def Crc16Encap(pload):
validPloadLen = False
# Encap
if pload[0:2] == '01':
# Validate crc-16 of encap packet ex: checksum(56012503FF) == 7958 ??
p = '56'+pload[0:-4]
# if the encapsulated CC is 70...Check the payload
if pload[2:4] == '70':
# from 4 to -4 because its checks after CC 70 and before crc_ccitt
encapCC = Configuration(pload[4:-4])
if encapCC == True:
if Checksums.crc_ccitt(p) == pload[-4:]:
validPloadLen = True
elif Checksums.crc_ccitt(p) == pload[-4:]:
validPloadLen = True
else:
validPloadLen = False
return validPloadLen
def INTRUSION_DETECTION(self, packet_receive):
time_now = set_time(str(datetime.datetime.now()))
validSrc = validDst = validCC = validLen = False
validPloadLen = loopBack = False
validRouted = True
if ZWaveReq in packet_receive:
# If home ID is accurate, proceed
if (
hex(packet_receive[ZWaveReq].homeid).split("x")[1] == self.homeIdentification
and Checksums.verify_checksum(packet_receive, ZWaveReq) == True
):
(self.srcID, self.dstID, self.length, self.cmdcl, self.header, self.pload, self.routed) = parse_Packet(
packet_receive, 1
)
# length of the packet must be <= 64 bytes if singlecast
if self.length <= 64:
validLen = True
# check for valid source id
for row in devices_cmdclasses:
if self.routed == 1:
validRouted = parse_Routed(self)
validLen = True
validSrc = True
validDst = True
validCC = True
validPloadLen = True
parse_Packet(packet_receive, 2)
# if header is 1, packet is singlecast. If routed is 1
# evaluate frame as a routed packet instead
elif self.header == 1:
if int(self.srcID) == int(row[0]):
validSrc = True
# if destination id is valid, continue
if int(self.dstID) == int(row[0]):
validDst = True
# if source id is valid, check for supported
# command class
for cc in row[1:]:
if self.cmdcl == "1":
validCC = True
break
elif self.cmdcl == "0":
validCC = True
break
elif self.cmdcl == cc:
validCC = True
break
# if the command class is valid, evaluate the
# command and then remaining payload
if validCC == True:
validPloadLen = validatePayload(self)
# if the source ID and destination ID are equal, it
# is a loopback error and not possible under normal
# network operations. Misuse case!
if self.srcID == self.dstID:
loopBack = True
elif self.header == 5:
if self.srcID == "1":
validSrc = True
if self.length <= 22:
validLen = True
if self.cmdcl == "20":
validCC = True
if len(self.pload) <= 22:
validPloadLen = True
validDst = True
# This allows discovery of headers that are not supposed to
# be used per ITU-T G.9959 Recommendation.
# e.g., RaZberry Pi uses Header 5 in some cases. Header 5
# is reserved and should not be used.
else:
print "Header is ", self.header
validLen = True
validSrc = True
validDst = True
validCC = True
validPloadLen = True
# MSDU length is incorrect.
if validLen == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True:
logFile = open("IDS_Log", "a")
logFile.write("[" + time_now + "] " + "Packet is too long. Length = " + str(self.length) + "\n")
logFile.close()
# Source ID is not recognized
elif validSrc == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True:
logFile = open("IDS_Log", "a")
logFile.write("[" + time_now + "] " + "Source ID is invalid. Source ID = " + str(self.srcID) + "\n")
logFile.close()
# Source ID is not recognized
elif validDst == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True:
logFile = open("IDS_Log", "a")
logFile.write(
"[" + time_now + "] " + "Destination ID is invalid. Destination ID = " + str(self.dstID) + "\n"
)
logFile.close()
# Source ID does exists. Now, check if the correct
# command class is used.
elif validCC == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True:
logFile = open("IDS_Log", "a")
logFile.write(
"[" + time_now + "] " + "Command Class is invalid. Command Class = " + str(self.cmdcl) + "\n"
)
logFile.close()
# Command class is supported but payload length is incorrect.
elif validPloadLen == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True:
logFile = open("IDS_Log", "a")
logFile.write(
"[" + time_now + "] " + "Payload length is invalid. Payload length = " + str(len(self.pload)) + "\n"
)
logFile.close()
# Invalid Routed Frame
elif validRouted == False and Checksums.verify_checksum(packet_receive, ZWaveReq) == True:
logFile = open("IDS_Log", "a")
logFile.write("[" + time_now + "] " + "Invalid Routed Frame" + str(len(self.pload)) + "\n")
logFile.close()
# if the packet checks out, verify checksum to ensure the packet
# is not malformed
else:
if Checksums.verify_checksum(packet_receive, ZWaveReq) == True:
logFile = open("IDS_Log", "a")
logFile.write( # "[" + time_now + "] " + "Good Packet: " +
str(parse_Packet(packet_receive, 3)) + "-> End Good packet\n"
)
logFile.close()
if self.srcID == "1" or loopBack == True:
capture_packet = (
"["
+ time_now
+ "] "
+ self.srcID
+ " "
+ self.dstID
+ " "
+ str(self.length)
+ " "
+ self.cmdcl
+ " "
+ self.pload
)
logFile = open("Captured_Packets_Log", "a")
logFile.write(capture_packet + "\n")
logFile.close()
