1# Copyright (c) 2003-2016 CORE Security Technologies 2# 3# This software is provided under under a slightly modified version 4# of the Apache Software License. See the accompanying LICENSE file 5# for more information. 6# 7# Description: 8# Convenience packet unpackers for various network protocols 9# implemented in the ImpactPacket module. 10# 11# Author: 12# Javier Burroni (javier) 13# Bruce Leidl (brl) 14# Aureliano Calvo 15 16import array 17 18import ImpactPacket 19import dot11 20import IP6 21import ICMP6 22import IP6_Extension_Headers 23from cdp import CDP 24from Dot11Crypto import RC4 25from impacket import wps, eap, dhcp 26from impacket.dot11 import Dot11WEPData 27from impacket import LOG 28 29 30"""Classes to convert from raw packets into a hierarchy of 31ImpactPacket derived objects. 32 33The protocol of the outermost layer must be known in advance, and the 34packet must be fed to the corresponding decoder. From there it will 35try to decode the raw data into a hierarchy of ImpactPacket derived 36objects; if a layer's protocol is unknown, all the remaining data will 37be wrapped into a ImpactPacket.Data object. 38""" 39 40class Decoder: 41 __decoded_protocol = None 42 def decode(self, aBuffer): 43 pass 44 45 def set_decoded_protocol(self, protocol): 46 self.__decoded_protocol = protocol 47 48 def get_protocol(self, aprotocol): 49 protocol = self.__decoded_protocol 50 while protocol: 51 if protocol.__class__ == aprotocol: 52 break 53 protocol=protocol.child() 54 return protocol 55 56 def __str__(self): 57 protocol = self.__decoded_protocol 58 i=0 59 out='' 60 while protocol: 61 tabline=' '*i+'+-'+str(protocol.__class__) 62 out+="%s"%tabline+'\n' 63 protocol=protocol.child() 64 i+=1 65 return out 66 67class EthDecoder(Decoder): 68 def __init__(self): 69 pass 70 71 def decode(self, aBuffer): 72 e = ImpactPacket.Ethernet(aBuffer) 73 self.set_decoded_protocol( e ) 74 off = e.get_header_size() 75 if e.get_ether_type() == ImpactPacket.IP.ethertype: 76 self.ip_decoder = IPDecoder() 77 packet = self.ip_decoder.decode(aBuffer[off:]) 78 elif e.get_ether_type() == IP6.IP6.ethertype: 79 self.ip6_decoder = IP6Decoder() 80 packet = self.ip6_decoder.decode(aBuffer[off:]) 81 elif e.get_ether_type() == ImpactPacket.ARP.ethertype: 82 self.arp_decoder = ARPDecoder() 83 packet = self.arp_decoder.decode(aBuffer[off:]) 84 elif e.get_ether_type() == eap.DOT1X_AUTHENTICATION: 85 self.eapol_decoder = EAPOLDecoder() 86 packet = self.eapol_decoder.decode(aBuffer[off:]) 87 # LLC ? 88 elif e.get_ether_type() < 1500: 89 self.llc_decoder = LLCDecoder() 90 packet = self.llc_decoder.decode(aBuffer[off:]) 91 else: 92 self.data_decoder = DataDecoder() 93 packet = self.data_decoder.decode(aBuffer[off:]) 94 95 e.contains(packet) 96 return e 97 98# Linux "cooked" capture encapsulation. 99# Used, for instance, for packets returned by the "any" interface. 100class LinuxSLLDecoder(Decoder): 101 def __init__(self): 102 pass 103 104 def decode(self, aBuffer): 105 e = ImpactPacket.LinuxSLL(aBuffer) 106 self.set_decoded_protocol( e ) 107 off = 16 108 if e.get_ether_type() == ImpactPacket.IP.ethertype: 109 self.ip_decoder = IPDecoder() 110 packet = self.ip_decoder.decode(aBuffer[off:]) 111 elif e.get_ether_type() == ImpactPacket.ARP.ethertype: 112 self.arp_decoder = ARPDecoder() 113 packet = self.arp_decoder.decode(aBuffer[off:]) 114 elif e.get_ether_type() == eap.DOT1X_AUTHENTICATION: 115 self.eapol_decoder = EAPOLDecoder() 116 packet = self.eapol_decoder.decode(aBuffer[off:]) 117 else: 118 self.data_decoder = DataDecoder() 119 packet = self.data_decoder.decode(aBuffer[off:]) 120 121 e.contains(packet) 122 return e 123 124class IPDecoder(Decoder): 125 def __init__(self): 126 pass 127 128 def decode(self, aBuffer): 129 i = ImpactPacket.IP(aBuffer) 130 self.set_decoded_protocol ( i ) 131 off = i.get_header_size() 132 