esp32_bluetooth_classic_sni.../libs/scapy/layers/lltd.py
Matheus Eduardo Garbelini 86890704fd initial commit
todo: add documentation & wireshark dissector
2021-08-31 19:51:03 +08:00

845 lines
26 KiB
Python
Executable file

# This file is part of Scapy
# See http://www.secdev.org/projects/scapy for more information
# Copyright (C) Philippe Biondi <phil@secdev.org>
# This program is published under a GPLv2 license
"""LLTD Protocol
https://msdn.microsoft.com/en-us/library/cc233983.aspx
"""
from __future__ import absolute_import
from array import array
from scapy.fields import BitField, FlagsField, ByteField, ByteEnumField, \
ShortField, ShortEnumField, ThreeBytesField, IntField, IntEnumField, \
LongField, MultiEnumField, FieldLenField, FieldListField, \
PacketListField, StrLenField, StrLenFieldUtf16, ConditionalField, MACField
from scapy.packet import Packet, Padding, bind_layers
from scapy.plist import PacketList
from scapy.layers.l2 import Ether
from scapy.layers.inet import IPField
from scapy.layers.inet6 import IP6Field
from scapy.data import ETHER_ANY
import scapy.modules.six as six
from scapy.compat import orb, chb
# Protocol layers
##################
class LLTD(Packet):
name = "LLTD"
answer_hashret = {
# (tos, function) tuple mapping (answer -> query), used by
# .hashret()
(1, 1): (0, 0),
(0, 12): (0, 11),
}
fields_desc = [
ByteField("version", 1),
ByteEnumField("tos", 0, {
0: "Topology discovery",
1: "Quick discovery",
2: "QoS diagnostics",
}),
ByteField("reserved", 0),
MultiEnumField("function", 0, {
0: {
0: "Discover",
1: "Hello",
2: "Emit",
3: "Train",
4: "Probe",
5: "Ack",
6: "Query",
7: "QueryResp",
8: "Reset",
9: "Charge",
10: "Flat",
11: "QueryLargeTlv",
12: "QueryLargeTlvResp",
},
1: {
0: "Discover",
1: "Hello",
8: "Reset",
},
2: {
0: "QosInitializeSink",
1: "QosReady",
2: "QosProbe",
3: "QosQuery",
4: "QosQueryResp",
5: "QosReset",
6: "QosError",
7: "QosAck",
8: "QosCounterSnapshot",
9: "QosCounterResult",
10: "QosCounterLease",
},
}, depends_on=lambda pkt: pkt.tos, fmt="B"),
MACField("real_dst", None),
MACField("real_src", None),
ConditionalField(ShortField("xid", 0),
lambda pkt: pkt.function in [0, 8]),
ConditionalField(ShortField("seq", 0),
lambda pkt: pkt.function not in [0, 8]),
]
def post_build(self, pkt, pay):
if (self.real_dst is None or self.real_src is None) and \
isinstance(self.underlayer, Ether):
eth = self.underlayer
if self.real_dst is None:
pkt = (pkt[:4] + eth.fields_desc[0].i2m(eth, eth.dst) +
pkt[10:])
if self.real_src is None:
pkt = (pkt[:10] + eth.fields_desc[1].i2m(eth, eth.src) +
pkt[16:])
return pkt + pay
def mysummary(self):
if isinstance(self.underlayer, Ether):
return self.underlayer.sprintf(
'LLTD %src% > %dst% %LLTD.tos% - %LLTD.function%'
)
else:
return self.sprintf('LLTD %tos% - %function%')
def hashret(self):
tos, function = self.tos, self.function
return "%c%c" % self.answer_hashret.get((tos, function),
(tos, function))
def answers(self, other):
if not isinstance(other, LLTD):
return False
if self.tos == 0:
if self.function == 0 and isinstance(self.payload, LLTDDiscover) \
and len(self[LLTDDiscover].stations_list) == 1:
# "Topology discovery - Discover" with one MAC address
# discovered answers a "Quick discovery - Hello"
return other.tos == 1 and \
