def issue(self):
value = r_uint32()
self.packet(0, 0, self.INIT, self.ISSUE, 0, 0)
self.write(struct.pack('<I', value))
card_id = Variable('card' + str(self.state['counter']))
card_id.set_slice(0)
self.state['counter'] += 1
auth_code = Variable('auth' + str(self.state['counter']))
auth_code.set_slice(0)
self.state['counter'] += 1
tid = Variable('trans' + str(self.state['counter']))
tid.set_slice(0)
self.state['counter'] += 1
self.read(length=4, assign=card_id)
self.read(length=4, assign=auth_code)
self.read(length=3,
expect=struct.pack('<BBB', self.INIT, self.ISSUE, self.OK))
self.read(length=4, assign=tid)
self.packet(card_id, auth_code, self.FIN, self.ISSUE, self.OK, tid)
self.rpacket(self.FIN, self.ISSUE, self.OK)
self.state['cards'][(card_id, auth_code)] = value
def get_orders(self):
'''
Get orders from tables with Customers that are ready to order.
'''
self.send_cmd(self.CMD_GET_ORDERS)
if DEBUG:
print "cmd: get orders -----------"
orders = self.state['e'].get_orders(self.magic_page)
# recv order count
self.read(length=1, expect=sp.pack_single_uint8(len(orders)))
if DEBUG:
print " {0} orders: {1}".format(len(orders), orders)
for o in orders:
[(p_tid, p_cid, p_ft, p_fi)
] = self.state['e'].pack_orders_tuples([o])
# recv orders
f = Variable('food{0}'.format(o.cid))
f.set_slice(0)
i = Variable('id{0}'.format(o.cid))
i.set_slice(0)
self.read(length=len(p_tid), expect=p_tid)
self.read(length=len(p_cid), assign=i)
self.read(length=len(p_ft), expect=p_ft)
self.read(length=len(p_fi), assign=f)
self.state['food_item'][o.cid] = f
self.state['c_ids'][o.cid] = i
self.recv_status(self.STATUS_OK)
return 0
def start(self):
self.LIST_TYPE = choice(['INT32', 'DBL64'])
self.LIST_SIZE = randint(5, 1005)
self.state['m'] = MathSupport(list_type=self.LIST_TYPE,
list_size=self.LIST_SIZE)
self.state['created'] = False
self.state['cnonce'] = Variable('cnonce')
self.state['cnonce'].set_slice(0, 8)
self.state['enonce'] = Variable('enonce')
self.state['enonce'].set_slice(0, 8)
def test_variable(self):
with self.assertRaises(TypeError):
Variable()
with self.assertRaises(AssertionError):
Variable('!')
x = Variable('foo')
# can't 'set' without defining the value to set
with self.assertRaises(AssertionError):
x.get_set()
# can't 'read' without defining what to read
with self.assertRaises(AssertionError):
x.get_read()
# can't 'write' until value has been set
with self.assertRaises(AssertionError):
x.get_write()
with self.assertRaises(AssertionError):
x.set_re(None)
x.set_re('(.*)')
self.assertEquals(
x.get_read(), '<assign> <var>foo</var> '
'<pcre>(.*)</pcre> </assign>')
x.set_value('hi')
with self.assertRaises(AssertionError):
x.get_read()
self.assertEquals(
x.get_set(), '<decl> <var>foo</var> '
'<value> <data>hi</data> </value> </decl>')
with self.assertRaises(AssertionError):
x.set_slice("1")
with self.assertRaises(AssertionError):
x.set_slice(0, "1")
x.set_slice(0)
self.assertEquals(
x.get_read(), '<assign> <var>foo</var> <slice '
'begin="0" /> </assign>')
x.set_slice(1, 2)
self.assertEquals(
x.get_read(), '<assign> <var>foo</var> <slice '
'begin="1" end="2" /> </assign>')
self.assertEquals(x.get_write(), '<var>foo</var>')
def start(self):
self.results = 0
self.result_xml = []
self.balance = random.randint(1, 20) * 2
self.purchase_song_sid = ""
