I’ve been using Scapy a bit and have been messing around with making packets. A problem I have is trying to specify certain data/options in packets. For example, I want to make a DHCP packet with option 60 but I don’t know what is valid input data to use for this. I know the packet should have a DHCP.options list and I can add options like this into the list, but how do I know what type and what range of data I can actually use? I also know I can type DHCPOptions at the interpreter to see that it’s a ‘vendor class id’, but how would I actually properly add it to a packet?
Another example: for a TCP timestamp option, I discovered that I have to enter that as (‘Timestamp’, (int,int)), in other words a tuple of the string Timestamp and a tuple within that tuple of two integers, within some sort of range I don’t know.
So ultimately, my question is where/how do I find out how to add valid input data into packets in Scapy? Is there a list or documentation somewhere? I’ve searched around but couldn’t find it even in the source code and the documentation doesn’t seem helpful at all. Help is greatly appreciated!
Sample code:
p = Ether()/IP()/UDP()/BOOTP()/DHCP()
# ?:what goes in the list to correctly add any option?
p[DHCP].options = [(?,?)]
# Trying to add option 60 here, unsure how
p[DHCP].options.append( ('vendor_class_id', ?) )
I use option 60 merely as an example, but I want to know how to add any valid option.
well, this might not be the full answer, since i also found it hard to find such info, but...
for some options, you can check in dhcp.py how they are defined in DHCPOptions dictionary - for example, you see that renewal_time by its definition is of int type and as default set to 21600 - IntField("renewal_time", 21600).
for other info, i suggest to dig through RFCs. for example, RFC 2132 describes DHCP Options and BOOTP Vendor Extensions.
RFC 1497 solely refers to Vendor options.
Related
I am researching uses for Javacards and smartcards utilizing
different ATRs. I want to change these card's ATRs via python to be
different from the OEM ATR that comes on these cards as default. I
figured out a way to change the card's atr, however, it is utilizing a
script online - which really doesn't help.
Below is the script I found to change the ATR using PyResMan
script mode, however, it is only set to one atr, which is a bank and I
have no use for it.
The Script I found Online: {
(Beginning numbers show line numbers)
00A4040010********************************
00F00000
C0D6029A02F807
C0D601240108
C0D601470108
C0D601260403600000
C0D601490403600000
C0D6012201FE
C0D601360E0D80318065B0893501F183009000
C0D601590E0D80318065B0893501F183009000
C0D603010101
C0D6030510404142434445464748494A4B4C4D4E4F
C0D6031d0101
C0D6032110404142434445464748494A4B4C4D4E4F
C0D603390101
C0D6033D10404142434445464748494A4B4C4D4E4F
}
The problem with this script is that I only know what the first 2
lines do, and that lines 9&10 are the lines that actually contain the
data for the ATR changing process. I need to know how I can change the
ATR using the ATR in regular expression form.
If anyone knows a way to decode this script, and be able to edit it,
or knows an easier way to change the ATR of an Unfused or non
pre-presonialized javacard, please let me know! I've been researching
those for over a month now, and cannot find an answer that actually
works.
Setting the ATR for a smartcard is not primarily the domain of Javacard specification. Today there is no generic specification or method to set the ATR for all smartcards, as there is no universal way to initialize or personalize the smartcard itself and this is mostly vendor specific.
The script that you found online belongs to an NXP Javacard, this information is not standardized and is also not intended for public use to my knowledge, therefore is removed some sensible information. Please contact your card vendor to get information on how to change the ATR(it might not be possible or easy).
During my current project, I have been receiving data from a set of long-range sensors, which are sending data as a series of bytes. Generally, due to having multiple types of sensors, the bytes structures and data contained are different, hence the need to make the functionality more dynamic as to avoid having to hard-code every single setup in the future (which is not practical).
The server will be using Django, which I believe is irrelevant to the issue at hand but I have mentioned just in case it might have something that can be used.
The bytes data I am receiving looks like this:
b'B\x10Vu\x87%\x00x\r\x0f\x04\x01\x00\x00\x00\x00\x1e\x00\x00\x00\x00ad;l'
And my current process looks like this:
Take the first bytes to get the deviceID (deviceID = val[0:6].hex())
Look up the format to be used in the struct.unpack() (here: >BBHBBhBHhHL after removing the first bytes for the id.
Now, the issue is the next step. Many of the datas I have have different forms of per-processing that needs to be done. F.e. some values need to be ran with a join statement (e.g. ".".join(str(values[2]) ) while others need some simple mathematical changes (-113 + 2 * values[4]) and finally, others needs a simple logic check (values[7]==0x80) to return a boolean value.
My question is, what's the best way to code those methods? I would really like to avoid hardcoding them, but it almost seems like the best idea. another idea I saw was to store the functionalities as a string and execute them such as seen here, but I've been reading that its a very bad idea, and that it also slows down execution. The last idea I had was to hardcode some general functions only and use something similar to here, but this doesn't solve the issue of having to hard-code every new sensor-type, which is not realistic in a live-installation. Are there any better methods to achieve the same thing?
I have also looked at here, with the idea that some functionality can be somehow optimized as an equation, but I didn't see that a possibility for every occurrence, especially when any string manipulation is needed at all.
Additionally, is there a possibility of using some maths to apply some basic string manipulation? I can hard-code one string manipulation maybe, but to be honest this whole thing has been bugging me...
