12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- #!/usr/bin/python3
-
- import socket
- from pprint import pprint
-
- # broadcast packet to discover devices
- DISCOVERY_MESSAGE = bytearray(128)
- # at index 24, 4 bytes: 0xe0070b11
- DISCOVERY_MESSAGE[24] = 0xe0
- DISCOVERY_MESSAGE[25] = 0x07
- DISCOVERY_MESSAGE[26] = 0x0b
- DISCOVERY_MESSAGE[27] = 0x11
- # these appear to be magical. Need to wiretap to see why it is this way
- # it would be neat to run a fuzzer on this. Just 32 bits...
-
- # reusable socket to send broadcast packets, and get responses
- b = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- b.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- b.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
- b.bind(("0.0.0.0", 8900))
-
- #b.sendto(DISCOVERY_MESSAGE, ("255.255.255.255", 5588)) # this doesn't do anything
- b.sendto(DISCOVERY_MESSAGE, ("255.255.255.255", 25)) # this works
-
- rdata, addr = b.recvfrom(512)
-
- data = rdata.replace(b"\x00",b" ")
-
- def parse408(m):
- d = {}
- d["version"] = m[4:9].strip().decode("ascii")
- d["id"] = m[10:41].strip().decode("ascii")
- d["name"] = m[42:73].strip().decode("ascii")
- d["short-id"] = m[74:105].strip().decode("ascii")
- d["time"] = m[106:119]
- d["region"] = m[252:259].strip().decode("ascii")
- d["area-code"] = m[260:265].strip().decode("ascii")
- d["ip-a"] = m[272:287].strip().decode("ascii")
- d["ip-b"] = m[288:303].strip().decode("ascii")
- d["ip-c"] = m[304:319].strip().decode("ascii")
- d["string3"] = m[338:367].strip().decode("ascii")
- d["mac"] = m[368:385].strip().decode("ascii")
- d["host"] = m[386:403].strip().decode("ascii")
- return d
-
- pprint(parse408(data))
|