self.price = 0
self.term = Variable('term')
self.attribute = Variable('attribute')
self.limit = Variable('limit')
self.songsLeft = self.balance
self.read(delim="\n", expect=r'ID=[A-z]{32}\n', expect_format='pcre')
self.write("BALANCE=" + str(self.balance) + "\x07")
def start(self):
if DEBUG:
print "------- start -----------"
self.state['s'] = NOPE(flag_page=self.magic_page)
self.state['tids'] = set()
self.state['usernames'] = {}
self.state['sessions'] = {}
re = '(.*)'
self.state['randkey'] = Variable("randkey")
self.state['randkey'].set_re(re)
self.state['pwd'] = Variable("pwd")
self.state['pwd'].set_re(re)
def POV1(self):
command = "/auth/FLAG\n"
args1 = "0:povuser:password\n"
self.write(command)
self.write(args1)
password_regex = '(.*)\n'
flagPassword = Variable('flagPassword')
flagPassword.set_re(password_regex, group=1)
self.read(delim="\n", assign=flagPassword)
args2 = "0:povuser:"******"\n")
command = "/token/FLAG\n"
subscriptions_string = "FLAG"
args_regex = "0:povuser:"******"([0-9a-f]{" + str(
len(subscriptions_string) * 2) + "})" + ":"
args_regex += "FLAG"
args_regex += "\n"
signature = Variable('signature')
signature.set_re(args_regex, group=1)
self.read(delim="\n", expect=command)
self.read(delim="\n", assign=signature)
args1 = "0:povuser:"******":FLAG\n"
self.write(command)
self.write(args1)
self.write(signature)
self.write(args3)
command = "/subscribe/FLAG\n"
token_re = "([0-9a-zA-Z]{9}-[0-9a-zA-Z]{8}-[0-9a-zA-Z]{8}-[0-9a-zA-Z]{8}-[0-9a-zA-Z]{3}):latest\n"
token = Variable("token")
token.set_re(token_re, group=1)
self.read(delim="\n", expect=command)
self.read(delim="\n", assign=token)
command = "/in/FLAG\n"
args = ":AAAAA:high\n"
self.write(command)
self.write(token)
self.write(args)
command = "/out/FLAG\n"
self.write(command)
self.write(token)
self.write(":end\n")
flag_re = "(.*)\n"
flag = Variable("flag")
flag.set_re(flag_re, group=1)
self.read(delim="\n", assign=flag)
def _auth(self, channel):
command = "/auth/" + channel + "\n"
user = random.choice(self.users)
if channel is "FLAG":
password = self._getAdminPassword()
if len(user['subscriptions']) == 0:
user['password'] = password
else:
password = user['password']
args = ":" + user['name'] + ":" + password + "\n"
self.write(command)
self.write(user['token'])
self.write(args)
if channel not in user['subscriptions'].keys():
user['subscriptions'][channel] = {'deliveryType': "latest"}
user['subscriptions'][channel]['index'] = len(
self.channels[channel]['queue'])
self.channels[channel]['subscriptions'][user['name']] = {
'index': user['subscriptions'][channel]['index']
}
command = "/token/" + channel + "\n"
subscriptions_string = ''.join(key
for key in user['subscriptions'].keys())
args_regex = "0" + ":" + user['name'] + ":" + "([0-9a-f]{" + str(
len(subscriptions_string) * 2) + "})" + ":"
args_regex += ','.join(
key for key in reversed(user['subscriptions'].keys()))
args_regex += "\n"
signature = Variable('signature')
signature.set_re(args_regex, group=1)
self.read(delim="\n", expect=command)
self.read(delim="\n", assign=signature)
args1 = "0" + ":" + user['name'] + ":"
args3 = ":" + ','.join(
key for key in reversed(user['subscriptions'].keys())) + "\n"
self.write(command)
self.write(args1)
self.write(signature)
self.write(args3)
