SMB Protocol gets the remote port of the attack+Grouping of protocol …

…utils.

src/main/java/de/tudarmstadt/informatik/hostage/AMQPListener.java

@@ -11,7 +11,7 @@
 
 import de.tudarmstadt.informatik.hostage.protocol.AMQP;
 import de.tudarmstadt.informatik.hostage.protocol.Protocol;
-import de.tudarmstadt.informatik.hostage.protocol.amqpUtils.AMQPHandler;
+import de.tudarmstadt.informatik.hostage.protocol.utils.amqpUtils.AMQPHandler;
 
 public class AMQPListener extends Listener {
     private ArrayList<Handler> handlers = new ArrayList<>();

src/main/java/de/tudarmstadt/informatik/hostage/COAPListener.java

@@ -9,7 +9,7 @@
 
 import de.tudarmstadt.informatik.hostage.protocol.COAP;
 import de.tudarmstadt.informatik.hostage.protocol.Protocol;
-import de.tudarmstadt.informatik.hostage.protocol.coapUtils.COAPHandler;
+import de.tudarmstadt.informatik.hostage.protocol.utils.coapUtils.COAPHandler;
 
 public class COAPListener extends Listener {
     private ArrayList<Handler> handlers = new ArrayList<>();

src/main/java/de/tudarmstadt/informatik/hostage/Handler.java

@@ -26,9 +26,9 @@
 import de.tudarmstadt.informatik.hostage.nio.Writer;
 import de.tudarmstadt.informatik.hostage.protocol.GHOST;
 import de.tudarmstadt.informatik.hostage.protocol.Protocol;
-import de.tudarmstadt.informatik.hostage.protocol.amqpUtils.AMQPHandler;
-import de.tudarmstadt.informatik.hostage.protocol.coapUtils.COAPHandler;
-import de.tudarmstadt.informatik.hostage.protocol.mqttUtils.MQTTHandler;
+import de.tudarmstadt.informatik.hostage.protocol.utils.amqpUtils.AMQPHandler;
+import de.tudarmstadt.informatik.hostage.protocol.utils.coapUtils.COAPHandler;
+import de.tudarmstadt.informatik.hostage.protocol.utils.mqttUtils.MQTTHandler;
 import de.tudarmstadt.informatik.hostage.sync.tracing.TracingSyncService;
 import de.tudarmstadt.informatik.hostage.wrapper.Packet;
 

src/main/java/de/tudarmstadt/informatik/hostage/MQTTListener.java

@@ -1,8 +1,6 @@
 package de.tudarmstadt.informatik.hostage;
 
 import java.io.IOException;
-import java.net.URISyntaxException;
-import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.Timer;
@@ -15,10 +13,10 @@
 import de.tudarmstadt.informatik.hostage.persistence.ProfileManager;
 import de.tudarmstadt.informatik.hostage.protocol.MQTT;
 import de.tudarmstadt.informatik.hostage.protocol.Protocol;
-import de.tudarmstadt.informatik.hostage.protocol.mqttUtils.MQTTHandler;
-import de.tudarmstadt.informatik.hostage.protocol.mqttUtils.SensorProfile;
+import de.tudarmstadt.informatik.hostage.protocol.utils.mqttUtils.MQTTHandler;
+import de.tudarmstadt.informatik.hostage.protocol.utils.mqttUtils.SensorProfile;
 
-import static de.tudarmstadt.informatik.hostage.protocol.mqttUtils.MQTTHandler.isTopicPublished;
+import static de.tudarmstadt.informatik.hostage.protocol.utils.mqttUtils.MQTTHandler.isTopicPublished;
 
 public class MQTTListener extends Listener {
     private ArrayList<Handler> handlers = new ArrayList<Handler>();

src/main/java/de/tudarmstadt/informatik/hostage/logging/LogExport.java

@@ -34,9 +34,7 @@ public class LogExport extends IntentService{
 	Handler mMainThreadHandler = null;
 
