Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Add Gadu-Gadu IM dissector plugin 0.2 from http://ettercap-gg.sf.net,…

… as requested by Barak

It still need to be tested since I haven't a Gadu-Gadu account
  • Loading branch information...
commit 5649e9c316ac271fedfbdd51cb016fdd1ca2b7b5 1 parent d9bae92
authored August 30, 2011
2  Makefile.mingw.in
@@ -177,7 +177,7 @@ SOURCE += $(addprefix src/dissectors/,
177 177
             ec_mountd.c ec_msn.c     ec_mysql.c ec_napster.c ec_nntp.c   ec_ospf.c \
178 178
             ec_pop.c    ec_portmap.c ec_rcon.c  ec_rip.c     ec_rlogin.c ec_smb.c  \
179 179
             ec_smtp.c   ec_snmp.c    ec_socks.c ec_telnet.c  ec_vnc.c  \
180  
-            ec_ymsg.c   ec_ssh.c)
  180
+            ec_ymsg.c   ec_ssh.c     ec_gg.c)
181 181
 
182 182
 ifeq ($(USE_SSL),1)
183 183
   SOURCE += src/dissectors/ec_ssh.c
1  share/etter.conf
@@ -99,6 +99,7 @@ vnc = 5900,5901,5902,5903  # tcp    5900 5901 5902 5903
99 99
 x11 = 6000,6001,6002,6003  # tcp    6000 6001 6002 6003
100 100
 irc = 6666,6667,6668,6669  # tcp    6666 6667 6668 6669
101 101
 napster = 7777,8888        # tcp    7777 8888
  102
+gg = 8074		   # tcp    8074
102 103
 proxy = 8080               # tcp    8080
103 104
 rcon = 27015,27960         # udp    27015 27960
104 105
 ppp = 34827                # special case ;) this is the Net Layer code
3  src/Makefile.am
@@ -121,7 +121,8 @@ ettercap_SOURCES += dissectors/ec_socks.c \
121 121
 				        dissectors/ec_vnc.c \
122 122
 				        dissectors/ec_vrrp.c \
123 123
 				        dissectors/ec_x11.c \
124  
-				        dissectors/ec_ymsg.c 
  124
+				        dissectors/ec_ymsg.c \
  125
+				        dissectors/ec_gg.c
125 126
 
126 127
 
127 128
 ettercap_CFLAGS = @EC_CFLAGS@
673  src/dissectors/ec_gg.c
... ...
@@ -0,0 +1,673 @@
  1
+/*
  2
+    ettercap -- dissector gadu-gadu -- TCP 8074 (alternatively 443)
  3
+
  4
+    Copyright (C) Michal Szymanski <michal.szymanski.pl@gmail.com>
  5
+                                   gg: 7244283
  6
+
  7
+    This program is free software; you can redistribute it and/or modify
  8
+    it under the terms of the GNU General Public License as published by
  9
+    the Free Software Foundation; either version 2 of the License, or
  10
+    (at your option) any later version.
  11
+
  12
+    This program is distributed in the hope that it will be useful,
  13
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15
+    GNU General Public License for more details.
  16
+
  17
+    You should have received a copy of the GNU General Public License
  18
+    along with this program; if not, write to the Free Software
  19
+    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  20
+
  21
+    $Id: ec_gg.c,v 0.2 2007/06/15 11:30:10 msz Exp $
  22
+*/
  23
+
  24
+/*
  25
+
  26
+ABOUT:
  27
+
  28
+ettercap-gg is a Gadu-Gadu IM ettercap dissector. 
  29
+
  30
+It is a patch for ettercap sniffer that adds the ability to intercept Gadu-Gadu logins, passwords and messages.
  31
+
  32
+Gadu-Gadu (http://www.gadu-gadu.pl/) is the most widely used IM network in Poland with ~6mln users.
  33
+
  34
+Protocol description taken from http://ekg.chmurka.net/docs/protocol.html + own research (7.x).
