Add UDP checksum check - layer 4 solved

HbHbNr · Aug 29, 2020 · a4fe9d4 · a4fe9d4
1 parent 45dcd1f
commit a4fe9d4
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 15 deletions.
diff --git a/layer4.py b/layer4.py
@@ -12,6 +12,10 @@ def ipheaderchecksum(s, i, count):
 
     return sum
 
+def inttoaddr(i):
+    b = i.to_bytes(4, 'big')
+    return '{}.{}.{}.{}'.format(b[0], b[1], b[2], b[3])
+
 def parseIPpackage(s, i):
     version = s[i + 0] >> 4
     headerlength = (s[i + 0] & 0xf) * 4
@@ -20,47 +24,65 @@ def parseIPpackage(s, i):
     protocol = s[i + 9]
     sourceip = int.from_bytes([s[i + 12], s[i + 13], s[i + 14], s[i + 15]], 'big')
     destinationip = int.from_bytes([s[i + 16], s[i + 17], s[i + 18], s[i + 19]], 'big')
-    print(str(version) + ' ' + str(headerlength) + ' ' + str(totallength) + ' ' + str(identification) + ' ' + str(protocol) + ' ' + hex(sourceip) + ' ' + hex(destinationip))
+    #print(str(version) + ' ' + str(headerlength) + ' ' + str(totallength) + ' ' + str(identification) + ' '
+    #      + str(protocol) + ' ' + hex(sourceip) + ' ' + hex(destinationip))
 
-    content = ''
+    content = False
     ipchecksum2 = ipheaderchecksum(s, i, 10)
     if ipchecksum2 != 0xffff:
-        print('wrong IP checksum: ' + hex(ipchecksum2))
+        pass # print('wrong IP checksum: ' + hex(ipchecksum2))
     else:
         if protocol == 17:
             u = i + headerlength
             sourceport = int.from_bytes([s[u + 0], s[u + 1]], 'big')
             destinationport = int.from_bytes([s[u + 2], s[u + 3]], 'big')
             udplength = int.from_bytes([s[u + 4], s[u + 5]], 'big')
             udpchecksum = int.from_bytes([s[u + 6], s[u + 7]], 'big')
-            print(str(sourceport) + ' ' + str(destinationport) + ' ' + str(udplength) + ' ' + str(udpchecksum))
+            #print(str(sourceport) + ' ' + str(destinationport) + ' ' + str(udplength) + ' ' + str(udpchecksum))
+
+            pseudoheader = bytearray()
+            pseudoheader.extend(s[i + 12:i + 20])
+            pseudoheader.append(0)
+            pseudoheader.append(17)
+            pseudoheader.extend(s[u + 4:u + 6])
+            pseudoheader.extend(s[u + 0:u + udplength])
+            if len(pseudoheader) & 1:
+                pseudoheader.append(0)
 
-            udpchecksum2 = 0xabcd # needs proper checking of pseudo header
+            udpchecksum2 = ipheaderchecksum(pseudoheader, 0, len(pseudoheader) // 2)
             if udpchecksum2 != 0xffff:
-                print('wrong UDP checksum: ' + hex(udpchecksum2))
+                pass # print('wrong UDP checksum: ' + hex(udpchecksum2))
             else:
                 if sourceip == 0x0a01010a and destinationip == 0x0a0101c8 and destinationport == 42069:
                     content = s[u + 8:u + udplength]
+                else:
+                    pass # print('wrong ips or port: ' + inttoaddr(sourceip) + '->' + inttoaddr(destinationip) + ':' + str(destinationport))
+
+    #print(str(totallength) + '::' + content.decode())
     return (totallength, content)
 
 def parseIPpackages(stream):
     stream = bytes(stream)
     allcontent = bytearray()
-    num = 1
+    totalpackets = 0
+    invalidpackets = 0
     i = 0
     while i < len(stream):
-        print(str(num) + '.: ' + str(i))
+        totalpackets += 1
         (length, content) = parseIPpackage(stream, i)
         i += length
-        allcontent.extend(content)
-        num += 1
-    return allcontent
+        if content == False:
+            invalidpackets += 1
+        else:
+            allcontent.extend(content)
+    return (totalpackets, invalidpackets, allcontent)
 
 
 if __name__ == '__main__':
     import ascii85
 
     payload = ascii85.loadpayload('layers/layer4.txt')
     decoded = ascii85.decode(payload)
-    decoded = parseIPpackages(decoded)
-    print(decoded)
+    (totalpackets, invalidpackets, decoded) = parseIPpackages(decoded)
+    print('{} total packets found, of which {} were invalid.'.format(totalpackets, invalidpackets))
+    print(decoded[0:200].decode())
diff --git a/solve.py b/solve.py
@@ -1,4 +1,4 @@
-import ascii85, layer3
+import ascii85, layer3, layer4
 
 # GNU General Public License Version 3
 
@@ -53,7 +53,7 @@ def layer2filtervalid(payload):
             divided.append((i >> ((6 - ii) * 8)) & 255)
     return divided
 
-for layer in [3]:
+for layer in [4]:
     inputfile = 'layers/layer' + str(layer) + '.txt'
     outputfile = 'layers/layer' + str(layer + 1) + '.txt'
 
@@ -66,6 +66,8 @@ def layer2filtervalid(payload):
         decoded = layer2filtervalid(decoded)
     elif layer == 3:
         decoded = layer3.decrypt(decoded)
+    elif layer == 4:
+        (_, _, decoded) = layer4.parseIPpackages(decoded)
     #print(decoded[0:100].decode())
     #quit()
     dumpexcerpt(decoded.decode(), 200, 200)