command = "/subscribe/" + channel + "\n"
deliveryType = user['subscriptions'][channel][
'deliveryType'] #random.choice(self.deliveryType)
token_name = user['name'] + "token"
token_re = "([0-9a-zA-Z]{9}-[0-9a-zA-Z]{8}-[0-9a-zA-Z]{8}-[0-9a-zA-Z]{8}-[0-9a-zA-Z]{3}):" + deliveryType + "\n"
user['token'] = Variable(token_name)
user['token'].set_re(token_re, group=1)
self.read(delim="\n", expect=command)
self.read(delim="\n", assign=user['token'])
def devlist(self):
pkt = be16(0x0111)
pkt += be16(0x8008)
pkt += be32(0)
self.write(pkt)
pkt = be16(0x0111)
pkt += be16(0x0008)
pkt += be32(0)
pkt += be32(1)
self.read(length=0xC, expect=pkt)
pkt = "/sys/devices/pci0000:00/0000:00:1d.1/usb1/1-1"
pkt += '\x00' * (0x100 - len(pkt))
self.read(length=0x100, expect=pkt)
self.state['busid'] = Variable('busid')
self.state['busid'].set_slice(0)
self.read(length=0x20, assign=self.state['busid'])
self.read(length=0x08)
pkt = be32(3) + be16(0x6666) + be16(0xdead) + be16(
0x100) + '\x00\x00\x00\x00\x01\x01'
self.read(length=0x10, expect=pkt)
self.read(length=4, expect='\x08\x06\x50\x00')
def rpacket(self, pkt_type, op_code, status):
self.read(length=8) # we can't easily check these
tid = Variable('trans' + str(self.state['counter']))
tid.set_slice(0)
self.state['counter'] += 1
self.read(length=3,
expect=struct.pack('<BBB', pkt_type, op_code, status))
self.read(length=4, assign=tid)
return tid
def start(self):
"""
Intialize state.
"""
# The CB will first request a randomly-named index file. This is a
# unique case because this filename will be a Variable and its value,
# therefore, is inacccessible during poll generation.
idx_path = Variable("idxpath")
idx_path.set_slice(begin=0, end=-1)
self.read(delim=self.STRING_TERMINATOR, assign=idx_path)
self.state['idx_path'] = idx_path
def cmd_auth(self):
cmd = struct.pack('<b16s', CMD_AUTH, self.state['g_mkey'])
cmd = struct.pack('<I', len(cmd)) + cmd
self.write(cmd)
skey = Variable('skey')
skey.set_re('(.*)')
self.read(length=1, expect='\x00')
self.read(length=4, expect=struct.pack('<I', 16))
self.read(length=16, assign=skey)
self.state['g_session_key'] = skey
self.state['g_auth'] = 3
def _create_election(self):
'''
Create the election manager profile and setup the election parameters
'''
self._process_menu()
self.state['e'].authd_user = None
cmd = 0x11
self._send_str(cmd)
if True == self._is_menu_id_valid_op(cmd):
# create election mgr
self._receive_by_len(self.CREATE_E_MGR, term=CONFIG['TERM'])
mgr = self.state['e'].make_random_e_mgr()
self._send_first_last_name(mgr.f_name, mgr.l_name)
self._receive_by_len(self.NEW_UID)
self._receive_by_len(mgr.id, delim=CONFIG['DELIM'])
self._receive_by_len(self.NEW_AUTH_KEY)
auth_key = Variable('authkey')
auth_key.set_slice(0)
self.read(delim=CONFIG['DELIM'], assign=auth_key)
self.state['e'].set_e_mgr_auth_key(auth_key)
# send election name
self._receive_prompt_send_answer(self.ELECTION_NAME,
self.state['e'].name)
# set election conf
num_winners = randint(1, 4)
max_candidates = randint(5, 20)
write_in_ok = choice(['Y', 'N'])
self._receive_prompt_send_answer(self.NUM_WINNERS_Q, num_winners)
self._receive_prompt_send_answer(self.MAX_CANDIDATES_Q,
max_candidates)
self._receive_prompt_send_answer(self.WRITE_IN_OK_Q, write_in_ok)
self.state['e'].num_winners = num_winners