  35
+
  36
+The newest version can be found at http://ettercap-gg.sourceforge.net/
  37
+
  38
+FEATURES:
  39
+
  40
+- supports following gadu-gadu protocols: 4.x, 5.x, 6.x, 7.x
  41
+- intercepts sent/received messages
  42
+- intercepts gg numbers, password hashes and seeds (can be bruteforced by ggbrute)
  43
+- intercepts status descriptions
  44
+- notifies about status changes
  45
+- intercepts gg server/client ip addresses
  46
+- intercepts gg user's local/remote ip addresses
  47
+- intercepts gg connections to port 8074 and 443
  48
+- determines Gadu-Gadu version
  49
+
  50
+INSTALLATION & CONFIGURATION: 
  51
+
  52
+Apply Gadu-Gadu dissector patch and compile ettercap as you used to do before:
  53
+
  54
+patch -p0 < ettercap-NG-0.7.3-gg_dissector_02.patch
  55
+./configure
  56
+make
  57
+make install
  58
+
  59
+Normally Gadu-Gadu dissector is installed on port number 8074 (appropriate entry is added to etter.conf file). If you want to enable dissector to 
  60
+intercept traffic on port 443 just turn off https dissector (there can be only one dissector on the same port at the same time) by editing etter.conf 
  61
+file and changing following line:
  62
+
  63
+https = 443              # tcp    443
  64
+
  65
+to
  66
+
  67
+https = 0                # tcp    443
  68
+
  69
+After that all you need to do is to add 443 port to gg dissector:
  70
+
  71
+gg = 8074,443            # tcp    8074
  72
+
  73
+That's all. Play wisely.
  74
+
  75
+*/
  76
+
  77
+/*
  78
+
  79
+EXAMPLE SESSION (with GG_CONTACTS_STATUS_CHANGES enabled) - version 0.2:
  80
+
  81
+ARP poisoning victims:
  82
+
  83
+ GROUP 1 : 10.10.10.11 00:01:20:02:34:21
  84
+
  85
+ GROUP 2 : 10.10.10.1 00:0A:84:D8:28:F5
  86
+
  87
+Starting Unified sniffing...
  88
+
  89
+Text only Interface activated...
  90
+Hit 'h' for inline help
  91
+
  92
+GG : 217.17.45.143:443 -> 10.10.10.11:1696 - WELCOME  SEED: 0xAD130562 (2903704930)
  93
+GG7 : 10.10.10.11:1696 -> 217.17.45.143:443 - LOGIN  UIN: 5114529  PWD_HASH: 0x21D13E38992A341DD33BB52DDFA2382A173A5361  STATUS:  (invisible + private)  VERSION: 7.7  LIP: 10.10.10.11:1550  RIP: 0.0.0.0:0
  94
+GG : 10.10.10.11:1706 -> 217.17.45.143:443 - SEND_MSG  RECIPIENT: 7244283  MESSAGE: "wiadomosc testowa"
  95
+GG : 217.17.45.143:443 -> 10.10.10.11:1706 - RECV_MSG  SENDER: 7244283  MESSAGE: "dzieki za wiadomosc"
  96
+GG7 : 217.17.45.143:443 -> 10.10.10.11:1706 - STATUS CHANGED  UIN: 7244283  STATUS: a swistak siedzi i zawija (busy + descr)  VERSION: 7.6  RIP: 207.46.19.190:1550
  97
+
  98
+GG : 217.17.41.85:8074 -> 10.10.10.11:1685 - WELCOME  SEED: 0x1D66B45F (493270111)
  99
+GG4/5 : 10.10.10.11:1685 -> 217.17.41.85:8074 - LOGIN  UIN: 5114529  PWD_HASH: 0x1B85493D (461719869)  STATUS: zaraz weekend (invisible + descr + private)  VERSION: 4.8 + has audio  LIP: 10.10.10.11:1550
  100
+GG : 217.17.41.85:8074 -> 10.10.10.11:1685 - STATUS CHANGED  UIN: 2688291  STATUS: i co ja bede robil przez te 4 dni ... (not available + descr)
  101
+GG : 10.10.10.11:1685 -> 217.17.41.85:8074 - NEW STATUS  STATUS: goraaaaaaaaaaaaaco!!!!!!!!! (busy + descr + private)
  102
+
  103
+*/
  104
+
  105
+/*
  106
+
  107
+CHANGELOG:
  108
+
  109
+v0.2:
  110
+
  111
+- added interception of sent/received messages
  112
+- added interception of status descriptions
  113
+- added notification about status changes
  114
+- added interception of gg server/client ip addresses
  115
+- added interception of gg user's local/remote ip addresses
  116
+- added determination of Gadu-Gadu version
  117
+- tiny bugfixes
  118
+
  119
+v0.1 (initial release):
  120
+
  121
+- added support for following gadu-gadu protocols: 4.x, 5.x, 6.x, 7.x 
  122
+- added interception of gg numbers, password hashes and seeds
  123
+- added interception of gg connections to port 8074 and 443 
  124
+
  125
+*/
  126
+
  127
+/*
  128
+
  129
+TODO:
  130
+
  131
+- wpkontakt support (sessions management needed)
  132
+- std_gg/kadu/ekg/wpkontakt fingerprinting (additional research needed)
  133
+- sms sniffing? (already implemented through http dissector)
  134
+- nat detection
  135
+
  136
+*/
  137
+
  138
+/* CONFIGURATION */
  139
+
  140
+/* 
  141
+uncomment #define below if you want to see all contacts status changes - be careful using this option in really big networks - it could mess up your whole screen !