end = i.get_ip_len() 133 # If ip_len == 0 we might be facing TCP segmentation offload, let's calculate the right len 134 if end == 0: 135 LOG.warning('IP len reported as 0, most probably because of TCP segmentation offload. Attempting to fix its size') 136 i.set_ip_len(len(aBuffer)) 137 end = i.get_ip_len() 138 139 if i.get_ip_p() == ImpactPacket.UDP.protocol: 140 self.udp_decoder = UDPDecoder() 141 packet = self.udp_decoder.decode(aBuffer[off:end]) 142 elif i.get_ip_p() == ImpactPacket.TCP.protocol: 143 self.tcp_decoder = TCPDecoder() 144 packet = self.tcp_decoder.decode(aBuffer[off:end]) 145 elif i.get_ip_p() == ImpactPacket.ICMP.protocol: 146 self.icmp_decoder = ICMPDecoder() 147 packet = self.icmp_decoder.decode(aBuffer[off:end]) 148 elif i.get_ip_p() == ImpactPacket.IGMP.protocol: 149 self.igmp_decoder = IGMPDecoder() 150 packet = self.igmp_decoder.decode(aBuffer[off:end]) 151 else: 152 self.data_decoder = DataDecoder() 153 packet = self.data_decoder.decode(aBuffer[off:end]) 154 i.contains(packet) 155 return i 156 157class IP6MultiProtocolDecoder(Decoder): 158 def __init__(self, a_protocol_id): 159 self.protocol_id = a_protocol_id 160 161 def decode(self, buffer): 162 if self.protocol_id == ImpactPacket.UDP.protocol: 163 self.udp_decoder = UDPDecoder() 164 packet = self.udp_decoder.decode(buffer) 165 elif self.protocol_id == ImpactPacket.TCP.protocol: 166 self.tcp_decoder = TCPDecoder() 167 packet = self.tcp_decoder.decode(buffer) 168 elif self.protocol_id == ICMP6.ICMP6.protocol: 169 self.icmp6_decoder = ICMP6Decoder() 170 packet = self.icmp6_decoder.decode(buffer) 171 else: 172 # IPv6 Extension Headers lookup 173 extension_headers = IP6_Extension_Headers.IP6_Extension_Header.get_extension_headers() 174 if buffer and self.protocol_id in extension_headers: 175 extension_header_decoder_class = extension_headers[self.protocol_id].get_decoder() 176 self.extension_header_decoder = extension_header_decoder_class() 177 packet = self.extension_header_decoder.decode(buffer) 178 else: 179 self.data_decoder = DataDecoder() 180 packet = self.data_decoder.decode(buffer) 181 182 return packet 183 184class IP6Decoder(Decoder): 185 def __init__(self): 186 pass 187 188 def decode(self, buffer): 189 ip6_packet = IP6.IP6(buffer) 190 self.set_decoded_protocol(ip6_packet) 191 start_pos = ip6_packet.get_header_size() 192 end_pos = ip6_packet.get_payload_length() + start_pos 193 contained_protocol = ip6_packet.get_next_header() 194 195 multi_protocol_decoder = IP6MultiProtocolDecoder(contained_protocol) 196 child_packet = multi_protocol_decoder.decode(buffer[start_pos:end_pos]) 197 198 ip6_packet.contains(child_packet) 199 return ip6_packet 200 201class HopByHopDecoder(Decoder): 202 def __init__(self): 203 pass 204 205 def decode(self, buffer): 206 hop_by_hop = IP6_Extension_Headers.Hop_By_Hop(buffer) 207 self.set_decoded_protocol(hop_by_hop) 208 start_pos = hop_by_hop.get_header_size() 209 contained_protocol = hop_by_hop.get_next_header() 210 211 multi_protocol_decoder = IP6MultiProtocolDecoder(contained_protocol) 212 child_packet = multi_protocol_decoder.decode(buffer[start_pos:]) 213 214 hop_by_hop.contains(child_packet) 215 return hop_by_hop 216 217class DestinationOptionsDecoder(Decoder): 218 def __init__(self): 219 pass 220 221 def decode(self, buffer): 222 destination_options = IP6_Extension_Headers.Destination_Options(buffer) 223 self.set_decoded_protocol(destination_options) 224 start_pos = destination_options.get_header_size() 225 contained_protocol = destination_options.get_next_header() 226 227 multi_protocol_decoder = IP6MultiProtocolDecoder(contained_protocol) 228 child_packet = multi_protocol_decoder.decode(buffer[start_pos:]) 229 230 destination_options.contains(child_packet) 231 return destination_options 232 233class RoutingOptionsDecoder(Decoder): 234 def __init__(self): 235 pass 