self.state['e'].max_candidates = max_candidates
self.state['e'].write_in_ok = 1 if 'Y' == write_in_ok else 0
self.state['e'].is_configured = True
# set state to NEW
self.state['e'].set_state('NEW')
# recv ELECTION_CREATED
self._receive_by_len(self.ELECTION_CREATED, term=CONFIG['TERM'])
return 0
else:
self._receive_fail()
return -1
def request_resource_wrong_token_failure(self):
auth_val = Variable('authval')
if len(filter(lambda x: x[1], self.users)) == 0:
self.auth_success_with_auth_val()
user = random.choice(filter(lambda x: x[1], self.users))
user_id_str = pack('l', user[0][0])
resource = random.choice(user[1])
self.write("REQR" + user_id_str + self.token + resource[0] + '\x07')
regex_str = 'Authentication failed for resource %s(.*)\x0a' % resource[
0]
auth_val.set_re(regex_str, group=1)
self.read(delim="\n", assign=auth_val)
self.read(delim="\n", expect="Please re-authenticate.\n")
def request_success(self):
my_token = Variable('token')
if len(filter(lambda x: x[1], self.users)) == 0:
self.auth_success_with_auth_val()
user = random.choice(filter(lambda x: x[1], self.users))
user_id_str = pack('l', user[0][0])
resource = random.choice(user[1])
self.write("REQR" + user_id_str)
self.write(resource[1])
self.write(resource[0] + '\x07')
regex_str = 'Access to %s is granted!(.*)\x0a' % resource[0]
my_token.set_re(regex_str, group=1)
self.read(delim="\n", assign=my_token)
def _vote(self):
'''
Place a vote.
'''
self._process_menu()
cmd = 0x24
self._send_str(cmd)
if True == self._is_menu_id_valid_op(cmd):
# check to see if there are any candidates to vote for
if 0 == self.state['e'].get_candidate_count():
self._receive_by_len(self.EMPTY_CANDIDATES,
term=CONFIG['TERM'])
else:
# read candidate list
self._receive_by_len(self.SELECT_CANDIDATE,
term=CONFIG['TERM'])
fmt = "\t{0}: {1} {2}\n"
for c in self.state['e'].candidates:
line = fmt.format(c.id, c.f_name, c.l_name)
self._receive_by_len(line)
self._receive_by_len(self.CHOOSE, term=CONFIG['TERM'])
# make selection
c = self.state['e'].get_random_candidate()
self._send_str(c.id)
# receive voting receipt
p1 = "Confirmation #"
p2 = " Vote recorded for candidate: {0} {1}.\n"
self._receive_by_len(p1)
vote_id = Variable('voteid{0}'.format(
self.state['e'].authd_user.id))
vote_id.set_slice(0)
self.read(delim='.', assign=vote_id)
self._receive_by_len(p2.format(c.f_name, c.l_name))
# record vote
v = Vote(vote_id, self.state['e'].authd_user, c)
self.state['e'].add_vote(v)
self.state['e'].authd_user = None
return 0
else:
self._receive_fail()
return -1
def attack1(self):
self.catchCriminalInCar()
self._getXInBoat()
self._getYInBoat()
self.x = 4
self.y = -1
moves = 0
criminalX_re = r'Criminal at \((-?\d+),'
criminalY_re = r' (-?\d+)\)\n'
criminalX = Variable('criminalX')
criminalY = Variable('criminalY')
criminalX.set_re(criminalX_re, group=1)
criminalY.set_re(criminalY_re, group=1)
#criminal_str = "Criminal at (" + str(self.x) + ", " + str(self.y) + ")\n"
#self.read(delim="\n", expect=criminal_str)
self.read(delim=",", assign=criminalX)
self.read(delim="\n", assign=criminalY)
move_str = self._makeMoveInBoat() + "#"
moves += 1
while moves < 100000:
while not self.harborMap[23 - self.y - 13][self.x + 10] == 1:
self._moveCriminalInBoat()
move_str += self._makeMoveInBoat() + "#"
moves += 1
self._moveCriminalInBoat()
