From d1755aa37e6d88c0b3681b28225732fd0da26424 Mon Sep 17 00:00:00 2001
From: Loek Le Blansch <loek@pipeframe.xyz>
Date: Thu, 22 Aug 2024 14:38:23 +0200
Subject: WIP

---
 wireshark/pictochat.lua | 70 +++++++++++++++++++++++++++++++------------------
 1 file changed, 45 insertions(+), 25 deletions(-)

diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua
index 82e6a31..34ca17e 100644
--- a/wireshark/pictochat.lua
+++ b/wireshark/pictochat.lua
@@ -34,30 +34,32 @@ pc.fields.user_mac = ProtoField.ether("pictochat.user.mac", "Address")
 pc.fields.user_name = ProtoField.string("pictochat.user.name", "Nickname")
 pc.fields.user_msg = ProtoField.string("pictochat.user.msg", "Message")
 pc.fields.user_color = ProtoField.uint16("pictochat.user.color", "Color", base.DEC, {
-	[0] = "Gray",
+	[0] = "Greyish blue",
 	[1] = "Brown",
 	[2] = "Red",
-	[3] = "Pink",
+	[3] = "Light pink",
 	[4] = "Orange",
 	[5] = "Yellow",
 	[6] = "Lime",
-	[7] = "Green",
-	[8] = "Other green?",
-	[9] = "Cyan",
-	[10] = "Aqua",
-	[11] = "Indigo",
-	[12] = "Purple",
-	[13] = "Violet",
-	[14] = "Hot pink",
-	[15] = "Hotter pink?",
+	[7] = "Light green",
+	[8] = "Dark green",
+	[9] = "Turqoise",
+	[10] = "Light blue",
+	[11] = "Blue",
+	[12] = "Dark blue",
+	[13] = "Dark purple",
+	[14] = "Light purple",
+	[15] = "Dark pink",
 })
 pc.fields.user_bday_month = ProtoField.uint8("pictochat.user.bday_month", "Month")
 pc.fields.user_bday_day = ProtoField.uint8("pictochat.user.bday_day", "Day")
+pc.fields.msg_start_len = ProtoField.uint8("pictochat.msg.start_len", "Total length")
 
 local nifi_length_field = Field.new("nifi.length")
 local pc_msg_type_field = Field.new("pictochat.msg_type")
 local pc_src_field = Field.new("pictochat.src")
 local pc_dst_field = Field.new("pictochat.dst")
+local data_remaining = 0
 
 function pc.dissector(buffer, pinfo, tree)
 	local header_length = nifi_length_field()()
@@ -94,6 +96,13 @@ function pc.dissector(buffer, pinfo, tree)
   pc_tree:add_le(pc.fields.unknown, buffer(0x1e, 2))
 	buffer = buffer(0x20)
 
+	-- pretty wireshark shit
+	pinfo.cols.protocol = pc.name
+	pinfo.cols.src = tostring(pc_src_field())
+	pinfo.cols.dst = tostring(pc_dst_field())
+	pinfo.cols.info = pc_msg_type_field().display .. ", " .. (original and "Original" or "Resend")
+
+
 	pc_tree:add_le(pc.fields.payload_len, buffer(0x00, 2))
 	local payload_length = buffer(0x00, 2):le_uint()
 	buffer = buffer(0x02)
@@ -107,17 +116,34 @@ function pc.dissector(buffer, pinfo, tree)
 		payload:add(pc.fields.user_name, buffer(0x10, 20), buffer(0x10, 20):le_ustring())
 		payload:add(pc.fields.user_msg, buffer(0x24, 52), buffer(0x24, 52):le_ustring())
 		payload:add_le(pc.fields.user_color, buffer(0x58, 2))
-		payload:add(pc.fields.user_bday_month, buffer(0x5a, 1))
-		payload:add(pc.fields.user_bday_day, buffer(0x5b, 1))
+		local bday = payload:add(buffer(0x5a, 2), string.format("Birthday: %02d/%02d", buffer(0x5a, 1):uint(), buffer(0x5b, 1):uint()))
+		bday:add(pc.fields.user_bday_month, buffer(0x5a, 1))
+		bday:add(pc.fields.user_bday_day, buffer(0x5b, 1))
+	end
+
+	if
+		msg_type == 10 -- msg start
+	then
+		payload:add_le(pc.fields.msg_start_len, buffer(0x04, 2))
+		data_remaining = buffer(0x04, 2):le_uint()
 
-	elseif
-		msg_type == 10 or -- msg start
+		local segment = buffer(0):bytes()
+		local buf = ByteArray.tvb(segment, "Complete message???")
+	end
+
+	if
 		msg_type == 24 or -- msg end
 		msg_type == 86 -- msg body
 	then
 		payload:add_le(pc.fields.unknown, buffer(0x00, 2))
 		payload:add_le(pc.fields.data_len, buffer(0x02, 1))
 		local data_length = buffer(0x02, 1):le_uint()
+
+		if data_remaining > 0 then
+			data_remaining = data_remaining - data_length
+			pinfo.cols.info = string.format("Message body [remaining 0x%04x (%d) bytes]", data_remaining, data_remaining)
+		end
+
 		payload:add_le(pc.fields.data_end, buffer(0x03, 1))
 		-- This appears to be some kind of offset for indicating where to store the
 		-- current frame's data in a larger buffer. Messages sent in multiple parts
@@ -129,23 +155,17 @@ function pc.dissector(buffer, pinfo, tree)
 		buffer = buffer(0x08)
 		-- This appears to be the actual message data (the drawing) sent as an
 		-- array of 8x8 tiles.
-		-- payload:add(pc.fields.data, buffer(0, data_length))
-		-- buffer = buffer(data_length)
+		payload:add(pc.fields.data, buffer(0, data_length))
+		buffer = buffer(data_length)
 
 		payload:add_le(pc.fields.data_sequence, buffer(0x00, 2))
 		payload:add_le(pc.fields.unknown, buffer(0x02, 2)) -- copy
-		buffer = buffer(0x04)
+		pc_tree:add_le(pc.fields.unknown, buffer(0x04, 2))
+		buffer = buffer(0x06)
 	end
 
 	buffer = buffer_next -- after payload
-	pc_tree:add_le(pc.fields.unknown, buffer(0x00, 2))
 	pc_tree:add_le(pc.fields.magic_trailer, buffer(0x02, 2)) -- const 0xb8b6
-
-	-- pretty wireshark shit
-	pinfo.cols.protocol = pc.name
-	pinfo.cols.src = tostring(pc_src_field())
-	pinfo.cols.dst = tostring(pc_dst_field())
-	pinfo.cols.info = pc_msg_type_field().display .. ", " .. (original and "Original" or "Resend")
 end
 
 register_postdissector(pc)
-- 
cgit v1.2.3