def get_section(self, ind=-1): if self._sh and self._stream: b = Block('section') # get all sections if ind == -1: for sh in self._sh: # section header b.append(sh) b[-1].set_hierarchy(0) # section content b.append(section()) b[-1].set_hierarchy(1) b[-1].map( self._stream[b[-2].sh_offset():b[-2].sh_offset() + b[-2].sh_size()]) # get a given section elif ind in range(len(self._sh)): b.append(self._sh[ind]) b[-1].set_hierarchy(0) # section content b.append(section()) b[-1].set_hierarchy(1) b[-1].map(self._stream[b[-2].sh_offset():b[-2].sh_offset() + b[-2].sh_size()]) # return b # else: print('No ELF stream has been mapped yet...')
def get_program(self, ind=-1): if self._ph and self._stream: b = Block('program') # get all program segments if ind == -1: for ph in self._ph: # program header b.append(ph) b[-1].set_hierarchy(0) # program segment b.append(program()) b[-1].set_hierarchy(1) b[-1].map(self._stream[b[-2].p_offset():b[-2].p_offset() + b[-2].p_filesz()]) # get a given program segment elif ind in range(len(self._ph)): b.append(self._ph[ind]) b[-1].set_hierarchy(0) # program segment b.append(program()) b[-1].set_hierarchy(1) b[-1].map(self._stream[b[-2].p_offset():b[-2].p_offset() + b[-2].p_filesz()]) # return b # else: print('No ELF stream has been mapped yet...')
def handle_ul(self, ipbuf): # check if we have a TCP SYN ip_proto, ip_pay = ord(ipbuf[9]), ipbuf[20:] if ip_proto != 6: # not TCP return if ip_pay[13] != '\x02': # not TCP SYN return # build the TCP SYN-ACK: invert src / dst ports, seq num (random), ack num (SYN seq num + 1) tcpsrc, tcpdst, seq = unpack('!HHI', ip_pay[:8]) tcp_synack = TCP(src=tcpdst, dst=tcpsrc, flags=['SYN', 'ACK']) tcp_synack[2] = randint(1, 4294967295) # seq num tcp_synack[3] = (seq + 1) % 4294967296 # ack num tcp_synack[15] = 0x1000 # window # build the IPv4 header: invert src / dst addr ipsrc, ipdst = map(inet_ntoa, (ipbuf[12:16], ipbuf[16:20])) iphdr = IPv4(src=ipdst, dst=ipsrc) p = Block() p.append(iphdr) p.append(tcp_synack) p[1].hierarchy = 1 # TCP, payload of IP # send back the TCP SYN-ACK self.GTPUd.transfer_to_int(bytes(p))
def get_all(self): if self._sh and self._ph and self._stream: p = self.get_program() p.inc_hierarchy() s = self.get_section() s.inc_hierarchy() elf = Block('all') elf.append(self[0]) elf.extend(p) elf.extend(s) return elf else: print('Some ELF sub-streams seem missing...') print('check ._ph for program header, ._sh for section header') return None
def parseProp(self, s): # create a Proposal Block where Prop() is the "header": Proposal = Block("Proposal") Proposal.append(Prop()) #hierarchy = 0 Proposal[0].map(s) # get the string with the Proposal content: s = s[len(Proposal[0]):int(Proposal[0].len)] Tnum = int(Proposal[0].Tnum) # loop for the "num" Transforms referenced in the Proposal while Tnum > 0: Proposal.append(Trans()) Proposal[-1].hierarchy = 1 Proposal[-1].map(s) s = s[8:] Tnum -= 1 # check for errors in the Transform parsing process: if Tnum > 0 and Proposal[-1].last == 0: print '[WNG] error in parsing the SA proposal' elif Tnum == 0 and Proposal[-1].last == 3: print '[WNG] error in parsing the SA proposal' if int(Proposal[-1].last) not in (0, 3): print '[WNG] strange Transorm format...' # parse possible attributes # (multiple attributes possible for 1 transform): attlen = int(Proposal[-1].len) - 8 atts = s[:attlen] # string for Transform's attributes s = s[attlen:] # string for next Transform while len(atts) > 0: #determine type of attribute: TV or TLV: if int(atts[0].encode('hex'), 16) >= 0x80: # TV format: Proposal.append(TransTV()) Proposal[-1].hierarchy = 2 Proposal[-1].map(atts) atts = atts[4:] else: # TLV format: Proposal.append(TransTLV()) Proposal[-1].hierarchy = 2 Proposal[-1].map(atts) atts = atts[len(Proposal[-1]):] # finally returns the Proposal Block for extending the IKEv2 Block with return Proposal
def handle_ul(self, ipbuf): # check if we have an UDP/53 request ip_proto, (udpsrc, udpdst) = ord(ipbuf[9]), unpack('!HH', ipbuf[20:24]) if ip_proto != 17: # not UDP return if udpdst != 53: # not DNS return # build the UDP / DNS response: invert src / dst UDP ports udp = UDP(src=udpdst, dst=udpsrc, with_cs=self.UDP_CS) # DNS request: transaction id, flags, questions, queries dnsreq = ipbuf[28:] transac_id, questions, queries = dnsreq[0:2], \ unpack('!H', dnsreq[4:6])[0], \ dnsreq[12:] if questions > 1: # not supported return # DNS response: transaction id, flags, questions, answer RRs, # author RRs, add RRs, queries, answers, autor nameservers, add records if self.RAND: ip_resp = _urandom(4) else: ip_resp = inet_aton(self.IP_RESP) dnsresp = '{0}\x81\x80\0\x01\0\x01\0\0\0\0{1}\xc0\x0c'\ '\0\x01\0\x01\0\0\0\x20\0\x04{2}'.format( transac_id, queries, ip_resp) # build the IPv4 header: invert src / dst addr ipsrc, ipdst = map(inet_ntoa, (ipbuf[12:16], ipbuf[16:20])) iphdr = IPv4(src=ipdst, dst=ipsrc) p = Block() p.append(iphdr) p.append(udp) p[-1].hierarchy = 1 p.append(dnsresp) p[-1].hierarchy = 2 # send back the DNS response self.GTPUd.transfer_to_int(bytes(p))