Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Impacket - Collection of Python classes for working with network protocols. 

2# 

3# SECUREAUTH LABS. Copyright (C) 2018 SecureAuth Corporation. All rights reserved. 

4# 

5# This software is provided under a slightly modified version 

6# of the Apache Software License. See the accompanying LICENSE file 

7# for more information. 

8# 

9# Description: 

10# Convenience packet unpackers for various network protocols 

11# implemented in the ImpactPacket module. 

12# 

13# Author: 

14# Javier Burroni (javier) 

15# Bruce Leidl (brl) 

16# Aureliano Calvo 

17# 

18 

19import array 

20 

21from impacket import ICMP6 

22from impacket import IP6 

23from impacket import IP6_Extension_Headers 

24from impacket import ImpactPacket 

25from impacket import LOG 

26from impacket import dot11 

27from impacket import wps, eap, dhcp 

28from impacket.cdp import CDP 

29 

30"""Classes to convert from raw packets into a hierarchy of 

31ImpactPacket derived objects. 

32 

33The protocol of the outermost layer must be known in advance, and the 

34packet must be fed to the corresponding decoder. From there it will 

35try to decode the raw data into a hierarchy of ImpactPacket derived 

36objects; if a layer's protocol is unknown, all the remaining data will 

37be wrapped into a ImpactPacket.Data object. 

38""" 

39 

40class Decoder: 

41 __decoded_protocol = None 

42 def decode(self, aBuffer): 

43 pass 

44 

45 def set_decoded_protocol(self, protocol): 

46 self.__decoded_protocol = protocol 

47 

48 def get_protocol(self, aprotocol): 

49 protocol = self.__decoded_protocol 

50 while protocol: 

51 if protocol.__class__ == aprotocol: 

52 break 

53 protocol=protocol.child() 

54 return protocol 

55 

56 def __str__(self): 

57 protocol = self.__decoded_protocol 

58 i=0 

59 out='' 

60 while protocol: 

61 tabline=' '*i+'+-'+str(protocol.__class__) 

62 out+="%s"%tabline+'\n' 

63 protocol=protocol.child() 

64 i+=1 

65 return out 

66 

67class EthDecoder(Decoder): 

68 def __init__(self): 

69 pass 

70 

71 def decode(self, aBuffer): 

72 e = ImpactPacket.Ethernet(aBuffer) 

73 self.set_decoded_protocol( e ) 

74 off = e.get_header_size() 

75 if e.get_ether_type() == ImpactPacket.IP.ethertype: 

76 self.ip_decoder = IPDecoder() 

77 packet = self.ip_decoder.decode(aBuffer[off:]) 

78 elif e.get_ether_type() == IP6.IP6.ethertype: 

79 self.ip6_decoder = IP6Decoder() 

80 packet = self.ip6_decoder.decode(aBuffer[off:]) 

81 elif e.get_ether_type() == ImpactPacket.ARP.ethertype: 

82 self.arp_decoder = ARPDecoder() 

83 packet = self.arp_decoder.decode(aBuffer[off:]) 

84 elif e.get_ether_type() == eap.DOT1X_AUTHENTICATION: 

85 self.eapol_decoder = EAPOLDecoder() 

86 packet = self.eapol_decoder.decode(aBuffer[off:]) 

87 # LLC ? 

88 elif e.get_ether_type() < 1500: 

89 self.llc_decoder = LLCDecoder() 

90 packet = self.llc_decoder.decode(aBuffer[off:]) 

91 else: 

92 self.data_decoder = DataDecoder() 

93 packet = self.data_decoder.decode(aBuffer[off:]) 

94 

95 e.contains(packet) 

96 return e 

97 

98# Linux "cooked" capture encapsulation. 

99# Used, for instance, for packets returned by the "any" interface. 

100class LinuxSLLDecoder(Decoder): 

101 def __init__(self): 

102 pass 

103 

104 def decode(self, aBuffer): 

105 e = ImpactPacket.LinuxSLL(aBuffer) 

106 self.set_decoded_protocol( e ) 

107 off = 16 

108 if e.get_ether_type() == ImpactPacket.IP.ethertype: 

109 self.ip_decoder = IPDecoder() 

110 packet = self.ip_decoder.decode(aBuffer[off:]) 

111 elif e.get_ether_type() == ImpactPacket.ARP.ethertype: 

112 self.arp_decoder = ARPDecoder() 

113 packet = self.arp_decoder.decode(aBuffer[off:]) 

114 elif e.get_ether_type() == eap.DOT1X_AUTHENTICATION: 

115 self.eapol_decoder = EAPOLDecoder() 

116 packet = self.eapol_decoder.decode(aBuffer[off:]) 

117 else: 

118 self.data_decoder = DataDecoder() 

119 packet = self.data_decoder.decode(aBuffer[off:]) 

120 

121 e.contains(packet) 

122 return e 

123 

124class IPDecoder(Decoder): 

125 def __init__(self): 

126 pass 

127 

128 def decode(self, aBuffer): 

129 i = ImpactPacket.IP(aBuffer) 

130 self.set_decoded_protocol ( i ) 

131 off = i.get_header_size() 

132 end = i.get_ip_len() 

133 # If ip_len == 0 we might be facing TCP segmentation offload, let's calculate the right len 