move_str += self._moveLeftInBoat() + "#"
moves += 1
while not self.harborMap[23 - self.y - 13][self.x + 10] == 0:
self._moveCriminalInBoat()
move_str += self._makeMoveInBoat() + "#"
self.write(move_str)
caught_str = 'Criminal caught in ([0-9]*) moves\n'
self.read(delim="\n", expect=caught_str, expect_format='pcre')
flag_re = r'(.*)'
flag = Variable('flag')
flag.set_re(flag_re, group=1)
self.read(length=40, assign=flag)
def pov2(self):
command = "newTokens"
auth_type = "UserPass"
id_str = "4175" #str(self.id)
user = "******"
password = "******"
credential = user + "/" + password
payload = "AAAABBBBCCCCDDDDAAAABBBBCCCCD"
body = "Use=" + payload
message = command + "," + auth_type + "," + id_str + "," + credential + "," + body + "!"
self.write(message)
flag_re = r'Token=[0-9]{8};Expiration=[0-9]*;Use=AAAABBBBCCCCDDDDAAAABBBBCCCCD\?(.*)'
flag = Variable('flag')
flag.set_re(flag_re, group=1)
self.read(length=104, assign=flag)
def start(self):
"""
Intialize state.
"""
self.state['credits'] = 0
# get a legal filename (for use in other functions)
self.write("SUP\n")
self.read(delim='\n', expect="here're your files, plebian:")
self.read(delim='\n', expect="----------------------------")
token = Variable('legalfilename')
token.set_re(r'([a-z]{16})')
self.read(delim='\r', assign=token)
self.state['filename'] = token
def start(self):
n = random.randint(0, 32 * 1024)
data = random_bytes(n)
self.write('compress\n')
self.write(data + '\n')
compressed = Variable('compressed')
compressed.set_slice(0)
self.read(delim=end_marker, assign=compressed)
self.write('decompress\n')
self.write(compressed)
self.write('\n')
self.read(expect=data, length=len(data))
self.write('quit\n')
def _process_nonce(self):
nonce = Variable('nonce')
nonce.set_slice(0, None)
self.read(length=8, assign=nonce)
if self.chance(0.001):
cmd = self.state['m'].pack_single_uint32(0xAAAA)
cmd += self.state['m'].pack_single_uint32(0xBBBB)
self.write(cmd)
self._recv_error('ERR_INVALID_NONCE')
if self.DEBUG_ERR:
print('exiting due to incorrect nonce.')
return -1
else:
self.write(nonce)
return 0
def auth_success_with_auth_val(self):
user = random.choice(self.users)
user_id_str = pack('l', user[0][0])
resource = ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(9))
varname = resource + str(user[0][0])
variable = Variable(varname)
resource_item = [resource, variable]
user[1].append(resource_item)
self.write("AUTH" + user_id_str)
self.write(user[0][1])
self.write(resource + '\x07')
regex_str = 'Access to %s is granted!(.*)\x0a' % resource
variable.set_re(regex_str, group=1)
self.read(delim="\n", assign=variable)
def auth_failure_new_user(self):
user_id = random.randint(2, 100000)
while Counter(elem[0][0] for elem in self.users)[user_id] > 0:
user_id = random.randint(2, 100000)
user_id_str = pack('l', user_id)
varname = "user" + str(user_id)
variable = Variable(varname)
user_item = [user_id, variable]
self.users.append([user_item, []])
resource = ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(10))
self.write("AUTH" + user_id_str + self.token + resource + '\x07')
regex_str = 'Authentication failed for resource %s(.*)\x0a' % resource
variable.set_re(regex_str, group=1)
self.read(delim="\n", assign=variable)
def buy_postage(self):
'''
Sell postage to customer.