other.function == 1 and \
LLTDAttributeHostID in other and \
other[LLTDAttributeHostID].mac == \
self[LLTDDiscover].stations_list[0]
elif self.function == 12:
# "Topology discovery - QueryLargeTlvResp" answers
# "Topology discovery - QueryLargeTlv" with same .seq
# value
return other.tos == 0 and other.function == 11 \
and other.seq == self.seq
elif self.tos == 1:
if self.function == 1 and isinstance(self.payload, LLTDHello):
# "Quick discovery - Hello" answers a "Topology
# discovery - Discover"
return other.tos == 0 and other.function == 0 and \
other.real_src == self.current_mapper_address
return False
class LLTDHello(Packet):
name = "LLTD - Hello"
show_summary = False
fields_desc = [
ShortField("gen_number", 0),
MACField("current_mapper_address", ETHER_ANY),
MACField("apparent_mapper_address", ETHER_ANY),
]
class LLTDDiscover(Packet):
name = "LLTD - Discover"
fields_desc = [
ShortField("gen_number", 0),
FieldLenField("stations_count", None, count_of="stations_list",
fmt="H"),
FieldListField("stations_list", [], MACField("", ETHER_ANY),
count_from=lambda pkt: pkt.stations_count)
]
def mysummary(self):
return (self.sprintf("Stations: %stations_list%")
if self.stations_list else "No station", [LLTD])
class LLTDEmiteeDesc(Packet):
name = "LLTD - Emitee Desc"
fields_desc = [
ByteEnumField("type", 0, {0: "Train", 1: "Probe"}),
ByteField("pause", 0),
MACField("src", None),
MACField("dst", ETHER_ANY),
]
class LLTDEmit(Packet):
name = "LLTD - Emit"
fields_desc = [
FieldLenField("descs_count", None, count_of="descs_list",
fmt="H"),
PacketListField("descs_list", [], LLTDEmiteeDesc,
count_from=lambda pkt: pkt.descs_count),
]
def mysummary(self):
return ", ".join(desc.sprintf("%src% > %dst%")
for desc in self.descs_list), [LLTD]
class LLTDRecveeDesc(Packet):
name = "LLTD - Recvee Desc"
fields_desc = [
ShortEnumField("type", 0, {0: "Probe", 1: "ARP or ICMPv6"}),
MACField("real_src", ETHER_ANY),
MACField("ether_src", ETHER_ANY),
MACField("ether_dst", ETHER_ANY),
]
class LLTDQueryResp(Packet):
name = "LLTD - Query Response"
fields_desc = [
FlagsField("flags", 0, 2, "ME"),
BitField("descs_count", None, 14),
PacketListField("descs_list", [], LLTDRecveeDesc,
count_from=lambda pkt: pkt.descs_count),
]
def post_build(self, pkt, pay):
if self.descs_count is None:
# descs_count should be a FieldLenField but has an
# unsupported format (14 bits)
flags = orb(pkt[0]) & 0xc0
count = len(self.descs_list)
pkt = chb(flags + (count >> 8)) + chb(count % 256) + pkt[2:]
return pkt + pay
def mysummary(self):
return self.sprintf("%d response%s" % (
self.descs_count,
"s" if self.descs_count > 1 else "")), [LLTD]
class LLTDQueryLargeTlv(Packet):
name = "LLTD - Query Large Tlv"
fields_desc = [
ByteEnumField("type", 14, {
14: "Icon image",
17: "Friendly Name",
19: "Hardware ID",
22: "AP Association Table",
24: "Detailed Icon Image",
26: "Component Table",
28: "Repeater AP Table",
}),
ThreeBytesField("offset", 0),
]
def mysummary(self):
return self.sprintf("%type% (offset %offset%)"), [LLTD]
class LLTDQueryLargeTlvResp(Packet):
name = "LLTD - Query Large Tlv Response"
fields_desc = [
FlagsField("flags", 0, 2, "RM"),