236 237 def decode(self, buffer): 238 routing_options = IP6_Extension_Headers.Routing_Options(buffer) 239 self.set_decoded_protocol(routing_options) 240 start_pos = routing_options.get_header_size() 241 contained_protocol = routing_options.get_next_header() 242 243 multi_protocol_decoder = IP6MultiProtocolDecoder(contained_protocol) 244 child_packet = multi_protocol_decoder.decode(buffer[start_pos:]) 245 246 routing_options.contains(child_packet) 247 return routing_options 248 249class ICMP6Decoder(Decoder): 250 def __init__(self): 251 pass 252 253 def decode(self, buffer): 254 icmp6_packet = ICMP6.ICMP6(buffer) 255 self.set_decoded_protocol(icmp6_packet) 256 start_pos = icmp6_packet.get_header_size() 257 258 self.data_decoder = DataDecoder() 259 child_packet = self.data_decoder.decode(buffer[start_pos:]) 260 icmp6_packet.contains(child_packet) 261 return icmp6_packet 262 263 264class ARPDecoder(Decoder): 265 def __init__(self): 266 pass 267 268 def decode(self, aBuffer): 269 arp = ImpactPacket.ARP(aBuffer) 270 self.set_decoded_protocol( arp ) 271 off = arp.get_header_size() 272 self.data_decoder = DataDecoder() 273 packet = self.data_decoder.decode(aBuffer[off:]) 274 arp.contains(packet) 275 return arp 276 277class UDPDecoder(Decoder): 278 def __init__(self): 279 pass 280 281 def decode(self, aBuffer): 282 u = ImpactPacket.UDP(aBuffer) 283 self.set_decoded_protocol( u ) 284 off = u.get_header_size() 285 self.data_decoder = DataDecoder() 286 packet = self.data_decoder.decode(aBuffer[off:]) 287 u.contains(packet) 288 return u 289 290class TCPDecoder(Decoder): 291 def __init__(self): 292 pass 293 294 def decode(self, aBuffer): 295 t = ImpactPacket.TCP(aBuffer) 296 self.set_decoded_protocol( t ) 297 off = t.get_header_size() 298 self.data_decoder = DataDecoder() 299 packet = self.data_decoder.decode(aBuffer[off:]) 300 t.contains(packet) 301 return t 302 303class IGMPDecoder(Decoder): 304 def __init__(self): 305 pass 306 def decode(self, aBuffer): 307 ig = ImpactPacket.IGMP(aBuffer) 308 off = ig.get_header_size() 309 self.data_decoder = DataDecoder() 310 packet = self.data_decoder.decode(aBuffer[off:]) 311 ig.contains(packet) 312 return ig 313 314 315class IPDecoderForICMP(Decoder): 316 """This class was added to parse the IP header of ICMP unreachables packets 317 If you use the "standard" IPDecoder, it might crash (see bug #4870) ImpactPacket.py 318 because the TCP header inside the IP header is incomplete""" 319 def __init__(self): 320 pass 321 322 def decode(self, aBuffer): 323 i = ImpactPacket.IP(aBuffer) 324 self.set_decoded_protocol( i ) 325 off = i.get_header_size() 326 if i.get_ip_p() == ImpactPacket.UDP.protocol: 327 self.udp_decoder = UDPDecoder() 328 packet = self.udp_decoder.decode(aBuffer[off:]) 329 else: 330 self.data_decoder = DataDecoder() 331 packet = self.data_decoder.decode(aBuffer[off:]) 332 i.contains(packet) 333 return i 334 335class ICMPDecoder(Decoder): 336 def __init__(self): 337 pass 338 339 def decode(self, aBuffer): 340 ic = ImpactPacket.ICMP(aBuffer) 341 self.set_decoded_protocol( ic ) 342 off = ic.get_header_size() 343 if ic.get_icmp_type() == ImpactPacket.ICMP.ICMP_UNREACH: 344 self.ip_decoder = IPDecoderForICMP() 345 packet = self.ip_decoder.decode(aBuffer[off:]) 346 else: 347 self.data_decoder = DataDecoder() 348 packet = self.data_decoder.decode(aBuffer[off:]) 349 ic.contains(packet) 350 return ic 351 352class DataDecoder(Decoder): 353 def decode(self, aBuffer): 354 d = ImpactPacket.Data(aBuffer) 355 self.set_decoded_protocol( d ) 356 return d 357 358class BaseDot11Decoder(Decoder): 359 def __init__(self, key_manager=None): 360 self.set_key_manager(key_manager) 361 362 def set_key_manager(self, key_manager): 363 self.key_manager = key_manager 364 365 def find_key(self, bssid): 366 try: 367 key = self.key_manager.get_key(bssid) 368 except: 369 return False 370 return key 371 372class RadioTapDecoder(BaseDot11Decoder): 373 def __init__(self): 374 BaseDot11Decoder.