class USBPcapWriter(Dissector):
""" """
_desc_ = "USB Pcap Writer"
@classmethod
def create_arg_subparser(cls, parser):
parser.add_argument("--output",
"-o",
metavar="PCAP_FILE",
help="PCAP file")
def __init__(self, args):
super(USBPcapWriter, self).__init__(args)
self.pcap = RawPcapWriter(args.output, linktype=220, sync=True)
self.lock = Lock()
def hookUSBDevice(self, msg):
# We do not receive REQUEST from host if type is not CTRL
if msg.ep.eptype != CTRL:
req = req_from_msg(msg)
self.write_pcap(req)
pkt = usbdev_to_usbpcap(msg)
self.write_pcap(pkt)
return msg
def hookUSBHost(self, msg):
pkt = usbhost_to_usbpcap(msg)
self.write_pcap(pkt)
# We do not receive ACK from device for OUT data
if msg.ep.epdir == PROTO_OUT:
ack = ack_from_msg(msg)
self.write_pcap(ack)
return msg
def write_pcap(self, msg):
self.lock.acquire()
self.pcap.write(str(msg))
self.lock.release()
def merge_cap_files (pcap_file_list, out_filename, delete_src = False):
exising_pcaps = [f for f in pcap_file_list if os.path.exists(f)]
if not exising_pcaps:
print('ERROR: DP cores did not produce output files!')
return
if len(exising_pcaps) != len(pcap_file_list):
print("WARNING: not all DP cores produced output files\n")
out_pkts = []
for src in exising_pcaps:
pkts = RawPcapReader(src)
out_pkts += pkts
if delete_src:
os.unlink(src)
# sort by timestamp
out_pkts = sorted(out_pkts, key = __ts_key)
writer = RawPcapWriter(out_filename, linktype = 1)
writer._write_header(None)
for pkt in out_pkts:
writer._write_packet(pkt[0], sec=pkt[1][0], usec=pkt[1][1], caplen=pkt[1][2], wirelen=None)
class PcapFileWriter:
'Write a PCAP file containing all proxied USB traffic.'
#: Filename for the PCAP file.
pcap = attr.ib(converter=str)
def __attrs_post_init__(self):
log.info(f'Logging packets to PCAP file {self.pcap}')
self._pcap = RawPcapWriter(self.pcap, linktype=220, sync=True)
def _do_host(self, msg):
# Convert and write
pcap_pkt = usbhost_to_usbpcap(msg)
self._pcap.write(raw(pcap_pkt))
# We do not receive ACK from device for OUT data
if msg.ep.epdir == msg.URBEPDirection.URB_OUT:
ack = ack_from_msg(msg)
self._pcap.write(raw(ack))
def _do_device(self, msg):
# We do not receive REQUEST from host if type is not CTRL
if msg.ep.eptype != USBDefs.EP.TransferType.CTRL:
req = req_from_msg(msg)
self._pcap.write(raw(req))
# Convert and write
pcap_pkt = usbdev_to_usbpcap(msg)
self._pcap.write(raw(pcap_pkt))
@hookimpl
def usbq_log_pkt(self, pkt: Union[USBMessageDevice, USBMessageHost]):
# Only log USB Host or Device type packets to the pcap file
if type(pkt) in [USBMessageDevice, USBMessageHost]:
if pkt.type != pkt.MitmType.USB:
return
msg = pkt.content
if type(pkt) == USBMessageDevice:
self._do_device(msg)
else:
self._do_host(msg)
def _write_pcap_files(self, iface_pkts_map):
""" Writes the collected packets to their respective interfaces.
