working mra package analyzer

smirn0v · May 12, 2013 · aba20e5 · aba20e5
1 parent 1fb2b28
commit aba20e5
Show file tree

Hide file tree

Showing 5 changed files with 122 additions and 8 deletions.
diff --git a/mmp-bot/agent.pcap b/mmp-bot/agent.pcap
diff --git a/mmp-bot/mmp-analyze.py b/mmp-bot/mmp-analyze.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python
+# -*- coding: utf8 -*-
+
+from scapy.all import *
+from mmpbase import *
+import sys
+import struct
+import os
+
+def traceback():
+    exc_type, exc_obj, exc_tb = sys.exc_info()
+    fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
+    print(exc_type, fname, exc_tb.tb_lineno)
+
+def ascii_only(s): 
+    res = ""
+    for c in s:
+        if ord(c) >= 0x20 and ord(c) < 0x7F:
+            res += c
+        else:
+            res += "."
+    return res
+
+def main():
+    pl = rdpcap("agent.pcap")
+
+    supported_packets = [ 
+                          MMPServerMessageAckPacket,
+                          MMPClientAuthorizePacket,
+                          MMPClientMessageRecvPacket,
+                          MMPClientMessagePacket,
+                          MMPClientAddContact
+                        ]
+
+    for p in pl:
+        try:
+            magic = struct.unpack('I',str(p[TCP].payload)[:4])[0]
+            if magic!=0xdeadbeef: continue
+
+            header = str(p[TCP].payload)[:44]
+            header = MMPHeader.from_binary_data(header)
+            print
+            print header
+            payload = str(p[TCP].payload)[44:]
+            print "{payload = %s}"%payload.encode('hex')
+            print "{ascii-payload = %s}"%ascii_only(payload)
+            for sp in supported_packets:
+                if sp.msg == header.msg:
+                    mrap = None
+                    try:
+                        mrap = sp(header,payload)
+                    except: pass
+                    try:
+                        mrap = sp(header,binary_data = payload)
+                    except: pass 
+                    if mrap is not None:
+                        print mrap
+        except Exception as e:
+            #traceback()
+            pass
+
+if __name__ == "__main__":
+    main()
diff --git a/mmp-bot/mmpbase.py b/mmp-bot/mmpbase.py
@@ -116,19 +116,55 @@ def pack_lps(self,string):
     def pack_uint(self,value):
         return struct.pack('I',value)
 
+class MMPClientAddContact(PackingMixin):
+    msg = MRIM_CS_ADD_CONTACT
+
+    def __init__(self,header,binary_data=None,flags=None,groupid=None,email=None,name=None):
+        self.header = header
+        self.header.msg = self.__class__.msg
+        if binary_data is not None:
+            self.binary_data = binary_data
+            self.flags       = self.unpack_uint()
+            self.groupid     = self.unpack_uint()
+            self.email       = self.unpack_lps()
+            self.name        = self.unpack_lps()
+        else:
+            self.flags = flags
+            self.groupid = groupid
+            self.email = email
+            self.name  = name
+            self.header.dlen = len(self.binary_data()) - MMPHeader.size
+
+    def binary_data(self):
+        data  = self.header.binary_data()
+        data += self.pack_uint(self.flags)
+        data += self.pack_uint(self.groupid)
+        data += self.pack_lps(self.email) 
+        data += self.pack_lps(self.name)
+        return data
+
+    def __str__(self):
+        print "clnt add contact {flags = 0x%X, groupid = %d, email = %s, name = %s}"%(self.flags,self.groupid,self.email, self.name)
+
 class MMPClientMessagePacket(PackingMixin):
     msg = MRIM_CS_MESSAGE
-    def __init__(self,header,flags,to_email,message):
+    def __init__(self,header,binary_data=None,flags=None,to_email=None,message=None):
         """ 
         message should be given in ascii
         rtf messages not supported
         """
-        self.header = header
+        self.header   = header
         self.header.msg = self.__class__.msg
-        self.flags = flags
-        self.to_email = to_email
-        self.message = message
-        self.header.dlen = len(self.binary_data()) - MMPHeader.size
+        if binary_data is not None:
+            self.binary_data = binary_data
+            self.flags    = self.unpack_uint()
+            self.to_email = self.unpack_lps()
+            self.message  = self.unpack_lps() 
+        else:
+            self.flags = flags
+            self.to_email = to_email
+            self.message = message
+            self.header.dlen = len(self.binary_data()) - MMPHeader.size
 
