louis.dufour
/
Detection_d_intrusion
3
2
Fork 0
Code Issues 6 Pull Requests Packages Projects 1 Releases Wiki Activity

Les decoder sont terminés, celui à utiliser est decoderMain.py
continuous-integration/drone/push Build is failing Details

Browse Source
master
Paul SQUIZZATO 2 years ago
parent 59efb94b27
commit 790a5a344c
6 changed files with 26 additions and 113 deletions
Show Stats Download Patch File Download Diff File

0
src/decoderBase.py → src/decoderExample.py
Unescape View File

20
src/decoder_propre.py → src/decoderMain.py
Unescape View File

@ -71,12 +71,12 @@ def decode(pkt):
#Fill the list of the values/address that have been read #Fill the list of the values/address that have been read
LPackets = [] LPackets = []
for j in range(len(status)): for j in range(len(status)):
LPackets.append([miniL[0][1],miniL[2]+j,status[j]]) LPackets.append([str.lower(miniL[0][1]),miniL[2]+j,status[j]])
#Add the read's status into the `connect` database #Add the read's status into the `connect` database
triPacket(LPackets,connec) triPacket(LPackets,connec)
#Reset the globalization's list #Reset the globalization's list
miniL = [0,0,0] ####miniL = [0,0,0]
#First request for a read packet's : Get the starting address and globalize it before getting the response #First request for a read packet's : Get the starting address and globalize it before getting the response
else: else:
@ -99,16 +99,20 @@ def decode(pkt):
value = modpkt.payload.getfieldval("outputsValue") value = modpkt.payload.getfieldval("outputsValue")
status = [] status = []
#Multiple write coils request (register's values are already on the good format) #Multiple write coils request (register's values are already on the good format)
LPackets = []
#Get the number of bytes to be write in order to not reset to 0, address on the same bytes of the written one's
if "C" in type_call: if "C" in type_call:
#Transform the byte's values into a list of bits values for each byte #Transform the byte's values into a list of bits values for each byte
status = BytesToBits(value) status = BytesToBits(value)
LPackets = []
#Get the number of bytes to be write in order to not reset to 0, address on the same bytes of the written one's
byte_count = modpkt.payload.getfieldval("quantityOutput") byte_count = modpkt.payload.getfieldval("quantityOutput")
#Fill the list of the values/address that while be write #Fill the list of the values/address that while be write
else:
byte_count = modpkt.payload.getfieldval("quantityRegisters")
status=value
for j in range(byte_count): for j in range(byte_count):
LPackets.append([miniL[0][1],addr+j,status[j]]) if miniL[0][1]=='C' and status[j]==65280:
status[j]=1
LPackets.append([str.lower(miniL[0][1]),addr+j,status[j]])
#Add and check the write's status into the `connect` database #Add and check the write's status into the `connect` database
triPacket(LPackets,connec) triPacket(LPackets,connec)
@ -118,12 +122,14 @@ def decode(pkt):
if "C" in type_call: if "C" in type_call:
addr = modpkt.payload.getfieldval("outputAddr") addr = modpkt.payload.getfieldval("outputAddr")
value = modpkt.payload.getfieldval("outputValue") value = modpkt.payload.getfieldval("outputValue")
if value==65280:
value=1
#Single write register request #Single write register request
else: else:
addr = modpkt.payload.getfieldval("registerAddr") addr = modpkt.payload.getfieldval("registerAddr")
value = modpkt.payload.getfieldval("registerValue") value = modpkt.payload.getfieldval("registerValue")
#Add the write's status into the `connect` database #Add the write's status into the `connect` database
triPacket([miniL[0][1],addr,output_value],connec) triPacket([str.lower(miniL[0][1]),addr,value],connec)