  142
+*/
  143
+/*
  144
+#define GG_CONTACTS_STATUS_CHANGES  1
  145
+*/
  146
+
  147
+#include <ec.h>
  148
+#include <ec_decode.h>
  149
+#include <ec_dissect.h>
  150
+
  151
+/* globals */
  152
+
  153
+#define GG_LOGIN50_CMD		0x0000000c
  154
+#define GG_LOGIN60_CMD		0x00000015
  155
+#define GG_LOGIN70_CMD		0x00000019
  156
+
  157
+#define GG_WELCOME_CMD		0x00000001
  158
+
  159
+#define GG_SEND_MSG_CMD		0x0000000b
  160
+#define GG_RECV_MSG_CMD		0x0000000a
  161
+
  162
+#define GG_NEW_STATUS_CMD  0x00000002
  163
+
  164
+#define GG_STATUS_CMD      0x00000002
  165
+
  166
+#define GG_STATUS50_CMD		0x0000000c
  167
+#define GG_STATUS60_CMD    0x0000000f
  168
+#define GG_STATUS70_CMD    0x00000017
  169
+
  170
+struct gg_hdr {
  171
+   u_int32 type;
  172
+   u_int32 len;
  173
+};
  174
+
  175
+struct gg_welcome_hdr {
  176
+   u_int32 seed;
  177
+};
  178
+
  179
+struct gg_login50_hdr {
  180
+   u_int32 uin;       
  181
+   u_int32 hash;      
  182
+   u_int32 status;    
  183
+   u_int32 version;   
  184
+   u_int8 local_ip[4];  
  185
+   u_int16 local_port;
  186
+   char description[71];     /* 70+1 (0x0) */
  187
+   u_int32 time;
  188
+}__attribute__ ((packed));
  189
+
  190
+struct gg_login60_hdr {
  191
+   u_int32 uin;       
  192
+   u_int32 hash;      
  193
+   u_int32 status;    
  194
+   u_int32 version;   
  195
+   u_int8 unknown1;          /* 0x00 */
  196
+   u_int8 local_ip[4];  
  197
+   u_int16 local_port;
  198
+   u_int8 remote_ip[4]; 
  199
+   u_int16 remote_port;
  200
+   u_int8 image_size;
  201
+   u_int8 unknown2;          /* 0xbe */
  202
+   char description[71];     /* 70+1 (0x0) */
  203
+   u_int32 time;
  204
+}__attribute__ ((packed));
  205
+
  206
+struct gg_login70_hdr {
  207
+   u_int32 uin;       
  208
+   u_int8 unknown1;          /* 0x02 */
  209
+   u_int32 hash[5];          /* 160b */      
  210
+   u_int32 unknown2[11];     /* 0x00, 352b */
  211
+   u_int32 status;    
  212
+   u_int16 version;   
  213
+   u_int16 unknown3;         /* 0xc202 */
  214
+   u_int8 unknown4;          /* 0x00 */
  215
+   u_int8 local_ip[4];  
  216
+   u_int16 local_port;
  217
+   u_int8 remote_ip[4]; 
  218
+   u_int16 remote_port;
  219
+   u_int8 image_size;
  220
+   u_int8 unknown5;          /* 0xbe */
  221
+   char description[71];     /* 70+1 (0x0) */
  222
+   u_int32 time;
  223
+}__attribute__ ((packed));
  224
+
  225
+struct gg_send_msg_hdr {
  226
+   u_int32 recipient;
  227
+   u_int32 seq;
  228
+   u_int32 class;
  229
+   char message[2000];
  230
+}__attribute__ ((packed));
  231
+
  232
+struct gg_recv_msg_hdr {
  233
+   u_int32 sender;
  234
+   u_int32 seq;
  235
+   u_int32 time;
  236
+   u_int32 class;
  237
+   char message[2000];
  238
+}__attribute__ ((packed));
  239
+
  240
+struct gg_new_status_hdr {
  241
+   u_int32 status;
  242
+   char description[71];     /* 70+1 (0x0) */
  243
+   u_int32 time;
  244
+};
  245
+
  246
+struct gg_status_hdr {
  247
+   u_int32 uin;
  248
+   u_int32 status;
  249
+   char description[71];     /* 70+1 (0x0) */
  250
+   u_int32 time;
  251
+};
  252
+
  253
+struct gg_status50_hdr {
  254
+   u_int32 uin;       
  255
+   u_int32 status;    
  256
+   u_int8 remote_ip[4]; 
  257
+   u_int16 remote_port;
  258
+   u_int32 version;   
  259
+   u_int16 unknown1;         /* remote port again? */
  260
+   char description[71];     /* 70+1 (0x0) */
  261
+   u_int32 time;
  262
+}__attribute__ ((packed));
  263
+
  264
+struct gg_status60_hdr {
  265
+   u_int32 uin;
