diff options
Diffstat (limited to 'reversing_tools/parse_pcap.py')
-rwxr-xr-x | reversing_tools/parse_pcap.py | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/reversing_tools/parse_pcap.py b/reversing_tools/parse_pcap.py new file mode 100755 index 0000000..c29c1d2 --- /dev/null +++ b/reversing_tools/parse_pcap.py | |||
@@ -0,0 +1,60 @@ | |||
1 | #!/usr/bin/env python | ||
2 | |||
3 | import dpkt | ||
4 | import json | ||
5 | from cStringIO import StringIO | ||
6 | from inform import InformSerializer | ||
7 | |||
8 | |||
9 | def go_debug(filename): | ||
10 | arr = lambda x: [ord(i) for i in x] | ||
11 | packet = ser.parse(open('test_files/2.bin')) | ||
12 | return { | ||
13 | "magic": packet.magic_number, | ||
14 | "version": packet.version, | ||
15 | "mac": arr(packet.mac_addr), | ||
16 | "flags": packet.flags, | ||
17 | "iv": arr(packet.iv), | ||
18 | "data_version": packet.data_version, | ||
19 | "data_len": packet.data_length, | ||
20 | "raw_payload": json.packet.raw_payload, | ||
21 | "formatted_mac": packet.formatted_mac_addr, | ||
22 | "is_enc": packet.is_encrypted, | ||
23 | "is_comp": packet.is_compressed, | ||
24 | } | ||
25 | |||
26 | |||
27 | def collect_records(from_file): | ||
28 | records = [] | ||
29 | buffer = StringIO() | ||
30 | |||
31 | for ts, buf in dpkt.pcap.Reader(open(from_file)): | ||
32 | eth = dpkt.ethernet.Ethernet(buf) | ||
33 | data = eth.data.tcp.data.split("\r\n")[-1] | ||
34 | |||
35 | if data.startswith("TNBU") and buffer.tell() != 0: | ||
36 | records.append(buffer.getvalue()) | ||
37 | buffer.seek(0) | ||
38 | buffer.write(data) | ||
39 | else: | ||
40 | buffer.write(data) | ||
41 | |||
42 | return records | ||
43 | |||
44 | |||
45 | def make_serializer(from_file): | ||
46 | with open(from_file) as fp: | ||
47 | keystore = { i['mac']: i['x_authkey'] for i in json.load(fp) } | ||
48 | |||
49 | return InformSerializer("", keystore) | ||
50 | |||
51 | |||
52 | if __name__ == "__main__": | ||
53 | ser = make_serializer("devices.json") | ||
54 | |||
55 | for i, data in enumerate(collect_records("mfi.out")): | ||
56 | try: | ||
57 | packet = ser.parse(StringIO(data)) | ||
58 | print packet.raw_payload | ||
59 | except ValueError: | ||
60 | pass | ||