     def binary_data(self):
         data  = self.header.binary_data()
@@ -137,6 +173,9 @@ def binary_data(self):
         data += self.pack_lps(self.message)
         return data
 
+    def __str__(self):
+        print "clnt msg {flags = 0x%X, to_email = %s, message = %s}"%(self.flags, self.to_email, self.message)
+
 class MMPClientAuthorizePacket(PackingMixin):
     msg = MRIM_CS_AUTHORIZE
     def __init__(self,header,email):
@@ -146,6 +185,8 @@ def __init__(self,header,email):
         self.header.dlen = len(self.binary_data()) - MMPHeader.size 
     def binary_data(self):
         return self.header.binary_data()+self.pack_lps(self.email)
+    def __str__(self):
+        print "authorize {email = %s}"%self.email
 
 class MMPClientPingPacket:
     msg = MRIM_CS_PING
@@ -195,6 +236,8 @@ def binary_data(self):
         data += self.pack_lps(self.from_email) 
         data += self.pack_uint(self.msgid)
         return data
+    def __str__(self):
+        print "clnt message recv {from_email = %s, msgid = %d}"%(self.from_email,self.msgid)
 
 class MMPServerHelloAckPacket(PackingMixin):
     msg = MRIM_CS_HELLO_ACK
@@ -233,6 +276,8 @@ def simple_message(self):
                 not self.flag_set(MESSAGE_FLAG_CONTACT) and \
                 not self.flag_set(MESSAGE_FLAG_NOTIFY) and \
                 not self.flag_set(MESSAGE_FLAG_AUTHORIZE)
+    def __str__(self):
+        print "srv message ack {msgid = %d, flags = 0x%X, from_email = %s, message = %s}"%(self.msgid,self.flags,self.from_email,self.message)
 
 class MMPServerContactListPacket(PackingMixin):
     msg = MRIM_CS_CONTACT_LIST2

diff --git a/mmp-bot/mmpbot.py b/mmp-bot/mmpbot.py
@@ -34,6 +34,7 @@ def authrizationRequest(self,from_email):
 
     def message(self,from_email,message):
         print "%s: %s" % (from_email, message)
+        self.protocol.sendMessage(from_email,"pong")
         for command in self.handlers:
             if message.startswith(command):
                 self.handlers[command][0](from_email,message[len(command)+1:])

diff --git a/mmp-bot/mmpprotocol.py b/mmp-bot/mmpprotocol.py
@@ -109,10 +109,15 @@ def canHandlePacket(self,packet):
         return isinstance(packet,self.packet_class)
 
     def handlePacket(self,packet):
-
+        print "message: %s, flags 0x%X"%(packet.message,packet.flags)
+
         if packet.simple_message():   
             self.protocol.callback.message(packet.from_email,packet.message)
 
+        if packet.flag_set(MESSAGE_FLAG_AUTHORIZE):
+            print "sending auth ok"
+            self.protocol.authorize(packet.from_email)
+
         if packet.flag_set(MESSAGE_FLAG_NORECV):
             return
 
@@ -209,7 +214,7 @@ def sendMessage(self,to_email,message):
         rtf not supported
         """
         header = self.createHeader()
-        packet = MMPClientMessagePacket(header,0,to_email,message.decode('utf8').encode('cp1251'))
+        packet = MMPClientMessagePacket(header,flags=0,to_email=to_email,message=message.decode('utf8').encode('cp1251'))
         self.sendPacket(packet)
 
     def authorize(self,email):