  266
+   u_int8 status;
  267
+   u_int8 remote_ip[4]; 
  268
+   u_int16 remote_port;
  269
+   u_int8 version;   
  270
+   u_int8 image_size;
  271
+   u_int8 unknown1;          /* 0x00 */
  272
+   char description[71];     /* 70+1 (0x0) */
  273
+   u_int32 time;
  274
+}__attribute__ ((packed));;
  275
+
  276
+struct gg_status70_hdr {
  277
+   u_int32 uin;
  278
+   u_int8 status;
  279
+   u_int8 remote_ip[4]; 
  280
+   u_int16 remote_port;
  281
+   u_int8 version;   
  282
+   u_int8 image_size;
  283
+   u_int8 unknown1;          /* 0x00 */
  284
+   u_int32 unknown2;         /* 0x00 */
  285
+   char description[71];     /* 70+1 (0x0) */
  286
+   u_int32 time;
  287
+}__attribute__ ((packed));;
  288
+
  289
+/* protos */
  290
+
  291
+FUNC_DECODER(dissector_gg);
  292
+void gg_init(void);
  293
+void gg_get_status(u_int32 status, char *str);
  294
+void gg_get_version(u_int32 version, char *str);
  295
+
  296
+/************************************************/
  297
+
  298
+/*
  299
+ * this function is the initializer.
  300
+ * it adds the entry in the table of registered decoder
  301
+ */
  302
+
  303
+void __init gg_init(void)
  304
+{
  305
+   dissect_add("gg", APP_LAYER_TCP, 8074, dissector_gg);
  306
+/*   dissect_add("gg", APP_LAYER_TCP, 443, dissector_gg); */
  307
+}
  308
+
  309
+FUNC_DECODER(dissector_gg)
  310
+{
  311
+   DECLARE_DISP_PTR_END(ptr, end);
  312
+   char tmp[MAX_ASCII_ADDR_LEN];
  313
+   char tmp2[MAX_ASCII_ADDR_LEN];
  314
+   struct gg_hdr *gg;
  315
+   struct gg_welcome_hdr *gg_welcome;
  316
+   struct gg_login50_hdr *gg_login50;
  317
+   struct gg_login60_hdr *gg_login60;
  318
+   struct gg_login70_hdr *gg_login70;
  319
+   struct gg_send_msg_hdr *gg_send_msg;
  320
+   struct gg_recv_msg_hdr *gg_recv_msg;
  321
+   struct gg_new_status_hdr *gg_new_status;
  322
+   struct gg_status_hdr *gg_status;
  323
+   struct gg_status50_hdr *gg_status50;
  324
+   struct gg_status60_hdr *gg_status60;
  325
+   struct gg_status70_hdr *gg_status70;
  326
+   char *tbuf, *tbuf2, *tbuf3;
  327
+   char user[10], pass[40];
  328
+
  329
+   /* don't complain about unused var */
  330
+   (void)end;
  331
+   
  332
+   /* skip empty packets (ACK packets) */
  333
+   if (PACKET->DATA.len == 0)
  334
+      return NULL;
  335
+   
  336
+   /* cast the gg header */
  337
+   gg = (struct gg_hdr *)ptr;
  338
+   gg_login50 = (struct gg_login50_hdr *)(gg + 1);
  339
+   gg_login60 = (struct gg_login60_hdr *)(gg + 1);
  340
+   gg_login70 = (struct gg_login70_hdr *)(gg + 1);
  341
+   gg_welcome = (struct gg_welcome_hdr *)(gg + 1);
  342
+   gg_send_msg = (struct gg_send_msg_hdr *)(gg + 1);
  343
+   gg_recv_msg = (struct gg_recv_msg_hdr *)(gg + 1);
  344
+   gg_new_status = (struct gg_new_status_hdr *)(gg + 1);
  345
+   gg_status = (struct gg_status_hdr *)(gg + 1);
  346
+   gg_status50 = (struct gg_status50_hdr *)(gg + 1);
  347
+   gg_status60 = (struct gg_status60_hdr *)(gg + 1);
  348
+   gg_status70 = (struct gg_status70_hdr *)(gg + 1);
  349
+
  350
+   /* what type of packets do we process ? */
  351
+   if (gg->type != GG_LOGIN50_CMD && gg->type != GG_LOGIN60_CMD && gg->type != GG_LOGIN70_CMD && gg->type != GG_WELCOME_CMD && gg->type != GG_SEND_MSG_CMD && gg->type != GG_RECV_MSG_CMD && gg->type != GG_NEW_STATUS_CMD && gg->type != GG_STATUS_CMD && gg->type != GG_STATUS50_CMD && gg->type != GG_STATUS60_CMD && gg->type != GG_STATUS70_CMD)
  352
+      return NULL;
  353
+
  354
+   /* skip incorrect Gadu-Gadu packets */
  355
+   if ((gg->len) != ((PACKET->DATA.len)-8))
