/* * $Id$ * * libnet example code * example 2: link-layer api / ICMP hostmask packet * * Copyright (c) 1998, 1999 Mike D. Schiffman * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #define LIBNET_LIL_ENDIAN 1 #include void usage(char *); // sec2 (inside packet must match ncp address) //u_char enet_src[6] = {0x00, 0xe0, 0xbb, 0x0d, 0x00, 0x01}; //u_char enet_dst[6] = {0x00, 0xe0, 0xbb, 0x0d, 0x00, 0x02}; //u_char enet_src[6] = {0x00, 0xff, 0xff, 0xff, 0xff, 0xff}; // 0:e0:bb:b:d8:be nbx u_char enet_src[6] = {0x00, 0xe0, 0xbb, 0x0b, 0xff, 0xff}; // 0:e0:bb:b:d8:be nbx u_char enet_src2[6] = {0x00, 0xe0, 0xbb, 0x0b, 0xd8, 0xbe}; // 0:e0:bb:b:d8:be nbx u_char enet_dst[6] = {0x00, 0xe0, 0xbb, 0x04, 0x27, 0xc5}; int main(int argc, char *argv[]) { int packet_size, /* size of our packet */ c; /* misc */ u_long src_ip, dst_ip; /* source ip, dest ip */ u_char *packet; /* pointer to our packet buffer */ char err_buf[LIBNET_ERRBUF_SIZE]; /* error buffer */ u_char *device; /* pointer to the device to use */ struct libnet_link_int *network; /* pointer to link interface struct */ char buf[20]; /* 4852 00e0 bb0b d8be d722 0001 0101 0000 0005 0202 80b3 0027 0000 0007 0007 ffff 1107 00ff 0007 0017 0017 ffff 1207 00ff 0007 5500 0003 0000 f003 000f fff0 0220 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020 0000 0101 0000 0101 0000 0101 0000 */ unsigned char pkt_rin[]={ 0x48, 0x52, 0x00, 0xe0, 0xbb, 0x0b, 0xd8, 0xbe, 0xd7, 0x28, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x05, 0x02, 0x02, 0x80, 0xb3, 0x00, 0x27, 0x00, 0x00, 0x00, 0x07, 0x00, 0x07, 0xff, 0xff, 0x11, 0x07, 0x00, 0xff, //0x00, 0x07, 0x00, 0x07, 0x00, 0x07, 0xff, 0xff, 0x11, 0x27, 0x00, 0xff, 0x00, 0x07, 0x00, 0x07, 0x00, 0x07, 0xff, 0xff, 0x31, 0x27, 0x00, 0xff, // ^ ring // ^ time // 0 on // 1 ------------- // 3 ----------------- - - // 2 ----- -------- // 4.. not right 0x00, 0x07, 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0, 0x02, 0x00, 0x0f, 0xff, 0xf0, 0x02, 0x20, 0x33, 0x39, 0x32, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x54, 0x69, 0x6d, 0x20, 0x48, 0x6f, 0x67, 0x61, 0x72, 0x64, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, }; unsigned char xpkt[]={ 0x48, 0x52, 0x00, 0xe0, 0xbb, 0x0b, 0xd8, 0xbe, 0xd7, 0x27, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x05, 0x02, 0x02, 0x80, 0xb3, 0x00, 0x27, 0x00, 0x00, 0x00, 0x07, 0x00, 0x07, 0xff, 0xff, 0x11, 0x07, 0x00, 0xff, 0x00, 0x07, 0x00, 0x07, 0x00, 0x07, 0xff, 0xff, 0x12, 0x07, 0x00, 0xff, 0x00, 0x07, 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0, 0x00, 0x00, 0x0f, 0xff, 0xf0, 0x02, 0x20, 0x33, 0x39, 0x32, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x54, 0x69, 0x6d, 0x20, 0x48, 0x6f, 0x67, 0x61, 0x72, 0x64, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, //0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00, 0x00, 0x01, 0x01, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, // 0x01 display timer //0f display date and time in seconds }; unsigned char pkt3[]={ 0x48, 0x52, 0x00, 0xe0, 0xbb, 0x0b, 0xd8, 0xbe, 0xd7, 0xa3, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x05, 0x02, 0x02, 0x80, 0xb3, 0x00, 0x27, 0x00, 0x00, 0x00, 0x07, 0x00, 0x07, 0xff, 0xff, 0x11, 0x07, 0x00, 0xff, 0x00, 0x07, 0x00, 0x17, 0x00, 0x07, 0xff, 0xff, 0x12, 0x07, // buttons 0x1=flash slow 0x7 // buttons 0x2=flash fast 0x6 // buttons 0x3=solid //0x00, 0xff, 0x00, 0x07, 0x55, 0x00, 0x00, 0x03, 0x00, 0x00, 0xf0, 0x03, 0x00, 0xff, 0x00, 0x07, 0x55, 0x00, 0x00, 0x03, 0x00, 0x00, 0xf0, 0x03, // 0x03 hands free // 0x03 speaker button // 0x30 program light // 0x30 msg light // 0x03 fwd mail // 0x03, System 1 // 0x30, System 2 //0x00, 0xff, 0x00, 0x07, 0x55, 0x00, 0x00, 0x03, 0x00, 0x00, 0xf0, 0x03, 0x00, 0x0f, 0xff, 0xf0, 0x02, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, //33 button 7&8 from bottom. // 3 6 // 33 button 11 & 12 (top 2) //0x00, 0x0f, 0xff, 0xf0, 0x02, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x30, 0x31, 0x32, 0x33, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, /* 0x48, 0x52, 0xff, 0xff, 0xbb, 0xff, 0xff, 0xff, 0x01, 0x06, 0x00, 0x21, 0x01, 0x01, 0x00, 0x00, 0x00, 0x0f, 0x02, 0x02, 0x80, 0xb3, 0x00, 0x45, 0x00, 0x00, 0x00, 0x07, 0x00, 0x07, 0xff, 0xff, 0x11, 0x07, 0x00, 0xff, 0x00, 0x07, 0x00, 0x07, 