class SkinnyMessageSetLamp(Packet): name = 'Lamp message (light of the phone)' fields_desc = [ LEIntEnumField("stimulus", 0x5, skinny_stimulus), LEIntField("instance", 1), LEIntEnumField("mode", 2, skinny_lamp_mode) ]
class SkinnyMessageCloseReceiveChannel(Packet): name = 'close receive channel' fields_desc = [LEIntField('conference', 0), LEIntField('passthru', 0), IPField('remote', '0.0.0.0'), LEIntField('port', RandShort()), SkinnyRateField('rate', 20), LEIntEnumField('codec', 4, _skinny_codecs), LEIntField('precedence', 200), LEIntEnumField('silence', 0, _skinny_silence), LEIntField('callid', 0)]
class SkinnyMessageOpenReceiveChannel(Packet): name = 'open receive channel' fields_desc = [LEIntField('conference', 0), LEIntField('passthru', 0), SkinnyRateField('rate', 20), LEIntEnumField('codec', 4, _skinny_codecs), LEIntEnumField('echo', 0, _skinny_echo), LEIntField('unknown1', 0), LEIntField('callid', 0)] def guess_payload_class(self, p): return conf.padding_layer
class Skinny(Packet): name = "Skinny" fields_desc = [ LEIntField("len", 0), LEIntField("res", 0), LEIntEnumField("msg", 0, skinny_messages) ]
class NEGOEX_MESSAGE_HEADER(Packet): fields_desc = [ StrFixedLenField("Signature", "NEGOEXTS", length=8), LEIntEnumField( "MessageType", 0, { 0x0: "INITIATOR_NEGO", 0x01: "ACCEPTOR_NEGO", 0x02: "INITIATOR_META_DATA", 0x03: "ACCEPTOR_META_DATA", 0x04: "CHALENGE", 0x05: "AP_REQUEST", 0x06: "VERIFY", 0x07: "ALERT" }), LEIntField("SequenceNum", 0), LEIntField("cbHeaderLength", None), LEIntField("cbMessageLength", None), UUIDField("ConversationId", None), ] def post_build(self, pkt, pay): if self.cbHeaderLength is None: pkt = pkt[16:] + struct.pack("<I", len(pkt)) + pkt[20:] if self.cbMessageLength is None: pkt = pkt[20:] + struct.pack("<I", len(pkt) + len(pay)) + pkt[24:] return pkt + pay
class USBpcapTransferIsochronous(Packet): name = "USBpcap Transfer Isochronous" fields_desc = [ LEIntField("offset", 0), LEIntField("length", 0), LEIntEnumField("usbd_status", 0x0, _usbd_status_codes) ]
class SkinnyMessageStartMediaTransmission(Packet): name = 'start multimedia transmission' fields_desc = [LEIntField('conference', 0), LEIntField('passthru', 0), IPField('remote', '0.0.0.0'), LEIntField('port', RandShort()), SkinnyRateField('rate', 20), LEIntEnumField('codec', 4, _skinny_codecs), LEIntField('precedence', 200), LEIntEnumField('silence', 0, _skinny_silence), SkinnyFramePerPacketField('maxframes', 0), LEIntField('unknown1', 0), LEIntField('callid', 0)] def guess_payload_class(self, p): return conf.padding_layer
class SkinnyMessageOpenReceiveChannelAck(Packet): name = 'open receive channel' fields_desc = [LEIntEnumField('status', 0, _skinny_receive_channel_status), IPField('remote', '0.0.0.0'), LEIntField('port', RandShort()), LEIntField('passthru', 0), LEIntField('callid', 0)]
class USBpcap(Packet): name = "USBpcap URB" fields_desc = [ByteField("headerLen", None), ByteField("res", 0), XLELongField("irpId", 0), LEIntEnumField("usbd_status", 0x0, _usbd_status_codes), LEShortEnumField("function", 0, _urb_functions), XByteField("info", 0), LEShortField("bus", 0), LEShortField("device", 0), XByteField("endpoint", 0), ByteEnumField("transfer", 0, _transfer_types), LenField("dataLength", None, fmt="<I")] def post_build(self, p, pay): if self.headerLen is None: headerLen = len(p) if isinstance(self.payload, (USBpcapTransferIsochronous, USBpcapTransferInterrupt, USBpcapTransferControl)): headerLen += len(self.payload) - len(self.payload.payload) p = chb(headerLen) + p[1:] return p + pay def guess_payload_class(self, payload): if self.headerLen == 27: # No Transfer layer return super(USBpcap, self).guess_payload_class(payload) if self.transfer == 0: return USBpcapTransferIsochronous elif self.transfer == 1: return USBpcapTransferInterrupt elif self.transfer == 2: return USBpcapTransferControl return super(USBpcap, self).guess_payload_class(payload)