  356
+      return NULL;
  357
+
  358
+   DEBUG_MSG("Gadu-Gadu --> TCP dissector_gg (%.8X:%.8X)", gg->type, gg->len);
  359
+
  360
+   SAFE_CALLOC(tbuf, 50, sizeof(char));
  361
+   SAFE_CALLOC(tbuf2, 71, sizeof(char));
  362
+   SAFE_CALLOC(tbuf3, 30, sizeof(char));
  363
+   
  364
+if ((gg->type == GG_LOGIN50_CMD) && !FROM_SERVER("gg", PACKET)) {
  365
+   gg_get_status(gg_login50->status,tbuf);
  366
+   gg_get_version(gg_login50->version,tbuf3);
  367
+   strncpy(tbuf2,gg_login50->description, (gg->len)-22);
  368
+   tbuf2[(gg->len)-22]='\0';
  369
+   sprintf(user,"%u",gg_login50->uin);
  370
+   PACKET->DISSECTOR.user = strdup(user);
  371
+   sprintf(pass,"%u",gg_login50->hash);
  372
+   PACKET->DISSECTOR.pass = strdup(pass);
  373
+   DISSECT_MSG("GG4/5 : %s:%d -> %s:%d - LOGIN  UIN: %u  PWD_HASH: 0x%.8X (%u)  STATUS: %s (%s)  VERSION: %s  LIP: %u.%u.%u.%u:%u\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  374
+                                 ntohs(PACKET->L4.src), 
  375
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  376
+                                 ntohs(PACKET->L4.dst),
  377
+                                 gg_login50->uin,
  378
+                                 gg_login50->hash, gg_login50->hash, 
  379
+                                 tbuf2, tbuf,
  380
+                                 tbuf3,
  381
+                                 gg_login50->local_ip[0], gg_login50->local_ip[1], gg_login50->local_ip[2], gg_login50->local_ip[3],
  382
+                                 gg_login50->local_port);
  383
+}
  384
+else if (gg->type == GG_LOGIN60_CMD) {
  385
+   gg_get_status(gg_login60->status,tbuf);
  386
+   gg_get_version(gg_login60->version,tbuf3);
  387
+   strncpy(tbuf2,gg_login60->description, (gg->len)-31);
  388
+   tbuf2[(gg->len)-31]='\0';
  389
+   sprintf(user,"%u",gg_login60->uin);
  390
+   PACKET->DISSECTOR.user = strdup(user);
  391
+   sprintf(pass,"%u",gg_login60->hash);
  392
+   PACKET->DISSECTOR.pass = strdup(pass);
  393
+   DISSECT_MSG("GG6 : %s:%d -> %s:%d - LOGIN  UIN: %u  PWD_HASH: 0x%.8X (%u)  STATUS: %s (%s)  VERSION: %s  LIP: %u.%u.%u.%u:%u  RIP: %u.%u.%u.%u:%u\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  394
+                                 ntohs(PACKET->L4.src), 
  395
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  396
+                                 ntohs(PACKET->L4.dst),
  397
+                                 gg_login60->uin,
  398
+                                 gg_login60->hash, gg_login60->hash, 
  399
+                                 tbuf2, tbuf,
  400
+                                 tbuf3,
  401
+                                 gg_login60->local_ip[0], gg_login60->local_ip[1], gg_login60->local_ip[2], gg_login60->local_ip[3],
  402
+                                 gg_login60->local_port,
  403
+                                 gg_login60->remote_ip[0], gg_login60->remote_ip[1], gg_login60->remote_ip[2], gg_login60->remote_ip[3],
  404
+                                 gg_login60->remote_port);
  405
+}
  406
+else if (gg->type == GG_LOGIN70_CMD) {
  407
+   gg_get_status(gg_login70->status,tbuf);
  408
+   gg_get_version(gg_login70->version,tbuf3);
  409
+   strncpy(tbuf2,gg_login70->description, (gg->len)-92);
  410
+   tbuf2[(gg->len)-92]='\0';
  411
+   sprintf(user,"%u",gg_login70->uin);
  412
+   PACKET->DISSECTOR.user = strdup(user);
  413
+   sprintf(pass,"%X%X%X%X%X",gg_login70->hash[0],gg_login70->hash[1],gg_login70->hash[2],gg_login70->hash[3],gg_login70->hash[4]);