0
src/decoderBrut.py → src/decoderOutdated.py
Unescape View File

96
src/decoderPropre.py
Unescape View File

@ -1,96 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#https://scapy.readthedocs.io/en/latest/api/scapy.packet.html#scapy.packet.Packet
#https://scapy.readthedocs.io/en/latest/api/scapy.contrib.modbus.html
import getpass
import scapy.all as scapy
import scapy.contrib.modbus as mb
from triPacket import triPacket
def decode(pkt):
if "ModbusADU" in pkt:
global miniL
modpkt = pkt["ModbusADU"]
type_call = ""
if "Multiple" in modpkt.payload.name:
type_call += "m"
else:
type_call += "s"
if "Coil" in modpkt.payload.name:
type_call += "C"
else:
type_call += "R"
miniL[0] = type_call
if "Read" in modpkt.payload.name:
type_call += "r"
if "Response" in modpkt.payload.name:
byte_count = modpkt.payload.getfieldval("byteCount")
status = []
if "C" in type_call:
Value = modpkt.payload.getfieldval("coilStatus")
for j in range(byte_count):
val=str(bin(Value[j]))[2:].rjust(8,'0')[::-1]
status.extend(k for k in [*val])
else:
status = modpkt.payload.getfieldval("registerVal")
for j in range(len(status)):
#bigL.append([miniL[0],status[j],miniL[2]+j])
triPacket([miniL[0][1],miniL[2]+j,status[j]],connec)
miniL = [0,0,0]
else:
addr = modpkt.payload.getfieldval("startAddr")
miniL[2] = addr
else:
type_call += "w"
if "Response" in modpkt.payload.name:
pass
else:
if "m" in type_call:
addr = modpkt.payload.getfieldval("startAddr")
#byte_count = modpkt.payload.getfieldval("quantityOutput")
output_value = modpkt.payload.getfieldval("outputsValue")
status = []
if "C" in type_call:
for j in range(len(output_value)):
val=str(bin(output_value[j]))[2:].rjust(8,'0')[::-1]
status.extend(k for k in [*val])
for j in range(len(status)):
#bigL.append([miniL[0],status[j],addr+j]) # changer 5 pour mettre l'adresse
triPacket([miniL[0][1],addr+j,status[j]],connec)
#print(bigL)
else:
if "C" in type_call:
addr = modpkt.payload.getfieldval("outputAddr")
output_value = modpkt.payload.getfieldval("outputValue")
else:
addr = modpkt.payload.getfieldval("registerAddr")
output_value = modpkt.payload.getfieldval("registerValue")
triPacket([miniL[0][1],addr,output_value],connec)
#bigL.append([miniL[0],output_value,addr])
#print(bigL)
bigL = []
print("In order for data sniffed to be stored inside the database, please register the following :")
DB_HOST = input('host of the database server : ')
if not DB_HOST:
DB_HOST = '192.168.128.141'
DB_NAME = input('name of the database : ')
if not DB_NAME:
DB_NAME = 'dblodufour1'
DB_USER = input('login of the user : ')
if not DB_USER:
DB_USER = 'lodufour1'
DB_PASSWORD = getpass.getpass('user password : ')
connec=[DB_HOST,DB_NAME,DB_USER,DB_PASSWORD]
miniL = [0,0,0]
scapy.sniff(iface="lo", prn=decode)

2
src/ecritureBDD.py
Unescape View File

@ -35,7 +35,7 @@ def ecritureBDD(lStatus,connec):
if verifRegle(co): if verifRegle(co):
co.commit() co.commit()
else: else:
print("A rule has been violated. The system is endangered. The database") print("A rule has been violated. The system is endangered. The database hasn't been updated.")
co.rollback() co.rollback()
cur.close() cur.close()
except(Exception,psy.DatabaseError) as error: except(Exception,psy.DatabaseError) as error:

15
src/regles.py
Unescape View File

@ -1,14 +1,17 @@
regles=[] regles=[]
## FORMAT DES REGLES : ## How to write rules :
# La regle est composée d'une liste de deux éléments: # A rule is an array of two values :
# Le premier est une liste de conditions # The first one is another array of conditions
# The second one is the forbidden value
# Le deuxième est la conséquence
regle1=[[('r',5,55),('c',3,1),('c',12,0)],('r',8,72)] regle1=[[('r',5,55),('c',3,1),('c',12,0)],('r',8,72)]
# Dans l'exemple regle1, si le coil d'addresse 3 a pour valeur 1, le coil d'addresse 12 a pour valeur 0 et le registre d'addresse 5 a pour valeur 55, alors la requete visant à ce que le registre d'addresse 8 ait comme valeur 72 soit bloqué
# regle1 is read as follows :
# If the register at the address 5 has a value of 55, and the values of the coils at the addresses 3 and 12 are 1 and 0 respectively
# Then any request trying to set the value of the register at the address 8 to 72 is blocked.
regle2=[[('r',5,55),('c',3,1),('c',12,0)],('c',9,1)] regle2=[[('r',5,55),('c',3,1),('c',12,0)],('c',9,1)]
@ -18,6 +21,6 @@ regles.append(regle2)
# getRegles()'s only purpose is to not have the regles variable called in other scripts, so that it isn't overwritten by accident
def getRegles(): def getRegles():
return regles return regles
Write Preview
Loading…
Cancel
Save