Skip to content
Snippets Groups Projects
Commit 03898572 authored by Guillaume Valadon's avatar Guillaume Valadon Committed by GitHub
Browse files

Merge pull request #192 from 1nc1n3rat0r/master 

layers/bluetooth.py Added New Packets and Bug Fix
parents fa6067fa fcde3ea1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
scapy/layers/bluetooth.py
+ 75
5
View file @ 03898572
......@@ -26,6 +26,13 @@ class XLEShortField(LEShortField):
def i2repr(self, pkt, x):
return lhex(self.i2h(pkt, x))
class XLELongField(LEShortField):
def __init__(self, name, default):
Field.__init__(self, name, default, "<Q")
def i2repr(self, pkt, x):
return lhex(self.i2h(pkt, x))
class LEMACField(Field):
def __init__(self, name, default):
Field.__init__(self, name, default, "6s")
......@@ -88,7 +95,8 @@ class L2CAP_CmdHdr(Packet):
ByteEnumField("code",8,{1:"rej",2:"conn_req",3:"conn_resp",
4:"conf_req",5:"conf_resp",6:"disconn_req",
7:"disconn_resp",8:"echo_req",9:"echo_resp",
10:"info_req",11:"info_resp"}),
10:"info_req",11:"info_resp", 18:"conn_param_update_req",
19:"conn_param_update_resp"}),
ByteField("id",0),
LEShortField("len",None) ]
def post_build(self, p, pay):
......@@ -101,7 +109,7 @@ class L2CAP_CmdHdr(Packet):
if other.id == self.id:
if self.code == 1:
return 1
if other.code in [2,4,6,8,10] and self.code == other.code+1:
if other.code in [2,4,6,8,10,18] and self.code == other.code+1:
if other.code == 8:
return 1
return self.payload.answers(other.payload)
......@@ -175,6 +183,19 @@ class L2CAP_InfoResp(Packet):
def answers(self, other):
return self.type == other.type
class L2CAP_Connection_Parameter_Update_Request(Packet):
name = "L2CAP Connection Parameter Update Request"
fields_desc = [ LEShortField("min_interval", 0),
LEShortField("max_interval", 0),
LEShortField("slave_latency", 0),
LEShortField("timeout_mult", 0), ]
class L2CAP_Connection_Parameter_Update_Response(Packet):
name = "L2CAP Connection Parameter Update Response"
fields_desc = [ LEShortField("move_result", 0), ]
class ATT_Hdr(Packet):
name = "ATT header"
......@@ -216,11 +237,18 @@ class ATT_Find_By_Type_Value_Response(Packet):
name = "Find By Type Value Response"
fields_desc = [ StrField("handles", ""), ]
class ATT_Read_By_Type_Request_128bit(Packet):
name = "Read By Type Request"
fields_desc = [ XLEShortField("start", 0x0001),
XLEShortField("end", 0xffff),
XLELongField("uuid1", None),
XLELongField("uuid2", None)]
class ATT_Read_By_Type_Request(Packet):
name = "Read By Type Request"
fields_desc = [ XLEShortField("start", 0x0001),
XLEShortField("end", 0xffff),
XLEShortField("uuid", None), ]
XLEShortField("uuid", None)]
class ATT_Read_By_Type_Response(Packet):
name = "Read By Type Response"
......@@ -311,6 +339,19 @@ class SM_Master_Identification(Packet):
name = "Master Identification"
fields_desc = [ XLEShortField("ediv", 0),
StrFixedLenField("rand", '\x00' * 8, 8), ]
class SM_Identity_Information(Packet):
name = "Identity Information"
fields_desc = [ StrFixedLenField("irk", '\x00' * 16, 16), ]
class SM_Identity_Address_Information(Packet):
name = "Identity Address Information"
fields_desc = [ ByteEnumField("atype", 0, {0:"public"}),
LEMACField("address", None), ]
class SM_Signing_Information(Packet):
name = "Signing Information"
fields_desc = [ StrFixedLenField("csrk", '\x00' * 16, 16), ]
class EIR_Hdr(Packet):
......@@ -483,6 +524,16 @@ class HCI_Cmd_LE_Create_Connection(Packet):
LEShortField("timeout", 42),
LEShortField("min_ce", 0),
LEShortField("max_ce", 0), ]
class HCI_Cmd_LE_Connection_Update(Packet):
name = "LE Connection Update"
fields_desc = [ LEShortField("conn_handle", 64),
LEShortField("conn_interval_min", 0),
LEShortField("conn_interval_max", 0),
LEShortField("conn_latency", 0),
LEShortField("timeout", 600),
LEShortField("min_ce_len", 0),
LEShortField("max_ce_len", 0),]
class HCI_Cmd_LE_Create_Connection_Cancel(Packet):
name = "LE Create Connection Cancel"
......@@ -514,6 +565,13 @@ class HCI_Cmd_LE_Set_Advertise_Enable(Packet):