134 if end == 0: 134 ↛ 135line 134 didn't jump to line 135, because the condition on line 134 was never true

135 LOG.warning('IP len reported as 0, most probably because of TCP segmentation offload. Attempting to fix its size') 

136 i.set_ip_len(len(aBuffer)) 

137 end = i.get_ip_len() 

138 

139 if i.get_ip_p() == ImpactPacket.UDP.protocol: 139 ↛ 140line 139 didn't jump to line 140, because the condition on line 139 was never true

140 self.udp_decoder = UDPDecoder() 

141 packet = self.udp_decoder.decode(aBuffer[off:end]) 

142 elif i.get_ip_p() == ImpactPacket.TCP.protocol: 142 ↛ 143line 142 didn't jump to line 143, because the condition on line 142 was never true

143 self.tcp_decoder = TCPDecoder() 

144 packet = self.tcp_decoder.decode(aBuffer[off:end]) 

145 elif i.get_ip_p() == ImpactPacket.ICMP.protocol: 145 ↛ 148line 145 didn't jump to line 148, because the condition on line 145 was never false

146 self.icmp_decoder = ICMPDecoder() 

147 packet = self.icmp_decoder.decode(aBuffer[off:end]) 

148 elif i.get_ip_p() == ImpactPacket.IGMP.protocol: 

149 self.igmp_decoder = IGMPDecoder() 

150 packet = self.igmp_decoder.decode(aBuffer[off:end]) 

151 else: 

152 self.data_decoder = DataDecoder() 

153 packet = self.data_decoder.decode(aBuffer[off:end]) 

154 i.contains(packet) 

155 return i 

156 

157class IP6MultiProtocolDecoder(Decoder): 

158 def __init__(self, a_protocol_id): 

159 self.protocol_id = a_protocol_id 

160 

161 def decode(self, buffer): 

162 if self.protocol_id == ImpactPacket.UDP.protocol: 

163 self.udp_decoder = UDPDecoder() 

164 packet = self.udp_decoder.decode(buffer) 

165 elif self.protocol_id == ImpactPacket.TCP.protocol: 165 ↛ 166line 165 didn't jump to line 166, because the condition on line 165 was never true

166 self.tcp_decoder = TCPDecoder() 

167 packet = self.tcp_decoder.decode(buffer) 

168 elif self.protocol_id == ICMP6.ICMP6.protocol: 

169 self.icmp6_decoder = ICMP6Decoder() 

170 packet = self.icmp6_decoder.decode(buffer) 

171 else: 

172 # IPv6 Extension Headers lookup 

173 extension_headers = IP6_Extension_Headers.IP6_Extension_Header.get_extension_headers() 

174 if buffer and self.protocol_id in extension_headers: 

175 extension_header_decoder_class = extension_headers[self.protocol_id].get_decoder() 

176 self.extension_header_decoder = extension_header_decoder_class() 

177 packet = self.extension_header_decoder.decode(buffer) 

178 else: 

179 self.data_decoder = DataDecoder() 

180 packet = self.data_decoder.decode(buffer) 

181 

182 return packet 

183 

184class IP6Decoder(Decoder): 

185 def __init__(self): 

186 pass 

187 

188 def decode(self, buffer): 

189 ip6_packet = IP6.IP6(buffer) 

190 self.set_decoded_protocol(ip6_packet) 

191 start_pos = ip6_packet.get_header_size() 

192 end_pos = ip6_packet.get_payload_length() + start_pos 

193 contained_protocol = ip6_packet.get_next_header() 

194 

195 multi_protocol_decoder = IP6MultiProtocolDecoder(contained_protocol) 

196 child_packet = multi_protocol_decoder.decode(buffer[start_pos:end_pos]) 

197 

198 ip6_packet.contains(child_packet) 

199 return ip6_packet 

200 

201class HopByHopDecoder(Decoder): 

202 def __init__(self): 

203 pass 

204 

205 def decode(self, buffer): 

206 hop_by_hop = IP6_Extension_Headers.Hop_By_Hop(buffer) 

207 self.set_decoded_protocol(hop_by_hop) 

208 start_pos = hop_by_hop.get_header_size() 

209 contained_protocol = hop_by_hop.get_next_header() 

210 

211 multi_protocol_decoder = IP6MultiProtocolDecoder(contained_protocol) 

212 child_packet = multi_protocol_decoder.decode(buffer[start_pos:]) 

213 

214 hop_by_hop.contains(child_packet) 

215 return hop_by_hop 

216 

217class DestinationOptionsDecoder(Decoder): 

218 def __init__(self): 

219 pass 

220 

221 def decode(self, buffer): 

222 destination_options = IP6_Extension_Headers.Destination_Options(buffer) 

223 self.set_decoded_protocol(destination_options) 

224 start_pos = destination_options.get_header_size() 

225 contained_protocol = destination_options.get_next_header() 

226 

227 multi_protocol_decoder = IP6MultiProtocolDecoder(contained_protocol) 

228 child_packet = multi_protocol_decoder.decode(buffer[start_pos:]) 

229 

230 destination_options.contains(child_packet) 

231 return destination_options 

232 

233class RoutingOptionsDecoder(Decoder): 

234 def __init__(self): 

235 pass 

236 

237 def decode(self, buffer): 