class SkinnyMessageCallState(Packet): name = 'Skinny Call state message' fields_desc = [LEIntEnumField("state", 1, skinny_callstates), LEIntField("instance", 1), LEIntField("callid", 0), LEIntField("unknown1", 4), LEIntField("unknown2", 0), LEIntField("unknown3", 0)]
class SkinnyMessageSetRinger(Packet): name = 'Ring message' fields_desc = [ LEIntEnumField("ring", 0x1, skinny_ring_type), LEIntField("unknown1", 0), LEIntField("unknown2", 0), LEIntField("unknown3", 0) ]
class SkinnyMessageStartTone(Packet): name = 'Start tone' fields_desc = [ LEIntEnumField("tone", 0x21, _skinny_tones), LEIntField("unknown1", 0), LEIntField("instance", 1), LEIntField("callid", 0) ]
class STDOBJREF(Packet): name = 'stdObjRef' fields_desc = [ LEIntEnumField('flags', 1, {0: 'PINGING', 8: 'SORF_NOPING'}), LEIntField('cPublicRefs', 0), LELongField('OXID', 0), LELongField('OID', 0), PacketField('IPID', None, UUIDField), ]
class Skinny(Packet): name = "Skinny" fields_desc = [LEIntField("len", None), LEIntField("res", 0), LEIntEnumField("msg", 0, skinny_messages_cls)] def post_build(self, pkt, p): if self.len is None: # on compte pas les headers len et reserved tmp_len = len(p) + len(pkt) - 8 pkt = struct.pack('@I', tmp_len) + pkt[4:] return pkt + p
class NEFICSMSG(Packet): name = 'NEFICS simulation message' fields_desc = [ LEIntField('SenderID', 0), LEIntField('ReceiverID', 0), LEIntEnumField('MessageID', 0xFFFFFFFF, MESSAGE_ID_MAP), LEIntField('IntegerArg0', 0), LEIntField('IntegerArg1', 0), LEFloatField('FloatArg0', 0.0), LEFloatField('FloatArg1', 0.0) ]
class IRemoteSCMActivator_RemoteCreateInstanceLE(Packet): name = 'RemoteCreateInstance' fields_desc = [ LEShortField('versionMajor', 0), LEShortField('versionMinor', 0), LEIntEnumField('flag', 1, _objref_flag), LEIntField('reserved', 0), ] def guess_payload_class(self, payload): try: return _objref_pdu[self.flag][1] except Exception: pass
class ENIPTCP(Packet): """Ethernet/IP packet over TCP""" name = "ENIPTCP" fields_desc = [ LEShortEnumField("commandId", None, _commandIdList), LEShortField("length", 0), XLEIntField("session", 0), LEIntEnumField("status", None, _statusList), LELongField("senderContext", 0), LEIntField("options", 0), MultipleTypeField( [ # List Services Reply (PacketField("commandSpecificData", ENIPListServicesReply, ENIPListServicesReply), lambda pkt: pkt.commandId == 0x4), # List Identity Reply (PacketField("commandSpecificData", ENIPListIdentityReply, ENIPListIdentityReply), lambda pkt: pkt.commandId == 0x63), # List Interfaces Reply (PacketField("commandSpecificData", ENIPListInterfacesReply, ENIPListInterfacesReply), lambda pkt: pkt.commandId == 0x64), # Register Session (PacketField("commandSpecificData", ENIPRegisterSession, ENIPRegisterSession), lambda pkt: pkt.commandId == 0x65), # Send RR Data (PacketField("commandSpecificData", ENIPSendRRData, ENIPSendRRData), lambda pkt: pkt.commandId == 0x6f), # Send Unit Data (PacketField("commandSpecificData", ENIPSendUnitData, ENIPSendUnitData), lambda pkt: pkt.commandId == 0x70), ], PacketField( "commandSpecificData", None, CommandSpecificData) # By default ), ] def post_build(self, pkt, pay): if self.length is None and pay: pkt = pkt[:2] + struct.pack("<H", len(pay)) + pkt[4:] return pkt + pay
class OpcDaRejectLE(Packet): name = "OpcDaReject" fields_desc = [ LEIntField('allocHint', 0), LEShortField('contextId', 0), ByteField('cancelCount', 0), ByteField('reserved', 0), LEIntEnumField('Group', 0, _rejectStatus), StrLenField('subData', None, length_from=lambda pkt: pkt.allocHint - 32), PacketField('authentication', None, AuthentificationProtocol), ] def extract_padding(self, p): return b"", p
