-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoicq_enhanced.lua
176 lines (121 loc) · 4.64 KB
/
oicq_enhanced.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
do
--[[
Proto.new(name, desc)
name: displayed in the column of “Protocol” in the packet list
desc: displayed as the dissection tree root in the packet details
--]]
local PROTO_OICQ = Proto("QPlus", "OICQ Protocol(Enhanced) - IM software, popular in China")
--[[
ProtoField:
to be used when adding items to the dissection tree
--]]
local hf_oicq_flg = ProtoField.uint8("OICQ.Flag", "Flag", base.HEX)
local hf_oicq_version = ProtoField.uint16("OICQ.Version", "Version", base.HEX)
local hf_oicq_command = ProtoField.string("OICQ.Command", "Command")
local hf_oicq_seq = ProtoField.uint16("OICQ.Seq", "Sequence", base.DEC)
local hf_oicq_qqid = ProtoField.uint32("OICQ.QID", "OICQ Number", base.DEC)
local hf_oicq_eflg = ProtoField.uint8("OICQ.EFlag", "End Flag", base.HEX)
-- define the fields table of this dissector(as a protoField array)
PROTO_OICQ.fields = {hf_oicq_flg, hf_oicq_version, hf_oicq_command, hf_oicq_seq, hf_oicq_qqid, hf_oicq_eflg}
--[[
Data Section
--]]
local data_dis = Dissector.get("data")
--[[
OICQ Dissector Function
--]]
local function roh_dissector(buf, pkt, root)
-- check buffer length
local buf_len = buf:len()
if buf_len < 12 then
return false
end
-- check flag
if buf(0, 1):uint() ~= 0x02 then
return false
end
-- check end flag
if buf(buf_len - 1, 1):uint() ~= 0x03 then
return false
end
--[[
packet list columns
--]]
pkt.cols.protocol = "OICQ"
pkt.cols.info = "OICQ Protocol(Enhanced) - IM software, popular in China"
--[[
OICQ command list
]]
local command_list = {}
command_list[0x0001] = "Log out"
command_list[0x0002] = "Heart Message"
command_list[0x0004] = "Update User information"
command_list[0x0005] = "Search user"
command_list[0x0006] = "Get User informationBroadcast"
command_list[0x0009] = "Add friend no auth"
command_list[0x000a] = "Delete user"
command_list[0x000b] = "Add friend by auth"
command_list[0x000d] = "Set status"
command_list[0x0012] = "Confirmation of receiving message from server"
command_list[0x0016] = "Send message"
command_list[0x0017] = "Receive message"
command_list[0x0018] = "Retrieve information"
command_list[0x001a] = "Reserved "
command_list[0x001c] = "Delete Me"
command_list[0x001d] = "Request KEY"
command_list[0x0021] = "Cell Phone"
command_list[0x0022] = "Log in"
command_list[0x0026] = "Get friend list"
command_list[0x0027] = "Get friend online"
command_list[0x0029] = "Cell PHONE"
command_list[0x0030] = "Operation on group"
command_list[0x0031] = "Log in test"
command_list[0x003c] = "Group name operation"
command_list[0x003d] = "Upload group friend"
command_list[0x003e] = "MEMO Operation"
command_list[0x0058] = "Download group friend"
command_list[0x005c] = "Get level"
command_list[0x0062] = "Request login"
command_list[0x0065] = "Request extra information"
command_list[0x0067] = "Signature operation"
command_list[0x0080] = "Receive system message"
command_list[0x0081] = "Get status of friend"
command_list[0x00b5] = "Get friend's status of group"
--[[
dissection tree in packet details
--]]
-- tree root
local t = root:add(PROTO_OICQ, buf(0, buf_len))
-- child items
t:add(hf_oicq_flg, buf(0, 1))
t:add(hf_oicq_version, buf(1, 2))
local cmd = buf(3, 2):uint()
if command_list[cmd] then
t:add(hf_oicq_command, buf(3, 2), string.format("%s (%d)", command_list[cmd], cmd))
else
t:add(hf_oicq_command, buf(3, 2), string.format("Unknown (%d)", cmd))
end
t:add(hf_oicq_seq, buf(5, 2))
t:add(hf_oicq_qqid, buf(7, 4))
t:add(hf_oicq_eflg, buf(buf_len - 1, 1))
if buf_len > 12 then
local d = root:add(buf(11, buf_len - 12), "OICQ Data")
end
return true
end
--[[
Dissect Process
--]]
function PROTO_OICQ.dissector(buf, pkt, root)
if roh_dissector(buf, pkt, root) then
-- valid ROH diagram
else
data_dis:call(buf, pkt, root)
end
end
--[[
Specify Protocol Port
--]]
local tcp_encap_table = DissectorTable.get("udp.port")
tcp_encap_table:set(8000, PROTO_OICQ)
end