This is done by creating a pcap file with the corresponding name. """
for iface, pkts in iface_pkts_map.items():
direction = "in"
infile = self.filename(iface, direction)
# Linktype 1 the Ethernet Link Type, see also 'man pcap-linktype'
fp = RawPcapWriter(infile, linktype=1)
fp._write_header(None)
for pkt_data in pkts:
try:
fp._write_packet(pkt_data)
except ValueError:
report_err(self.outputs["stderr"], "Invalid packet data",
pkt_data)
return FAILURE
return SUCCESS
def merge_cap_files(pcap_file_list, out_filename, delete_src=False):
if not all([os.path.exists(f) for f in pcap_file_list]):
print("failed to merge cap file list...\nnot all files exist\n")
return
out_pkts = []
for src in pcap_file_list:
pkts = RawPcapReader(src)
out_pkts += pkts
if delete_src:
os.unlink(src)
# sort by timestamp
out_pkts = sorted(out_pkts, key=__ts_key)
writer = RawPcapWriter(out_filename, linktype=1)
writer._write_header(None)
for pkt in out_pkts:
writer._write_packet(pkt[0], sec=pkt[1][0],
usec=pkt[1][1], caplen=pkt[1][2], wirelen=None)
if PCAP_IN is None:
raise getopt.GetoptError("Missing pcap file (-i)")
except getopt.GetoptError, e:
print >>sys.stderr, "ERROR: %s" % e
raise SystemExit
from scapy.config import conf
from scapy.utils import RawPcapReader, RawPcapWriter, hexdiff
from scapy.layers import all
pcap = RawPcapReader(PCAP_IN)
pcap_out = None
if PCAP_OUT:
pcap_out = RawPcapWriter(
PCAP_OUT, append=APPEND, gz=COMPRESS, linktype=pcap.linktype)
pcap_out._write_header(None)
LLcls = conf.l2types.get(pcap.linktype)
if LLcls is None:
print >>sys.stderr, " Unknown link type [%i]. Can't test anything!" % pcap.linktype
raise SystemExit
i = -1
differ = 0
failed = 0
for p1, meta in pcap:
i += 1
try:
p2d = LLcls(p1)
p2 = str(p2d)
def main(argv):
PCAP_IN = None
PCAP_OUT = None
COMPRESS = False
APPEND = False
DIFF = False
VERBOSE = 0
try:
opts = getopt.getopt(argv, "hi:o:azdv")
for opt, parm in opts[0]:
if opt == "-h":
usage()
raise SystemExit
elif opt == "-i":
PCAP_IN = parm
elif opt == "-o":
PCAP_OUT = parm
elif opt == "-v":
VERBOSE += 1
elif opt == "-d":
DIFF = True
elif opt == "-a":
APPEND = True
elif opt == "-z":
COMPRESS = True
if PCAP_IN is None:
raise getopt.GetoptError("Missing pcap file (-i)")
except getopt.GetoptError as e:
print >> sys.stderr, "ERROR: %s" % e
raise SystemExit
from scapy.config import conf
from scapy.utils import RawPcapReader, RawPcapWriter, hexdiff
from scapy.layers import all
pcap = RawPcapReader(PCAP_IN)
pcap_out = None
if PCAP_OUT:
pcap_out = RawPcapWriter(PCAP_OUT,
append=APPEND,
gz=COMPRESS,
linktype=pcap.linktype)
pcap_out._write_header(None)
LLcls = conf.l2types.get(pcap.linktype)
if LLcls is None:
print >> sys.stderr, " Unknown link type [%i]. Can't test anything!" % pcap.linktype
raise SystemExit
i = -1
differ = 0
failed = 0
for p1, meta in pcap:
i += 1
try:
p2d = LLcls(p1)
p2 = str(p2d)
except KeyboardInterrupt:
raise
except Exception as e:
print "Dissection error on packet %i" % i
failed += 1
else:
if p1 == p2:
if VERBOSE >= 2:
print "Packet %i ok" % i
continue
else:
print "Packet %i differs" % i
differ += 1
if VERBOSE >= 1:
print repr(p2d)
if DIFF:
hexdiff(p1, p2)
if pcap_out is not None:
pcap_out.write(p1)
i += 1
correct = i - differ - failed
print "%i total packets. %i ok, %i differed, %i failed. %.2f%% correct." % (
i, correct, differ, failed, i and 100.0 * (correct) / i)
except getopt.GetoptError,e:
print >>sys.stderr,"ERROR: %s" % e
raise SystemExit
from scapy.config import conf
