aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLoek Le Blansch <loek@pipeframe.xyz>2024-08-22 14:38:23 +0200
committerLoek Le Blansch <loek@pipeframe.xyz>2024-08-22 14:38:23 +0200
commitd1755aa37e6d88c0b3681b28225732fd0da26424 (patch)
treed671610139e917c8d3eb7189622a8a8a77ecbd6e
parent10d4665466689918eed07d9edd6e38c6183d93e3 (diff)
WIP
-rw-r--r--wireshark/pictochat.lua70
1 files changed, 45 insertions, 25 deletions
diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua
index 82e6a31..34ca17e 100644
--- a/wireshark/pictochat.lua
+++ b/wireshark/pictochat.lua
@@ -34,30 +34,32 @@ pc.fields.user_mac = ProtoField.ether("pictochat.user.mac", "Address")
pc.fields.user_name = ProtoField.string("pictochat.user.name", "Nickname")
pc.fields.user_msg = ProtoField.string("pictochat.user.msg", "Message")
pc.fields.user_color = ProtoField.uint16("pictochat.user.color", "Color", base.DEC, {
- [0] = "Gray",
+ [0] = "Greyish blue",
[1] = "Brown",
[2] = "Red",
- [3] = "Pink",
+ [3] = "Light pink",
[4] = "Orange",
[5] = "Yellow",
[6] = "Lime",
- [7] = "Green",
- [8] = "Other green?",
- [9] = "Cyan",
- [10] = "Aqua",
- [11] = "Indigo",
- [12] = "Purple",
- [13] = "Violet",
- [14] = "Hot pink",
- [15] = "Hotter pink?",
+ [7] = "Light green",
+ [8] = "Dark green",
+ [9] = "Turqoise",
+ [10] = "Light blue",
+ [11] = "Blue",
+ [12] = "Dark blue",
+ [13] = "Dark purple",
+ [14] = "Light purple",
+ [15] = "Dark pink",
})
pc.fields.user_bday_month = ProtoField.uint8("pictochat.user.bday_month", "Month")
pc.fields.user_bday_day = ProtoField.uint8("pictochat.user.bday_day", "Day")
+pc.fields.msg_start_len = ProtoField.uint8("pictochat.msg.start_len", "Total length")
local nifi_length_field = Field.new("nifi.length")
local pc_msg_type_field = Field.new("pictochat.msg_type")
local pc_src_field = Field.new("pictochat.src")
local pc_dst_field = Field.new("pictochat.dst")
+local data_remaining = 0
function pc.dissector(buffer, pinfo, tree)
local header_length = nifi_length_field()()
@@ -94,6 +96,13 @@ function pc.dissector(buffer, pinfo, tree)
pc_tree:add_le(pc.fields.unknown, buffer(0x1e, 2))
buffer = buffer(0x20)
+ -- pretty wireshark shit
+ pinfo.cols.protocol = pc.name
+ pinfo.cols.src = tostring(pc_src_field())
+ pinfo.cols.dst = tostring(pc_dst_field())
+ pinfo.cols.info = pc_msg_type_field().display .. ", " .. (original and "Original" or "Resend")
+
+
pc_tree:add_le(pc.fields.payload_len, buffer(0x00, 2))
local payload_length = buffer(0x00, 2):le_uint()
buffer = buffer(0x02)
@@ -107,17 +116,34 @@ function pc.dissector(buffer, pinfo, tree)
payload:add(pc.fields.user_name, buffer(0x10, 20), buffer(0x10, 20):le_ustring())
payload:add(pc.fields.user_msg, buffer(0x24, 52), buffer(0x24, 52):le_ustring())
payload:add_le(pc.fields.user_color, buffer(0x58, 2))
- payload:add(pc.fields.user_bday_month, buffer(0x5a, 1))
- payload:add(pc.fields.user_bday_day, buffer(0x5b, 1))
+ local bday = payload:add(buffer(0x5a, 2), string.format("Birthday: %02d/%02d", buffer(0x5a, 1):uint(), buffer(0x5b, 1):uint()))
+ bday:add(pc.fields.user_bday_month, buffer(0x5a, 1))
+ bday:add(pc.fields.user_bday_day, buffer(0x5b, 1))
+ end
+
+ if
+ msg_type == 10 -- msg start
+ then
+ payload:add_le(pc.fields.msg_start_len, buffer(0x04, 2))
+ data_remaining = buffer(0x04, 2):le_uint()
- elseif
- msg_type == 10 or -- msg start
+ local segment = buffer(0):bytes()
+ local buf = ByteArray.tvb(segment, "Complete message???")
+ end
+
+ if
msg_type == 24 or -- msg end
msg_type == 86 -- msg body
then
payload:add_le(pc.fields.unknown, buffer(0x00, 2))
payload:add_le(pc.fields.data_len, buffer(0x02, 1))
local data_length = buffer(0x02, 1):le_uint()
+
+ if data_remaining > 0 then
+ data_remaining = data_remaining - data_length
+ pinfo.cols.info = string.format("Message body [remaining 0x%04x (%d) bytes]", data_remaining, data_remaining)
+ end
+
payload:add_le(pc.fields.data_end, buffer(0x03, 1))
-- This appears to be some kind of offset for indicating where to store the
-- current frame's data in a larger buffer. Messages sent in multiple parts
@@ -129,23 +155,17 @@ function pc.dissector(buffer, pinfo, tree)
buffer = buffer(0x08)
-- This appears to be the actual message data (the drawing) sent as an
-- array of 8x8 tiles.
- -- payload:add(pc.fields.data, buffer(0, data_length))
- -- buffer = buffer(data_length)
+ payload:add(pc.fields.data, buffer(0, data_length))
+ buffer = buffer(data_length)
payload:add_le(pc.fields.data_sequence, buffer(0x00, 2))
payload:add_le(pc.fields.unknown, buffer(0x02, 2)) -- copy
- buffer = buffer(0x04)
+ pc_tree:add_le(pc.fields.unknown, buffer(0x04, 2))
+ buffer = buffer(0x06)
end
buffer = buffer_next -- after payload
- pc_tree:add_le(pc.fields.unknown, buffer(0x00, 2))
pc_tree:add_le(pc.fields.magic_trailer, buffer(0x02, 2)) -- const 0xb8b6
-
- -- pretty wireshark shit
- pinfo.cols.protocol = pc.name
- pinfo.cols.src = tostring(pc_src_field())
- pinfo.cols.dst = tostring(pc_dst_field())
- pinfo.cols.info = pc_msg_type_field().display .. ", " .. (original and "Original" or "Resend")
end
register_postdissector(pc)