Interwebs O Trash - IoT Hacking Stuff
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

sendBroadcast.py 1.6KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546
  1. #!/usr/bin/python3
  2. import socket
  3. from pprint import pprint
  4. # broadcast packet to discover devices
  5. DISCOVERY_MESSAGE = bytearray(128)
  6. # at index 24, 4 bytes: 0xe0070b11
  7. DISCOVERY_MESSAGE[24] = 0xe0
  8. DISCOVERY_MESSAGE[25] = 0x07
  9. DISCOVERY_MESSAGE[26] = 0x0b
  10. DISCOVERY_MESSAGE[27] = 0x11
  11. # these appear to be magical. Need to wiretap to see why it is this way
  12. # it would be neat to run a fuzzer on this. Just 32 bits...
  13. # reusable socket to send broadcast packets, and get responses
  14. b = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  15. b.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
  16. b.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
  17. b.bind(("0.0.0.0", 8900))
  18. #b.sendto(DISCOVERY_MESSAGE, ("255.255.255.255", 5588)) # this doesn't do anything
  19. b.sendto(DISCOVERY_MESSAGE, ("255.255.255.255", 25)) # this works
  20. rdata, addr = b.recvfrom(512)
  21. data = rdata.replace(b"\x00",b" ")
  22. def parse408(m):
  23. d = {}
  24. d["version"] = m[4:9].strip().decode("ascii")
  25. d["id"] = m[10:41].strip().decode("ascii")
  26. d["name"] = m[42:73].strip().decode("ascii")
  27. d["short-id"] = m[74:105].strip().decode("ascii")
  28. d["time"] = m[106:119]
  29. d["region"] = m[252:259].strip().decode("ascii")
  30. d["area-code"] = m[260:265].strip().decode("ascii")
  31. d["ip-a"] = m[272:287].strip().decode("ascii")
  32. d["ip-b"] = m[288:303].strip().decode("ascii")
  33. d["ip-c"] = m[304:319].strip().decode("ascii")
  34. d["string3"] = m[338:367].strip().decode("ascii")
  35. d["mac"] = m[368:385].strip().decode("ascii")
  36. d["host"] = m[386:403].strip().decode("ascii")
  37. return d
  38. pprint(parse408(data))