Finally, I am considering if I go with the function storing as string then executing, is there a way to set some "security" to avoid any malicious exploitation? Since such a method is... awful insecure to say the least.
However, after almost a week total of searching I am so far unable to find a better solution than storing functions as a string and running eval on them, despite not liking that option. If anyone finds a better option before then, I would be extremely grateful to any tips or ideas.
Appendum: Minimum code that can be used to show-case and test different methods:
import struct
def decode(input):
val = bytearray(input)
deviceID = val[0:6].hex()
del(val[0:6])
print(deviceID)
values = list(struct.unpack('>BBHBBhBHhHL', val))
print(values)
# Now what?
decode(b'B\x10Vu\x87%\x00x\r\x0f\x04\x01\x00\x00\x00\x00\x1e\x00\x00\x00\x00ad;l')
I am looking for a way to set a flag or some kind of identifier on a discord.Message object so that later, for example if a reaction is added, I could identify it as a certain type and do something with it. I need something similar to discord.MessageFlags, but with the option to set the key myself, or ideally even make it of arbitrary type (not Just Boolean).
Is there anything built in that I could use, or some hacky solution?
Also, if someone asks, I don't want to set up a database.
Edit: Alternatively is there a way to see if a certain bot command have sent a particular message?
THE PROBLEM:
I'm looking for a python library that might already implement a text parser that I have written in another language.
I have lines of text that represent either configuration commands in devices or dynamic output from commands run on devices. For simplicity, let's assume each line is parsed independently.
The bottom line is that a line contains fixed keywords and values/variables/parameters. Some keywords are optional and some are mandatory and in specific order. The number and type of variables/values associated with / following a given keyword can vary from one keyword to another.
SOLUTION IN OTHER LANGUAGE:
I wrote generic code in c++ that would parse any line and convert the input into structured data. The input to the code is
1. the line to be parsed and
2. a model/structure that described what keywords to look for, whether they are optional or not, in what order they might appear and what type of values/variables to expect for each (and also how many values/variables).
In c++ the interface allows the user among other things to supply a set of user-defined callback functions (one for each keyword) to be invoked by the parsing engine to supply the results (the parsed parameters associated with the given keyword). The implementation of the callback is user-defined but the callback signature is pre-defined.
WHAT ABOUT PYTHON?
I'm hoping for a simple library in python (or a completely different direction if this is something done differently/better in python) that provides an interface to specify the grammar/syntax/model of a given line (the details of all keywords, their order, what number and type of parameters each requires) and then does the parsing of input lines based on that syntax.
I'm not sure how much argparse fits what I need but this is not about parsing a command line input thou similar.
AN EXAMPLE:
Here is an example line from the IP networking world but the problem is more generic:
access-list SOMENAME-IN extended permit tcp host 117.21.212.54 host 174.163.16.23 range 5160 7000
In the above line, the keywords and their corresponding parameters are:
key: extended, no parameters
key: permit, no parameters
key: tcp, no parameters
key: host, par1: 117.21.212.54
key: host, par1: 174.163.16.23
key: range, par1: 5160, par2: 7000
This is a form of firewall access control list ACL. In this case the parser would be used to fill a structure that indicates
- the name of the ACL (SOMENAME-IN in the above example)
- the type of ACL (extended in the above example but there are other valid keywords)
- the protocol (tcp in the above example)
- the src host/IP (117.21.212.54 in the example)
- the src port (optional and not present in the above example)
- the dst host/IP (174.163.16.23 in the example)
- the dst port (a range of ports from 5160 to 7000 in the above example)
One can rather easily write a dedicated parser that assume the above example specific syntax and checks for it (perhaps this might also be more efficient and more clear since targeted to a specific syntax) but what I want is to be able to write a general parsing code, where all the keywords and the expected syntax is provided as data / model to the parsing engine which uses it to parse the lines and is also capable of pointing out errors in the parsed line.
I'm not obviously looking for a full solution cause that would be a lot but I hope for thoughts specifically in the context of using python and reusing any features or libraries python may have to do such parsing.
Thanks,
Al.
If I understand your needs correctly (and it is possible that I don't, because it is hard to know what limits you place on the possible grammars), then you should be able to solve this problem fairly simply with a tokeniser and a map of keyword parsers for each command.
If your needs are very simple, you might be able to tokenise using the split string method, but it is possible that you would prefer a tokeniser which at least handles quoted strings and maybe some operator symbols. The standard Python library provides the shlex module for this purpose.
There is no standard library module which does the parsing. There are a large variety of third-party parsing frameworks, but I think that they are likely to be overkill for your needs (although I might be wrong, and you might want to check them out even if you don't need anything that sophisticated). While I don't usually advocate hand-rolling a parser, this particular application is both simple enough to make that possible and sufficiently different from the possibilities of a context-free grammar to make direct coding useful.
(What makes a context-free grammar impractical is the desire to allow different command options to be provided in arbitrary order without allowing repetition of non-repeatable options. But rereading this answer, I realize that it is just an assumption on my part that you need that feature.)
How to get a list of values for fields for a layer in scapy? E.g., is there an easy way to see all the values usable for the 'options' field of DHCP (for example)? (I know I can dig around in the objects' dict's, etc. Is there a better way?).
The source code is usually a good place to look, especially when the documentation is sparse. Fortunately the author was kind enough to enumerate DHCP options in dhcp.DHCPOptions