 	SharedPreferences pref;
-	//HostageDBOpenHelper dbh;
 	DaoSession dbSession;
-	//AttackRecordDAO attackRecordDAO;
 	DAOHelper daoHelper;
 
 	public LogExport() {
@@ -47,7 +45,6 @@ public LogExport() {
 	public void onCreate() {
 		super.onCreate();
 		pref = PreferenceManager.getDefaultSharedPreferences(this);
-		//dbh = new HostageDBOpenHelper(this);
 		dbSession = HostageApplication.getInstances().getDaoSession();
 		daoHelper = new DAOHelper(dbSession,this);
 		mMainThreadHandler = new Handler();
@@ -120,11 +117,6 @@ private boolean isExternalStorageWritable() {
     }
 
 	private void makeToast(final String text, final int length){
-		mMainThreadHandler.post(new Runnable() {
-			@Override
-			public void run() {
-				Toast.makeText(getApplicationContext(), text, length).show();
-			}
-		});
+		mMainThreadHandler.post(() -> Toast.makeText(getApplicationContext(), text, length).show());
 	}
 }

src/main/java/de/tudarmstadt/informatik/hostage/persistence/ProfileManager.java

@@ -31,7 +31,6 @@
 import de.tudarmstadt.informatik.hostage.Listener;
 import de.tudarmstadt.informatik.hostage.R;
 import de.tudarmstadt.informatik.hostage.model.Profile;
-import de.tudarmstadt.informatik.hostage.protocol.mqttUtils.SensorProfile;
 import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
 import de.tudarmstadt.informatik.hostage.ui.adapter.ProfileManagerListAdapter;
 

src/main/java/de/tudarmstadt/informatik/hostage/protocol/AMQP.java

@@ -14,7 +14,7 @@
 import java.util.List;
 import java.util.Map;
 
-import de.tudarmstadt.informatik.hostage.protocol.amqpUtils.LogBackWatcher;
+import de.tudarmstadt.informatik.hostage.protocol.commons.logWatchers.LogBackWatcher;
 import de.tudarmstadt.informatik.hostage.wrapper.Packet;
 
 public class AMQP implements Protocol {

src/main/java/de/tudarmstadt/informatik/hostage/protocol/COAP.java

@@ -11,8 +11,8 @@
 import java.util.List;
 
 import de.tudarmstadt.informatik.hostage.persistence.ProfileManager;
-import de.tudarmstadt.informatik.hostage.protocol.coapUtils.COAPHandler;
-import de.tudarmstadt.informatik.hostage.protocol.coapUtils.smokeSensor.SmokeSensorProfile;
+import de.tudarmstadt.informatik.hostage.protocol.utils.coapUtils.COAPHandler;
+import de.tudarmstadt.informatik.hostage.protocol.utils.coapUtils.smokeSensor.SmokeSensorProfile;
 import de.tudarmstadt.informatik.hostage.wrapper.Packet;
 
 public class COAP implements Protocol {

src/main/java/de/tudarmstadt/informatik/hostage/protocol/MQTT.java

@@ -10,11 +10,10 @@
 import java.io.IOException;
 import java.util.Collection;
 import java.util.List;
-import java.util.Properties;
 import java.util.UUID;
 
-import de.tudarmstadt.informatik.hostage.protocol.mqttUtils.MQTTConfig;
-import de.tudarmstadt.informatik.hostage.protocol.mqttUtils.MQTTHandler;
+import de.tudarmstadt.informatik.hostage.protocol.utils.mqttUtils.MQTTConfig;
+import de.tudarmstadt.informatik.hostage.protocol.utils.mqttUtils.MQTTHandler;
 import de.tudarmstadt.informatik.hostage.wrapper.Packet;
 import io.moquette.broker.ClientDescriptor;
 import io.moquette.broker.Server;

src/main/java/de/tudarmstadt/informatik/hostage/protocol/SMB.java

@@ -19,8 +19,8 @@
 import de.tudarmstadt.informatik.hostage.logging.MessageRecord;
 import de.tudarmstadt.informatik.hostage.logging.NetworkRecord;
 import de.tudarmstadt.informatik.hostage.logging.SyncDevice;
-import de.tudarmstadt.informatik.hostage.protocol.cifs.CifsServer;
-import de.tudarmstadt.informatik.hostage.protocol.cifs.FileInject;
+import de.tudarmstadt.informatik.hostage.protocol.utils.cifs.CifsServer;
+import de.tudarmstadt.informatik.hostage.protocol.utils.cifs.FileInject;
 import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
 import de.tudarmstadt.informatik.hostage.wrapper.Packet;
 