238 routing_options = IP6_Extension_Headers.Routing_Options(buffer) 

239 self.set_decoded_protocol(routing_options) 

240 start_pos = routing_options.get_header_size() 

241 contained_protocol = routing_options.get_next_header() 

242 

243 multi_protocol_decoder = IP6MultiProtocolDecoder(contained_protocol) 

244 child_packet = multi_protocol_decoder.decode(buffer[start_pos:]) 

245 

246 routing_options.contains(child_packet) 

247 return routing_options 

248 

249class ICMP6Decoder(Decoder): 

250 def __init__(self): 

251 pass 

252 

253 def decode(self, buffer): 

254 icmp6_packet = ICMP6.ICMP6(buffer) 

255 self.set_decoded_protocol(icmp6_packet) 

256 start_pos = icmp6_packet.get_header_size() 

257 

258 self.data_decoder = DataDecoder() 

259 child_packet = self.data_decoder.decode(buffer[start_pos:]) 

260 icmp6_packet.contains(child_packet) 

261 return icmp6_packet 

262 

263 

264class ARPDecoder(Decoder): 

265 def __init__(self): 

266 pass 

267 

268 def decode(self, aBuffer): 

269 arp = ImpactPacket.ARP(aBuffer) 

270 self.set_decoded_protocol( arp ) 

271 off = arp.get_header_size() 

272 self.data_decoder = DataDecoder() 

273 packet = self.data_decoder.decode(aBuffer[off:]) 

274 arp.contains(packet) 

275 return arp 

276 

277class UDPDecoder(Decoder): 

278 def __init__(self): 

279 pass 

280 

281 def decode(self, aBuffer): 

282 u = ImpactPacket.UDP(aBuffer) 

283 self.set_decoded_protocol( u ) 

284 off = u.get_header_size() 

285 self.data_decoder = DataDecoder() 

286 packet = self.data_decoder.decode(aBuffer[off:]) 

287 u.contains(packet) 

288 return u 

289 

290class TCPDecoder(Decoder): 

291 def __init__(self): 

292 pass 

293 

294 def decode(self, aBuffer): 

295 t = ImpactPacket.TCP(aBuffer) 

296 self.set_decoded_protocol( t ) 

297 off = t.get_header_size() 

298 self.data_decoder = DataDecoder() 

299 packet = self.data_decoder.decode(aBuffer[off:]) 

300 t.contains(packet) 

301 return t 

302 

303class IGMPDecoder(Decoder): 

304 def __init__(self): 

305 pass 

306 def decode(self, aBuffer): 

307 ig = ImpactPacket.IGMP(aBuffer) 

308 off = ig.get_header_size() 

309 self.data_decoder = DataDecoder() 

310 packet = self.data_decoder.decode(aBuffer[off:]) 

311 ig.contains(packet) 

312 return ig 

313 

314 

315class IPDecoderForICMP(Decoder): 

316 """This class was added to parse the IP header of ICMP unreachables packets 

317 If you use the "standard" IPDecoder, it might crash (see bug #4870) ImpactPacket.py 

318 because the TCP header inside the IP header is incomplete""" 

319 def __init__(self): 

320 pass 

321 

322 def decode(self, aBuffer): 

323 i = ImpactPacket.IP(aBuffer) 

324 self.set_decoded_protocol( i ) 

325 off = i.get_header_size() 

326 if i.get_ip_p() == ImpactPacket.UDP.protocol: 

327 self.udp_decoder = UDPDecoder() 

328 packet = self.udp_decoder.decode(aBuffer[off:]) 

329 else: 

330 self.data_decoder = DataDecoder() 

331 packet = self.data_decoder.decode(aBuffer[off:]) 

332 i.contains(packet) 

333 return i 

334 

335class ICMPDecoder(Decoder): 

336 def __init__(self): 

337 pass 

338 

339 def decode(self, aBuffer): 

340 ic = ImpactPacket.ICMP(aBuffer) 

341 self.set_decoded_protocol( ic ) 

342 off = ic.get_header_size() 

343 if ic.get_icmp_type() == ImpactPacket.ICMP.ICMP_UNREACH: 343 ↛ 344line 343 didn't jump to line 344, because the condition on line 343 was never true

344 self.ip_decoder = IPDecoderForICMP() 

345 packet = self.ip_decoder.decode(aBuffer[off:]) 

346 else: 

347 self.data_decoder = DataDecoder() 

348 packet = self.data_decoder.decode(aBuffer[off:]) 

349 ic.contains(packet) 

350 return ic 

351 

352class DataDecoder(Decoder): 

353 def decode(self, aBuffer): 

354 d = ImpactPacket.Data(aBuffer) 

355 self.set_decoded_protocol( d ) 

356 return d 

357 

358class BaseDot11Decoder(Decoder): 

359 def __init__(self, key_manager=None): 

360 self.set_key_manager(key_manager) 

361 

362 def set_key_manager(self, key_manager): 

363 self.key_manager = key_manager 

364 

365 def find_key(self, bssid): 

366 try: 

367 key = self.key_manager.get_key(bssid) 

368 except: 

369 return False 

370 return key 

371 

372class RadioTapDecoder(BaseDot11Decoder): 

373 def __init__(self): 

374 BaseDot11Decoder.__init__(self) 

375 

376 def decode(self, aBuffer): 

