From 4565b793d666f93cf34de445fb5ff5a6e66e5f7a Mon Sep 17 00:00:00 2001 From: Loek Le Blansch Date: Wed, 28 Aug 2024 17:37:58 +0200 Subject: more WIP --- wireshark/ieee.lua | 45 +++++++++++++++++++++++++++++---------------- wireshark/pictochat.lua | 14 +++++++++++--- wireshark/util.lua | 5 +++++ 3 files changed, 45 insertions(+), 19 deletions(-) diff --git a/wireshark/ieee.lua b/wireshark/ieee.lua index bbdc397..97000db 100644 --- a/wireshark/ieee.lua +++ b/wireshark/ieee.lua @@ -2,6 +2,7 @@ require "util" local bit = require "bit" local p = Proto("ieee", "IEEE802.11 frame header") +local dslmp = DissectorTable.new("dslmp") -- DS Local Multi-Player -- based off @@ -28,17 +29,19 @@ p.fields.ctl_data = ProtoField.bool("ieee.ctl.data", "More data", base.DEC, nil, p.fields.ctl_wep = ProtoField.bool("ieee.ctl.wep", "WEP encrypt", base.DEC, nil, bits(14)) p.fields.ctl_order = ProtoField.bool("ieee.ctl.order", "Order", base.DEC, nil, bits(15)) -p.fields.duration = ProtoField.uint16("ieee.duration", "Duration / ID") +p.fields.duration = ProtoField.uint16("ieee.duration", "Duration / ID", base.HEX, nil, 0xffff) p.fields.addr1 = ProtoField.ether("ieee.addr1", "Address 1") p.fields.addr2 = ProtoField.ether("ieee.addr2", "Address 2") p.fields.addr3 = ProtoField.ether("ieee.addr3", "Address 3") p.fields.seq = ProtoField.uint16("ieee.seq", "Sequence control") p.fields.seq_frag = ProtoField.uint16("ieee.seq.frag", "Fragment", base.DEC, nil, bits(0, 4)) p.fields.seq_num = ProtoField.uint16("ieee.seq.num", "Sequence number", base.DEC, nil, bits(4, 12)) - p.fields.body = ProtoField.bytes("ieee.body", "Body") - -local pc_dissector = Dissector.get("pictochat") +p.fields.gameid = ProtoField.uint16("ieee.gameid", "Game ID", base.HEX, { + [GAMEID.PICTOCHAT] = "PictoChat", + [GAMEID.MARIOKART] = "Mario Kart DS", +}) +p.fields.fcs = ProtoField.bytes("ieee.fcs", "FCS (hardware only)") function p.dissector(buffer, pinfo, tree) local buffer_len = buffer:len() @@ -48,17 +51,16 @@ function p.dissector(buffer, pinfo, tree) -- pretty wireshark shit pinfo.cols.protocol = p.name - -- MAC header is (usually) 0x18 bytes, but also sometimes contains values in - -- the trailer. The 0x18 here is so wireshark only highlights the MAC header - -- when clicking this item in the dissection tree. + -- The 0x18 here is so wireshark only highlights the header when clicking + -- this item in the dissection tree. local subtree = tree:add(p, buffer(0x00, 0x18), p.description) - local trailer_size = 0 local ctl_tree = subtree:add_le(p.fields.ctl, buffer(0x00, 2)) ctl_tree:add_le(p.fields.ctl_ver, buffer(0x00, 2)) ctl_tree:add_le(p.fields.ctl_type, buffer(0x00, 2)) local ctl_type = bit.rshift(bit.band(buffer(0x00, 2):le_uint(), bits(2, 2)), 2) ctl_tree:add_le(p.fields.ctl_subtype, buffer(0x00, 2)) + local ctl_subtype = bit.rshift(bit.band(buffer(0x00, 2):le_uint(), bits(4, 4)), 4) ctl_tree:add_le(p.fields.ctl_to_ds, buffer(0x00, 2)) ctl_tree:add_le(p.fields.ctl_from_ds, buffer(0x00, 2)) ctl_tree:add_le(p.fields.ctl_fragment, buffer(0x00, 2)) @@ -76,21 +78,32 @@ function p.dissector(buffer, pinfo, tree) seq_tree:add_le(p.fields.seq_frag, buffer(0x16, 