@@ -72,7 +72,6 @@ public void initialize(Listener mListener) {
 
         try {
             mCifsServer = new CifsServer(this, fileInject);
-            System.out.println("InsideInitialize SMB");
             mCifsServer.run();
         } catch (Exception e) {
             e.printStackTrace();

src/main/java/de/tudarmstadt/informatik/hostage/protocol/SMTP.java

@@ -3,10 +3,10 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import de.tudarmstadt.informatik.hostage.protocol.smptUtils.SmtpActionType;
-import de.tudarmstadt.informatik.hostage.protocol.smptUtils.SmtpRequest;
-import de.tudarmstadt.informatik.hostage.protocol.smptUtils.SmtpResponse;
-import de.tudarmstadt.informatik.hostage.protocol.smptUtils.SmtpState;
+import de.tudarmstadt.informatik.hostage.protocol.utils.smptUtils.SmtpActionType;
+import de.tudarmstadt.informatik.hostage.protocol.utils.smptUtils.SmtpRequest;
+import de.tudarmstadt.informatik.hostage.protocol.utils.smptUtils.SmtpResponse;
+import de.tudarmstadt.informatik.hostage.protocol.utils.smptUtils.SmtpState;
 import de.tudarmstadt.informatik.hostage.wrapper.Packet;
 
 /**

src/main/java/de/tudarmstadt/informatik/hostage/protocol/SNMP.java

@@ -34,7 +34,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import de.tudarmstadt.informatik.hostage.protocol.snmpUtils.MOTableBuilder;
+import de.tudarmstadt.informatik.hostage.protocol.utils.snmpUtils.MOTableBuilder;
 import de.tudarmstadt.informatik.hostage.wrapper.Packet;
 
 /**

src/main/java/de/tudarmstadt/informatik/hostage/protocol/commons/logWatchers/InterceptSysout.java

@@ -0,0 +1,39 @@
+package de.tudarmstadt.informatik.hostage.protocol.commons.logWatchers;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.util.ArrayList;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class InterceptSysout extends PrintStream {
+    final static ArrayList<String> packets = new ArrayList<>();
+
+    public InterceptSysout(OutputStream out) {
+        super(out);
+    }
+
+    /**
+     * Intercept System.out.println without disturbing the console.
+     * The packets from SMP protocol contain the connection received with the real port.
+     * @param output System.out output as a stream.
+     */
+    @Override
+    public void print(String output) {
+        final Pattern secondPattern = Pattern.compile("\\Q[\\ESMB\\Q]\\E Connection from*");
+        Matcher matcher = secondPattern.matcher(output);
+        if (matcher.find()) {
+            packets.add(output);
+        }
+        super.print(output);
+    }
+
+    public ArrayList<String> getPackets(){
+        return packets;
+    }
+
+    public String getPacket(){
+        return packets.get(0);
+    }
+
+}

src/main/java/de/tudarmstadt/informatik/hostage/protocol/amqpUtils/LogBackWatcher.java → src/main/java/de/tudarmstadt/informatik/hostage/protocol/commons/logWatchers/LogBackWatcher.java

@@ -1,4 +1,4 @@
-package de.tudarmstadt.informatik.hostage.protocol.amqpUtils;
+package de.tudarmstadt.informatik.hostage.protocol.commons.logWatchers;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

src/main/java/de/tudarmstadt/informatik/hostage/protocol/commons/patterns/IpPattern.java

@@ -0,0 +1,28 @@
+package de.tudarmstadt.informatik.hostage.protocol.commons.patterns;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import de.tudarmstadt.informatik.hostage.commons.MyLinkedMap;
+
+public class IpPattern {
+
+    /**
+     * Regex pattern matching Groups 1 and 2 will hold IP and port, respectively.
+     * "(" capturing group,
+     * "\d" Matches any digit character (0-9). Equivalent to [0-9].
+     * "{1,3} or {1,5} Matches the specified quantity of the previous token.
+     * "\." Matches a "." character.
+     * @return receiver and sender ip and port.
+     */
+    public static MyLinkedMap<Integer,String> getsAllIpsPorts(String capturePacket) {
+        MyLinkedMap<Integer,String> allIpsPorts = new MyLinkedMap<>(); //keeps the insertion order.
+        final Pattern pattern = Pattern.compile("(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}):(\\d{1,5})");
+        Matcher matcher = pattern.matcher(capturePacket);
+        while (matcher.find()) {
+            allIpsPorts.put(Integer.valueOf(matcher.group(2)),matcher.group(1));//group 2 port, group 1 IP.
+        }
+        return allIpsPorts;
+    }
+
+}

src/main/java/de/tudarmstadt/informatik/hostage/protocol/amqpUtils/AMQPHandler.java → src/main/java/de/tudarmstadt/informatik/hostage/protocol/utils/amqpUtils/AMQPHandler.java

