Browse Source

initial commit

Jared Dunbar 1 year ago
commit
5dd5a4ff44
Signed by: Jared Dunbar <jrddunbr@gmail.com> GPG Key ID: CF202CC859BAC692
2 changed files with 91 additions and 0 deletions
  1. 45
    0
      dissector.lua
  2. 46
    0
      sendBroadcast.py

+ 45
- 0
dissector.lua View File

@@ -0,0 +1,45 @@
1
+-- protocol dissector for EcoPlugs protocol
2
+
3
+-- declare our protocol
4
+eocProt = Proto("EP","EcoPlugs IoT")
5
+
6
+-- create a function to dissect it
7
+function eocProt.dissector(buffer,pinfo,tree)
8
+  pinfo.cols.protocol = "EP"
9
+  local protocolTree = tree:add(eocProt, buffer(), "EcoPlugs Protocol Data")
10
+
11
+  if buffer:len() == 408 then
12
+    -- this is a broadcast packet response
13
+    protocolTree:add(buffer(4,6), "Version: " .. buffer(4,6):stringz())
14
+    protocolTree:add(buffer(10,32), "ID: " .. buffer(10,32):stringz())
15
+    protocolTree:add(buffer(42,32), "Name: " .. buffer(42,32):stringz())
16
+    protocolTree:add(buffer(74,32), "Short ID: ".. buffer(74,32):stringz())
17
+    protocolTree:add(buffer(106,14), "Time: " .. buffer(106,14))
18
+    protocolTree:add(buffer(252,8), "Region: " .. buffer(252,8):stringz())
19
+    protocolTree:add(buffer(260,5), "Zip Code: " .. buffer(260,5):stringz())
20
+    ipl = protocolTree:add(buffer(272,48), "Cloud IP Addresses")
21
+    ipl:add(buffer(272,16), "Cloud IP 1: " .. buffer(272,16):stringz())
22
+    ipl:add(buffer(288,16), "Cloud IP 2: " .. buffer(288,16):stringz())
23
+    ipl:add(buffer(304,16), "Cloud IP 3: " .. buffer(304,16):stringz())
24
+    protocolTree:add(buffer(368,18), "Device MAC Address: " .. buffer(368,18):stringz())
25
+    protocolTree:add(buffer(386,18), "Host: " .. buffer(386,18):stringz())
26
+  else
27
+    -- this is a query/set command
28
+    protocolTree:add(buffer(0,6), "Command: " .. buffer(0,6))
29
+    protocolTree:add(buffer(6,4), "Model: " .. buffer(6,4))
30
+    protocolTree:add(buffer(10,6), "Version: " .. buffer(10,6):stringz())
31
+    protocolTree:add(buffer(16,32), "ID: " .. buffer(16,32):stringz())
32
+    protocolTree:add(buffer(48,32), "Name: " .. buffer(48,32):stringz())
33
+    protocolTree:add(buffer(80,32), "Short ID: ".. buffer(80,32):stringz())
34
+    -- set command here
35
+    if buffer:len() == 130 then
36
+      protocolTree:add(buffer(128,2), "Set Mode: " .. buffer(128,2))
37
+    end
38
+  end
39
+end
40
+
41
+-- load the udp.port table
42
+udp_table = DissectorTable.get("udp.port")
43
+
44
+-- register our protocol to handle udp port 25 and if I could, dest ports of 31423
45
+udp_table:add(25, eocProt)

+ 46
- 0
sendBroadcast.py View File

@@ -0,0 +1,46 @@
1
+#!/usr/bin/python3
2
+
3
+import socket
4
+from pprint import pprint
5
+
6
+# broadcast packet to discover devices
7
+DISCOVERY_MESSAGE = bytearray(128)
8
+# at index 24, 4 bytes: 0xe0070b11
9
+DISCOVERY_MESSAGE[24] = 0xe0
10
+DISCOVERY_MESSAGE[25] = 0x07
11
+DISCOVERY_MESSAGE[26] = 0x0b
12
+DISCOVERY_MESSAGE[27] = 0x11
13
+# these appear to be magical. Need to wiretap to see why it is this way
14
+# it would be neat to run a fuzzer on this. Just 32 bits...
15
+
16
+# reusable socket to send broadcast packets, and get responses
17
+b = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
18
+b.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
19
+b.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
20
+b.bind(("0.0.0.0", 8900))
21
+
22
+#b.sendto(DISCOVERY_MESSAGE, ("255.255.255.255", 5588)) # this doesn't do anything
23
+b.sendto(DISCOVERY_MESSAGE, ("255.255.255.255", 25)) # this works
24
+
25
+rdata, addr = b.recvfrom(512)
26
+
27
+data = rdata.replace(b"\x00",b" ")
28
+
29
+def parse408(m):
30
+    d = {}
31
+    d["version"] = m[4:9].strip().decode("ascii")
32
+    d["id"] = m[10:41].strip().decode("ascii")
33
+    d["name"] = m[42:73].strip().decode("ascii")
34
+    d["short-id"] = m[74:105].strip().decode("ascii")
35
+    d["time"] = m[106:119]
36
+    d["region"] = m[252:259].strip().decode("ascii")
37
+    d["area-code"] = m[260:265].strip().decode("ascii")
38
+    d["ip-a"] = m[272:287].strip().decode("ascii")
39
+    d["ip-b"] = m[288:303].strip().decode("ascii")
40
+    d["ip-c"] = m[304:319].strip().decode("ascii")
41
+    d["string3"] = m[338:367].strip().decode("ascii")
42
+    d["mac"] = m[368:385].strip().decode("ascii")
43
+    d["host"] = m[386:403].strip().decode("ascii")
44
+    return d
45
+
46
+pprint(parse408(data))

Loading…
Cancel
Save