2)) seq_tree:add_le(p.fields.seq_num, buffer(0x16, 2)) - if ctl_type ~= 0 then - trailer_size = 4 -- Frame Check Sequence (FCS) (hardware-generated CRC32) + buffer = buffer(0x18) -- seek forward + + local fcs = true -- Frame Check Sequence (FCS) (hardware-generated CRC32) + if ctl_type == 0 then + fcs = false end - buffer = buffer(0x18) -- seek forward + local body_size = buffer:len() + if fcs == true then + body_size = body_size - 4 + end - local body_size = buffer:len() - trailer_size subtree:add(p.fields.body, buffer(0, body_size)) - pc_dissector:call(buffer(0, body_size):tvb(), pinfo, tree) - if trailer_size == 0 then - return buffer_len + -- Type = 2 (Data frame) and Subtype = 2 (Data + CF-Poll) + if ctl_type == 2 and ctl_subtype == 2 then + subtree:add(p.fields.gameid, buffer(0, 2)) + local gameid = buffer(0, 2):uint() + dslmp:try(gameid, buffer(0, body_size):tvb(), pinfo, tree) end - buffer = buffer(body_size) + if fcs == true then + buffer = buffer(body_size) + subtree:add(p.fields.fcs, buffer(0, 4)) + end return buffer_len end + diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua index 79345f6..9f8cad0 100644 --- a/wireshark/pictochat.lua +++ b/wireshark/pictochat.lua @@ -1,7 +1,11 @@ +require "util" + local p = Proto("pictochat", "PictoChat") p.fields.unknown = ProtoField.uint16("pictochat.unknown", "Unknown") +p.fields.magic = ProtoField.bytes("pictochat.magic", "Magic") +p.fields.new = ProtoField.bool("pictochat.new", "New") p.fields.msg_type = ProtoField.uint8("pictochat.msg_type", "Message type", base.DEC, { [0] = "???", [1] = "???", @@ -19,7 +23,6 @@ p.fields.data_offset = ProtoField.uint16("pictochat.data_offset", "Data offset") p.fields.data_sequence = ProtoField.uint16("pictochat.data_sequence", "Data sequence") p.fields.data = ProtoField.bytes("pictochat.data", "Data") p.fields.sequence = ProtoField.uint16("pictochat.sequence", "Packet sequence") -p.fields.magic_trailer = ProtoField.bytes("pictochat.magic_trailer", "Magic (trailer)") p.fields.user_mac = ProtoField.ether("pictochat.user.mac", "Address") p.fields.user_name = ProtoField.string("pictochat.user.name", "Nickname") p.fields.user_msg = ProtoField.string("pictochat.user.msg", "Message") @@ -47,11 +50,16 @@ p.fields.msg_start_len = ProtoField.uint8("pictochat.msg.start_len", "Total leng local state = {} +function p.init() + local dt = DissectorTable.get("dslmp") + dt:add(GAMEID.PICTOCHAT, p) +end + function p.dissector(buffer, pinfo, tree) local subtree = tree:add(p, buffer(), string.format("%s: %d bytes", p.description, buffer():len())) - subtree:add_le(p.fields.unknown, buffer(0x00, 2)) - subtree:add_le(p.fields.unknown, buffer(0x02, 2)) + subtree:add_le(p.fields.magic, buffer(0x00, 2)) + subtree:add_le(p.fields.new, buffer(0x02, 2)) subtree:add_le(p.fields.msg_type, buffer(0x04, 1)) local msg_type = buffer(0x04, 1):le_uint() subtree:add_le(p.fields.unknown, buffer(0x05, 1)) diff --git a/wireshark/util.lua b/wireshark/util.lua index e23f958..140308b 100644 --- a/wireshark/util.lua +++ b/wireshark/util.lua @@ -3,3 +3,8 @@ function bits(idx, len) return ((2^len)-1) * 2^idx end +GAMEID = { + PICTOCHAT = 0xe603, + MARIOKART = 0xbe01, +} + -- cgit v1.2.3