0x00, 0x07, 0xff, 0xff, 0x12, 0x07, 0x00, 0xff, 0x00, 0x07, 0x55, 0x00, 0x00, 0x00, 0x00, 0x33, 0x00, 0x00, 0x30, 0x00, 0xff, 0xf0, 0x02, ' ', '0', '1', '6', '9', '6', '1', '4', '9', 0x32, ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', 'T', 0x72, 0x75, 0x6e, 0x6b, ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, */ }; //unsigned char reset_pkt[]={ unsigned char pkt[]={ 0x48, 0x52, 0x00, 0xe0, 0xbb, 0x0b, 0xd8, 0xbe, 0xd7, 0x37, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x05, 0x00, 0x11, 0x80, 0xb3, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x00, // a 3 here will reboot the phone 0x03, // rest is just garbage 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, }; unsigned short seq=0x0; printf("libnet example code:\tmodule 2\n\n"); printf("packet injection interface:\tlink layer\n"); printf("packet type:\t\t\tICMP net mask [no payload]\n"); device = NULL; src_ip = 0; dst_ip = 0; while ((c = getopt(argc, argv, "i:d:s:")) != EOF) { switch (c) { case 'd': if (!(dst_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE))) { libnet_error(LIBNET_ERR_FATAL, "Bad destination IP address: %s\n", optarg); } break; case 'i': device = optarg; break; case 's': if (!(src_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE))) { libnet_error(LIBNET_ERR_FATAL, "Bad source IP address: %s\n", optarg); } break; default: exit(EXIT_FAILURE); } } #if 0 if (!src_ip || !dst_ip) { usage(argv[0]); exit(EXIT_FAILURE); } #endif /* * Step 1: Network Initialization (interchangable with step 2). */ if (device == NULL) { struct sockaddr_in sin; /* * Try to locate a device. */ if (libnet_select_device(&sin, &device, err_buf) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_select_device failed: %s\n", err_buf); } printf("device:\t\t\t\t%s\n", device); } if ((network = libnet_open_link_interface(device, err_buf)) == NULL) { libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", err_buf); } /* * We're going to build an ICMP packet with no payload using the * link-layer API, so this time we need memory for a ethernet header * as well as memory for the ICMP and IP headers. */ packet_size = LIBNET_IP_H + LIBNET_ETH_H + LIBNET_ICMP_MASK_H; packet_size = 2000; /* * Step 2: Memory Initialization (interchangable with step 1). */ if (libnet_init_packet(packet_size, &packet) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n"); } for(seq=0;seq<65535;seq++) { /* * Step 3: Packet construction (ethernet header). */ bcopy(enet_src2,&pkt[2],6); bcopy(&seq,&pkt[8],sizeof(seq)); sprintf(buf," %05d ",seq); //bcopy(buf,&pkt[68],7); // add seq no to display libnet_build_ethernet(enet_dst, enet_src, 0x8868, //ETHERTYPE_IP, pkt, //"This is a test", //NULL, sizeof(pkt),//14, //0, packet); if(seq%1000==1) printf("sizeof:%d\n",seq); //printf("sizeof:%d\n",sizeof(pkt)); /* * Step 3: Packet construction (IP header). */ #if 0 libnet_build_ip(ICMP_MASK_H, 0, /* IP tos */ 242, /* IP ID */ 0, /* Frag */ 64, /* TTL */ IPPROTO_ICMP, /* Transport protocol */ src_ip, /* Source IP */ dst_ip, /* Destination IP */ NULL, /* Pointer to payload (none) */ 0, packet + LIBNET_ETH_H); /* Packet header memory */ /* * Step 3: Packet construction (ICMP header). */ libnet_build_icmp_mask(ICMP_MASKREPLY, /* type */ 0, /* code */ 242, /* id */ 0, /* seq */ 0xffffffff, /* mask */ NULL, /* payload */ 0, /* payload_s */ packet + LIBNET_ETH_H + LIBNET_IP_H); /* * Step 4: Packet checksums (ICMP header *AND* IP header). */ if (libnet_do_checksum(packet + ETH_H, IPPROTO_ICMP, LIBNET_ICMP_MASK_H) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } #endif /* * Step 5: Packet injection. */ packet_size=sizeof(pkt)+12+2; c = libnet_write_link_layer(network, device, packet, packet_size); if (c < packet_size) { libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c); } else { //-tim printf("construction and injection completed, wrote all %d bytes\n", c); } } /* * Shut down the interface. */ if (libnet_close_link_interface(network) == -1) { libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface"); } /* * Free packet memory. */ libnet_destroy_packet(&packet); return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS); } void usage(char *name) { fprintf(stderr, "usage: %s [-i interface] -s s_ip -d d_ip\n", name); } /* EOF */