377 rt = dot11.RadioTap(aBuffer) 

378 self.set_decoded_protocol( rt ) 

379 

380 self.do11_decoder = Dot11Decoder() 

381 self.do11_decoder.set_key_manager(self.key_manager) 

382 flags=rt.get_flags() 

383 if flags is not None: 383 ↛ 387line 383 didn't jump to line 387, because the condition on line 383 was never false

384 fcs=flags&dot11.RadioTap.RTF_FLAGS.PROPERTY_FCS_AT_END 

385 self.do11_decoder.FCS_at_end(fcs) 

386 

387 packet = self.do11_decoder.decode(rt.get_body_as_string()) 

388 

389 rt.contains(packet) 

390 return rt 

391 

392class Dot11Decoder(BaseDot11Decoder): 

393 def __init__(self): 

394 BaseDot11Decoder.__init__(self) 

395 self.__FCS_at_end = True 

396 

397 def FCS_at_end(self, fcs_at_end=True): 

398 self.__FCS_at_end=not not fcs_at_end 

399 

400 def decode(self, aBuffer): 

401 d = dot11.Dot11(aBuffer, self.__FCS_at_end) 

402 self.set_decoded_protocol( d ) 

403 

404 type = d.get_type() 

405 if type == dot11.Dot11Types.DOT11_TYPE_CONTROL: 405 ↛ 406line 405 didn't jump to line 406, because the condition on line 405 was never true

406 dot11_control_decoder = Dot11ControlDecoder() 

407 packet = dot11_control_decoder.decode(d.body_string) 

408 elif type == dot11.Dot11Types.DOT11_TYPE_DATA: 

409 dot11_data_decoder = Dot11DataDecoder(self.key_manager) 

410 

411 dot11_data_decoder.set_dot11_hdr(d) 

412 

413 packet = dot11_data_decoder.decode(d.body_string) 

414 elif type == dot11.Dot11Types.DOT11_TYPE_MANAGEMENT: 414 ↛ 419line 414 didn't jump to line 419, because the condition on line 414 was never false

415 dot11_management_decoder = Dot11ManagementDecoder() 

416 dot11_management_decoder.set_subtype(d.get_subtype()) 

417 packet = dot11_management_decoder.decode(d.body_string) 

418 else: 

419 data_decoder = DataDecoder() 

420 packet = data_decoder.decode(d.body_string) 

421 

422 d.contains(packet) 

423 return d 

424 

425class Dot11ControlDecoder(BaseDot11Decoder): 

426 def __init__(self): 

427 BaseDot11Decoder.__init__(self) 

428 self.__FCS_at_end = True 

429 

430 def FCS_at_end(self, fcs_at_end=True): 

431 self.__FCS_at_end=not not fcs_at_end 

432 

433 def decode(self, aBuffer): 

434 d = dot11.Dot11(aBuffer, self.__FCS_at_end) 

435 self.set_decoded_protocol(d) 

436 

437 self.subtype = d.get_subtype() 

438 if self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_CLEAR_TO_SEND: 

439 self.ctrl_cts_decoder = Dot11ControlFrameCTSDecoder() 

440 packet = self.ctrl_cts_decoder.decode(d.body_string) 

441 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_ACKNOWLEDGMENT: 

442 self.ctrl_ack_decoder = Dot11ControlFrameACKDecoder() 

443 packet = self.ctrl_ack_decoder.decode(d.body_string) 

444 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_REQUEST_TO_SEND: 

445 self.ctrl_rts_decoder = Dot11ControlFrameRTSDecoder() 

446 packet = self.ctrl_rts_decoder.decode(d.body_string) 

447 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_POWERSAVE_POLL: 

448 self.ctrl_pspoll_decoder = Dot11ControlFramePSPollDecoder() 

449 packet = self.ctrl_pspoll_decoder.decode(d.body_string) 

450 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_CF_END: 

451 self.ctrl_cfend_decoder = Dot11ControlFrameCFEndDecoder() 

452 packet = self.ctrl_cfend_decoder.decode(d.body_string) 

453 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_CF_END_CF_ACK: 

454 self.ctrl_cfendcfack_decoder = Dot11ControlFrameCFEndCFACKDecoder() 

455 packet = self.ctrl_cfendcfack_decoder.decode(d.body_string) 

456 else: 

457 data_decoder = DataDecoder() 

458 packet = data_decoder.decode(d.body_string) 

459 

460 d.contains(packet) 

461 return d 

462 

463class Dot11ControlFrameCTSDecoder(BaseDot11Decoder): 

464 def __init__(self): 

465 BaseDot11Decoder.__init__(self) 

466 

467 def decode(self, aBuffer): 

468 p = dot11.Dot11ControlFrameCTS(aBuffer) 

469 self.set_decoded_protocol(p) 

470 return p 

471 

472class Dot11ControlFrameACKDecoder(BaseDot11Decoder): 

473 def __init__(self): 

474 BaseDot11Decoder.__init__(self) 

475 

476 def decode(self, aBuffer): 

477 p = dot11.Dot11ControlFrameACK(aBuffer) 

478 self.set_decoded_protocol(p) 

479 return p 

480 

481class Dot11ControlFrameRTSDecoder(BaseDot11Decoder): 

482 def __init__(self): 