__init__(self) 375 376 def decode(self, aBuffer): 377 rt = dot11.RadioTap(aBuffer) 378 self.set_decoded_protocol( rt ) 379 380 self.do11_decoder = Dot11Decoder() 381 self.do11_decoder.set_key_manager(self.key_manager) 382 flags=rt.get_flags() 383 if flags is not None: 384 fcs=flags&dot11.RadioTap.RTF_FLAGS.PROPERTY_FCS_AT_END 385 self.do11_decoder.FCS_at_end(fcs) 386 387 packet = self.do11_decoder.decode(rt.get_body_as_string()) 388 389 rt.contains(packet) 390 return rt 391 392class Dot11Decoder(BaseDot11Decoder): 393 def __init__(self): 394 BaseDot11Decoder.__init__(self) 395 self.__FCS_at_end = True 396 397 def FCS_at_end(self, fcs_at_end=True): 398 self.__FCS_at_end=not not fcs_at_end 399 400 def decode(self, aBuffer): 401 d = dot11.Dot11(aBuffer, self.__FCS_at_end) 402 self.set_decoded_protocol( d ) 403 404 type = d.get_type() 405 if type == dot11.Dot11Types.DOT11_TYPE_CONTROL: 406 dot11_control_decoder = Dot11ControlDecoder() 407 packet = dot11_control_decoder.decode(d.body_string) 408 elif type == dot11.Dot11Types.DOT11_TYPE_DATA: 409 dot11_data_decoder = Dot11DataDecoder(self.key_manager) 410 411 dot11_data_decoder.set_dot11_hdr(d) 412 413 packet = dot11_data_decoder.decode(d.body_string) 414 elif type == dot11.Dot11Types.DOT11_TYPE_MANAGEMENT: 415 dot11_management_decoder = Dot11ManagementDecoder() 416 dot11_management_decoder.set_subtype(d.get_subtype()) 417 packet = dot11_management_decoder.decode(d.body_string) 418 else: 419 data_decoder = DataDecoder() 420 packet = data_decoder.decode(d.body_string) 421 422 d.contains(packet) 423 return d 424 425class Dot11ControlDecoder(BaseDot11Decoder): 426 def __init__(self): 427 BaseDot11Decoder.__init__(self) 428 self.__FCS_at_end = True 429 430 def FCS_at_end(self, fcs_at_end=True): 431 self.__FCS_at_end=not not fcs_at_end 432 433 def decode(self, aBuffer): 434 d = dot11.Dot11(aBuffer, self.__FCS_at_end) 435 self.set_decoded_protocol(d) 436 437 self.subtype = d.get_subtype() 438 if self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_CLEAR_TO_SEND: 439 self.ctrl_cts_decoder = Dot11ControlFrameCTSDecoder() 440 packet = self.ctrl_cts_decoder.decode(d.body_string) 441 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_ACKNOWLEDGMENT: 442 self.ctrl_ack_decoder = Dot11ControlFrameACKDecoder() 443 packet = self.ctrl_ack_decoder.decode(d.body_string) 444 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_REQUEST_TO_SEND: 445 self.ctrl_rts_decoder = Dot11ControlFrameRTSDecoder() 446 packet = self.ctrl_rts_decoder.decode(d.body_string) 447 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_POWERSAVE_POLL: 448 self.ctrl_pspoll_decoder = Dot11ControlFramePSPollDecoder() 449 packet = self.ctrl_pspoll_decoder.decode(d.body_string) 450 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_CF_END: 451 self.ctrl_cfend_decoder = Dot11ControlFrameCFEndDecoder() 452 packet = self.ctrl_cfend_decoder.decode(d.body_string) 453 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_CF_END_CF_ACK: 454 self.ctrl_cfendcfack_decoder = Dot11ControlFrameCFEndCFACKDecoder() 455 packet = self.ctrl_cfendcfack_decoder.decode(d.body_string) 456 else: 457 data_decoder = DataDecoder() 458 packet = data_decoder.decode(d.body_string) 459 460 d.contains(packet) 461 return d 462 463class Dot11ControlFrameCTSDecoder(BaseDot11Decoder): 464 def __init__(self): 465 BaseDot11Decoder.__init__(self) 466 467 def decode(self, aBuffer): 468 p = dot11.Dot11ControlFrameCTS(aBuffer) 469 self.set_decoded_protocol(p) 470 return p 471 472class Dot11ControlFrameACKDecoder(BaseDot11Decoder): 473 def __init__(self): 474 BaseDot11Decoder.__init__(self) 475 476 def decode(self, aBuffer): 477 p = dot11.Dot11ControlFrameACK(aBuffer) 478 self.set_decoded_protocol(p) 479 return p 480 481class Dot11ControlFrameRTSDecoder(BaseDot11Decoder): 482 def __init__(self): 483 BaseDot11Decoder.__init__(self) 484 485 def decode(self, aBuffer): 486 p = dot11.Dot11ControlFrameRTS(aBuffer) 487 self.set_decoded_protocol(p) 488 return p 489 490class Dot11ControlFramePSPollDecoder(BaseDot11Decoder): 491 def __init__(self): 492 BaseDot11Decoder.__init__(self) 493 494 def decode(self, aBuffer): 495 p = dot11.Dot11ControlFramePSPoll(aBuffer) 496 self.set_decoded_protocol(p) 497 return p 498 499class Dot11ControlFrameCFEndDecoder(BaseDot11Decoder): 500 def __init__(self): 501 BaseDot11Decoder.__init__(self) 502 503 def decode(self, aBuffer): 504 p = dot11.Dot11ControlFrameCFEnd(aBuffer) 505 self.set_decoded_protocol(p) 506 return p 507class Dot11ControlFrameCFEndCFACKDecoder(BaseDot11Decoder): 508 def __init__(self): 509 BaseDot11Decoder.__init__(self) 510 511 def decode(self, aBuffer): 512 p = dot11.Dot11ControlFrameCFEndCFACK(aBuffer) 513 self.set_decoded_protocol(p) 514 return p 515 516class Dot11DataDecoder(BaseDot11Decoder): 517 def __init__(self, key_manager): 518 BaseDot11Decoder.__init__(self, key_manager) 519 520 def set_dot11_hdr(self, dot11_obj): 521 self.dot11 = dot11_obj 522 523 def decode(self, aBuffer): 524 if self.dot11.get_fromDS() and self.dot11.get_toDS(): 525 if self.dot11.is_QoS_frame(): 526 p = dot11.Dot11DataAddr4QoSFrame(aBuffer) 527 else: 528 p = dot11.Dot11DataAddr4Frame(aBuffer) 529 elif self.dot11.is_QoS_frame(): 530 p = dot11.Dot11DataQoSFrame(aBuffer) 531 else: 532 p = dot11.Dot11DataFrame(aBuffer) 533 self.set_decoded_protocol( p ) 534 535 if not self.dot11.get_protectedFrame(): 536 self.llc_decoder = LLCDecoder() 537 packet = self.llc_decoder.decode(p.body_string) 538 else: 539 if not self.dot11.get_fromDS() and self.dot11.get_toDS(): 540 bssid = p.get_address1() 541 elif self.dot11.get_fromDS() and not self.dot11.get_toDS(): 542 bssid = p.get_address2() 543 elif not self.dot11.get_fromDS() and not self.dot11.get_toDS(): 544 bssid = p.get_address3() 545 else: 546 # WDS, this is the RA 547 bssid = p.get_address1() 548 549 wep_decoder = Dot11WEPDecoder(self.key_manager) 550 wep_decoder.set_bssid(bssid) 551 packet = wep_decoder.decode(p.body_string) 552 if packet is None: 553 wpa_decoder = Dot11WPADecoder() 554 packet = wpa_decoder.decode(p.body_string) 555 if packet is None: 556 wpa2_decoder = Dot11WPA2Decoder() 557 packet = wpa2_decoder.decode(p.body_string) 558 if packet is None: 559 data_decoder = DataDecoder() 560 packet = data_decoder.decode(p.body_string) 561 562 p.contains(packet) 563 return p 564 565class Dot11WEPDecoder(BaseDot11Decoder): 566 def __init__(self, key_manager): 567 BaseDot11Decoder.__init__(self, key_manager) 568 self.bssid = None 569 570 def set_bssid(self, bssid): 571 self.bssid = bssid 572 573 def decode(self, aBuffer): 574 wep = dot11.Dot11WEP(aBuffer) 575 self.set_decoded_protocol( wep ) 576 577 if wep.is_WEP() is False: 578 return None 579 580 key = self.find_key(self.bssid) 581 if key: 582 decoded_string=wep.get_decrypted_data(key) 583 584 wep_data = Dot11WEPDataDecoder() 585 packet = wep_data.decode(decoded_string) 586 else: 587 data_decoder = DataDecoder() 588 packet = data_decoder.decode(wep.body_string) 589 590 wep.contains(packet) 591 592 return wep 593 594 def decrypt_data(self, key_string): 595 'Return \'WEP Data\' decrypted' 596 597 # Needs to be at least 8 bytes of payload 598 if len(self.body_string)<8: 599 return self.body_string 600 601 # initialize the first bytes of the key from the IV 602 # and copy rest of the WEP key (the secret part) 603 key=self.get_iv()+key_string 604 rc4=RC4(key) 605 out=rc4.decrypt(data) 606 dwd=Dot11WEPData(out) 607 608 if False: # is ICV correct 609 return dwd 610 else: 611 return self.body_string 612 613 614class Dot11WEPDataDecoder(BaseDot11Decoder): 615 def __init__(self): 616 BaseDot11Decoder.