From e834c884e0f123420c094daa848b69ebb703754d Mon Sep 17 00:00:00 2001 From: Loek Le Blansch Date: Mon, 19 Aug 2024 16:31:30 +0200 Subject: WIP more dissect + notes --- wireshark/pictochat.lua | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'wireshark') diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua index ff09783..56300c3 100644 --- a/wireshark/pictochat.lua +++ b/wireshark/pictochat.lua @@ -15,7 +15,13 @@ pc.fields.host = ProtoField.ether("pictochat.host", "Room host") pc.fields.src = ProtoField.ether("pictochat.src", "Source") pc.fields.dst = ProtoField.ether("pictochat.dst", "Destination") +-- Content offset appears to be some kind of offset for indicating where to +-- store the current frame's data in a larger buffer. Messages sent in multiple +-- parts increment this value by 160 for each new original (pictochat.resend == +-- 2) message. pc.fields.content_offset = ProtoField.uint16("pictochat.content_offset", "Content offset") +-- This appears to be the actual message content (the drawing) sent as an array +-- of 8x8 tiles. pc.fields.content = ProtoField.bytes("pictochat.content", "Content") pc.fields.sequence = ProtoField.uint16("pictochat.sequence", "Packet sequence") @@ -36,7 +42,10 @@ function pc.dissector(buffer, pinfo, tree) pc_tree:add_le(pc.fields.msg_type, buffer(0x00, 2)) pc_tree:add_le(pc.fields.resend, buffer(0x02, 2)) + pc_tree:add(pc.fields.unknown, buffer(0x04, 6)) pc_tree:add_le(pc.fields.length, buffer(0x0a, 2)) + pc_tree:add(pc.fields.unknown, buffer(0x0c, 2)) + pc_tree:add(pc.fields.unknown, buffer(0x0e, 2)) pc_tree:add_le(pc.fields.dst, buffer(0x10, 6)) pc_tree:add_le(pc.fields.src, buffer(0x16, 6)) pc_tree:add_le(pc.fields.host, buffer(0x1c, 6)) @@ -46,12 +55,16 @@ function pc.dissector(buffer, pinfo, tree) pinfo.cols.dst = tostring(pc_dst_field()) pinfo.cols.info = pc_msg_type_field().display .. ", " .. pc_resend_field().display - pc_tree:add_le(pc.fields.unknown, buffer(0x22, 2)) + pc_tree:add_le(pc.fields.unknown, buffer(0x22, 2)) -- counting pc_tree:add_le(pc.fields.unknown, buffer(0x24, 2)) + pc_tree:add_le(pc.fields.resend, buffer(0x26, 2)) + pc_tree:add(pc.fields.unknown, buffer(0x28, 6)) + pc_tree:add(pc.fields.unknown, buffer(0x2e, 4)) local msg_type = pc_msg_type_field()() if msg_type == 0 then -- type = Normal (TODO: this should be 'message = drawing') pc_tree:add_le(pc.fields.content_offset, buffer(0x32, 2)) + pc_tree:add_le(pc.fields.unknown, buffer(0x34, 2)) local content_length = pc_length_field()() - 50 -- TODO: why 50? buffer = buffer(0x36) @@ -60,7 +73,8 @@ function pc.dissector(buffer, pinfo, tree) pc_tree:add_le(pc.fields.sequence, buffer(0x00, 2)) pc_tree:add_le(pc.fields.resend, buffer(0x02, 2)) -- copy - pc_tree:add(pc.fields.unknown, buffer(0x04, 4)) + pc_tree:add(pc.fields.unknown, buffer(0x04, 2)) + pc_tree:add(pc.fields.unknown, buffer(0x06, 2)) end -- cgit v1.2.3