'''
self.send_cmd(self.CMD_BUY_POSTAGE)
if DEBUG:
print "cmd: buy postage"
stamp = Variable('stamp{0}'.format(self.state['e'].stamp_id()))
stamp.set_slice(0,3)
self.read(length=3, assign=stamp)
self.state['e'].add_stamp(stamp)
self.recv_status(self.STATUS_OK)
return 0
def printStats(self):
self.write("6")
total = Variable('totalwon')
total.set_re("Total won: (\d+)")
self.read(delim="\n", assign=total)
self.read(delim="\n", expect="Total lost: \d+", expect_format='pcre')
self.read(delim="\n", expect="Equations solved correctly: {}".format(self.state['solveEquation_correct']), expect_format='pcre')
self.read(delim="\n", expect="Equations solved incorrectly: {}".format(self.state['solveEquation'] - self.state['solveEquation_correct']), expect_format='pcre')
self.read(delim="\n", expect="Equations created correctly: {}".format(self.state['createEquation_correct']), expect_format='pcre')
self.read(delim="\n", expect="Equations created incorrectly: {}".format(self.state['createEquation'] - self.state['createEquation_correct']), expect_format='pcre')
self.read(delim="\n", expect="Solved perimeter problems {}".format(self.state['solvePerimeter_correct']), expect_format='pcre')
self.read(delim="\n", expect="Unsolved perimeter problems {}".format(self.state['solvePerimeter'] - self.state['solvePerimeter_correct']), expect_format='pcre')
self.read(delim="\n", expect="Solved volume problems {}".format(self.state['solveVolume_correct']), expect_format='pcre')
self.read(delim="\n", expect="Unsolved volume problems {}".format(self.state['solveVolume'] - self.state['solveVolume_correct']), expect_format='pcre')
self.read(delim="\n", expect="Solved area problems {}".format(self.state['solveArea_correct']), expect_format='pcre')
self.read(delim="\n", expect="Unsolved area problems {}".format(self.state['solveArea'] - self.state['solveArea_correct']), expect_format='pcre')
def _read_and_match_calculated_dbl64(self, val):
'''
This function will read the least significant byte of a double precision
float with a wildcard, and then read the other 7 bytes with an exact match.
Exact comparison with computed double precision floating point numbers
is non-deterministic when the numbers are computed in 2 different programming languages.
There are too many cases where the least significant digit or two
of a calculated float differ when calculated in C vs Python.
'''
exp_result = self.state['m'].pack_single(val)[1:]
# read 1 byte with wildcard
least_sig_byte = Variable('LSB')
least_sig_byte.set_slice(0, 1)
self.read(length=1, assign=least_sig_byte)
# read 7 bytes for exact match
self.read(length=len(exp_result), expect=exp_result)
def start(self):
#self.delay(100)
self.magic_idx = 0
reg_ex = '(.*)\?'
certificate = Variable('certificate')
certificate.set_re(reg_ex, group=1)
self.state['certificate'] = certificate
self.state['token'] = ''
revoked_token = Variable('revokedToken')
revoked_token.set_re(reg_ex, group=1)
self.state['revoked_token'] = revoked_token
revoked_cert = Variable('revokedCert')
revoked_cert.set_re(reg_ex, group=1)
self.state['revoked_cert'] = revoked_cert
issuer = Variable('issuer')
reg_ex = "Issuer=(.*);"
issuer.set_re(reg_ex, group=1)
self.state['issuer'] = issuer
signature = Variable('signature')
self.state['signature'] = signature
expiration = Variable('expiration')
self.state['expiration'] = expiration
self.id = random.randint(1,10000)
pass
def start(self):
self.username = random.choice(users)
self.uid = Variable('uid')
self.uid.set_re("HELLO " + self.username + " YOUR UID IS ([a-f0-9]+) HOW CAN I HELP YOU\\n", group=1)
def hello(self):
self.write('HELLO\n')
token = Variable('token')
token.set_re('OK ([0-9A-F]*)\n', group=1)
self.read(delim='\n', assign=token)
self.state['has_token'] = token
def compute(self):
"""
Really the only node that does anything. Handles the protocol
difference between NEW and OLD sessions; calls down to refresh_session()
for the actual work.
