diff options
| author | lonkaars <loek@pipeframe.xyz> | 2024-05-02 16:58:35 +0200 |
|---|---|---|
| committer | lonkaars <loek@pipeframe.xyz> | 2024-05-02 16:58:35 +0200 |
| commit | 1634d546d3e941701fdbab211dfa376f334339f1 (patch) | |
| tree | 16aaba7f0d0b529fb6793809e1c05b87770c9b87 /wireshark | |
| parent | 7c402c347b46f908eefefb6a957bf92100061951 (diff) | |
WIP messy pictochat protocol dissector
Diffstat (limited to 'wireshark')
| -rw-r--r-- | wireshark/nifi.lua | 22 | ||||
| -rw-r--r-- | wireshark/pictochat.lua | 49 |
2 files changed, 56 insertions, 15 deletions
diff --git a/wireshark/nifi.lua b/wireshark/nifi.lua index 2bc96a6..d98324b 100644 --- a/wireshark/nifi.lua +++ b/wireshark/nifi.lua @@ -1,4 +1,4 @@ -local nifi = Proto("nifi", "Nintendo DS ni-fi") +local nifi = Proto("nifi", "Nintendo DS Ni-Fi") nifi.fields.magic = ProtoField.uint32("nifi.magic", "Magic", base.HEX) nifi.fields.senderid = ProtoField.int32("nifi.senderid", "SenderID", base.DEC) nifi.fields.type = ProtoField.new("Type", "nifi.type", ftypes.UINT32) @@ -17,23 +17,23 @@ local nifi_type_enum_field = Field.new("nifi.type.enum") function nifi.dissector(buffer, pinfo, tree) -- check magic ("NIFI") - if buffer(0, 4):uint() ~= 0x4e494649 then return end - local nifi_tree = tree:add(nifi, buffer(0, 24), "Ni-Fi data") - nifi_tree:add(nifi.fields.magic, buffer(0, 4)) + if buffer(0x00, 4):uint() ~= 0x4e494649 then return end + local nifi_tree = tree:add(nifi, buffer(0, 0x18), "Ni-Fi Header: 24 bytes") + nifi_tree:add(nifi.fields.magic, buffer(0x00, 4)) - nifi_tree:add_le(nifi.fields.senderid, buffer(4, 4)) + nifi_tree:add_le(nifi.fields.senderid, buffer(0x04, 4)) - local nifi_type_tree = nifi_tree:add_le(nifi.fields.type, buffer(8, 4)) - nifi_type_tree:add_le(nifi.fields.type_enum, buffer(8, 2)) - nifi_type_tree:add_le(nifi.fields.type_aid, buffer(10, 2)) + local nifi_type_tree = nifi_tree:add_le(nifi.fields.type, buffer(0x08, 4)) + nifi_type_tree:add_le(nifi.fields.type_enum, buffer(0x08, 2)) + nifi_type_tree:add_le(nifi.fields.type_aid, buffer(0x0a, 2)) - nifi_tree:add_le(nifi.fields.length, buffer(12, 4)) - nifi_tree:add_le(nifi.fields.timestamp, buffer(16, 8)) + nifi_tree:add_le(nifi.fields.length, buffer(0x0c, 4)) + nifi_tree:add_le(nifi.fields.timestamp, buffer(0x10, 8)) pinfo.cols.protocol = nifi.name pinfo.cols.src = nifi_senderid_field().display pinfo.cols.info = "type:" .. nifi_type_enum_field().display - return 24 + return 0x18 end diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua index 5eb8089..4927a9b 100644 --- a/wireshark/pictochat.lua +++ b/wireshark/pictochat.lua @@ -1,14 +1,55 @@ local pc = Proto("pictochat", "Nintendo DS PictoChat") +pc.fields.msg_type = ProtoField.uint16("pictochat.msg_type", "Frame type", base.DEC, { + [0] = "Message", + [1] = "???", +}) +pc.fields.resend = ProtoField.uint16("pictochat.resend", "Resend", base.DEC, { + [0] = "Resend", + [2] = "Original", +}) +-- TODO: 6 bytes unknown +pc.fields.length = ProtoField.uint16("pictochat.length", "Message length") +-- TODO: 4 bytes unknown +pc.fields.mp_sender = ProtoField.ether("pictochat.mp_sender", "Multiplayer sender MAC") +pc.fields.sender = ProtoField.ether("pictochat.sender", "Sender MAC") +pc.fields.unknown_counter = ProtoField.uint16("pictochat.unknown_counter", "Unknown counter") +-- TODO: 14 bytes unknown +pc.fields.content_offset = ProtoField.uint16("pictochat.content_offset", "Content offset") +pc.fields.content = ProtoField.bytes("pictochat.content", "Content") +pc.fields.sequence = ProtoField.uint16("pictochat.sequence", "Packet sequence") +pc.fields.unknown_constant = ProtoField.bytes("pictochat.unknown_constant", "unknown_constant") + +local nifi_length_field = Field.new("nifi.length") +local pc_msg_type_field = Field.new("pictochat.msg_type") +local pc_resend_field = Field.new("pictochat.resend") +local pc_sender_field = Field.new("pictochat.sender") function pc.dissector(buffer, pinfo, tree) + local header_length = nifi_length_field()() + if header_length == 0 then return end + + buffer = buffer(0x18) -- skip the Ni-Fi header + + local pc_tree = tree:add(pc, buffer(), "PictoChat: " .. header_length .. " bytes") - local pc_tree = tree:add(pc, buffer(), "PictoChat Message") + pc_tree:add_le(pc.fields.msg_type, buffer(0x00, 2)) + pc_tree:add_le(pc.fields.resend, buffer(0x02, 2)) + pc_tree:add_le(pc.fields.length, buffer(0x0a, 2)) + pc_tree:add_le(pc.fields.mp_sender, buffer(0x10, 6)) + pc_tree:add_le(pc.fields.sender, buffer(0x16, 6)) + pc_tree:add_le(pc.fields.sender, buffer(0x1c, 6)) -- copy + pc_tree:add_le(pc.fields.unknown_counter, buffer(0x22, 2)) + pc_tree:add_le(pc.fields.content_offset, buffer(0x32, 2)) + pc_tree:add(pc.fields.content, buffer(0x36, 0xa0)) + pc_tree:add_le(pc.fields.sequence, buffer(0xd6, 2)) + pc_tree:add_le(pc.fields.resend, buffer(0xd8, 2)) -- copy + pc_tree:add(pc.fields.unknown_constant, buffer(0xda, 4)) pinfo.cols.protocol = pc.name + pinfo.cols.src = tostring(pc_sender_field()) + pinfo.cols.info = pc_msg_type_field().display .. ", " .. pc_resend_field().display end --- no worky -local nifi = DissectorTable.get("nifi.length") -nifi:add('>0', pc) +register_postdissector(pc) |