  414
+   PACKET->DISSECTOR.pass = strdup(pass);
  415
+   DISSECT_MSG("GG7 : %s:%d -> %s:%d - LOGIN  UIN: %u  PWD_HASH: 0x%.8X%.8X%.8X%.8X%.8X  STATUS: %s (%s)  VERSION: %s  LIP: %u.%u.%u.%u:%u  RIP: %u.%u.%u.%u:%u\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  416
+                                 ntohs(PACKET->L4.src), 
  417
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  418
+                                 ntohs(PACKET->L4.dst),
  419
+                                 gg_login70->uin,
  420
+                                 gg_login70->hash[4],gg_login70->hash[3],gg_login70->hash[2],gg_login70->hash[1],gg_login70->hash[0],
  421
+                                 tbuf2, tbuf,
  422
+                                 tbuf3,
  423
+                                 gg_login70->local_ip[0], gg_login70->local_ip[1], gg_login70->local_ip[2], gg_login70->local_ip[3],
  424
+                                 gg_login70->local_port,
  425
+                                 gg_login70->remote_ip[0], gg_login70->remote_ip[1], gg_login70->remote_ip[2], gg_login70->remote_ip[3],
  426
+                                 gg_login70->remote_port);
  427
+}
  428
+else if (gg->type == GG_SEND_MSG_CMD) {
  429
+   if (!FROM_SERVER("gg", PACKET)) {
  430
+      DISSECT_MSG("GG : %s:%d -> %s:%d - SEND_MSG  RECIPIENT: %u  MESSAGE: \"%s\"\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  431
+                                 ntohs(PACKET->L4.src), 
  432
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  433
+                                 ntohs(PACKET->L4.dst),
  434
+                                 gg_send_msg->recipient,
  435
+                                 gg_send_msg->message);
  436
+   }
  437
+}
  438
+else if (gg->type == GG_RECV_MSG_CMD) {
  439
+   DISSECT_MSG("GG : %s:%d -> %s:%d - RECV_MSG  SENDER: %u  MESSAGE: \"%s\"\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  440
+                                 ntohs(PACKET->L4.src), 
  441
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  442
+                                 ntohs(PACKET->L4.dst),
  443
+                                 gg_recv_msg->sender,
  444
+                                 gg_recv_msg->message);
  445
+}
  446
+else if (gg->type == GG_WELCOME_CMD) {
  447
+   DISSECT_MSG("GG : %s:%d -> %s:%d - WELCOME  SEED: 0x%.8X (%u)\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  448
+                                 ntohs(PACKET->L4.src),
  449
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  450
+                                 ntohs(PACKET->L4.dst), 
  451
+                                 gg_welcome->seed, gg_welcome->seed);
  452
+}
  453
+#ifdef GG_CONTACTS_STATUS_CHANGES
  454
+else if ((gg->type == GG_STATUS_CMD) && FROM_SERVER("gg", PACKET)) {
  455
+    gg_get_status(gg_status->status,tbuf);
  456
+    strncpy(tbuf2,gg_status->description, (gg->len)-8);
  457
+    tbuf2[(gg->len)-8]='\0';
  458
+    DISSECT_MSG("GG : %s:%d -> %s:%d - STATUS CHANGED  UIN: %u  STATUS: %s (%s)\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  459
+                                 ntohs(PACKET->L4.src),
  460
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  461
+                                 ntohs(PACKET->L4.dst), 
  462
+                                 gg_status->uin,
  463
+                                 tbuf2, tbuf);
  464
+} 
  465
+#endif
  466
+else if ((gg->type == GG_NEW_STATUS_CMD) && !FROM_SERVER("gg", PACKET)) {
  467
+      gg_get_status(gg_new_status->status,tbuf);
  468