BitField("len", None, 14),
StrLenField("value", "", length_from=lambda pkt: pkt.len)
]
def post_build(self, pkt, pay):
if self.len is None:
# len should be a FieldLenField but has an unsupported
# format (14 bits)
flags = orb(pkt[0]) & 0xc0
length = len(self.value)
pkt = chb(flags + (length >> 8)) + chb(length % 256) + pkt[2:]
return pkt + pay
def mysummary(self):
return self.sprintf("%%len%% bytes%s" % (
" (last)" if not self.flags & 2 else ""
)), [LLTD]
class LLTDAttribute(Packet):
name = "LLTD Attribute"
show_indent = False
show_summary = False
# section 2.2.1.1
fields_desc = [
ByteEnumField("type", 0, {
0: "End Of Property",
1: "Host ID",
2: "Characteristics",
3: "Physical Medium",
7: "IPv4 Address",
9: "802.11 Max Rate",
10: "Performance Counter Frequency",
12: "Link Speed",
14: "Icon Image",
15: "Machine Name",
18: "Device UUID",
20: "QoS Characteristics",
21: "802.11 Physical Medium",
24: "Detailed Icon Image",
}),
FieldLenField("len", None, length_of="value", fmt="B"),
StrLenField("value", "", length_from=lambda pkt: pkt.len),
]
@classmethod
def dispatch_hook(cls, _pkt=None, *_, **kargs):
if _pkt:
cmd = orb(_pkt[0])
elif "type" in kargs:
cmd = kargs["type"]
if isinstance(cmd, six.string_types):
cmd = cls.fields_desc[0].s2i[cmd]
else:
return cls
return SPECIFIC_CLASSES.get(cmd, cls)
SPECIFIC_CLASSES = {}
def _register_lltd_specific_class(*attr_types):
"""This can be used as a class decorator; if we want to support Python
2.5, we have to replace
@_register_lltd_specific_class(x[, y[, ...]])
class LLTDAttributeSpecific(LLTDAttribute):
[...]
by
class LLTDAttributeSpecific(LLTDAttribute):
[...]
LLTDAttributeSpecific = _register_lltd_specific_class(x[, y[, ...]])(
LLTDAttributeSpecific
)
"""
def _register(cls):
for attr_type in attr_types:
SPECIFIC_CLASSES[attr_type] = cls
type_fld = LLTDAttribute.fields_desc[0].copy()
type_fld.default = attr_types[0]
cls.fields_desc = [type_fld] + cls.fields_desc
return cls
return _register
@_register_lltd_specific_class(0)
class LLTDAttributeEOP(LLTDAttribute):
name = "LLTD Attribute - End Of Property"
fields_desc = []
@_register_lltd_specific_class(1)
class LLTDAttributeHostID(LLTDAttribute):
name = "LLTD Attribute - Host ID"
fields_desc = [
ByteField("len", 6),
MACField("mac", ETHER_ANY),
]
def mysummary(self):
return "ID: %s" % self.mac, [LLTD, LLTDAttributeMachineName]
@_register_lltd_specific_class(2)
class LLTDAttributeCharacteristics(LLTDAttribute):
name = "LLTD Attribute - Characteristics"
fields_desc = [
# According to MS doc, "this field MUST be set to 0x02". But
# according to MS implementation, that's wrong.
# ByteField("len", 2),
FieldLenField("len", None, length_of="reserved2", fmt="B",
adjust=lambda _, x: x + 2),
FlagsField("flags", 0, 5, "PXFML"),
BitField("reserved1", 0, 11),
StrLenField("reserved2", "", length_from=lambda x: x.len - 2)
]
@_register_lltd_specific_class(3)
class LLTDAttributePhysicalMedium(LLTDAttribute):
name = "LLTD Attribute - Physical Medium"
fields_desc = [
ByteField("len", 4),
IntEnumField("medium", 6, {
# https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib
1: "other",
2: "regular1822",
3: "hdh1822",
4: "ddnX25",
5: "rfc877x25",
6: "ethernetCsmacd",
7: "iso88023Csmacd",