@@ -1,4 +1,4 @@
-package de.tudarmstadt.informatik.hostage.protocol.amqpUtils;
+package de.tudarmstadt.informatik.hostage.protocol.utils.amqpUtils;
 
 import java.net.UnknownHostException;
 import java.util.ArrayList;
@@ -15,6 +15,8 @@
 import de.tudarmstadt.informatik.hostage.logging.MessageRecord;
 import de.tudarmstadt.informatik.hostage.logging.SyncDevice;
 import de.tudarmstadt.informatik.hostage.protocol.Protocol;
+import de.tudarmstadt.informatik.hostage.protocol.commons.logWatchers.LogBackWatcher;
+import de.tudarmstadt.informatik.hostage.protocol.commons.patterns.IpPattern;
 
 public class AMQPHandler {
     private static ArrayList<String> packets = LogBackWatcher.getList();
@@ -28,25 +30,6 @@ public static void removeCurrentConnected(){
             packets.clear();
     }
 
-    /**
-     * Regex pattern matching Groups 1 and 2 will hold IP and port, respectively.
-     * "(" capturing group,
-     * "\d" Matches any digit character (0-9). Equivalent to [0-9].
-     * "{1,3} or {1,5} Matches the specified quantity of the previous token.
-     * "\." Matches a "." character.
-     * @return receiver and sender ip and port.
-     */
-    public static MyLinkedMap<Integer,String> getsAllIpsPorts() {
-        MyLinkedMap<Integer,String> allIpsPorts = new MyLinkedMap<>(); //keeps the insertion order.
-        final Pattern pattern = Pattern.compile("(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}):(\\d{1,5})");
-        String capturePacket = findFullInfoPacket();
-        Matcher matcher = pattern.matcher(capturePacket);
-        while (matcher.find()) {
-            allIpsPorts.put(Integer.valueOf(matcher.group(2)),matcher.group(1));//group 2 port, group 1 IP.
-        }
-        return allIpsPorts;
-    }
-
     /**
      * The first matched packet usually contains less information than the following one.
      * @return packet
@@ -63,16 +46,17 @@ private static String findFullInfoPacket(){
      * @return Remote ip of the attacker.
      */
     private static String getRemoteIp(){
-        return getsAllIpsPorts().getValue(0);
+        return IpPattern.getsAllIpsPorts(findFullInfoPacket()).getValue(0);
     }
 
     /**
      * First inserted port is the remote one.
      * @return Remote port of the attacker.
      */
     private static int getRemotePort(){
-        if(!getsAllIpsPorts().isEmpty() )
-            return getsAllIpsPorts().getEntry(0).getKey();
+        MyLinkedMap<Integer,String> remotePorts = IpPattern.getsAllIpsPorts(findFullInfoPacket());
+        if(!remotePorts.isEmpty() )
+            return remotePorts.getEntry(0).getKey();
         return 0;
     }
 

src/main/java/de/tudarmstadt/informatik/hostage/protocol/cifs/CifsServer.java → src/main/java/de/tudarmstadt/informatik/hostage/protocol/utils/cifs/CifsServer.java

@@ -1,4 +1,4 @@
-package de.tudarmstadt.informatik.hostage.protocol.cifs;
+package de.tudarmstadt.informatik.hostage.protocol.utils.cifs;
 
 import org.alfresco.jlan.server.NetworkServer;
 import org.alfresco.jlan.server.SessionListener;
@@ -14,8 +14,11 @@
 
 import de.tudarmstadt.informatik.hostage.Handler;
 import de.tudarmstadt.informatik.hostage.R;
+import de.tudarmstadt.informatik.hostage.commons.MyLinkedMap;
 import de.tudarmstadt.informatik.hostage.logging.MessageRecord;
 import de.tudarmstadt.informatik.hostage.protocol.SMB;
+import de.tudarmstadt.informatik.hostage.protocol.commons.logWatchers.InterceptSysout;
+import de.tudarmstadt.informatik.hostage.protocol.commons.patterns.IpPattern;
 