__init__(self) 617 618 def decode(self, aBuffer): 619 wep_data = dot11.Dot11WEPData(aBuffer) 620 621 if not wep_data.check_icv(): 622 # TODO: Do something when the icv is not correct 623 pass 624 625 self.set_decoded_protocol( wep_data ) 626 627 llc_decoder = LLCDecoder() 628 packet = llc_decoder.decode(wep_data.body_string) 629 630 wep_data.contains(packet) 631 632 return wep_data 633 634 635class Dot11WPADecoder(BaseDot11Decoder): 636 def __init__(self): 637 BaseDot11Decoder.__init__(self) 638 639 def decode(self, aBuffer, key=None): 640 wpa = dot11.Dot11WPA(aBuffer) 641 self.set_decoded_protocol( wpa ) 642 643 if wpa.is_WPA() is False: 644 return None 645 646 if key: 647 decoded_string=wpa.get_decrypted_data() 648 649 wpa_data = Dot11DataWPADataDecoder() 650 packet = wpa_data.decode(decoded_string) 651 else: 652 data_decoder = DataDecoder() 653 packet = data_decoder.decode(wpa.body_string) 654 655 wpa.contains(packet) 656 657 return wpa 658 659class Dot11WPADataDecoder(BaseDot11Decoder): 660 def __init__(self): 661 BaseDot11Decoder.__init__(self) 662 663 def decode(self, aBuffer): 664 wpa_data = dot11.Dot11WPAData(aBuffer) 665 self.set_decoded_protocol( wpa_data ) 666 667 llc_decoder = LLCDecoder() 668 packet = self.llc_decoder.decode(wpa_data.body_string) 669 670 wpa_data.contains(packet) 671 672 return wpa_data 673 674class Dot11WPA2Decoder(BaseDot11Decoder): 675 def __init__(self): 676 BaseDot11Decoder.__init__(self) 677 678 def decode(self, aBuffer, key=None): 679 wpa2 = dot11.Dot11WPA2(aBuffer) 680 self.set_decoded_protocol( wpa2 ) 681 682 if wpa2.is_WPA2() is False: 683 return None 684 685 if key: 686 decoded_string=wpa2.get_decrypted_data() 687 688 wpa2_data = Dot11WPA2DataDecoder() 689 packet = wpa2_data.decode(decoded_string) 690 else: 691 data_decoder = DataDecoder() 692 packet = data_decoder.decode(wpa2.body_string) 693 694 wpa2.contains(packet) 695 696 return wpa2 697 698class Dot11WPA2DataDecoder(BaseDot11Decoder): 699 def __init__(self): 700 BaseDot11Decoder.__init__(self) 701 702 def decode(self, aBuffer): 703 wpa2_data = dot11.Dot11WPA2Data(aBuffer) 704 self.set_decoded_protocol( wpa2_data ) 705 706 llc_decoder = LLCDecoder() 707 packet = self.llc_decoder.decode(wpa2_data.body_string) 708 709 wpa2_data.contains(packet) 710 711 return wpa2_data 712 713class LLCDecoder(Decoder): 714 def __init__(self): 715 pass 716 717 def decode(self, aBuffer): 718 d = dot11.LLC(aBuffer) 719 self.set_decoded_protocol( d ) 720 721 if d.get_DSAP()==dot11.SAPTypes.SNAP: 722 if d.get_SSAP()==dot11.SAPTypes.SNAP: 723 if d.get_control()==dot11.LLC.DLC_UNNUMBERED_FRAMES: 724 snap_decoder = SNAPDecoder() 725 packet = snap_decoder.decode(d.body_string) 726 d.contains(packet) 727 return d 728 729 # Only SNAP is implemented 730 data_decoder = DataDecoder() 731 packet = data_decoder.decode(d.body_string) 732 d.contains(packet) 733 return d 734 735class SNAPDecoder(Decoder): 736 def __init__(self): 737 pass 738 739 def decode(self, aBuffer): 740 s = dot11.SNAP(aBuffer) 741 self.set_decoded_protocol( s ) 742 if s.get_OUI()==CDP.OUI and s.get_protoID()==CDP.Type: 743 dec = CDPDecoder() 744 packet = dec.decode(s.body_string) 745 elif s.get_OUI()!=0x000000: 746 # We don't know how to handle other than OUI=0x000000 (EtherType) 747 self.data_decoder = DataDecoder() 748 packet = self.data_decoder.decode(s.body_string) 749 elif s.get_protoID() == ImpactPacket.IP.ethertype: 750 self.ip_decoder = IPDecoder() 751 packet = self.ip_decoder.decode(s.body_string) 752 elif s.get_protoID() == ImpactPacket.ARP.ethertype: 753 self.arp_decoder = ARPDecoder() 754 packet = self.arp_decoder.decode(s.body_string) 755 elif s.get_protoID() == eap.DOT1X_AUTHENTICATION: 756 self.eapol_decoder = EAPOLDecoder() 757 packet = self.eapol_decoder.decode(s.body_string) 758 else: 759 self.data_decoder = DataDecoder() 760 packet = self.data_decoder.decode(s.body_string) 761 762 s.contains(packet) 763 return s 764 765class CDPDecoder(Decoder): 766 767 def __init__(self): 768 pass 769 770 def decode(self, aBuffer): 771 s = CDP(aBuffer) 772 self.set_decoded_protocol( s ) 773 return s 774 775class Dot11ManagementDecoder(BaseDot11Decoder): 776 def __init__(self): 777 BaseDot11Decoder.