8: "iso88024TokenBus",
9: "iso88025TokenRing",
10: "iso88026Man",
11: "starLan",
12: "proteon10Mbit",
13: "proteon80Mbit",
14: "hyperchannel",
15: "fddi",
16: "lapb",
17: "sdlc",
18: "ds1",
19: "e1",
20: "basicISDN",
21: "primaryISDN",
22: "propPointToPointSerial",
23: "ppp",
24: "softwareLoopback",
25: "eon",
26: "ethernet3Mbit",
27: "nsip",
28: "slip",
29: "ultra",
30: "ds3",
31: "sip",
32: "frameRelay",
33: "rs232",
34: "para",
35: "arcnet",
36: "arcnetPlus",
37: "atm",
38: "miox25",
39: "sonet",
40: "x25ple",
41: "iso88022llc",
42: "localTalk",
43: "smdsDxi",
44: "frameRelayService",
45: "v35",
46: "hssi",
47: "hippi",
48: "modem",
49: "aal5",
50: "sonetPath",
51: "sonetVT",
52: "smdsIcip",
53: "propVirtual",
54: "propMultiplexor",
55: "ieee80212",
56: "fibreChannel",
57: "hippiInterface",
58: "frameRelayInterconnect",
59: "aflane8023",
60: "aflane8025",
61: "cctEmul",
62: "fastEther",
63: "isdn",
64: "v11",
65: "v36",
66: "g703at64k",
67: "g703at2mb",
68: "qllc",
69: "fastEtherFX",
70: "channel",
71: "ieee80211",
72: "ibm370parChan",
73: "escon",
74: "dlsw",
75: "isdns",
76: "isdnu",
77: "lapd",
78: "ipSwitch",
79: "rsrb",
80: "atmLogical",
81: "ds0",
82: "ds0Bundle",
83: "bsc",
84: "async",
85: "cnr",
86: "iso88025Dtr",
87: "eplrs",
88: "arap",
89: "propCnls",
90: "hostPad",
91: "termPad",
92: "frameRelayMPI",
93: "x213",
94: "adsl",
95: "radsl",
96: "sdsl",
97: "vdsl",
98: "iso88025CRFPInt",
99: "myrinet",
100: "voiceEM",
101: "voiceFXO",
102: "voiceFXS",
103: "voiceEncap",
104: "voiceOverIp",
105: "atmDxi",
106: "atmFuni",
107: "atmIma",
108: "pppMultilinkBundle",
109: "ipOverCdlc",
110: "ipOverClaw",
111: "stackToStack",
112: "virtualIpAddress",
113: "mpc",
114: "ipOverAtm",
115: "iso88025Fiber",
116: "tdlc",
117: "gigabitEthernet",
118: "hdlc",
119: "lapf",
120: "v37",
121: "x25mlp",
122: "x25huntGroup",
123: "transpHdlc",
124: "interleave",
125: "fast",
126: "ip",
127: "docsCableMaclayer",
128: "docsCableDownstream",
129: "docsCableUpstream",
130: "a12MppSwitch",
131: "tunnel",
132: "coffee",
133: "ces",
134: "atmSubInterface",
135: "l2vlan",
136: "l3ipvlan",
137: "l3ipxvlan",
138: "digitalPowerline",
139: "mediaMailOverIp",
140: "dtm",
141: "dcn",
142: "ipForward",
143: "msdsl",
144: "ieee1394",
145: "if-gsn",
146: "dvbRccMacLayer",
147: "dvbRccDownstream",
148: "dvbRccUpstream",
149: "atmVirtual",
150: "mplsTunnel",
151: "srp",
152: "voiceOverAtm",
153: "voiceOverFrameRelay",
154: "idsl",
155: "compositeLink",
156: "ss7SigLink",
157: "propWirelessP2P",
158: "frForward",
159: "rfc1483",
160: "usb",
161: "ieee8023adLag",
162: "bgppolicyaccounting",
163: "frf16MfrBundle",
164: "h323Gatekeeper",
165: "h323Proxy",
166: "mpls",
167: "mfSigLink",
168: "hdsl2",
169: "shdsl",
170: "ds1FDL",
171: "pos",
172: "dvbAsiIn",
173: "dvbAsiOut",
174: "plc",
175: "nfas",
176: "tr008",
177: "gr303RDT",
178: "gr303IDT",
179: "isup",
180: "propDocsWirelessMaclayer",
181: "propDocsWirelessDownstream",
182: "propDocsWirelessUpstream",
183: "hiperlan2",
184: "propBWAp2Mp",
185: "sonetOverheadChannel",
186: "digitalWrapperOverheadChannel",
187: "aal2",
188: "radioMAC",
189: "atmRadio",
190: "imt",
191: "mvl",
192: "reachDSL",
193: "frDlciEndPt",
