def tgenerate(self, tshark_pkt):
"""Generates a template from a tshark packet.
Parameters
----------
tshark_pkt : :obj:``
The packet generated by Pyshark.
Returns
-------
:obj: `Template`
The `Tempalate` generated from the packets.
"""
pkt_raw = tshark_pkt.get_raw_packet()
pkt_len = len(tshark_pkt)
# Generation of the `Template`
template = Template(
"Building", raw=pkt_raw, description="Template automatically generated by polymorph.")
# Filtering and adding the `TLayer` objects to the `Template`
tshark_layers = [
l for l in tshark_pkt.layers if "_raw" not in l.layer_name.lower()]
for tshark_layer in tshark_layers:
# Generation of the `Tlayer`
try:
lraw = getattr(
tshark_pkt, tshark_layer.layer_name + "_raw").value
except AttributeError:
continue
if type(lraw) is list:
lraw = lraw[0]
lraw = bytes.fromhex(lraw)
tlayer_len = len(lraw)
try:
tlayer_start = pkt_raw.index(lraw)
lslice = slice(tlayer_start, tlayer_start + tlayer_len)
tlayer = TLayer(name=tshark_layer.layer_name.upper(),
lslice=lslice, pkt_raw=pkt_raw)
# Filtering and adding the `TField` objects to the `TLayer`
for f in self._get_tlayer_fields(tshark_layer, tlayer, pkt_raw):
tlayer.addfield(f)
# If it corresponds to a reassembled layer
except ValueError:
lslice = slice(0, tlayer_len)
lname = tshark_layer.layer_name.upper() + " (REASSEMBLED)"
tlayer = TLayer(name=lname,
lslice=lslice, pkt_raw=lraw)
# Filtering and adding the `TField` objects to the `TLayer`
for f in self._get_tlayer_fields(tshark_layer, tlayer, lraw):
tlayer.addfield(f)
# Adding the `TLayer` to the `Template`
template.addlayer(tlayer)
# We changed the name of the template
template.name = self._name(template.layernames())
return template
def tgenerate(self, scapy_pkt, tshark_pkt, name):
"""Generates a template from a scapy and tshark packet.
Parameters
----------
scapy_pkt : :obj:``
The packet generated by Scapy.
tshark_pkt : :obj:``
The packet generated by Pyshark.
name : str
The name of the `Template`.
Returns
-------
:obj: `Template`
The `Tempalate` generated from the packets.
"""
raw = bytes(scapy_pkt).hex()
pkt_len = len(scapy_pkt)
template = Template(name, raw=raw)
# Adding the layers that scapy is able to dissect to the template
for l in self._getlayers(scapy_pkt):
offset = pkt_len - len(l)
lslice = str(slice(offset, pkt_len)).encode().hex()
layer = TLayer(name=l.__class__.__name__, lslice=lslice, raw=raw)
for f in self._scapyfields(l, offset, scapy_pkt, layer):
layer.addfield(f)
template.addlayer(layer)
# Adding layers that scapy is not able to dissect using tshark
if scapy_pkt.lastlayer().name == "Raw":
nlayers = len(list(self._getlayers(scapy_pkt)))
for l in tshark_pkt.layers[nlayers - 1:]:
# Use it in case you want to delete scapy layers
# offset = len(scapy_pkt) - len(raw)
offset = 0
fields_slices = self._slices(l, offset)
if fields_slices:
lslice = str(slice(fields_slices[0][1].start,
pkt_len)).encode().hex()
else:
lslice = str(
slice(pkt_len - len(scapy_pkt['Raw']),
pkt_len)).encode().hex()
layer = TLayer(name="Raw." + str(l.layer_name.upper()),
lslice=lslice,
raw=raw,
custom=True)
for f in self._tsharkfields(tshark_pkt, l, scapy_pkt,
fields_slices, layer):
layer.addfield(f)
template.addlayer(layer)
return template
def read(self, path):
"""Reads a `Template` from disk.
Parameters
----------
path: str
Path from which the template will be read.
"""
with open(path) as t:
template = json.load(t)
# Reading layers
self._name = template['Name']
self._version = template['Version']
self._timestamp = template['Timestamp']
self._description = template['Description']
self._raw = template['raw']
self._functions = template['Functions']
for layer in template['layers']:
l = TLayer(layer['name'],
raw=self._raw,
lslice=layer['lslice'],
custom=layer['custom'])
# Reading the structs
structs = layer["structs"]
# Reading fields
for field in layer['fields']:
ftype = field['type']
if ftype[0] == str(int):
ftype = (int, ftype[1])
elif ftype[0] == str(str):
ftype = (str, ftype[1])
elif ftype[0] == str(bytes):
ftype = (bytes, ftype[1])
f = TField(name=field['name'],
value=bytearray.fromhex(field['value']),
raw=self._raw,
tslice=field['slice'],
custom=field['custom'],
size=field['size'],
ftype=ftype,
frepr=field['frepr'])
f.layer = l
l.addfield(f)
# Initialization of the structs
for f in structs:
l.add_struct(f, structs[f]['fdeps'], structs[f]['sb'],
structs[f]['exp'])
self.addlayer(l)
def read(self, path):
"""Reads a `Template` from disk.
Parameters
----------
path: str
Path from which the template will be read.
"""
with open(path) as t:
template = json.load(t)
# Reading and loading the template
self._name = template['Name']
self._version = template['Version']
self._timestamp = template['Timestamp']
self._description = template['Description']
self._raw = bytes.fromhex(template['raw'])
self._functions = template['Functions']
# Reading and loading the layers
for layer in template['layers']:
l = TLayer(layer['name'], pkt_raw=self._raw,
lslice=eval(layer['lslice']))
# Reading the structs
structs = layer["structs"]
# Reading and loading the fields
for field in layer['fields']:
f = TField(fname=field['name'],
fslice=eval(field['slice']),
fsize=field['size'],
pkt_raw=self._raw,
trepr=field['trepr'],
ttype=field['ttype'],
tmask=field['mask'],
layer=l,
ftype=Ftype(field['type']),
frepr=field['frepr'] if Ftype(field['type']) !=
Ftype.FT_BYTES else bytes.fromhex(field['frepr']))
l.addfield(f)
# Initialization of the structs
for f in structs:
l.add_struct(f, structs[f]['fdeps'],
structs[f]['sb'], structs[f]['exp'])
self.addlayer(l)