예제 #1
0
    def __init__(self, cdb):
        self.header = Struct.Group(None, Struct.UInt8("opcode"))
        params = self.header.decode(cdb)
        self.name = self._opcodes[self.header.opcode]

        if self.name in self._structs:
            fmt, children = self._structs[self.name]
            self.params = Struct.Group(None, *children())
            self.params.decode(params)
            self.summary = fmt % self.params.__dict__
        else:
            self.params = None
            self.summary = ''
예제 #2
0
    def handleTCP(self, event, data, datalen):
        """Decode an IPPROTO_TCP packet header, and log the payload."""

        datalen -= 0x14
        tcpHeader = Struct.Group(None,
                                 Struct.UInt16BEHex("source"),
                                 Struct.UInt16BEHex("dest"),
                                 Struct.UInt32BE("seq"),
                                 Struct.UInt32BE("ack_seq"),
                                 Struct.UInt16BEHex("flags"),
                                 Struct.UInt16BE("window"),
                                 Struct.UInt16BEHex("checksum"),
                                 Struct.UInt16BEHex("urg_ptr"))
        data = tcpHeader.decode(data)

        event.pushDecoded("iPhone TCP [%s -> %s] len=0x%04x" % (
            self.portNumbers[tcpHeader.source],
            self.portNumbers[tcpHeader.dest],
            datalen,
            ))

        event.appendDecoded("\nTCP Header:\n%s" % str(tcpHeader))
        event.appendDecoded("\nTCP Payload:\n%s" % Types.hexDump(data))

        # Look for a protocol-specific handler
        for port in tcpHeader.source, tcpHeader.dest:
            fn = getattr(self, "port_%s" % self.portNumbers[port], None)
            if fn:
                fn(event, data, datalen)
예제 #3
0
    def handleEvent(self, event):
        if not event.isDataTransaction():
            return

        header = Struct.Group(None,
            Struct.UInt8("eventCode"),
            Struct.UInt8("numParameters"),
            )
        params = header.decode(event.data)

        event.pushDecoded("BT Event: %s" % self.eventNames[header.eventCode])
예제 #4
0
    def handleEvent(self, event):
        if not event.isDataTransaction():
            return
        if not event.data.startswith("USBC"):
            return

        header = Struct.Group(None, Struct.UInt32("sig"), Struct.UInt32("tag"),
                              Struct.UInt32("datalen"), Struct.UInt8("flag"),
                              Struct.UInt8("lun"), Struct.UInt8("cdblen"))
        cdb = header.decode(event.data)
        command = SCSICommand(cdb)

        event.pushDecoded("Storage Command: %s" % command)
        event.appendDecoded("\n%s" % command.params)
예제 #5
0
    def decode_HCICommand(self, setup):
        header = Struct.Group(None,
            Struct.UInt16("opcode"),
            Struct.UInt8("numParameters"),
            )
        params = header.decode(setup.event.data[8:])

        if header.opcode is None:
            ocf = ogf = None
        else:
            ocf = header.opcode & 0x03FF
            ogf = header.opcode >> 10

        ogfName = self.hciOpcodes.get(ogf, (ogf, {}))[0]
        ocfName = self.hciOpcodes.get(ogf, (ogf, {}))[1].get(ocf, ocf)

        setup.event.pushDecoded("BT Command: %s [%s]" % (ocfName, ogfName))
예제 #6
0
    def handleEvent(self, event):
        if not event.isDataTransaction():
            return
        if not event.data.startswith("USBS"):
            return

        header = Struct.Group(None, Struct.UInt32("sig"), Struct.UInt32("tag"),
                              Struct.UInt32("residue"), Struct.UInt8("status"))
        header.decode(event.data)

        if header.residue:
            residue = ', residue=%d' % header.residue
        else:
            residue = ''

        event.pushDecoded("Storage Status (%s%s)" %
                          (self._statusCodes[header.status], residue))
        event.appendDecoded("\n%s" % header)
예제 #7
0
    def handleEvent(self, event):
        if not event.isDataTransaction():
            return

        header = Struct.Group(None,
            Struct.UInt16("handle"),
            Struct.UInt16("dataTotalLength"),
            )
        params = header.decode(event.data)
        if header.handle is None:
            return

        boundaryFlag = (header.handle >> 12) & 3
        broadcastFlag = (header.handle >> 14) & 3
        handle = header.handle & 0x0FFF

        event.pushDecoded("BT ACL: handle=0x%04x len=0x%04x (%s%s)" %
                          (handle, header.dataTotalLength,
                           self.packetBoundaryNames[boundaryFlag],
                           self.broadcastFlagNames[broadcastFlag]))
예제 #8
0
    def handleGenericPacket(self, event):
        """Decode the usbmuxd header."""

        muxHeader = Struct.Group(None,
                                 Struct.UInt32BE("protocol"),
                                 Struct.UInt32BE("length"))

        data = muxHeader.decode(event.data)
        description = "iPhone usbmuxd: "

        if muxHeader.length is None:
            description += "ERROR"

        else:
            self.remainingLength = muxHeader.length - event.datalen
            description += "proto=%s len=0x%04x" % (self.ipProto[muxHeader.protocol],
                                              muxHeader.length)
            if self.remainingLength:
                description += " (0x%04x remaining)" % self.remainingLength

        event.pushDecoded(description)

        if self.ipProto[muxHeader.protocol] == 'TCP':
            self.handleTCP(event, data, muxHeader.length - 0x08)