194: "atmVciEndPt",
195: "opticalChannel",
196: "opticalTransport",
197: "propAtm",
198: "voiceOverCable",
199: "infiniband",
200: "teLink",
201: "q2931",
202: "virtualTg",
203: "sipTg",
204: "sipSig",
205: "docsCableUpstreamChannel",
206: "econet",
207: "pon155",
208: "pon622",
209: "bridge",
210: "linegroup",
211: "voiceEMFGD",
212: "voiceFGDEANA",
213: "voiceDID",
214: "mpegTransport",
215: "sixToFour",
216: "gtp",
217: "pdnEtherLoop1",
218: "pdnEtherLoop2",
219: "opticalChannelGroup",
220: "homepna",
221: "gfp",
222: "ciscoISLvlan",
223: "actelisMetaLOOP",
224: "fcipLink",
225: "rpr",
226: "qam",
227: "lmp",
228: "cblVectaStar",
229: "docsCableMCmtsDownstream",
230: "adsl2",
231: "macSecControlledIF",
232: "macSecUncontrolledIF",
233: "aviciOpticalEther",
234: "atmbond",
235: "voiceFGDOS",
236: "mocaVersion1",
237: "ieee80216WMAN",
238: "adsl2plus",
239: "dvbRcsMacLayer",
240: "dvbTdm",
241: "dvbRcsTdma",
242: "x86Laps",
243: "wwanPP",
244: "wwanPP2",
245: "voiceEBS",
246: "ifPwType",
247: "ilan",
248: "pip",
249: "aluELP",
250: "gpon",
251: "vdsl2",
252: "capwapDot11Profile",
253: "capwapDot11Bss",
254: "capwapWtpVirtualRadio",
255: "bits",
256: "docsCableUpstreamRfPort",
257: "cableDownstreamRfPort",
258: "vmwareVirtualNic",
259: "ieee802154",
260: "otnOdu",
261: "otnOtu",
262: "ifVfiType",
263: "g9981",
264: "g9982",
265: "g9983",
266: "aluEpon",
267: "aluEponOnu",
268: "aluEponPhysicalUni",
269: "aluEponLogicalLink",
271: "aluGponPhysicalUni",
272: "vmwareNicTeam",
277: "docsOfdmDownstream",
278: "docsOfdmaUpstream",
279: "gfast",
280: "sdci",
}),
]
@_register_lltd_specific_class(7)
class LLTDAttributeIPv4Address(LLTDAttribute):
name = "LLTD Attribute - IPv4 Address"
fields_desc = [
ByteField("len", 4),
IPField("ipv4", "0.0.0.0"),
]
@_register_lltd_specific_class(8)
class LLTDAttributeIPv6Address(LLTDAttribute):
name = "LLTD Attribute - IPv6 Address"
fields_desc = [
ByteField("len", 16),
IP6Field("ipv6", "::"),
]
@_register_lltd_specific_class(9)
class LLTDAttribute80211MaxRate(LLTDAttribute):
name = "LLTD Attribute - 802.11 Max Rate"
fields_desc = [
ByteField("len", 2),
ShortField("rate", 0),
]
@_register_lltd_specific_class(10)
class LLTDAttributePerformanceCounterFrequency(LLTDAttribute):
name = "LLTD Attribute - Performance Counter Frequency"
fields_desc = [
ByteField("len", 8),
LongField("freq", 0),
]
@_register_lltd_specific_class(12)
class LLTDAttributeLinkSpeed(LLTDAttribute):
name = "LLTD Attribute - Link Speed"
fields_desc = [
ByteField("len", 4),
IntField("speed", 0),
]
@_register_lltd_specific_class(14, 24, 26)
class LLTDAttributeLargeTLV(LLTDAttribute):
name = "LLTD Attribute - Large TLV"
fields_desc = [
ByteField("len", 0),
]
@_register_lltd_specific_class(15)
class LLTDAttributeMachineName(LLTDAttribute):
name = "LLTD Attribute - Machine Name"
fields_desc = [
FieldLenField("len", None, length_of="hostname", fmt="B"),
StrLenFieldUtf16("hostname", "", length_from=lambda pkt: pkt.len),
]
def mysummary(self):
return (self.sprintf("Hostname: %r" % self.hostname),
[LLTD, LLTDAttributeHostID])
@_register_lltd_specific_class(18)
class LLTDAttributeDeviceUUID(LLTDAttribute):
name = "LLTD Attribute - Device UUID"
fields_desc = [