483 BaseDot11Decoder.__init__(self) 

484 

485 def decode(self, aBuffer): 

486 p = dot11.Dot11ControlFrameRTS(aBuffer) 

487 self.set_decoded_protocol(p) 

488 return p 

489 

490class Dot11ControlFramePSPollDecoder(BaseDot11Decoder): 

491 def __init__(self): 

492 BaseDot11Decoder.__init__(self) 

493 

494 def decode(self, aBuffer): 

495 p = dot11.Dot11ControlFramePSPoll(aBuffer) 

496 self.set_decoded_protocol(p) 

497 return p 

498 

499class Dot11ControlFrameCFEndDecoder(BaseDot11Decoder): 

500 def __init__(self): 

501 BaseDot11Decoder.__init__(self) 

502 

503 def decode(self, aBuffer): 

504 p = dot11.Dot11ControlFrameCFEnd(aBuffer) 

505 self.set_decoded_protocol(p) 

506 return p 

507class Dot11ControlFrameCFEndCFACKDecoder(BaseDot11Decoder): 

508 def __init__(self): 

509 BaseDot11Decoder.__init__(self) 

510 

511 def decode(self, aBuffer): 

512 p = dot11.Dot11ControlFrameCFEndCFACK(aBuffer) 

513 self.set_decoded_protocol(p) 

514 return p 

515 

516class Dot11DataDecoder(BaseDot11Decoder): 

517 def __init__(self, key_manager): 

518 BaseDot11Decoder.__init__(self, key_manager) 

519 

520 def set_dot11_hdr(self, dot11_obj): 

521 self.dot11 = dot11_obj 

522 

523 def decode(self, aBuffer): 

524 if self.dot11.get_fromDS() and self.dot11.get_toDS(): 524 ↛ 525line 524 didn't jump to line 525, because the condition on line 524 was never true

525 if self.dot11.is_QoS_frame(): 

526 p = dot11.Dot11DataAddr4QoSFrame(aBuffer) 

527 else: 

528 p = dot11.Dot11DataAddr4Frame(aBuffer) 

529 elif self.dot11.is_QoS_frame(): 529 ↛ 530line 529 didn't jump to line 530, because the condition on line 529 was never true

530 p = dot11.Dot11DataQoSFrame(aBuffer) 

531 else: 

532 p = dot11.Dot11DataFrame(aBuffer) 

533 self.set_decoded_protocol( p ) 

534 

535 if not self.dot11.get_protectedFrame(): 

536 self.llc_decoder = LLCDecoder() 

537 packet = self.llc_decoder.decode(p.body_string) 

538 else: 

539 if not self.dot11.get_fromDS() and self.dot11.get_toDS(): 539 ↛ 541line 539 didn't jump to line 541, because the condition on line 539 was never false

540 bssid = p.get_address1() 

541 elif self.dot11.get_fromDS() and not self.dot11.get_toDS(): 

542 bssid = p.get_address2() 

543 elif not self.dot11.get_fromDS() and not self.dot11.get_toDS(): 

544 bssid = p.get_address3() 

545 else: 

546 # WDS, this is the RA 

547 bssid = p.get_address1() 

548 

549 wep_decoder = Dot11WEPDecoder(self.key_manager) 

550 wep_decoder.set_bssid(bssid) 

551 packet = wep_decoder.decode(p.body_string) 

552 if packet is None: 552 ↛ 553line 552 didn't jump to line 553, because the condition on line 552 was never true

553 wpa_decoder = Dot11WPADecoder() 

554 packet = wpa_decoder.decode(p.body_string) 

555 if packet is None: 

556 wpa2_decoder = Dot11WPA2Decoder() 

557 packet = wpa2_decoder.decode(p.body_string) 

558 if packet is None: 

559 data_decoder = DataDecoder() 

560 packet = data_decoder.decode(p.body_string) 

561 

562 p.contains(packet) 

563 return p 

564 

565class Dot11WEPDecoder(BaseDot11Decoder): 

566 def __init__(self, key_manager): 

567 BaseDot11Decoder.__init__(self, key_manager) 

568 self.bssid = None 

569 

570 def set_bssid(self, bssid): 

571 self.bssid = bssid 

572 

573 def decode(self, aBuffer): 

574 wep = dot11.Dot11WEP(aBuffer) 

575 self.set_decoded_protocol( wep ) 

576 

577 if wep.is_WEP() is False: 577 ↛ 578line 577 didn't jump to line 578, because the condition on line 577 was never true

578 return None 

579 

580 key = self.find_key(self.bssid) 

581 if key: 

582 decoded_string=wep.get_decrypted_data(key) 

583 

584 wep_data = Dot11WEPDataDecoder() 

585 packet = wep_data.decode(decoded_string) 

586 else: 

587 data_decoder = DataDecoder() 

588 packet = data_decoder.decode(wep.body_string) 

589 

590 wep.contains(packet) 

591 

592 return wep 

593 

594class Dot11WEPDataDecoder(BaseDot11Decoder): 

595 def __init__(self): 

596 BaseDot11Decoder.__init__(self) 

597 

598 def decode(self, aBuffer): 

599 wep_data = dot11.Dot11WEPData(aBuffer) 

600 

601 if not wep_data.check_icv(): 