from scapy.utils import RawPcapReader,RawPcapWriter,hexdiff
from scapy.layers import all
pcap = RawPcapReader(PCAP_IN)
pcap_out = None
if PCAP_OUT:
pcap_out = RawPcapWriter(PCAP_OUT, append=APPEND, gz=COMPRESS, linktype=pcap.linktype)
pcap_out._write_header(None)
LLcls = conf.l2types.get(pcap.linktype)
if LLcls is None:
print >>sys.stderr," Unknown link type [%i]. Can't test anything!" % pcap.linktype
raise SystemExit
i=-1
differ=0
failed=0
for p1,meta in pcap:
i += 1
try:
p2d = LLcls(p1)
def pcap_writer(tmp_path):
f = tmp_path / 'test.pcap'
return RawPcapWriter(f.open('wb'), linktype=220, sync=True)
def main(argv):
PCAP_IN = None
PCAP_OUT = None
COMPRESS = False
APPEND = False
DIFF = False
VERBOSE = 0
try:
opts = getopt.getopt(argv, "hi:o:azdv")
for opt, parm in opts[0]:
if opt == "-h":
usage()
raise SystemExit
elif opt == "-i":
PCAP_IN = parm
elif opt == "-o":
PCAP_OUT = parm
elif opt == "-v":
VERBOSE += 1
elif opt == "-d":
DIFF = True
elif opt == "-a":
APPEND = True
elif opt == "-z":
COMPRESS = True
if PCAP_IN is None:
raise getopt.GetoptError("Missing pcap file (-i)")
except getopt.GetoptError as e:
print("ERROR: %s" % e, file=sys.stderr)
raise SystemExit
from scapy.config import conf
from scapy.utils import RawPcapReader, RawPcapWriter, hexdiff
from scapy.layers import all # noqa: F401
pcap = RawPcapReader(PCAP_IN)
pcap_out = None
if PCAP_OUT:
pcap_out = RawPcapWriter(PCAP_OUT, append=APPEND, gz=COMPRESS, linktype=pcap.linktype) # noqa: E501
pcap_out._write_header(None)
LLcls = conf.l2types.get(pcap.linktype)
if LLcls is None:
print(" Unknown link type [%i]. Can't test anything!" % pcap.linktype, file=sys.stderr) # noqa: E501
raise SystemExit
i = -1
differ = 0
failed = 0
for p1, meta in pcap:
i += 1
try:
p2d = LLcls(p1)
p2 = str(p2d)
except KeyboardInterrupt:
raise
except Exception as e:
print("Dissection error on packet %i: %s" % (i, e))
failed += 1
else:
if p1 == p2:
if VERBOSE >= 2:
print("Packet %i ok" % i)
continue
else:
print("Packet %i differs" % i)
differ += 1
if VERBOSE >= 1:
print(repr(p2d))
if DIFF:
hexdiff(p1, p2)
if pcap_out is not None:
pcap_out.write(p1)
i += 1
correct = i - differ - failed
print("%i total packets. %i ok, %i differed, %i failed. %.2f%% correct." % (i, correct, differ, # noqa: E501
failed, i and 100.0 * (correct) / i)) # noqa: E501
mod_start, mod_end, mod_count = time_range(mod_in)
print('mod start={start}, end={end}'.format(start=format_utc(mod_start),
end=format_utc(mod_end)))
# ref_start=1516826211
# ref_end=1516912610
# mod_start=1517336042
# mod_end=1517422440
# mod_count=4_156_081
# number of packets to process before output
status_period = mod_count // 10
with RawPcapReader(modify) as mod_in, \
RawPcapWriter(modify_out,
linktype=mod_in.linktype,
endianness=mod_in.endian,
nano=mod_in.nano) as mod_out:
count = 0
# all packets should end up between ref_start and ref_end
ref_range = ref_end - ref_start
mod_range = mod_end - mod_start
# since we're using the _write_packet internal function
# must call _write_header manually, which has a required
# parameter that isn't used
mod_out._write_header(None)
if should_normalize(ref_range, mod_range):
print('Normalizing: pcaps time ranges are more than 10%')
for pkt, meta in mod_in:
def __init__(self, args):
super(USBPcapWriter, self).__init__(args)
self.pcap = RawPcapWriter(args.output, linktype=220, sync=True)
self.lock = Lock()
def __attrs_post_init__(self):
log.info(f'Logging packets to PCAP file {self.pcap}')
self._pcap = RawPcapWriter(self.pcap, linktype=220, sync=True)