def set_security(self, policy, certificate_path, private_key_path, server_certificate_path=None, mode=ua.MessageSecurityMode.SignAndEncrypt): """ Set SecureConnection mode. Call this before connect() """ if server_certificate_path is None: # load certificate from server's list of endpoints endpoints = self.connect_and_get_server_endpoints() endpoint = Client.find_endpoint(endpoints, mode, policy.URI) server_cert = uacrypto.x509_from_der(endpoint.ServerCertificate) else: server_cert = uacrypto.load_certificate(server_certificate_path) cert = uacrypto.load_certificate(certificate_path) pk = uacrypto.load_private_key(private_key_path) self.security_policy = policy(server_cert, cert, pk, mode) self.bclient.set_security(self.security_policy)
def set_security(self, policy, certificate_path, private_key_path, server_certificate_path=None, mode=ua.MessageSecurityMode.SignAndEncrypt): """ Set SecureConnection mode. Call this before connect() """ if server_certificate_path is None: # load certificate from server's list of endpoints endpoints = self.connect_and_get_server_endpoints() endpoint = Client.find_endpoint(endpoints, mode, policy.URI) server_cert = uacrypto.x509_from_der(endpoint.ServerCertificate) else: server_cert = uacrypto.load_certificate(server_certificate_path) cert = uacrypto.load_certificate(certificate_path) pk = uacrypto.load_private_key(private_key_path) self.security_policy = policy(server_cert, cert, pk, mode) self.uaclient.set_security(self.security_policy)
def load_private_key(self, path): self.user_private_key = uacrypto.load_private_key(path)
def load_private_key(self, path): self.private_key = uacrypto.load_private_key(path)
def load_private_key(self, path): """ Load user private key. This is used for authenticating using certificate """ self.user_private_key = uacrypto.load_private_key(path)
def load_private_key(self, path): self.iserver.private_key = uacrypto.load_private_key(path)
from scapy.all import * from opcua.crypto import security_policies, uacrypto from opcua.ua import ua_binary from opcua.ua.ua_binary import Primitives from opcua.common.utils import Buffer from opcua.ua.ua_binary import _Bytes from opcua.ua.ua_binary import * from opcua import ua from opcua.ua.uaprotocol_auto import ReadResponse client_ip = '192.168.253.1' server_ip = '192.168.253.25' packet_list = rdpcap('87654321.pcapng') client_private_key = uacrypto.load_private_key('uaexpert_key.pem') server_private_key = uacrypto.load_private_key('uaserver.pem') # In case of you use Basic256Rsa256 as security policy client_decriptor = security_policies.DecryptorRsa(client_private_key, uacrypto.decrypt_rsa_oaep, 42) server_decriptor = security_policies.DecryptorRsa(server_private_key, uacrypto.decrypt_rsa_oaep, 42) raw_list = [] dst_ip_list = [] def get_server_nonce(payload): data = payload[-512:] try: result = client_decriptor.decrypt(data) server_nonce = result[64:96] print('server_nance: '+ str(server_nonce)) return server_nonce except ValueError:
from opcua.crypto import security_policies, uacrypto from scapy.all import * # pk = uacrypto.load_private_key('uaexpert_key.pem') pk = uacrypto.load_private_key('uaserver.pem') dcry = security_policies.DecryptorRsa(pk, uacrypto.decrypt_rsa_oaep, 42) cl_dec_rsa = security_policies.DecryptorRsa(pk, uacrypto.decrypt_rsa15, 11) packet_list = rdpcap('temp.pcapng') raw_list = [] for packet_list_n in range(len(packet_list)): if 'Raw' in packet_list[packet_list_n]: raw_list.append(packet_list[packet_list_n][Raw].load) for raw_list_n in range(len(raw_list)): try: target = raw_list[raw_list_n] + raw_list[raw_list_n + 1] enc = target[-512:] print('-----------') x = dcry.decrypt(enc) # print(enc) print(x) print('+++++++++++') print(x.decode()) except ValueError: pass except TypeError: pass except IndexError: pass