class NTLM_Header(Packet): name = "NTLM Header" fields_desc = [ StrFixedLenField('Signature', b'NTLMSSP\0', length=8), LEIntEnumField('MessageType', 3, {1: 'NEGOTIATE_MESSAGE', 2: 'CHALLENGE_MESSAGE', 3: 'AUTHENTICATE_MESSAGE'}), ] @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt and len(_pkt) >= 10: MessageType = struct.unpack("<H", _pkt[8:10])[0] if MessageType == 1: return NTLM_NEGOTIATE elif MessageType == 2: return NTLM_CHALLENGE elif MessageType == 3: return NTLM_AUTHENTICATE_V2 return cls
class AV_PAIR(Packet): name = "NTLM AV Pair" fields_desc = [ LEShortEnumField( 'AvId', 0, { 0x0000: "MsvAvEOL", 0x0001: "MsvAvNbComputerName", 0x0002: "MsvAvNbDomainName", 0x0003: "MsvAvDnsComputerName", 0x0004: "MsvAvDnsDomainName", 0x0005: "MsvAvDnsTreeName", 0x0006: "MsvAvFlags", 0x0007: "MsvAvTimestamp", 0x0008: "MsvAvSingleHost", 0x0009: "MsvAvTargetName", 0x000A: "MsvAvChannelBindings", }), FieldLenField('AvLen', None, length_of="Value", fmt="<H"), MultipleTypeField([ (LEIntEnumField( 'Value', 1, { 0x0001: "constrained", 0x0002: "MIC integrity", 0x0004: "SPN from untrusted source" }), lambda pkt: pkt.AvId == 0x0006), (UTCTimeField("Value", None, epoch=[1601, 1, 1, 0, 0, 0], custom_scaling=1e7, fmt="<Q"), lambda pkt: pkt.AvId == 0x0007), (PacketField('Value', Single_Host_Data(), Single_Host_Data), lambda pkt: pkt.AvId == 0x0008), (XStrLenField('Value', b"", length_from=lambda pkt: pkt.AvLen), lambda pkt: pkt.AvId == 0x000A), ], StrLenFieldUtf16('Value', b"", length_from=lambda pkt: pkt.AvLen)) ] def default_payload_class(self, payload): return conf.padding_layer
class SkinnyMessageSpeakerMode(Packet): name = 'Speaker mdoe' fields_desc = [LEIntEnumField("ring", 0x1, skinny_speaker_modes)]
class NTLMSSPLE(Packet): name = 'NTLM Secure Service Provider' fields_desc = [ StrFixedLenField('identifier', 'NTLMSSP', length=8), LEIntEnumField('messageType', 3, {3: 'NTLMSSP_AUTH'}), LEShortField('lanManagerLen', 0), LEShortField('lanManagerMax', 0), LEIntField('lanManagerOffset', 0), LEShortField('NTLMRepLen', 0), LEShortField('NTLMRepMax', 0), LEIntField('NTLMRepOffset', 0), LEShortField('domainNameLen', 0), LEShortField('domainNameMax', 0), LEIntField('domainNameOffset', 0), LEShortField('userNameLen', 0), LEShortField('userNameMax', 0), LEIntField('userNameOffset', 0), LEShortField('hostNameLen', 0), LEShortField('hostNameMax', 0), LEIntField('hostNameOffset', 0), LEShortField('sessionKeyLen', 0), LEShortField('sessionKeyMax', 0), LEIntField('sessionKeyOffset', 0), FlagsField('negociateFlags', 0, 32, _negociate_flags), ByteField('versionMajor', 0), ByteField('versionMinor', 0), LEShortField('buildNumber', 0), ByteField('reserved', 0), ShortField('reserved2', 0), ByteField('NTLMCurrentRevision', 0), StrFixedLenField('MIC', '', 16), StrLenField('domainName', '', length_from=lambda pkt: pkt.domainNameLen), StrLenField('userName', '', length_from=lambda pkt: pkt.userNameLen), StrLenField('hostName', '', length_from=lambda pkt: pkt.hostNameLen), StrLenField('lanManager', '', length_from=lambda pkt: pkt.lanManagerLen), StrFixedLenField('NTLMRep', '', length=16), ByteField('responseVersion', 0), ByteField('hiResponseVersion', 0), StrFixedLenField('Z', '', 6), LELongField('timestamp', 0), # Time in nanosecond StrFixedLenField('clientChallenge', '', 8), LEIntField('Z', 0), PacketField('attribute1', None, AttributeNameLE), PacketField('attribute2', None, AttributeNameLE), PacketField('attribute3', None, AttributeNameLE), PacketField('attribute4', None, AttributeNameLE), PacketField('attribute5', None, AttributeNameLE), PacketField('attribute6', None, AttributeNameLE), PacketField('attribute7', None, AttributeNameLE), PacketField('attribute8', None, AttributeNameLE), PacketField('attribute9', None, AttributeNameLE), PacketField('attribute10', None, AttributeNameLE), LEIntField('Z', 0), LEIntField('padding', 0), StrLenField('sessionKey', '', length_from=lambda pkt: pkt.sessionKeyLen), ] def extract_padding(self, p): return b"", p