async def RpcCall(self, host, prog, vers, proc, data):
# logging.debug("RpcCall ip %s prog \"%s\" proc \"%s\"", host, prog, proc)
rpccall = {
"xid": self.getXid(),
"type": "call",
"content": {
"prog": prog,
"proc": proc,
"vers": vers,
"cred": {
"flavor": "unix",
"content": {
"stamp": self.rpc_auth_stamp
}
},
"verf": {
"flavor": "null",
"content": None
}
}
}
rpcdata = RpcMsg.build(rpccall)
payload = Aligned(4, GreedyBytes).build(data)
future_reply = asyncio.wrap_future(
self.receiver.addCall(rpccall['xid']))
self.rpc_sock.sendto(rpcdata + payload, host)
return await future_reply
def RpcCall(self, sock, host, prog, vers, proc, data):
#logging.debug("NfsClient: RpcCall ip %s prog \"%s\" proc \"%s\"", ip, prog, proc)
rpccall = {
"xid": self.getXid(),
"type": "call",
"content": {
"prog": prog,
"proc": proc,
"vers": vers,
"cred": {
"flavor": "unix",
"content": {
"stamp": self.rpc_auth_stamp
}
},
"verf": {
"flavor": "null",
"content": None
}
}
}
rpcdata = RpcMsg.build(rpccall)
sock.sendto(rpcdata+Aligned(4, GreedyBytes).build(data), host)
receive_timeouts = 0
while receive_timeouts < self.max_receive_timeout_count:
try:
data = self.SocketRecv(sock, 1)
except ReceiveTimeout:
receive_timeouts += 1
else:
if len(data) == 0:
logging.warning("NfsClient: RpcCall: no data received!")
receive_timeouts += 1
else:
rpcreply = RpcMsg.parse(data)
break
if receive_timeouts >= self.max_receive_timeout_count:
raise RuntimeError("RpcCall failed after {} timeouts".format(receive_timeouts))
if rpcreply.content.reply_stat != "accepted":
raise RuntimeError("RPC call denied: "+rpcreply.content.reject_stat)
if rpcreply.content.content.accept_stat != "success":
raise RuntimeError("RPC call unsuccessful: "+rpcreply.content.content.accept_stat)
return rpcreply.content.content.content
from paradox.lib.crypto import encrypt, decrypt
from paradox.lib.async_message_manager import RAWMessageHandler
import asyncio
from paradox.config import config as cfg
logger = logging.getLogger('PAI').getChild(__name__)
ip_message = Struct(
"header" / Aligned(
16,
Struct(
"sof" / Const(0xaa, Int8ub),
"length" / Int16ul,
"unknown0" / Default(Int8ub, 0x01),
"flags" / Int8ub,
"command" / Int8ub,
"sub_command" / Default(Int8ub, 0x00),
'unknown1' / Default(Int8ub, 0x00),
'encrypt' / Default(Int8ub, 0x03),
), b'\xee'), "payload" / Aligned(16, GreedyBytes, b'\xee'))
ip_payload_connect_response = Struct(
'command' / Const(0x00, Int8ub), 'key' / Bytes(16), 'major' / Int8ub,
'minor' / Int8ub, 'ip_major' / Default(Int8ub, 5),
'ip_minor' / Default(Int8ub, 2), 'unknown' / Default(Int8ub, 0x00),
'unknown2' / Default(Int8ub, 0x00), 'unknown3' / Default(Int8ub, 0x00),
'unknown4' / Default(Int8ub, 0xee))
class ClientConnection():
ECDSA_SHA1 = 0x010002
RSA4096_SHA256 = 0x010003
RSA2048_SHA256 = 0x010004
ECDSA_SHA256 = 0x010005
@property
def signature_alg(self) -> SignatureAlgorithm:
return SignatureAlgorithm[self.name.split('_')[0]]
@property
def hash_alg(self) -> str:
return self.name.split('_')[1]
signature = Aligned(
0x40,
Struct('type' / EnumConvert(Int32ub, SignatureType),
'data' / Bytes(lambda this: this.type.signature_alg.mod_size)))
certificates = StrictGreedyRange(
InliningStruct(
'signature' / signature,
'__raw_cert__' @ AttributeRawCopy(
Aligned(
0x40,
InlineStruct(
'issuer' / PaddedString(0x40, 'ascii'),
'key_type' / EnumConvert(Int32ub, SignatureAlgorithm),
'name' / PaddedString(0x40, 'ascii'),
'_unk1' / Int32ub, # might be a timestamp?
'key' / SwitchNoDefault(
this.key_type,
{t: t.key_construct
"header" / WmiBufferHeader,
"payload" / Bytes(lambda this: this.header.wnode.saved_offset -
WmiBufferHeader.sizeof()),
"padding" / Bytes(lambda this: this.header.wnode.buffer_size - this.header.