602 # TODO: Do something when the icv is not correct 

603 pass 

604 

605 self.set_decoded_protocol( wep_data ) 

606 

607 llc_decoder = LLCDecoder() 

608 packet = llc_decoder.decode(wep_data.body_string) 

609 

610 wep_data.contains(packet) 

611 

612 return wep_data 

613 

614 

615class Dot11WPADecoder(BaseDot11Decoder): 

616 def __init__(self): 

617 BaseDot11Decoder.__init__(self) 

618 

619 def decode(self, aBuffer, key=None): 

620 wpa = dot11.Dot11WPA(aBuffer) 

621 self.set_decoded_protocol( wpa ) 

622 

623 if wpa.is_WPA() is False: 

624 return None 

625 

626 if key: 

627 decoded_string=wpa.get_decrypted_data() 

628 

629 wpa_data = Dot11WPADataDecoder() 

630 packet = wpa_data.decode(decoded_string) 

631 else: 

632 data_decoder = DataDecoder() 

633 packet = data_decoder.decode(wpa.body_string) 

634 

635 wpa.contains(packet) 

636 

637 return wpa 

638 

639class Dot11WPADataDecoder(BaseDot11Decoder): 

640 def __init__(self): 

641 BaseDot11Decoder.__init__(self) 

642 

643 def decode(self, aBuffer): 

644 wpa_data = dot11.Dot11WPAData(aBuffer) 

645 self.set_decoded_protocol( wpa_data ) 

646 

647 llc_decoder = LLCDecoder() 

648 packet = self.llc_decoder.decode(wpa_data.body_string) 

649 

650 wpa_data.contains(packet) 

651 

652 return wpa_data 

653 

654class Dot11WPA2Decoder(BaseDot11Decoder): 

655 def __init__(self): 

656 BaseDot11Decoder.__init__(self) 

657 

658 def decode(self, aBuffer, key=None): 

659 wpa2 = dot11.Dot11WPA2(aBuffer) 

660 self.set_decoded_protocol( wpa2 ) 

661 

662 if wpa2.is_WPA2() is False: 

663 return None 

664 

665 if key: 

666 decoded_string=wpa2.get_decrypted_data() 

667 

668 wpa2_data = Dot11WPA2DataDecoder() 

669 packet = wpa2_data.decode(decoded_string) 

670 else: 

671 data_decoder = DataDecoder() 

672 packet = data_decoder.decode(wpa2.body_string) 

673 

674 wpa2.contains(packet) 

675 

676 return wpa2 

677 

678class Dot11WPA2DataDecoder(BaseDot11Decoder): 

679 def __init__(self): 

680 BaseDot11Decoder.__init__(self) 

681 

682 def decode(self, aBuffer): 

683 wpa2_data = dot11.Dot11WPA2Data(aBuffer) 

684 self.set_decoded_protocol( wpa2_data ) 

685 

686 llc_decoder = LLCDecoder() 

687 packet = self.llc_decoder.decode(wpa2_data.body_string) 

688 

689 wpa2_data.contains(packet) 

690 

691 return wpa2_data 

692 

693class LLCDecoder(Decoder): 

694 def __init__(self): 

695 pass 

696 

697 def decode(self, aBuffer): 

698 d = dot11.LLC(aBuffer) 

699 self.set_decoded_protocol( d ) 

700 

701 if d.get_DSAP()==dot11.SAPTypes.SNAP: 701 ↛ 710line 701 didn't jump to line 710, because the condition on line 701 was never false

702 if d.get_SSAP()==dot11.SAPTypes.SNAP: 702 ↛ 710line 702 didn't jump to line 710, because the condition on line 702 was never false

703 if d.get_control()==dot11.LLC.DLC_UNNUMBERED_FRAMES: 703 ↛ 710line 703 didn't jump to line 710, because the condition on line 703 was never false

704 snap_decoder = SNAPDecoder() 

705 packet = snap_decoder.decode(d.body_string) 

706 d.contains(packet) 

707 return d 

708 

709 # Only SNAP is implemented 

710 data_decoder = DataDecoder() 

711 packet = data_decoder.decode(d.body_string) 

712 d.contains(packet) 

713 return d 

714 

715class SNAPDecoder(Decoder): 

716 def __init__(self): 

717 pass 

718 

719 def decode(self, aBuffer): 

720 s = dot11.SNAP(aBuffer) 

721 self.set_decoded_protocol( s ) 

722 if s.get_OUI()==CDP.OUI and s.get_protoID()==CDP.Type: 722 ↛ 723line 722 didn't jump to line 723, because the condition on line 722 was never true

723 dec = CDPDecoder() 

724 packet = dec.decode(s.body_string) 

725 elif s.get_OUI()!=0x000000: 725 ↛ 727line 725 didn't jump to line 727, because the condition on line 725 was never true

726 # We don't know how to handle other than OUI=0x000000 (EtherType) 

727 self.data_decoder = DataDecoder() 

728 packet = self.data_decoder.decode(s.body_string) 

729 elif s.get_protoID() == ImpactPacket.IP.ethertype: 

730 self.ip_decoder = IPDecoder() 

731 packet = self.ip_decoder.decode(s.body_string) 

732 elif s.get_protoID() == ImpactPacket.ARP.ethertype: 732 ↛ 735line 732 didn't jump to line 735, because the condition on line 732 was never false