FieldLenField("len", None, length_of="uuid", fmt="B"),
StrLenField("uuid", b"\x00" * 16, length_from=lambda pkt: pkt.len),
]
@_register_lltd_specific_class(20)
class LLTDAttributeQOSCharacteristics(LLTDAttribute):
name = "LLTD Attribute - QoS Characteristics"
fields_desc = [
ByteField("len", 4),
FlagsField("flags", 0, 3, "EQP"),
BitField("reserved1", 0, 13),
ShortField("reserved2", 0),
]
@_register_lltd_specific_class(21)
class LLTDAttribute80211PhysicalMedium(LLTDAttribute):
name = "LLTD Attribute - 802.11 Physical Medium"
fields_desc = [
ByteField("len", 1),
ByteEnumField("medium", 0, {
0: "Unknown",
1: "FHSS 2.4 GHz",
2: "DSSS 2.4 GHz",
3: "IR Baseband",
4: "OFDM 5 GHz",
5: "HRDSSS",
6: "ERP",
}),
]
@_register_lltd_specific_class(25)
class LLTDAttributeSeesList(LLTDAttribute):
name = "LLTD Attribute - Sees List Working Set"
fields_desc = [
ByteField("len", 2),
ShortField("max_entries", 0),
]
bind_layers(Ether, LLTD, type=0x88d9)
bind_layers(LLTD, LLTDDiscover, tos=0, function=0)
bind_layers(LLTD, LLTDDiscover, tos=1, function=0)
bind_layers(LLTD, LLTDHello, tos=0, function=1)
bind_layers(LLTD, LLTDHello, tos=1, function=1)
bind_layers(LLTD, LLTDEmit, tos=0, function=2)
bind_layers(LLTD, LLTDQueryResp, tos=0, function=7)
bind_layers(LLTD, LLTDQueryLargeTlv, tos=0, function=11)
bind_layers(LLTD, LLTDQueryLargeTlvResp, tos=0, function=12)
bind_layers(LLTDHello, LLTDAttribute)
bind_layers(LLTDAttribute, LLTDAttribute)
bind_layers(LLTDAttribute, Padding, type=0)
bind_layers(LLTDEmiteeDesc, Padding)
bind_layers(LLTDRecveeDesc, Padding)
# Utils
########
class LargeTlvBuilder(object):
"""An object to build content fetched through LLTDQueryLargeTlv /
LLTDQueryLargeTlvResp packets.
Usable with a PacketList() object:
>>> p = LargeTlvBuilder()
>>> p.parse(rdpcap('capture_file.cap'))
Or during a network capture:
>>> p = LargeTlvBuilder()
>>> sniff(filter="ether proto 0x88d9", prn=p.parse)
To get the result, use .get_data()
"""
def __init__(self):
self.types_offsets = {}
self.data = {}
def parse(self, plist):
"""Update the builder using the provided `plist`. `plist` can
be either a Packet() or a PacketList().
"""
if not isinstance(plist, PacketList):
plist = PacketList(plist)
for pkt in plist[LLTD]:
if LLTDQueryLargeTlv in pkt:
key = "%s:%s:%d" % (pkt.real_dst, pkt.real_src, pkt.seq)
self.types_offsets[key] = (pkt[LLTDQueryLargeTlv].type,
pkt[LLTDQueryLargeTlv].offset)
elif LLTDQueryLargeTlvResp in pkt:
try:
key = "%s:%s:%d" % (pkt.real_src, pkt.real_dst, pkt.seq)
content, offset = self.types_offsets[key]
except KeyError:
continue
loc = slice(offset, offset + pkt[LLTDQueryLargeTlvResp].len)
key = "%s > %s [%s]" % (
pkt.real_src, pkt.real_dst,
LLTDQueryLargeTlv.fields_desc[0].i2s.get(content, content),
)
data = self.data.setdefault(key, array("B"))
datalen = len(data)
if datalen < loc.stop:
data.extend(array("B", b"\x00" * (loc.stop - datalen)))
data[loc] = array("B", pkt[LLTDQueryLargeTlvResp].value)
def get_data(self):
"""Returns a dictionary object, keys are strings "source >
destincation [content type]", and values are the content
fetched, also as a string.
"""
return {key: "".join(chr(byte) for byte in data)
for key, data in six.iteritems(self.data)}