-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathADDRESS_identifier.py
165 lines (143 loc) · 4.79 KB
/
ADDRESS_identifier.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
#! /usr/bin/env python
# FIXME: This tools should identify gateways, clients, and their associated PANIDs
###############################
# Imports taken from zbscapy
###############################
# Import logging to suppress Warning messages
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
try:
from scapy.all import *
except ImportError:
print 'This Requires Scapy To Be Installed.'
from sys import exit
exit(-1)
from killerbee import *
from killerbee.scapy_extensions import * # this is explicit because I didn't want to modify __init__.py
del hexdump
from scapy.utils import hexdump # Force using Scapy's hexdump()
import os, sys, struct
from glob import glob
###############################
###############################
# Processing Functions
###############################
# Defaults
indent = " "
DEBUG = False
SHOW_RAW = False
#zb_file = None
zb_files = []
network_key = None
cert_key = None
SE_Smart_Energy_Profile = 0x0109 # 265
# Dictionaries may not be processed in order. Therefore, these must be separate lists
ZB_Layers = [ \
Dot15d4, \
Dot15d4FCS, \
Dot15d4Beacon, \
Dot15d4Data, \
Dot15d4Ack, \
Dot15d4Cmd, \
ZigbeeNWK, \
ZigBeeBeacon, \
ZigbeeSecurityHeader, \
ZigbeeAppDataPayload, \
ZigbeeAppCommandPayload, \
]
ZB_Layers_Names = [ \
"Dot15d4", \
"Dot15d4FCS", \
"Dot15d4Beacon", \
"Dot15d4Data", \
"Dot15d4Ack", \
"Dot15d4Cmd", \
"ZigbeeNWK", \
"ZigBeeBeacon", \
"ZigbeeSecurityHeader", \
"ZigbeeAppDataPayload", \
"ZigbeeAppCommandPayload" \
]
# Addresses
zb_addrs = { \
'src_addr':'00:00:00:00:00:00', \
'dest_addr':'00:00:00:00:00:00', \
'extended_pan_id':'00:00:00:00:00:00', \
'src_addr':0xffff, \
'source':'00:00:00:00:00:00', \
#'source':0xffff, \
'src_panid':0xffff, \
'ext_src':'00:00:00:00:00:00', \
'dest_panid':0xffff, \
'dest_addr':0x0, \
'destination':0xffff \
}
addr_names = zb_addrs.keys()
def usage():
print "%s Usage"%sys.argv[0]
print " -h: help"
print " -f <filename>: capture file with zigbee packets."
print " -d <directory name>: directory containing capture files with zigbee packets."
print " -D: Turn on debugging."
sys.exit()
def detect_encryption(pkt):
'''detect_entryption: Does this packet have encrypted information? Return: True or False'''
if not pkt.haslayer(ZigbeeSecurityHeader) or not pkt.haslayer(ZigbeeNWK):
return False
return True
def detect_app_layer(pkt):
'''detect_entryption: Does this packet have encrypted information? Return: True or False'''
if not pkt.haslayer(ZigbeeAppDataPayload):
return False
return True
def detect_layer(pkt,layer):
'''detect_entryption: Does this packet have encrypted information? Return: True or False'''
#if not pkt.haslayer(ZigbeeAppDataPayload):
if not pkt.haslayer(layer):
return False
return True
###############################
if __name__ == '__main__':
# Process options
ops = ['-f','-d','-D','-h']
while len(sys.argv) > 1:
op = sys.argv.pop(1)
if op == '-f':
zb_files = [sys.argv.pop(1)]
if op == '-d':
dir_name = sys.argv.pop(1)
zb_files = glob(os.path.abspath(os.path.expanduser(os.path.expandvars(dir_name))) + '/*.pcap')
if op == '-D':
DEBUG = True
if op == '-h':
usage()
if op not in ops:
print "Unknown option:",op
usage()
# Test for user input
if not zb_files: usage()
#if not network_key: usage()
if DEBUG: print "\nProcessing files:",zb_files,"\n"
for zb_file in zb_files:
if DEBUG: print "\nProcessing file:",zb_file,"\n"
#print "\nProcessing file:",zb_file,"\n"
data = kbrdpcap(zb_file)
num_pkts = len(data)
# Detect Layers
if DEBUG: print indent + "Detecting ZigBee Layers"
for e in range(num_pkts):
if DEBUG: print indent + "Packet " + str(e),data[e].summary()
for l in ZB_Layers:
if detect_layer(data[e],l):
print indent*2 + ZB_Layers_Names[ZB_Layers.index(l)]
fields = data[e].getlayer(l).fields
if DEBUG: print indent*3 + "Fields:",fields
for a in addr_names:
if fields.has_key(a) and fields[a]:
val = fields[a]
# If this is an extended address then we have to split
if val > 0xffff:
print indent*3 + a + ":",':'.join(x.encode('hex') for x in struct.pack('>Q',val))
else:
print indent*3 + a + ":",hex(val)
print ""