name = "LE Set Advertise Enable"
fields_desc = [ ByteField("enable", 0) ]
class HCI_Cmd_LE_Start_Encryption_Request(Packet):
name = "LE Start Encryption"
fields_desc = [ LEShortField("handle", 0),
StrFixedLenField("rand", None, 8),
XLEShortField("ediv", 0),
StrFixedLenField("ltk", '\x00' * 16, 16), ]
class HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply(Packet):
name = "LE Long Term Key Request Negative Reply"
fields_desc = [ LEShortField("handle", 0), ]
......@@ -621,6 +679,11 @@ bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Enable, opcode=0x200c)
bind_layers( HCI_Command_Hdr, HCI_Cmd_Disconnect, opcode=0x406)
bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection, opcode=0x200d)
bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection_Cancel, opcode=0x200e)
bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Connection_Update, opcode=0x2013)
bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Start_Encryption_Request, opcode=0x2019)
bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Reply, opcode=0x201a)
bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply, opcode=0x201b)
......@@ -630,7 +693,6 @@ bind_layers( HCI_Event_Hdr, HCI_Event_Command_Complete, code=0xe)
bind_layers( HCI_Event_Hdr, HCI_Event_Command_Status, code=0xf)
bind_layers( HCI_Event_Hdr, HCI_Event_Number_Of_Completed_Packets, code=0x13)
bind_layers( HCI_Event_Hdr, HCI_Event_LE_Meta, code=0x3e)
bind_layers( HCI_Event_Command_Complete, HCI_Cmd_Complete_Read_BD_Addr, opcode=0x1009)
bind_layers( HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Complete, event=1)
......@@ -648,6 +710,7 @@ bind_layers(EIR_Hdr, EIR_Raw)
bind_layers( HCI_ACL_Hdr, L2CAP_Hdr, )
bind_layers( L2CAP_Hdr, L2CAP_CmdHdr, cid=1)
bind_layers( L2CAP_Hdr, L2CAP_CmdHdr, cid=5) #LE L2CAP Signaling Channel
bind_layers( L2CAP_CmdHdr, L2CAP_CmdRej, code=1)
bind_layers( L2CAP_CmdHdr, L2CAP_ConnReq, code=2)
bind_layers( L2CAP_CmdHdr, L2CAP_ConnResp, code=3)
......@@ -657,6 +720,8 @@ bind_layers( L2CAP_CmdHdr, L2CAP_DisconnReq, code=6)
bind_layers( L2CAP_CmdHdr, L2CAP_DisconnResp, code=7)
bind_layers( L2CAP_CmdHdr, L2CAP_InfoReq, code=10)
bind_layers( L2CAP_CmdHdr, L2CAP_InfoResp, code=11)
bind_layers( L2CAP_CmdHdr, L2CAP_Connection_Parameter_Update_Request, code=18)
bind_layers( L2CAP_CmdHdr, L2CAP_Connection_Parameter_Update_Response, code=19)
bind_layers( L2CAP_Hdr, ATT_Hdr, cid=4)
bind_layers( ATT_Hdr, ATT_Error_Response, opcode=0x1)
bind_layers( ATT_Hdr, ATT_Exchange_MTU_Request, opcode=0x2)
......@@ -666,6 +731,7 @@ bind_layers( ATT_Hdr, ATT_Find_Information_Response, opcode=0x5)
bind_layers( ATT_Hdr, ATT_Find_By_Type_Value_Request, opcode=0x6)
bind_layers( ATT_Hdr, ATT_Find_By_Type_Value_Response, opcode=0x7)
bind_layers( ATT_Hdr, ATT_Read_By_Type_Request, opcode=0x8)
bind_layers( ATT_Hdr, ATT_Read_By_Type_Request_128bit, opcode=0x8)
bind_layers( ATT_Hdr, ATT_Read_By_Type_Response, opcode=0x9)
bind_layers( ATT_Hdr, ATT_Read_Request, opcode=0xa)
bind_layers( ATT_Hdr, ATT_Read_Response, opcode=0xb)
......@@ -683,6 +749,10 @@ bind_layers( SM_Hdr, SM_Random, sm_command=4)
bind_layers( SM_Hdr, SM_Failed, sm_command=5)
bind_layers( SM_Hdr, SM_Encryption_Information, sm_command=6)
bind_layers( SM_Hdr, SM_Master_Identification, sm_command=7)
bind_layers( SM_Hdr, SM_Identity_Information, sm_command=8)
bind_layers( SM_Hdr, SM_Identity_Address_Information, sm_command=9)
bind_layers( SM_Hdr, SM_Signing_Information, sm_command=0x0a)
class BluetoothL2CAPSocket(SuperSocket):
desc = "read/write packets on a connected L2CAP socket"
......@@ -770,7 +840,7 @@ class BluetoothUserSocket(SuperSocket):
self.send(cmd)
while True:
r = self.recv()
if r.code == 0xe and r.opcode == opcode:
if r.type == 0x04 and r.code == 0xe and r.opcode == opcode:
if r.status != 0:
raise BluetoothCommandError("Command %x failed with %x" % (opcode, r.status))
return r
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment