class USBPcapWriter(Dissector):
""" """
_desc_ = "USB Pcap Writer"
@classmethod
def create_arg_subparser(cls, parser):
parser.add_argument("--output",
"-o",
metavar="PCAP_FILE",
help="PCAP file")
def __init__(self, args):
super(USBPcapWriter, self).__init__(args)
self.pcap = RawPcapWriter(args.output, linktype=220, sync=True)
self.lock = Lock()
def hookUSBDevice(self, msg):
# We do not receive REQUEST from host if type is not CTRL
if msg.ep.eptype != CTRL:
req = req_from_msg(msg)
self.write_pcap(req)
pkt = usbdev_to_usbpcap(msg)
self.write_pcap(pkt)
return msg
def hookUSBHost(self, msg):
pkt = usbhost_to_usbpcap(msg)
self.write_pcap(pkt)
# We do not receive ACK from device for OUT data
if msg.ep.epdir == PROTO_OUT:
ack = ack_from_msg(msg)
self.write_pcap(ack)
return msg
def write_pcap(self, msg):
self.lock.acquire()
self.pcap.write(str(msg))
self.lock.release()
class PcapFileWriter:
'Write a PCAP file containing all proxied USB traffic.'
#: Filename for the PCAP file.
pcap = attr.ib(converter=str)
def __attrs_post_init__(self):
log.info(f'Logging packets to PCAP file {self.pcap}')
self._pcap = RawPcapWriter(self.pcap, linktype=220, sync=True)
def _do_host(self, msg):
# Convert and write
pcap_pkt = usbhost_to_usbpcap(msg)
self._pcap.write(raw(pcap_pkt))
# We do not receive ACK from device for OUT data
if msg.ep.epdir == msg.URBEPDirection.URB_OUT:
ack = ack_from_msg(msg)
self._pcap.write(raw(ack))
def _do_device(self, msg):
# We do not receive REQUEST from host if type is not CTRL
if msg.ep.eptype != USBDefs.EP.TransferType.CTRL:
req = req_from_msg(msg)
self._pcap.write(raw(req))
# Convert and write
pcap_pkt = usbdev_to_usbpcap(msg)
self._pcap.write(raw(pcap_pkt))
@hookimpl
def usbq_log_pkt(self, pkt: Union[USBMessageDevice, USBMessageHost]):
# Only log USB Host or Device type packets to the pcap file
if type(pkt) in [USBMessageDevice, USBMessageHost]:
if pkt.type != pkt.MitmType.USB:
return
msg = pkt.content
if type(pkt) == USBMessageDevice:
self._do_device(msg)
else:
self._do_host(msg)
raise
except Exception, e:
print "Dissection error on packet %i" % i
failed += 1
else:
if p1 == p2:
if VERBOSE >= 2:
print "Packet %i ok" % i
continue
else:
print "Packet %i differs" % i
differ += 1
if VERBOSE >= 1:
print repr(p2d)
if DIFF:
hexdiff(p1, p2)
if pcap_out is not None:
pcap_out.write(p1)
i += 1
correct = i-differ-failed
print "%i total packets. %i ok, %i differed, %i failed. %.2f%% correct." % (i, correct, differ,
failed, i and 100.0*(correct)/i)
if __name__ == "__main__":
import sys
try:
main(sys.argv[1:])
except KeyboardInterrupt:
print >>sys.stderr, "Interrupted by user."