+      strncpy(tbuf2,gg_new_status->description, (gg->len)-4);
  469
+      tbuf2[(gg->len)-4]='\0';
  470
+      DISSECT_MSG("GG : %s:%d -> %s:%d - NEW STATUS  STATUS: %s (%s)\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  471
+                                 ntohs(PACKET->L4.src),
  472
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  473
+                                 ntohs(PACKET->L4.dst), 
  474
+                                 tbuf2, tbuf);
  475
+}
  476
+#ifdef GG_CONTACTS_STATUS_CHANGES
  477
+else if ((gg->type == GG_STATUS50_CMD) && FROM_SERVER("gg", PACKET)) {
  478
+      gg_get_status(gg_status50->status,tbuf);
  479
+      gg_get_version(gg_status50->version,tbuf3);
  480
+      strncpy(tbuf2,gg_status50->description, (gg->len)-20);
  481
+      tbuf2[(gg->len)-20]='\0';
  482
+      DISSECT_MSG("GG4/5 : %s:%d -> %s:%d - STATUS CHANGED  UIN: %u  STATUS: %s (%s)  VERSION: %s  RIP: %u.%u.%u.%u:%u\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  483
+                                 ntohs(PACKET->L4.src),
  484
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  485
+                                 ntohs(PACKET->L4.dst), 
  486
+                                 gg_status50->uin,
  487
+                                 tbuf2, tbuf,
  488
+                                 tbuf3,
  489
+                                 gg_status50->remote_ip[0], gg_status50->remote_ip[1], gg_status50->remote_ip[2], gg_status50->remote_ip[3],
  490
+                                 gg_status50->remote_port);
  491
+}
  492
+else if (gg->type == GG_STATUS60_CMD) {
  493
+      gg_get_status(gg_status60->status,tbuf);
  494
+      gg_get_version(gg_status60->version,tbuf3);
  495
+      strncpy(tbuf2,gg_status60->description, (gg->len)-14);
  496
+      tbuf2[(gg->len)-14]='\0';
  497
+      DISSECT_MSG("GG6 : %s:%d -> %s:%d - STATUS CHANGED  UIN: %u  STATUS: %s (%s)  VERSION: %s  RIP: %u.%u.%u.%u:%u\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  498
+                                 ntohs(PACKET->L4.src),
  499
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  500
+                                 ntohs(PACKET->L4.dst), 
  501
+                                 (gg_status60->uin & 0x00ffffff),
  502
+                                 tbuf2, tbuf,
  503
+                                 tbuf3,
  504
+                                 gg_status60->remote_ip[0], gg_status60->remote_ip[1], gg_status60->remote_ip[2], gg_status60->remote_ip[3],
  505
+                                 gg_status60->remote_port);
  506
+}
  507
+else if (gg->type == GG_STATUS70_CMD) {
  508
+      gg_get_status(gg_status70->status,tbuf);
  509
+      gg_get_version(gg_status70->version,tbuf3);
  510
+      strncpy(tbuf2,gg_status70->description, (gg->len)-18);
  511
+      tbuf2[(gg->len)-18]='\0';
  512
+      DISSECT_MSG("GG7 : %s:%d -> %s:%d - STATUS CHANGED  UIN: %u  STATUS: %s (%s)  VERSION: %s  RIP: %u.%u.%u.%u:%u\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  513
+                                 ntohs(PACKET->L4.src),
  514
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  515
+                                 ntohs(PACKET->L4.dst), 
  516
+                                 (gg_status70->uin & 0x00ffffff),
  517
+                                 tbuf2, tbuf,
  518
+                                 tbuf3,
  519
+                                 gg_status70->remote_ip[0], gg_status70->remote_ip[1], gg_status70->remote_ip[2], gg_status70->remote_ip[3],
  520
+                                 gg_status70->remote_port);
