1 files changed, 26 insertions, 48 deletions
diff --git a/parse_pcap.py b/parse_pcap.py
index 3214f15..bcc3e69 100644
--- a/parse_pcap.py
+++ b/parse_pcap.py
@@ -1,61 +1,39 @@
 import dpkt
+import json
 import binascii
-from keystore import KEYSTORE
 from cStringIO import StringIO
 from inform import InformSerializer, Cryptor
+d = json.load(open("devices.json"))
+KEYSTORE = { i['mac']: i['x_authkey'] for i in d }
 def add_colons_to_mac(mac_addr):
    mac_addr = binascii.hexlify(mac_addr)
    return ":".join([mac_addr[i*2:i*2+2] for i in range(12/2)]).lower()
-for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")):
+records = []
-    eth = dpkt.ethernet.Ethernet(buf)
+buffer = StringIO()
-    data = eth.data.tcp.data.split("\r\n")
-    header, data = data[0], data[-1]
-    keys = [
-        KEYSTORE.get(add_colons_to_mac(eth.src)),
-        KEYSTORE.get(add_colons_to_mac(eth.dst)),
-        KEYSTORE.get("00:00:00:00:00:00")
-    ]
-    if not data.startswith("TNBU"):
+for ts, buf in dpkt.pcap.Reader(open("mfi.out")):
+    eth = dpkt.ethernet.Ethernet(buf)
+    data = eth.data.tcp.data.split("\r\n")[-1]
+    if data.startswith("TNBU") and buffer.tell() != 0:
+        records.append(buffer.getvalue())
+        buffer.seek(0)
+        buffer.write(data)
+    else:
+        buffer.write(data)
+ser = InformSerializer("", KEYSTORE)
+for data in records:
+    try:
+        packet = ser.parse(StringIO(data))
+        print packet.raw_payload
+    except:
+        print "BAD"
        continue
-    for key in keys:
-        if key is None:
-            continue
-        ser = InformSerializer(key)
-        try:
-            packet = ser.parse(StringIO(data))
-            ser._decrypt_payload(packet)
-            if not packet.raw_payload.startswith("{"):
-                continue
-            else:
-                break
-        except ValueError as err:
-            if '16' in err.message:
-                #to_add = 16 - (len(data[40:]) % 16)
-                #decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add))
-                continue
-            else:
-                raise
-        packet = None
-        if not packet:
-            print "Bad Packet"
-            continue
-        else:
-            print packet.raw_payload
-        #type = packet.payload.get('_type', None)
-        #if type and (not type == 'noop'):
-        #    print packet.raw_payload

diff --git a/parse_pcap.py b/parse_pcap.py index 3214f15..bcc3e69 100644 --- a/parse_pcap.py +++ b/parse_pcap.py
@@ -1,61 +1,39 @@
1	import dpkt	1	import dpkt
		2	import json
2	import binascii	3	import binascii
3	from keystore import KEYSTORE
4	from cStringIO import StringIO	4	from cStringIO import StringIO
5	from inform import InformSerializer, Cryptor	5	from inform import InformSerializer, Cryptor
6		6
7		7
		8	d = json.load(open("devices.json"))
		9	KEYSTORE = { i['mac']: i['x_authkey'] for i in d }
		10
		11
8	def add_colons_to_mac(mac_addr):	12	def add_colons_to_mac(mac_addr):
9	mac_addr = binascii.hexlify(mac_addr)	13	mac_addr = binascii.hexlify(mac_addr)
10	return ":".join([mac_addr[i2:i2+2] for i in range(12/2)]).lower()	14	return ":".join([mac_addr[i2:i2+2] for i in range(12/2)]).lower()
11		15
12		16
13	for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")):	17	records = []
14	eth = dpkt.ethernet.Ethernet(buf)	18	buffer = StringIO()
15	data = eth.data.tcp.data.split("\r\n")
16	header, data = data[0], data[-1]
17
18	keys = [
19	KEYSTORE.get(add_colons_to_mac(eth.src)),
20	KEYSTORE.get(add_colons_to_mac(eth.dst)),
21	KEYSTORE.get("00:00:00:00:00:00")
22	]
23		19
24	if not data.startswith("TNBU"):	20	for ts, buf in dpkt.pcap.Reader(open("mfi.out")):
		21	eth = dpkt.ethernet.Ethernet(buf)
		22	data = eth.data.tcp.data.split("\r\n")[-1]
		23
		24	if data.startswith("TNBU") and buffer.tell() != 0:
		25	records.append(buffer.getvalue())
		26	buffer.seek(0)
		27	buffer.write(data)
		28	else:
		29	buffer.write(data)
		30
		31
		32	ser = InformSerializer("", KEYSTORE)
		33	for data in records:
		34	try:
		35	packet = ser.parse(StringIO(data))
		36	print packet.raw_payload
		37	except:
		38	print "BAD"
25	continue	39	continue
26
27	for key in keys:
28	if key is None:
29	continue
30
31	ser = InformSerializer(key)
32
33	try:
34	packet = ser.parse(StringIO(data))
35	ser._decrypt_payload(packet)
36
37	if not packet.raw_payload.startswith("{"):
38	continue
39	else:
40	break
41	except ValueError as err:
42	if '16' in err.message:
43	#to_add = 16 - (len(data[40:]) % 16)
44	#decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add))
45	continue
46	else:
47	raise
48
49	packet = None
50
51
52	if not packet:
53	print "Bad Packet"
54	continue
55	else:
56	print packet.raw_payload
57
58	#type = packet.payload.get('_type', None)
59
60	#if type and (not type == 'noop'):
61	# print packet.raw_payload