 
 /**
@@ -44,11 +47,13 @@ public void run() throws IOException {
         smbServer.addServerListener((server1, event) -> {
             System.out.println("Server started with users: "+ server1.getSecurityConfiguration().getUserAccounts().getUserAt(0));
         });
+        InterceptSysout interceptPackets =  new InterceptSysout(System.out);
+        System.setOut(interceptPackets);
 
         smbServer.addSessionListener(new SessionListener() {
             @Override
             public void sessionClosed(SrvSession sess) {
-                SMB.log(MessageRecord.TYPE.RECEIVE, "SESSION CLOSED", defaultPort, sess.getRemoteAddress(), defaultPort);
+                SMB.log(MessageRecord.TYPE.RECEIVE, "SESSION CLOSED", defaultPort, sess.getRemoteAddress(), getRemotePort(interceptPackets.getPacket()));
             }
 
             @Override
@@ -61,13 +66,13 @@ public void sessionCreated(SrvSession sess) {
                         }
                 );
 
-                SMB.log(MessageRecord.TYPE.RECEIVE, "SESSION CREATED", defaultPort, sess.getRemoteAddress(), defaultPort);
+                SMB.log(MessageRecord.TYPE.RECEIVE, "SESSION CREATED", defaultPort, sess.getRemoteAddress(), getRemotePort(interceptPackets.getPacket()));
 
             }
 
             @Override
             public void sessionLoggedOn(SrvSession sess) {
-                SMB.log(MessageRecord.TYPE.RECEIVE, "SESSION LOGGED ON", defaultPort, sess.getRemoteAddress(), defaultPort);
+                SMB.log(MessageRecord.TYPE.RECEIVE, "SESSION LOGGED ON", defaultPort, sess.getRemoteAddress(), getRemotePort(interceptPackets.getPacket()));
 
             }
         });
@@ -90,6 +95,17 @@ public void stop(){
         }
     }
 
+    /**
+     * First inserted port is the remote one.
+     * @return Remote port of the attacker.
+     */
+    private static int getRemotePort(String portPacket){
+        MyLinkedMap<Integer,String> remotePorts = IpPattern.getsAllIpsPorts(portPacket);
+        if(!remotePorts.isEmpty() )
+            return remotePorts.getEntry(0).getKey();
+        return 0;
+    }
+
     /**
      * helper method to convert the ip from int to InetAddress
      */

src/main/java/de/tudarmstadt/informatik/hostage/protocol/cifs/FileInject.java → src/main/java/de/tudarmstadt/informatik/hostage/protocol/utils/cifs/FileInject.java

@@ -1,4 +1,4 @@
-package de.tudarmstadt.informatik.hostage.protocol.cifs;
+package de.tudarmstadt.informatik.hostage.protocol.utils.cifs;
 
 import android.content.Context;
 import android.content.SharedPreferences;

src/main/java/de/tudarmstadt/informatik/hostage/protocol/cifs/JLANFileServerConfiguration.java → src/main/java/de/tudarmstadt/informatik/hostage/protocol/utils/cifs/JLANFileServerConfiguration.java

@@ -1,4 +1,4 @@
-package de.tudarmstadt.informatik.hostage.protocol.cifs;
+package de.tudarmstadt.informatik.hostage.protocol.utils.cifs;
 
 import org.alfresco.jlan.debug.DebugConfigSection;
 import org.alfresco.jlan.server.SrvSession;

src/main/java/de/tudarmstadt/informatik/hostage/protocol/cifs/PseudoJavaFileDiskDriver.java → src/main/java/de/tudarmstadt/informatik/hostage/protocol/utils/cifs/PseudoJavaFileDiskDriver.java

@@ -1,4 +1,4 @@
-package de.tudarmstadt.informatik.hostage.protocol.cifs;
+package de.tudarmstadt.informatik.hostage.protocol.utils.cifs;
 
 import android.app.Activity;
 import android.app.FragmentManager;

src/main/java/de/tudarmstadt/informatik/hostage/protocol/cifs/smbutils/NBDS.java → src/main/java/de/tudarmstadt/informatik/hostage/protocol/utils/cifs/smbutils/NBDS.java

@@ -1,4 +1,4 @@
-package de.tudarmstadt.informatik.hostage.protocol.cifs.smbutils;
+package de.tudarmstadt.informatik.hostage.protocol.utils.cifs.smbutils;
 
 import java.nio.ByteBuffer;