  521
+}
  522
+#endif
  523
+/*
  524
+else {
  525
+   DISSECT_MSG("GG : %s:%d -> %s:%d - CMD TYPE: %.8X (%d)  LEN: %.8X (%d)  DLEN: %d\n", ip_addr_ntoa(&PACKET->L3.src, tmp),
  526
+                                 ntohs(PACKET->L4.src),
  527
+                                 ip_addr_ntoa(&PACKET->L3.dst, tmp2),
  528
+                                 ntohs(PACKET->L4.dst),
  529
+                                 gg->type, gg->type, gg->len, gg->len, PACKET->DATA.len);
  530
+}
  531
+*/
  532
+
  533
+   SAFE_FREE(tbuf);
  534
+   SAFE_FREE(tbuf2);
  535
+   SAFE_FREE(tbuf3);
  536
+  
  537
+   return NULL;
  538
+}
  539
+
  540
+void gg_get_status(u_int32 status, char *str)  {
  541
+
  542
+switch ((status&0x00ff)) {
  543
+
  544
+case 0x0014:
  545
+   strcpy(str,"invisible");
  546
+   break;
  547
+
  548
+case 0x0002:
  549
+   strcpy(str,"available");
  550
+   break;
  551
+
  552
+case 0x0003:
  553
+   strcpy(str,"busy");
  554
+   break;
  555
+
  556
+case 0x0006:
  557
+   strcpy(str,"blocked");
  558
+   break;
  559
+
  560
+case 0x0001:
  561
+   strcpy(str,"not available");
  562
+   break;
  563
+
  564
+case 0x0016:
  565
+   strcpy(str,"invisible + descr");
  566
+   break;
  567
+
  568
+case 0x0004:
  569
+   strcpy(str,"available + descr");
  570
+   break;
  571
+
  572
+case 0x0005:
  573
+   strcpy(str,"busy + descr");
  574
+   break;
  575
+
  576
+case 0x0015:
  577
+   strcpy(str,"not available + descr");
  578
+   break;
  579
+
  580
+default:
  581
+   strcpy(str,"unknown");
  582
+}
  583
+
  584
+if ((status&0xff00)==0x8000)
  585
+   strcat(str," + private");
  586
+
  587
+}
  588
+
  589
+void gg_get_version(u_int32 version, char *str)  {
  590
+
  591
+switch ((version&0x00ff)) {
  592
+
  593
+case 0x0000002A:
  594
+   strcpy(str,"7.7");
  595
+   break;
  596
+
  597
+case 0x00000029:
  598
+   strcpy(str,"7.6");
  599
+   break;
  600
+
  601
+case 0x00000024:
  602
+   strcpy(str,"6.1/7.6");
  603
+   break;
  604
+
  605
+case 0x00000028:
  606
+   strcpy(str,"7.5");
  607
+   break;
  608
+
  609
+case 0x00000027:
  610
+case 0x00000026:
  611
+case 0x00000025:
  612
+   strcpy(str,"7.0");
  613
+   break;
  614
+
  615
+case 0x00000022:
  616
+case 0x00000021:
  617
+case 0x00000020:
  618
+   strcpy(str,"6.0");
  619
+   break;
  620
+
  621
+case 0x0000001E:
  622
+case 0x0000001C:
  623
+   strcpy(str,"5.7");
  624
+   break;
  625
+
  626
+case 0x0000001B:
  627
+case 0x00000019:
  628
+   strcpy(str,"5.0");
  629
+   break;
  630
+
  631
+case 0x00000018:
  632
+   strcpy(str,"5.0/4.9");
  633
+   break;
  634
+
  635
+case 0x00000017:
  636
+case 0x00000016:
  637
+   strcpy(str,"4.9");
  638
+   break;
  639
+
  640
+case 0x00000015:
  641
+case 0x00000014:
  642
+   strcpy(str,"4.8");
  643
+   break;
  644
+
  645
+case 0x00000011:
  646
+   strcpy(str,"4.6");
  647
+   break;
  648
+
  649
+case 0x00000010:
  650
+case 0x0000000f:
  651
+   strcpy(str,"4.5");
  652
+   break;
  653
+
  654
+case 0x0000000b:
  655
+   strcpy(str,"4.0");
  656
+   break;
  657
+
  658
+default:
  659
+   sprintf(str,"unknown (0x%X)",version);
  660
+}
  661
+
  662
+if ((version&0xf0000000)==0x40000000)
  663
+   strcat(str," + has audio");
  664
+
  665
+if ((version&0x0f000000)==0x040000000)
  666
+   strcat(str," + eraomnix");
  667
+
  668
+}
  669
+
  670
+/* EOF */
  671
+
  672
+// vim:ts=3:expandtab
  673
+

0 notes on commit 5649e9c

Please sign in to comment.
Something went wrong with that request. Please try again.