 'GA_PSR':
self.append( GA_PSR_UP_hdr(type=type) )
elif protocol == 'GA_RRC':
self.append( GA_RRC_UP_hdr(type=type) )
elif mode == 'control':
if protocol == 'GA_RC':
self.append( GA_RC_hdr(type=type) )
elif protocol == 'GA_CSR':
self.append( GA_CSR_hdr(type=type) )
elif protocol == 'GA_PSR':
self.append( GA_PSR_hdr(type=type) )
elif protocol == 'GA_RRC':
self.append( GA_RRC_hdr(type=type) )
def handle_ul(self, ipbuf):
# check if we have a TCP SYN
ip_proto, ip_pay = ord(ipbuf[9]), ipbuf[20:]
if ip_proto != 6:
# not TCP
return
if ip_pay[13] != '\x02':
# not TCP SYN
return
# build the TCP SYN-ACK: invert src / dst ports, seq num (random), ack num (SYN seq num + 1)
tcpsrc, tcpdst, seq = unpack('!HHI', ip_pay[:8])
tcp_synack = TCP(src=tcpdst, dst=tcpsrc, flags=['SYN', 'ACK'])
tcp_synack[2] = randint(1, 4294967295) # seq num
tcp_synack[3] = (seq + 1) % 4294967296 # ack num
tcp_synack[15] = 0x1000 # window
# build the IPv4 header: invert src / dst addr
ipsrc, ipdst = map(inet_ntoa, (ipbuf[12:16], ipbuf[16:20]))
iphdr = IPv4(src=ipdst, dst=ipsrc)
p = Block()
p.append(iphdr)
p.append(tcp_synack)
p[1].hierarchy = 1 # TCP, payload of IP
# send back the TCP SYN-ACK
self.GTPUd.transfer_to_int(bytes(p))
def __init__(self,
mode='control',
protocol='GA_RC',
type=RCMsgType['GA-RC DISCOVERY REQUEST']):
Block.__init__(self, Name='UMA')
if mode == 'user':
if protocol == 'GA_PSR':
self.append(GA_PSR_UP_hdr(type=type))
elif protocol == 'GA_RRC':
self.append(GA_RRC_UP_hdr(type=type))
elif mode == 'control':
if protocol == 'GA_RC':
self.append(GA_RC_hdr(type=type))
elif protocol == 'GA_CSR':
self.append(GA_CSR_hdr(type=type))
elif protocol == 'GA_PSR':
self.append(GA_PSR_hdr(type=type))
elif protocol == 'GA_RRC':
self.append(GA_RRC_hdr(type=type))
def parse(self, s='', mode='control'):
# map GA header, after checking the protocol discriminator value
pd = ord(s[2]) & 0x0F
Block.__init__(self, Name='UMA')
if pd in hdrCall.keys():
# now easy way to distinguish CP from UP at the UMA layer
# (may depend if its carried over TCP or UDP?)
self.append(hdrCall[pd]())
else:
self.append(GA_RC_hdr())
self[0].map(s)
s = s[len(self[0]):]
# map iteratively the TLV Information Element
while len(s) > 0:
if self._IE_type == 'old':
self < UMA_IE_old()
else:
self < UMA_IE()
self[-1].map(s)
s = s[len(self[-1]):]
# check if can also handle V with L3Mobile_IE:
if self[-1].T() == IEType['Location Area Identification']:
self.map_last_to_IE(LAI)
elif self[-1].T() == IEType['Mobile Identity']:
self.map_last_to_IE(ID)
elif self[-1].T() == IEType['Mobile Station Classmark 2']:
self.map_last_to_IE(MSCm2)
elif self[-1].T() == IEType['GAN PLMN List']:
self.map_last_to_IE(PLMNList)
elif self.process_L3 and self[-1].T() == IEType['L3 Message']:
l3 = parse_L3(self[-1].V())
if isinstance(l3, Layer3):
# otherwise, cill get a RawLayer()
self[-1].V < None
self[-1].V > l3
def parse(self, s='', mode='control'):
# map GA header, after checking the protocol discriminator value
pd = ord(s[2]) & 0x0F
Block.__init__(self, Name='UMA')
if pd in hdrCall.keys():
# now easy way to distinguish CP from UP at the UMA layer
# (may depend if its carried over TCP or UDP?)
self.append( hdrCall[pd]() )
else:
self.append( GA_RC_hdr() )
self[0].map(s)
s = s[ len(self[0]) : ]
# map iteratively the TLV Information Element
while len(s) > 0:
if self._IE_type == 'old':
self < UMA_IE_old()
else:
self < UMA_IE()
self[-1].map(s)
s = s[ len(self[-1]) : ]
# check if can also handle V with L3Mobile_IE:
if self[-1].T() == IEType['Location Area Identification']:
self.map_last_to_IE(LAI)
elif self[-1].T() == IEType['Mobile Identity']:
self.map_last_to_IE(ID)
elif self[-1].T() == IEType['Mobile Station Classmark 2']:
self.map_last_to_IE(MSCm2)
elif self[-1].T() == IEType['GAN PLMN List']:
self.map_last_to_IE(PLMNList)
elif self.process_L3 and self[-1].T() == IEType['L3 Message']:
l3 = parse_L3(self[-1].V())
if isinstance(l3, Layer3):
# otherwise, cill get a RawLayer()
self[-1].V < None
self[-1].V > l3
def handle_ul(self, ipbuf):
# check if we have an UDP/53 request
ip_proto, (udpsrc, udpdst) = ord(ipbuf[9]), unpack('!HH', ipbuf[20:24])
if ip_proto != 17:
# not UDP
return
if udpdst != 53:
# not DNS
return
# build the UDP / DNS response: invert src / dst UDP ports
udp = UDP(src=udpdst, dst=udpsrc, with_cs=self.UDP_CS)
# DNS request: transaction id, flags, questions, queries
dnsreq = ipbuf[28:]
transac_id, questions, queries = dnsreq[0:2], \
unpack('!H', dnsreq[4:6])[0], \
dnsreq[12:]
if questions > 1:
# not supported
return
# DNS response: transaction id, flags, questions, answer RRs,
# author RRs, add RRs, queries, answers, autor nameservers, add records
if self.RAND:
ip_resp = _urandom(4)
else:
ip_resp = inet_aton(self.IP_RESP)
dnsresp = '{0}\x81\x80\0\x01\0\x01\0\0\0\0{1}\xc0\x0c'\
'\0\x01\0\x01\0\0\0\x20\0\x04{2}'.format(
transac_id, queries, ip_resp)
# build the IPv4 header: invert src / dst addr
ipsrc, ipdst = map(inet_ntoa, (ipbuf[12:16], ipbuf[16:20]))
iphdr = IPv4(src=ipdst, dst=ipsrc)
p = Block()
p.append(iphdr)
p.append(udp)
p[-1].hierarchy = 1
p.append(dnsresp)
p[-1].hierarchy = 2
# send back the DNS response
self.GTPUd.transfer_to_int(bytes(p))
def get_all(self):
if self._sh and self._ph and self._stream:
p = self.get_program()
p.inc_hierarchy()
s = self.get_section()
s.inc_hierarchy()
elf = Block('all')
elf.append(self[0])
elf.extend(p)
elf.extend(s)
return elf
else:
print('Some ELF sub-streams seem missing...')
print('check ._ph for program header, ._sh for section header')
return None
def handle_ul(self, ipbuf):
# check if we have an UDP/53 request
ip_proto, (udpsrc, udpdst) = ord(ipbuf[9]), unpack('!HH', ipbuf[20:24])
if ip_proto != 17:
# not UDP
return
if udpdst != 53:
# not DNS
return
# build the UDP / DNS response: invert src / dst UDP ports
udp = UDP(src=udpdst, dst=udpsrc, with_cs=self.UDP_CS)
# DNS request: transaction id, flags, questions, queries
dnsreq = ipbuf[28:]
transac_id, questions, queries = dnsreq[0:2], \
unpack('!H', dnsreq[4:6])[0], \
dnsreq[12:]
if questions > 1:
# not supported
return
# DNS response: transaction id, flags, questions, answer RRs,
# author RRs, add RRs, queries, answers, autor nameservers, add records
if self.RAND:
ip_resp = _urandom(4)
else:
ip_resp = inet_aton(self.IP_RESP)
dnsresp = '{0}\x81\x80\0\x01\0\x01\0\0\0\0{1}\xc0\x0c'\
'\0\x01\0\x01\0\0\0\x20\0\x04{2}'.format(
transac_id, queries, ip_resp)
# build the IPv4 header: invert src / dst addr
ipsrc, ipdst = map(inet_ntoa, (ipbuf[12:16], ipbuf[16:20]))
iphdr = IPv4(src=ipdst, dst=ipsrc)
p = Block()
p.append(iphdr)
p.append(udp)
p[-1].hierarchy = 1
p.append(dnsresp)
p[-1].hierarchy = 2
# send back the DNS response
self.GTPUd.transfer_to_int(bytes(p))
def __init__(self, ):
Block.__init__(self, Name="JPEG")
self << segment(type=Seg_dict['SOI'])
def __init__(self):
Block.__init__(self, Name='IEEE 802.15.4')
self.append(PHY())
def __init__(self, C=1, I=0):
Block.__init__(self, Name="EAP-AKA")
self.append( EAPAKA_hdr(C=C, I=I) )
def __init__(self, C=1, I=0):
Block.__init__(self, Name="EAP-SIM")
self.append( EAPSIM_hdr(C=C, I=I) )
def __init__(self):
Block.__init__(self, Name="PNG")
self.append(PNG_sig())
def __init__(self, msg_type=L1CTL_RESET_IND):
Block.__init__(self, Name="L1CTL")
self.append( l1ctl_hdr() )
self[0].msg_type > msg_type
def __init__(self):
Block.__init__(self, Name="BGP4")
self.append(HEADER())
def show(self, with_trans=False):
elf_full = self.get_all()
if elf_full:
return elf_full.show(with_trans)
else:
return Block.show(self, with_trans)
def __init__(self):
Block.__init__(self, Name='MPEG4')
self.append(atom())
def __init__(self):
Block.__init__(self, Name="BMP")
hdr = FileHeader()
self.append(hdr)
def __init__(self, msg_type=L1CTL_RESET_IND):
Block.__init__(self, Name="L1CTL")
self.append(l1ctl_hdr())
self[0].msg_type > msg_type
def __init__(self):
Block.__init__(self, Name='MPEG4')
self.append(atom())
def __init__(self):
Block.__init__(self, Name="TLS")
self.append(RecordLayer())
def __init__(self, prot='SUA', cla=0, typ=1):
Block.__init__(self, Name='Sigtran')
self.append( Hdr(prot, cla, typ) )
def __init__(self, ):
Block.__init__(self, Name="JPEG")
self << segment(type=Seg_dict['SOI'])
def __init__(self, src=0, dst=0, verif=4 * '\x00'):
Block.__init__(self, Name="SCTP")
self.append(SCTP_hdr(src, dst, verif))
def __init__(self, **kwargs):
Block.__init__(self, 'S1AP')
self.append(S1AP_HDR(**kwargs))
def __init__(self, src=0, dst=0, verif=4 * "\x00"):
Block.__init__(self, Name="SCTP")
self.append(SCTP_hdr(src, dst, verif))
def __init__(self):
Block.__init__(self, Name='BGP4')
self.append(HEADER())
def __init__(self):
Block.__init__(self, 'RANAP')
self.append(PDU_HDR())
def __init__(self):
Block.__init__(self, Name="BMP")
hdr = FileHeader()
self.append(hdr)
def __init__(self, prot="SUA", cla=0, typ=1):
Block.__init__(self, Name="Sigtran")
self.append(Hdr(prot, cla, typ))
def __init__(self, SPIi=8*'\x00', SPIr=8*'\x00', type=34, flag='\x08', msgID=0):
Block.__init__(self, Name="IKEv2")
self.append( IKEv2_hdr(SPIi, SPIr, type, flag, msgID) )
def show(self, with_trans=False):
elf_full = self.get_all()
if elf_full:
return elf_full.show(with_trans)
else:
return Block.show(self, with_trans)
def __init__(self, **kwargs):
Block.__init__(self, 'S1AP')
self.append( S1AP_HDR(**kwargs) )