__init__(self) 778 self.subtype = None 779 780 def set_subtype(self, subtype): 781 self.subtype=subtype 782 783 def decode(self, aBuffer): 784 p = dot11.Dot11ManagementFrame(aBuffer) 785 self.set_decoded_protocol( p ) 786 787 if self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_BEACON: 788 self.mgt_beacon_decoder = Dot11ManagementBeaconDecoder() 789 packet = self.mgt_beacon_decoder.decode(p.body_string) 790 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST: 791 self.mgt_probe_request_decoder = Dot11ManagementProbeRequestDecoder() 792 packet = self.mgt_probe_request_decoder.decode(p.body_string) 793 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE: 794 self.mgt_probe_response_decoder = Dot11ManagementProbeResponseDecoder() 795 packet = self.mgt_probe_response_decoder.decode(p.body_string) 796 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DEAUTHENTICATION: 797 self.mgt_deauthentication_decoder = Dot11ManagementDeauthenticationDecoder() 798 packet = self.mgt_deauthentication_decoder.decode(p.body_string) 799 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_AUTHENTICATION: 800 self.mgt_Authentication_decoder = Dot11ManagementAuthenticationDecoder() 801 packet = self.mgt_Authentication_decoder.decode(p.body_string) 802 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DISASSOCIATION: 803 self.mgt_disassociation_decoder = Dot11ManagementDisassociationDecoder() 804 packet = self.mgt_disassociation_decoder.decode(p.body_string) 805 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_REQUEST: 806 self.mgt_association_request_decoder = Dot11ManagementAssociationRequestDecoder() 807 packet = self.mgt_association_request_decoder.decode(p.body_string) 808 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_RESPONSE: 809 self.mgt_association_response_decoder = Dot11ManagementAssociationResponseDecoder() 810 packet = self.mgt_association_response_decoder.decode(p.body_string) 811 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_REQUEST: 812 self.mgt_reassociation_request_decoder = Dot11ManagementReassociationRequestDecoder() 813 packet = self.mgt_reassociation_request_decoder.decode(p.body_string) 814 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_RESPONSE: 815 self.mgt_reassociation_response_decoder = Dot11ManagementReassociationResponseDecoder() 816 packet = self.mgt_reassociation_response_decoder.decode(p.body_string) 817 else: 818 data_decoder = DataDecoder() 819 packet = data_decoder.decode(p.body_string) 820 821 p.contains(packet) 822 return p 823 824class Dot11ManagementBeaconDecoder(BaseDot11Decoder): 825 def __init__(self): 826 BaseDot11Decoder.__init__(self) 827 828 def decode(self, aBuffer): 829 p = dot11.Dot11ManagementBeacon(aBuffer) 830 self.set_decoded_protocol( p ) 831 832 return p 833 834class Dot11ManagementProbeRequestDecoder(BaseDot11Decoder): 835 def __init__(self): 836 BaseDot11Decoder.__init__(self) 837 838 def decode(self, aBuffer): 839 p = dot11.Dot11ManagementProbeRequest(aBuffer) 840 self.set_decoded_protocol( p ) 841 842 return p 843 844class Dot11ManagementProbeResponseDecoder(BaseDot11Decoder): 845 def __init__(self): 846 BaseDot11Decoder.__init__(self) 847 848 def decode(self, aBuffer): 849 p = dot11.Dot11ManagementProbeResponse(aBuffer) 850 self.set_decoded_protocol( p ) 851 852 return p 853 854class Dot11ManagementDeauthenticationDecoder(BaseDot11Decoder): 855 def __init__(self): 856 BaseDot11Decoder.