733 self.arp_decoder = ARPDecoder() 

734 packet = self.arp_decoder.decode(s.body_string) 

735 elif s.get_protoID() == eap.DOT1X_AUTHENTICATION: 

736 self.eapol_decoder = EAPOLDecoder() 

737 packet = self.eapol_decoder.decode(s.body_string) 

738 else: 

739 self.data_decoder = DataDecoder() 

740 packet = self.data_decoder.decode(s.body_string) 

741 

742 s.contains(packet) 

743 return s 

744 

745class CDPDecoder(Decoder): 

746 

747 def __init__(self): 

748 pass 

749 

750 def decode(self, aBuffer): 

751 s = CDP(aBuffer) 

752 self.set_decoded_protocol( s ) 

753 return s 

754 

755class Dot11ManagementDecoder(BaseDot11Decoder): 

756 def __init__(self): 

757 BaseDot11Decoder.__init__(self) 

758 self.subtype = None 

759 

760 def set_subtype(self, subtype): 

761 self.subtype=subtype 

762 

763 def decode(self, aBuffer): 

764 p = dot11.Dot11ManagementFrame(aBuffer) 

765 self.set_decoded_protocol( p ) 

766 

767 if self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_BEACON: 

768 self.mgt_beacon_decoder = Dot11ManagementBeaconDecoder() 

769 packet = self.mgt_beacon_decoder.decode(p.body_string) 

770 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST: 

771 self.mgt_probe_request_decoder = Dot11ManagementProbeRequestDecoder() 

772 packet = self.mgt_probe_request_decoder.decode(p.body_string) 

773 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE: 

774 self.mgt_probe_response_decoder = Dot11ManagementProbeResponseDecoder() 

775 packet = self.mgt_probe_response_decoder.decode(p.body_string) 

776 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DEAUTHENTICATION: 

777 self.mgt_deauthentication_decoder = Dot11ManagementDeauthenticationDecoder() 

778 packet = self.mgt_deauthentication_decoder.decode(p.body_string) 

779 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_AUTHENTICATION: 

780 self.mgt_Authentication_decoder = Dot11ManagementAuthenticationDecoder() 

781 packet = self.mgt_Authentication_decoder.decode(p.body_string) 

782 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DISASSOCIATION: 

783 self.mgt_disassociation_decoder = Dot11ManagementDisassociationDecoder() 

784 packet = self.mgt_disassociation_decoder.decode(p.body_string) 

785 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_REQUEST: 

786 self.mgt_association_request_decoder = Dot11ManagementAssociationRequestDecoder() 

787 packet = self.mgt_association_request_decoder.decode(p.body_string) 

788 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_RESPONSE: 

789 self.mgt_association_response_decoder = Dot11ManagementAssociationResponseDecoder() 

790 packet = self.mgt_association_response_decoder.decode(p.body_string) 

791 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_REQUEST: 

792 self.mgt_reassociation_request_decoder = Dot11ManagementReassociationRequestDecoder() 

793 packet = self.mgt_reassociation_request_decoder.decode(p.body_string) 

794 elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_RESPONSE: 794 ↛ 798line 794 didn't jump to line 798, because the condition on line 794 was never false

795 self.mgt_reassociation_response_decoder = Dot11ManagementReassociationResponseDecoder() 

796 packet = self.mgt_reassociation_response_decoder.decode(p.body_string) 

797 else: 

798 data_decoder = DataDecoder() 

799 packet = data_decoder.decode(p.body_string) 

800 

801 p.contains(packet) 

802 return p 

803 

804class Dot11ManagementBeaconDecoder(BaseDot11Decoder): 

805 def __init__(self): 

806 BaseDot11Decoder.__init__(self) 

807 

808 def decode(self, aBuffer): 

809 p = dot11.Dot11ManagementBeacon(aBuffer) 

810 self.set_decoded_protocol( p ) 

811 

812 return p 

813 

814class Dot11ManagementProbeRequestDecoder(BaseDot11Decoder): 

815 def __init__(self): 

816 BaseDot11Decoder.__init__(self) 

817 

818 def decode(self, aBuffer): 

819 p = dot11.Dot11ManagementProbeRequest(aBuffer) 

820 self.set_decoded_protocol( p ) 

821 

822 return p 

823 

824class Dot11ManagementProbeResponseDecoder(BaseDot11Decoder): 

825 def __init__(self): 

826 BaseDot11Decoder.__init__(self) 

827 

828 def decode(self, aBuffer): 

829 p = dot11.Dot11ManagementProbeResponse(aBuffer) 

830 self.set_decoded_protocol( p ) 

831 

832 return p 

833 

834class Dot11ManagementDeauthenticationDecoder(BaseDot11Decoder): 

835 def __init__(self): 

836 BaseDot11Decoder.__init__(self) 

837 

838 def decode(self, aBuffer): 

839 p = dot11.Dot11ManagementDeauthentication(aBuffer) 

840 self.set_decoded_protocol( p ) 

841 

842 return p 

843 

844class Dot11ManagementAuthenticationDecoder(BaseDot11Decoder): 

845 def __init__(self): 

846 BaseDot11Decoder.__init__(self) 

847 

848 def decode(self, aBuffer): 

849 p = dot11.Dot11ManagementAuthentication(aBuffer) 