"""
DEBUG = GLOBAL_DEBUG and True
if DEBUG: print "compute()"
# Decide whether we will create a new session or exercise an existing one.
if (0 == len(self.state['sessions']) or # no existing sessions
(
0 == randint(0, 1) # we choose to create a new session
and SESSIONS_MAX > len(self.state['sessions']) + 1)
): # ...and we have space
# Condition:
# - we're opening a new session
if DEBUG: print "NEW session"
# *** NEW SESSION ***
# CRS -> CB: 4B MAGIC_NEW_SESSION
# CRS <- CB: 4B (generated) session ID
# CRS -> CB: 4B session ID | 2B session SZ -- THIS DOESN'T EXIST IN OLD SESSION
# CRS -> CB: 4B session ID | opcodes (of length session->sz)
# CRS <- CB: 4B session ID | scratch area (of length SCRATCH_SZ)
# CRS -> CB: 4B MAGIC_NEW_SESSION
self.write(struct.pack("<L", MAGIC_NEW_SESSION))
# CRS <- CB: 4B (generated) session ID
session_id_idx = len(self.state['sessions'])
self.state['session_vars'][session_id_idx] = deepcopy(
Variable("session%02d" % session_id_idx))
# Populate the session ID Variable object.
self.state['session_vars'][session_id_idx].set_slice(0, None)
self.read(length=4,
assign=self.state['session_vars'][session_id_idx])
# Now that we have the session ID, let's initialize the session.
# We limit opcode length to avoid forever poll generation.
# Opcode length must be a multiple of OPERATION_SZ.
sz_tmp = randint(16, OPCODE_SZ_UTILIZED)
sz_tmp = sz_tmp - (sz_tmp % OPERATION_SZ
) # floor to nearest multiple
self.state['sessions'][session_id_idx] = {
'sz': sz_tmp,
'opcodes': None,
'scratch': ["\x00"] * SCRATCH_SZ
}
# CRS -> CB: 4B session ID | 2B session SZ -- THIS STEP DOESN'T EXIST IN OLD SESSION
self.write(self.state['session_vars'][session_id_idx])
self.write(
struct.pack("<H",
self.state['sessions'][session_id_idx]['sz']))
else:
# Condition:
# - we're using an existing session
if DEBUG: print "OLD session"
# *** OLD SESSION ***
# CRS -> CB: 4B (existing) session ID
# CRS <- CB: 4B (reflected) session ID
# CRS -> CB: 4B session ID | opcodes (of length session->sz)
# CRS <- CB: 4B session ID | scratch area (of length SCRATCH_SZ)
# CRS -> CB: 4B (existing) session ID
session_id_idx = choice(self.state['session_vars'].keys())
self.write(self.state['session_vars'][session_id_idx])
# CRS <- CB: 4B (reflected) session ID
# self.read(length=4, expect=session_id) # NOTE: pending DARPA support
self.read(length=4)
#### The following is common for both NEW and OLD sessions.
# We've agreed on the session we will interact with.
# Let's give the CB something new to compute.
self.state['sessions'][session_id_idx] = refresh_session(
self.state['sessions'][session_id_idx], DEBUG)
# CRS -> CB: 4B session ID | opcodes (of length session->sz)
self.write(self.state['session_vars'][session_id_idx])
self.write(self.state['sessions'][session_id_idx]['opcodes'])
# CRS <- CB: 4B session ID | scratch area (of length SCRATCH_SZ)
# self.read(length=4, expect=session_id) # NOTE: pending DARPA support
self.read(length=4)
self.read(length=SCRATCH_SZ,
expect=self.state['sessions'][session_id_idx]['scratch'])