__init__(self) 857 858 def decode(self, aBuffer): 859 p = dot11.Dot11ManagementDeauthentication(aBuffer) 860 self.set_decoded_protocol( p ) 861 862 return p 863 864class Dot11ManagementAuthenticationDecoder(BaseDot11Decoder): 865 def __init__(self): 866 BaseDot11Decoder.__init__(self) 867 868 def decode(self, aBuffer): 869 p = dot11.Dot11ManagementAuthentication(aBuffer) 870 self.set_decoded_protocol(p) 871 872 return p 873 874class Dot11ManagementDisassociationDecoder(BaseDot11Decoder): 875 def __init__(self): 876 BaseDot11Decoder.__init__(self) 877 878 def decode(self, aBuffer): 879 p = dot11.Dot11ManagementDisassociation(aBuffer) 880 self.set_decoded_protocol(p) 881 882 return p 883 884class Dot11ManagementAssociationRequestDecoder(BaseDot11Decoder): 885 def __init__(self): 886 BaseDot11Decoder.__init__(self) 887 888 def decode(self, aBuffer): 889 p = dot11.Dot11ManagementAssociationRequest(aBuffer) 890 self.set_decoded_protocol(p) 891 892 return p 893 894class Dot11ManagementAssociationResponseDecoder(BaseDot11Decoder): 895 def __init__(self): 896 BaseDot11Decoder.__init__(self) 897 898 def decode(self, aBuffer): 899 p = dot11.Dot11ManagementAssociationResponse(aBuffer) 900 self.set_decoded_protocol(p) 901 902 return p 903 904class Dot11ManagementReassociationRequestDecoder(BaseDot11Decoder): 905 def __init__(self): 906 BaseDot11Decoder.__init__(self) 907 908 def decode(self, aBuffer): 909 p = dot11.Dot11ManagementReassociationRequest(aBuffer) 910 self.set_decoded_protocol(p) 911 912 return p 913 914class Dot11ManagementReassociationResponseDecoder(BaseDot11Decoder): 915 def __init__(self): 916 BaseDot11Decoder.__init__(self) 917 918 def decode(self, aBuffer): 919 p = dot11.Dot11ManagementReassociationResponse(aBuffer) 920 self.set_decoded_protocol(p) 921 922 return p 923 924class BaseDecoder(Decoder): 925 926 def decode(self, buff): 927 928 packet = self.klass(buff) 929 self.set_decoded_protocol(packet) 930 cd = self.child_decoders.get(self.child_key(packet), DataDecoder()) 931 packet.contains(cd.decode(packet.get_body_as_string())) 932 return packet 933 934class SimpleConfigDecoder(BaseDecoder): 935 936 child_decoders = {} 937 klass = wps.SimpleConfig 938 child_key = lambda s,p: None 939 940 def decode(self, buff): 941 sc = BaseDecoder.decode(self, buff) 942 ary = array.array('B', sc.child().get_packet()) 943 sc.unlink_child() 944 tlv = wps.SimpleConfig.build_tlv_container() 945 tlv.from_ary(ary) 946 sc.contains(tlv) 947 948 return sc 949 950class EAPExpandedDecoder(BaseDecoder): 951 child_decoders = { 952 (eap.EAPExpanded.WFA_SMI, eap.EAPExpanded.SIMPLE_CONFIG): SimpleConfigDecoder(), 953 } 954 klass = eap.EAPExpanded 955 child_key = lambda s,p: (p.get_vendor_id(), p.get_vendor_type()) 956 957class EAPRDecoder(BaseDecoder): 958 child_decoders = { 959 eap.EAPR.EXPANDED:EAPExpandedDecoder() 960 } 961 klass = eap.EAPR 962 child_key = lambda s, p: p.get_type() 963 964class EAPDecoder(BaseDecoder): 965 child_decoders = { 966 eap.EAP.REQUEST: EAPRDecoder(), 967 eap.EAP.RESPONSE: EAPRDecoder(), 968 } 969 klass = eap.EAP 970 child_key = lambda s, p: p.get_code() 971 972class EAPOLDecoder(BaseDecoder): 973 child_decoders = { 974 eap.EAPOL.EAP_PACKET: EAPDecoder() 975 } 976 klass = eap.EAPOL 977 child_key = lambda s, p: p.get_packet_type() 978 979class BootpDecoder(Decoder): 980 def __init__(self): 981 pass 982 983 def decode(self, aBuffer): 984 d = dhcp.BootpPacket(aBuffer) 985 self.set_decoded_protocol( d ) 986 off = len(d.getData()) 987 if dhcp.DhcpPacket(aBuffer[off:])['cookie'] == dhcp.DhcpPacket.MAGIC_NUMBER: 988 self.data_decoder = DHCPDecoder() 989 packet = self.data_decoder.decode(aBuffer[off:]) 990 d.contains(packet) 991 return d 992 993class DHCPDecoder(Decoder): 994 def __init__(self): 995 pass 996 997 def decode(self, aBuffer): 998 d = dhcp.DhcpPacket(aBuffer) 999 self.set_decoded_protocol( d ) 1000 return d 1001