850 self.set_decoded_protocol(p) 

851 

852 return p 

853 

854class Dot11ManagementDisassociationDecoder(BaseDot11Decoder): 

855 def __init__(self): 

856 BaseDot11Decoder.__init__(self) 

857 

858 def decode(self, aBuffer): 

859 p = dot11.Dot11ManagementDisassociation(aBuffer) 

860 self.set_decoded_protocol(p) 

861 

862 return p 

863 

864class Dot11ManagementAssociationRequestDecoder(BaseDot11Decoder): 

865 def __init__(self): 

866 BaseDot11Decoder.__init__(self) 

867 

868 def decode(self, aBuffer): 

869 p = dot11.Dot11ManagementAssociationRequest(aBuffer) 

870 self.set_decoded_protocol(p) 

871 

872 return p 

873 

874class Dot11ManagementAssociationResponseDecoder(BaseDot11Decoder): 

875 def __init__(self): 

876 BaseDot11Decoder.__init__(self) 

877 

878 def decode(self, aBuffer): 

879 p = dot11.Dot11ManagementAssociationResponse(aBuffer) 

880 self.set_decoded_protocol(p) 

881 

882 return p 

883 

884class Dot11ManagementReassociationRequestDecoder(BaseDot11Decoder): 

885 def __init__(self): 

886 BaseDot11Decoder.__init__(self) 

887 

888 def decode(self, aBuffer): 

889 p = dot11.Dot11ManagementReassociationRequest(aBuffer) 

890 self.set_decoded_protocol(p) 

891 

892 return p 

893 

894class Dot11ManagementReassociationResponseDecoder(BaseDot11Decoder): 

895 def __init__(self): 

896 BaseDot11Decoder.__init__(self) 

897 

898 def decode(self, aBuffer): 

899 p = dot11.Dot11ManagementReassociationResponse(aBuffer) 

900 self.set_decoded_protocol(p) 

901 

902 return p 

903 

904class BaseDecoder(Decoder): 

905 

906 def decode(self, buff): 

907 

908 packet = self.klass(buff) 

909 self.set_decoded_protocol(packet) 

910 cd = self.child_decoders.get(self.child_key(packet), DataDecoder()) 

911 packet.contains(cd.decode(packet.get_body_as_string())) 

912 return packet 

913 

914class SimpleConfigDecoder(BaseDecoder): 

915 

916 child_decoders = {} 

917 klass = wps.SimpleConfig 

918 child_key = lambda s,p: None 918 ↛ exitline 918 didn't run the lambda on line 918

919 

920 def decode(self, buff): 

921 sc = BaseDecoder.decode(self, buff) 

922 ary = array.array('B', sc.child().get_packet()) 

923 sc.unlink_child() 

924 tlv = wps.SimpleConfig.build_tlv_container() 

925 tlv.from_ary(ary) 

926 sc.contains(tlv) 

927 

928 return sc 

929 

930class EAPExpandedDecoder(BaseDecoder): 

931 child_decoders = { 

932 (eap.EAPExpanded.WFA_SMI, eap.EAPExpanded.SIMPLE_CONFIG): SimpleConfigDecoder(), 

933 } 

934 klass = eap.EAPExpanded 

935 child_key = lambda s,p: (p.get_vendor_id(), p.get_vendor_type()) 935 ↛ exitline 935 didn't run the lambda on line 935

936 

937class EAPRDecoder(BaseDecoder): 

938 child_decoders = { 

939 eap.EAPR.EXPANDED:EAPExpandedDecoder() 

940 } 

941 klass = eap.EAPR 

942 child_key = lambda s, p: p.get_type() 942 ↛ exitline 942 didn't run the lambda on line 942

943 

944class EAPDecoder(BaseDecoder): 

945 child_decoders = { 

946 eap.EAP.REQUEST: EAPRDecoder(), 

947 eap.EAP.RESPONSE: EAPRDecoder(), 

948 } 

949 klass = eap.EAP 

950 child_key = lambda s, p: p.get_code() 950 ↛ exitline 950 didn't run the lambda on line 950

951 

952class EAPOLDecoder(BaseDecoder): 

953 child_decoders = { 

954 eap.EAPOL.EAP_PACKET: EAPDecoder() 

955 } 

956 klass = eap.EAPOL 

957 child_key = lambda s, p: p.get_packet_type() 957 ↛ exitline 957 didn't run the lambda on line 957

958 

959class BootpDecoder(Decoder): 

960 def __init__(self): 

961 pass 

962 

963 def decode(self, aBuffer): 

964 d = dhcp.BootpPacket(aBuffer) 

965 self.set_decoded_protocol( d ) 

966 off = len(d.getData()) 

967 if dhcp.DhcpPacket(aBuffer[off:])['cookie'] == dhcp.DhcpPacket.MAGIC_NUMBER: 

968 self.data_decoder = DHCPDecoder() 

969 packet = self.data_decoder.decode(aBuffer[off:]) 

970 d.contains(packet) 

971 return d 

972 

973class DHCPDecoder(Decoder): 

974 def __init__(self): 

975 pass 

976 

977 def decode(self, aBuffer): 

978 d = dhcp.DhcpPacket(aBuffer) 

979 self.set_decoded_protocol( d ) 

980 return d