diff options
Diffstat (limited to 'wireshark')
-rw-r--r-- | wireshark/ethers | 8 | ||||
-rw-r--r-- | wireshark/pictochat.lua | 52 |
2 files changed, 40 insertions, 20 deletions
diff --git a/wireshark/ethers b/wireshark/ethers new file mode 100644 index 0000000..b60d4ec --- /dev/null +++ b/wireshark/ethers @@ -0,0 +1,8 @@ +00:09:bf:11:22:33 Default_firmware_MAC +03:09:bf:00:00:00 Multiplayer_CMD +03:09:bf:00:00:10 Multiplayer_Reply +03:09:bf:00:00:03 Multiplayer_ACK +00:f0:77:77:77:77 Access_point +10:00:de:ad:be:ef Instance_1_(lork) +20:00:de:ae:02:ff Instance_2_(lork2) +ff:ff:ff:ff:ff:ff Broadcast diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua index 4927a9b..13a2722 100644 --- a/wireshark/pictochat.lua +++ b/wireshark/pictochat.lua @@ -1,28 +1,29 @@ local pc = Proto("pictochat", "Nintendo DS PictoChat") + +pc.fields.unknown = ProtoField.bytes("pictochat.unknown", "Unknown") + pc.fields.msg_type = ProtoField.uint16("pictochat.msg_type", "Frame type", base.DEC, { - [0] = "Message", - [1] = "???", + [0] = "Normal", -- Used for actual messages, ack packets + [1] = "Announcement", -- TODO: send broadcast??? }) pc.fields.resend = ProtoField.uint16("pictochat.resend", "Resend", base.DEC, { [0] = "Resend", [2] = "Original", }) --- TODO: 6 bytes unknown pc.fields.length = ProtoField.uint16("pictochat.length", "Message length") --- TODO: 4 bytes unknown -pc.fields.mp_sender = ProtoField.ether("pictochat.mp_sender", "Multiplayer sender MAC") -pc.fields.sender = ProtoField.ether("pictochat.sender", "Sender MAC") -pc.fields.unknown_counter = ProtoField.uint16("pictochat.unknown_counter", "Unknown counter") --- TODO: 14 bytes unknown +pc.fields.host = ProtoField.ether("pictochat.host", "Room host") +pc.fields.src = ProtoField.ether("pictochat.src", "Source") +pc.fields.dst = ProtoField.ether("pictochat.dst", "dstination") pc.fields.content_offset = ProtoField.uint16("pictochat.content_offset", "Content offset") pc.fields.content = ProtoField.bytes("pictochat.content", "Content") pc.fields.sequence = ProtoField.uint16("pictochat.sequence", "Packet sequence") -pc.fields.unknown_constant = ProtoField.bytes("pictochat.unknown_constant", "unknown_constant") local nifi_length_field = Field.new("nifi.length") local pc_msg_type_field = Field.new("pictochat.msg_type") +local pc_length_field = Field.new("pictochat.length") local pc_resend_field = Field.new("pictochat.resend") -local pc_sender_field = Field.new("pictochat.sender") +local pc_src_field = Field.new("pictochat.src") +local pc_dst_field = Field.new("pictochat.dst") function pc.dissector(buffer, pinfo, tree) local header_length = nifi_length_field()() @@ -35,18 +36,29 @@ function pc.dissector(buffer, pinfo, tree) pc_tree:add_le(pc.fields.msg_type, buffer(0x00, 2)) pc_tree:add_le(pc.fields.resend, buffer(0x02, 2)) pc_tree:add_le(pc.fields.length, buffer(0x0a, 2)) - pc_tree:add_le(pc.fields.mp_sender, buffer(0x10, 6)) - pc_tree:add_le(pc.fields.sender, buffer(0x16, 6)) - pc_tree:add_le(pc.fields.sender, buffer(0x1c, 6)) -- copy - pc_tree:add_le(pc.fields.unknown_counter, buffer(0x22, 2)) - pc_tree:add_le(pc.fields.content_offset, buffer(0x32, 2)) - pc_tree:add(pc.fields.content, buffer(0x36, 0xa0)) - pc_tree:add_le(pc.fields.sequence, buffer(0xd6, 2)) - pc_tree:add_le(pc.fields.resend, buffer(0xd8, 2)) -- copy - pc_tree:add(pc.fields.unknown_constant, buffer(0xda, 4)) + pc_tree:add_le(pc.fields.host, buffer(0x10, 6)) + pc_tree:add_le(pc.fields.src, buffer(0x16, 6)) + pc_tree:add_le(pc.fields.dst, buffer(0x1c, 6)) + pc_tree:add_le(pc.fields.unknown, buffer(0x22, 2)) + pc_tree:add_le(pc.fields.unknown, buffer(0x24, 2)) + + local msg_type = pc_msg_type_field()() + if msg_type == 0 then -- type = Normal (TODO: this should be 'message = drawing') + pc_tree:add_le(pc.fields.content_offset, buffer(0x32, 2)) + + local content_length = pc_length_field()() - 50 -- TODO: why 50? + buffer = buffer(0x36) + pc_tree:add(pc.fields.content, buffer(0, content_length)) + buffer = buffer(content_length) + + pc_tree:add_le(pc.fields.sequence, buffer(0x00, 2)) + pc_tree:add_le(pc.fields.resend, buffer(0x02, 2)) -- copy + pc_tree:add(pc.fields.unknown, buffer(0x04, 4)) + end pinfo.cols.protocol = pc.name - pinfo.cols.src = tostring(pc_sender_field()) + pinfo.cols.src = tostring(pc_src_field()) + pinfo.cols.dst = tostring(pc_dst_field()) pinfo.cols.info = pc_msg_type_field().display .. ", " .. pc_resend_field().display end |