wnode.saved_offset))
# An ETL file is structured by ETL chunks until the end
EtlLogFile = GreedyRange(EtlChunk)
# This is a common way to select any type of chunks
# We add name selecting as computed to handle typing during parsing
Chunk = Aligned(
8,
Select(
Struct("type" / Computed("PerfInfoTraceRecord"),
"value" / PerfInfoTraceRecord),
Struct("type" / Computed("EventRecord"), "value" / EventRecord),
Struct("type" / Computed("TraceRecord"), "value" / TraceRecord),
Struct("type" / Computed("SystemTraceRecord"),
"value" / SystemTraceRecord),
Struct("type" / Computed("WinTraceRecord"), "value" / WinTraceRecord)))
ChunkParser = RepeatUntil(
lambda x, lst, ctx: len(x._io.getbuffer()) == x._io.tell(), Chunk)
class IEtlFileObserver(metaclass=ABCMeta):
"""
This is etl file observer
Parse sequentially an etl file and commit event when found a particular event
"""
@abstractmethod
"event_property" / EventHeaderPropertyFlag,
"thread_id" / Int32ul, "process_id" / Int32ul,
"timestamp" / Int64ul, "provider_id" / Guid,
"event_descriptor" / EventDescriptor,
"processor_time" / Int64ul, "activity_id" / Guid)
EventHeaderExtendedDataItem = Struct(
"reserved1" / Int16ul, "ext_type" / Int16ul, "reserved2" / Int16ul,
"data_size" / Int16ul, "data_item" / Bytes(lambda this: this.data_size))
EventRecord = AlignedStruct(
8, "mark1" / Computed(lambda this: this._io.tell()),
"event_header" / EventHeader, "extended_data" / If(
lambda this: this.event_header.flags.EVENT_HEADER_FLAG_EXTENDED_INFO,
RepeatUntil(lambda el, lst, this: not lst[-1].reserved2 & 0x1,
Aligned(8, EventHeaderExtendedDataItem))),
"mark2" / Computed(lambda this: this._io.tell()),
"user_data" / Bytes(lambda this: this.event_header.marker.version -
(this.mark2 - this.mark1)))
class Event:
"""
This is a python wrapper around construct struct to access interesting fields
"""
def __init__(self, source):
self.source = source
def get_process_id(self):
"""
Return the process id of issuer
import select
from construct import GreedyBytes, Struct, Aligned, Const, Int8ub, Bytes, this, Int16ub, Int16ul, BitStruct, Default, BitsInteger, Flag, Enum
from threading import Thread, Event
import binascii
import os
from paradox.lib.crypto import encrypt, decrypt
from paradox.interfaces import Interface
from paradox.config import config as cfg
ip_message = Struct(
"header" / Aligned(16,Struct(
"sof" / Const(0xaa, Int8ub),
"length" / Int16ul,
"unknown0" / Default(Int8ub, 0x01),
"flags" / Int8ub,
"command" / Int8ub,
"sub_command" / Default(Int8ub, 0x00),
'unknown1' / Default(Int8ub, 0x0a),
'encrypt' / Default(Int8ub, 0x00),
), b'\xee'),
"payload" / Aligned(16, GreedyBytes, b'\xee'))
ip_payload_connect_response = Aligned(16, Struct(
'command' / Const(0x00, Int8ub),
'key' / Bytes(16),
'major' / Int8ub,
'minor' / Int8ub,
'ip_major' / Default(Int8ub, 5),
'ip_minor' / Default(Int8ub, 2),
'unknown' / Default(Int8ub, 0x00)), b'\xee')
chunk = Struct(
"chunk_name" / Bytes(4),
"size" / Int32ub,
"payload" / Aligned(
4,
FixedSized(
this.size,
Switch(
this.chunk_name,
{
# "Abst" : chunk_abst,
b"Atom": Atom,
b"AtU8": AtU8,
b"Attr": Attr,
b"CInf": CInf,
b"Code": Code,
b"ExpT": ExpT,
# "FunT" : chunk_funt,
b"ImpT": ImpT,
# "Line" : chink_line,
b"LitT": LitT,
b"LocT": LocT,
# "StrT" : chunk_strt,
# "Trac" : chunk_trac,
},
default=GreedyBytes))),
)
__all__ = ["chunk"]
import logging
from collections import namedtuple
from construct import Aligned, Struct, Int8ul, Int16ul, Int32ul, Padded
from . import bagl_font
from . import bagl_glyph
from .automation import TextEvent
bagl_component_t = Aligned(4, Struct(
"type" / Int8ul,
"userid" / Int8ul,
"x" / Int16ul,
"y" / Int16ul,
"width" / Int16ul,
"height" / Int16ul,
"stroke" / Int8ul,
"radius" / Int8ul,
"fill" / Padded(4, Int8ul),
"fgcolor" / Int32ul,
"bgcolor" / Int32ul,
"font_id" / Int16ul,
"icon_id" / Int8ul,
))
BAGL_FILL = 1
BAGL_FILL_CIRCLE_1_OCTANT = 1
BAGL_FILL_CIRCLE_2_OCTANT = 2
BAGL_FILL_CIRCLE_3_OCTANT = 4
BAGL_FILL_CIRCLE_4_OCTANT = 8
BAGL_FILL_CIRCLE_5_OCTANT = 16
IPMessageRequest = Struct(
"header" / Aligned(
16,
Struct(
"sof" / Const(0xAA, Int8ub),
"length" / Rebuild(
Int16ul, lambda ctx: len(ctx._.payload)
if "payload" in ctx._ else 0),
"message_type" / Default(IPMessageType, 0x03),
"flags" / BitStruct(
"bit8" / Default(Flag, False),
"keep_alive" / Default(Flag, False),
"live_events" / Default(Flag, False),
"neware" / Default(Flag, False),
"installer_mode" / Default(Flag, False),
"bit3" / Default(Flag, False),
"upload_download" / Default(Flag, False),
"encrypt" / Default(Flag, True),
),
"command" / Default(IPMessageCommand, 0x00),
"sub_command" / Default(Int8ub, 0x00),
"wt" / Default(Int8ub, 0x00), # WT - 14
"sb" / Default(Int8ub, 0x00), # SB: 0
"cryptor_code" / Default(
Enum(Int8ub, none=0, aes_256_ecb=1, old_module=0xEE), "none"),
"_not_used" / Padding(1, b"\xee"),
"sequence_id" / Default(Int8ub, 0xEE),
),
b"\xee",
),
"payload" / Default(