def set_security(self, policy, certificate_path, private_key_path,
server_certificate_path=None,
mode=ua.MessageSecurityMode.SignAndEncrypt):
"""
Set SecureConnection mode.
Call this before connect()
"""
if server_certificate_path is None:
# load certificate from server's list of endpoints
endpoints = self.connect_and_get_server_endpoints()
endpoint = Client.find_endpoint(endpoints, mode, policy.URI)
server_cert = uacrypto.x509_from_der(endpoint.ServerCertificate)
else:
server_cert = uacrypto.load_certificate(server_certificate_path)
cert = uacrypto.load_certificate(certificate_path)
pk = uacrypto.load_private_key(private_key_path)
self.security_policy = policy(server_cert, cert, pk, mode)
self.bclient.set_security(self.security_policy)
def set_security(self, policy, certificate_path, private_key_path,
server_certificate_path=None,
mode=ua.MessageSecurityMode.SignAndEncrypt):
"""
Set SecureConnection mode.
Call this before connect()
"""
if server_certificate_path is None:
# load certificate from server's list of endpoints
endpoints = self.connect_and_get_server_endpoints()
endpoint = Client.find_endpoint(endpoints, mode, policy.URI)
server_cert = uacrypto.x509_from_der(endpoint.ServerCertificate)
else:
server_cert = uacrypto.load_certificate(server_certificate_path)
cert = uacrypto.load_certificate(certificate_path)
pk = uacrypto.load_private_key(private_key_path)
self.security_policy = policy(server_cert, cert, pk, mode)
self.uaclient.set_security(self.security_policy)
def load_private_key(self, path):
self.user_private_key = uacrypto.load_private_key(path)
def load_private_key(self, path):
self.private_key = uacrypto.load_private_key(path)
def load_private_key(self, path):
"""
Load user private key. This is used for authenticating using certificate
"""
self.user_private_key = uacrypto.load_private_key(path)
def load_private_key(self, path):
self.iserver.private_key = uacrypto.load_private_key(path)
def load_private_key(self, path):
"""
Load user private key. This is used for authenticating using certificate
"""
self.user_private_key = uacrypto.load_private_key(path)
from scapy.all import *
from opcua.crypto import security_policies, uacrypto
from opcua.ua import ua_binary
from opcua.ua.ua_binary import Primitives
from opcua.common.utils import Buffer
from opcua.ua.ua_binary import _Bytes
from opcua.ua.ua_binary import *
from opcua import ua
from opcua.ua.uaprotocol_auto import ReadResponse
client_ip = '192.168.253.1'
server_ip = '192.168.253.25'
packet_list = rdpcap('87654321.pcapng')
client_private_key = uacrypto.load_private_key('uaexpert_key.pem')
server_private_key = uacrypto.load_private_key('uaserver.pem')
# In case of you use Basic256Rsa256 as security policy
client_decriptor = security_policies.DecryptorRsa(client_private_key, uacrypto.decrypt_rsa_oaep, 42)
server_decriptor = security_policies.DecryptorRsa(server_private_key, uacrypto.decrypt_rsa_oaep, 42)
raw_list = []
dst_ip_list = []
def get_server_nonce(payload):
data = payload[-512:]
try:
result = client_decriptor.decrypt(data)
server_nonce = result[64:96]
print('server_nance: '+ str(server_nonce))
return server_nonce
except ValueError:
from opcua.crypto import security_policies, uacrypto
from scapy.all import *
# pk = uacrypto.load_private_key('uaexpert_key.pem')
pk = uacrypto.load_private_key('uaserver.pem')
dcry = security_policies.DecryptorRsa(pk, uacrypto.decrypt_rsa_oaep, 42)
cl_dec_rsa = security_policies.DecryptorRsa(pk, uacrypto.decrypt_rsa15, 11)
packet_list = rdpcap('temp.pcapng')
raw_list = []
for packet_list_n in range(len(packet_list)):
if 'Raw' in packet_list[packet_list_n]:
raw_list.append(packet_list[packet_list_n][Raw].load)
for raw_list_n in range(len(raw_list)):
try:
target = raw_list[raw_list_n] + raw_list[raw_list_n + 1]
enc = target[-512:]
print('-----------')
x = dcry.decrypt(enc)
# print(enc)
print(x)
print('+++++++++++')
print(x.decode())
except ValueError:
pass
except TypeError:
pass
except IndexError:
pass