def main(argv):
PCAP_IN = None
PCAP_OUT = None
COMPRESS = False
APPEND = False
DIFF = False
VERBOSE = 0
try:
opts = getopt.getopt(argv, "hi:o:azdv")
for opt, parm in opts[0]:
if opt == "-h":
usage()
raise SystemExit
elif opt == "-i":
PCAP_IN = parm
elif opt == "-o":
PCAP_OUT = parm
elif opt == "-v":
VERBOSE += 1
elif opt == "-d":
DIFF = True
elif opt == "-a":
APPEND = True
elif opt == "-z":
COMPRESS = True
if PCAP_IN is None:
raise getopt.GetoptError("Missing pcap file (-i)")
except getopt.GetoptError as e:
print >> sys.stderr, "ERROR: %s" % e
raise SystemExit
from scapy.config import conf
from scapy.utils import RawPcapReader, RawPcapWriter, hexdiff
from scapy.layers import all
pcap = RawPcapReader(PCAP_IN)
pcap_out = None
if PCAP_OUT:
pcap_out = RawPcapWriter(PCAP_OUT,
append=APPEND,
gz=COMPRESS,
linktype=pcap.linktype)
pcap_out._write_header(None)
LLcls = conf.l2types.get(pcap.linktype)
if LLcls is None:
print >> sys.stderr, " Unknown link type [%i]. Can't test anything!" % pcap.linktype
raise SystemExit
i = -1
differ = 0
failed = 0
for p1, meta in pcap:
i += 1
try:
p2d = LLcls(p1)
p2 = str(p2d)
except KeyboardInterrupt:
raise
except Exception as e:
print "Dissection error on packet %i" % i
failed += 1
else:
if p1 == p2:
if VERBOSE >= 2:
print "Packet %i ok" % i
continue
else:
print "Packet %i differs" % i
differ += 1
if VERBOSE >= 1:
print repr(p2d)
if DIFF:
hexdiff(p1, p2)
if pcap_out is not None:
pcap_out.write(p1)
i += 1
correct = i - differ - failed
print "%i total packets. %i ok, %i differed, %i failed. %.2f%% correct." % (
i, correct, differ, failed, i and 100.0 * (correct) / i)
raise
except Exception,e:
print "Dissection error on packet %i" % i
failed += 1
else:
if p1 == p2:
if VERBOSE >= 2:
print "Packet %i ok" % i
continue
else:
print "Packet %i differs" % i
differ += 1
if VERBOSE >= 1:
print repr(p2d)
if DIFF:
hexdiff(p1,p2)
if pcap_out is not None:
pcap_out.write(p1)
i+=1
correct = i-differ-failed
print "%i total packets. %i ok, %i differed, %i failed. %.2f%% correct." % (i, correct, differ,
failed, i and 100.0*(correct)/i)
if __name__ == "__main__":
import sys
try:
main(sys.argv[1:])
except KeyboardInterrupt:
print >>sys.stderr,"Interrupted by user."
def main(argv):
PCAP_IN = None
PCAP_OUT = None
COMPRESS = False
APPEND = False
DIFF = False
VERBOSE = 0
try:
opts = getopt.getopt(argv, "hi:o:azdv")
for opt, parm in opts[0]:
if opt == "-h":
usage()
raise SystemExit
elif opt == "-i":
PCAP_IN = parm
elif opt == "-o":
PCAP_OUT = parm
elif opt == "-v":
VERBOSE += 1
elif opt == "-d":
DIFF = True
elif opt == "-a":
APPEND = True
elif opt == "-z":
COMPRESS = True
if PCAP_IN is None:
raise getopt.GetoptError("Missing pcap file (-i)")
except getopt.GetoptError as e:
print("ERROR: %s" % e, file=sys.stderr)
raise SystemExit
from scapy.config import conf
from scapy.utils import RawPcapReader, RawPcapWriter, hexdiff
from scapy.layers import all # noqa: F401
pcap = RawPcapReader(PCAP_IN)
pcap_out = None
if PCAP_OUT:
pcap_out = RawPcapWriter(PCAP_OUT, append=APPEND, gz=COMPRESS, linktype=pcap.linktype) # noqa: E501
pcap_out._write_header(None)
LLcls = conf.l2types.get(pcap.linktype)
if LLcls is None:
print(" Unknown link type [%i]. Can't test anything!" % pcap.linktype, file=sys.stderr) # noqa: E501
raise SystemExit
i = -1
differ = 0
failed = 0
for p1, meta in pcap:
i += 1
try:
p2d = LLcls(p1)
p2 = str(p2d)
except KeyboardInterrupt:
raise
except Exception as e:
print("Dissection error on packet %i: %s" % (i, e))
failed += 1
else:
if p1 == p2:
if VERBOSE >= 2:
print("Packet %i ok" % i)
continue
else:
print("Packet %i differs" % i)
differ += 1
if VERBOSE >= 1:
print(repr(p2d))
if DIFF:
hexdiff(p1, p2)
if pcap_out is not None:
pcap_out.write(p1)
i += 1
correct = i - differ - failed
print("%i total packets. %i ok, %i differed, %i failed. %.2f%% correct." % (i, correct, differ, # noqa: E501
failed, i and 100.0 * (correct) / i)) # noqa: E501
