libpcap, libspoofer, and a "Network Utility" - ComputerCraft Forums (archive)

Cloud Ninja #1

374 posts

Posted 15 July 2015 - 01:42 AM

Introducing libpcap and libspoofer

APIs to allow the spoofing and sniffing of rednet and GPS traffic!

With these APIs, you can spoof traffic to create a seemingly real internet service. Or maybe sniff the traffic on a network to make sure its going where it needs to go.

Sometimes you can't find that pesky rednet.send() message, and you need to rework your code.

No longer! Our network utility implements libpcap (styled after pcap the wireshark library) and libspoofer the ID spoofing API to create packets for testing networks and modems in the rednet range of your world!

NOTE: ONLY WORKS ON CC 1.6 AND UP

Enjoy the world of Libpcap and Libspoofer

Libpcap and Libspoofer are required for the Network Utility to function

In order to close the network utility, click the green line

To Install:

To install all of the needed files as well as the network utility

pastebin run sfZc9yLU

To install only Libpcap

pastebin get qWSxND5C libpcap

To install only Libspoofer

pastebin get jzXLbL2C libspoofer

To use the spoofers main function, do libspoofer.send(message, toid, fromid) and it should send message to toid from fromid

For the sniffers main function, use libpcap.cap() which will return a table. The cell labeled data in the table will either contain a string if it's a gps packet or another table if it is a rednet packet.

Enjoy!

Credits

Main coder of APIs: Scoopta

Network Utility Coder: CloudNinja

GUI: CloudNinja

Edited on 16 July 2015 - 07:44 PM

ironmountain #2

9 posts

Posted 15 July 2015 - 11:49 AM

This is an extremely helpful tool. Thank you for releasing it to us peasants.

ry00000 #3

ry00000's profile picture

339 posts

Location Computer, Base, SwitchCraft, Cube-earth, Blockiverse, Computer

Posted 15 July 2015 - 02:31 PM

Wouldn't this allow for pseudo-MitM type attacks? Like this:
Bank server sends a message to SpoofServer thinking it is the ATM. SpoofServer sends a message to the ATM under the bank server's ID making it transfer all the gold
on the victim's account to the attacker's account.

Edited on 15 July 2015 - 12:31 PM

H4X0RZ #4

H4X0RZ's profile picture

1583 posts

Location Germany

Posted 15 July 2015 - 04:55 PM

ry00000, on 15 July 2015 - 02:31 PM said:
Wouldn't this allow for pseudo-MitM type attacks? Like this:
Bank server sends a message to SpoofServer thinking it is the ATM. SpoofServer sends a message to the ATM under the bank server's ID making it transfer all the gold
on the victim's account to the attacker's account.

That's the reason why you don't use the rednet API for this.

Rednet is a wrapper for the more low-level modem API. Rednet just uses your computer's ID as channel. When using the modem API, you are able to define the channel yourself.

Cloud Ninja #5

374 posts

Posted 15 July 2015 - 05:24 PM

H4X0RZ, on 15 July 2015 - 04:55 PM said:
ry00000, on 15 July 2015 - 02:31 PM said:
Wouldn't this allow for pseudo-MitM type attacks? Like this:
Bank server sends a message to SpoofServer thinking it is the ATM. SpoofServer sends a message to the ATM under the bank server's ID making it transfer all the gold
on the victim's account to the attacker's account.

That's the reason why you don't use the rednet API for this.

Rednet is a wrapper for the more low-level modem API. Rednet just uses your computer's ID as channel. When using the modem API, you are able to define the channel yourself.

You are both 100% correct. But with being able to do pseudo-MitM attacks, you can do that as long as you know a computers ID that you want to attack and doing a constant rednet.send to it. Thats why if you want to be secure you would use encryption of your data and then use the Modem API. All my program does is allow for the capturing and sending of packets, which has malicious uses, but is not intended to do so. Also with your message: "Bank server sends a message to SpoofServer thinking it is the ATM. SpoofServer sends a message to the ATM under the bank server's ID making it transfer all the gold
on the victim's account to the attacker's account." Its even easier if you know how rednet messages are formatted through the modem API. You can simply capture the packets being sent, figure out which ones you need to use, and then send a constant stream to the atm server to do X action. Now, this is obviously a malicious use for it, and probably if not definitely get you banned from servers.

Lyqyd #6

Lyqyd's profile picture

8543 posts

Posted 15 July 2015 - 05:41 PM

Threads merged.

H4X0RZ #7

H4X0RZ's profile picture

1583 posts

Location Germany

Posted 15 July 2015 - 05:54 PM

CloudNinja, on 15 July 2015 - 05:24 PM said:
H4X0RZ, on 15 July 2015 - 04:55 PM said:
ry00000, on 15 July 2015 - 02:31 PM said:
Wouldn't this allow for pseudo-MitM type attacks? Like this: Bank server sends a message to SpoofServer thinking it is the ATM. SpoofServer sends a message to the ATM under the bank server's ID making it transfer all the gold on the victim's account to the attacker's account.
That's the reason why you don't use the rednet API for this. Rednet is a wrapper for the more low-level modem API. Rednet just uses your computer's ID as channel. When using the modem API, you are able to define the channel yourself.
You are both 100% correct. But with being able to do pseudo-MitM attacks, you can do that as long as you know a computers ID that you want to attack and doing a constant rednet.send to it. Thats why if you want to be secure you would use encryption of your data and then use the Modem API. All my program does is allow for the capturing and sending of packets, which has malicious uses, but is not intended to do so. Also with your message: "Bank server sends a message to SpoofServer thinking it is the ATM. SpoofServer sends a message to the ATM under the bank server's ID making it transfer all the gold on the victim's account to the attacker's account." Its even easier if you know how rednet messages are formatted through the modem API. You can simply capture the packets being sent, figure out which ones you need to use, and then send a constant stream to the atm server to do X action. Now, this is obviously a malicious use for it, and probably if not definitely get you banned from servers.

You don't even need any knowledge about the messages you want to sniff.
CC modems have a maximum of 65535 channels. One computer can open 128 channels at the same time. So you could sniff every channel with 512 computers. This isn't practical, but it is possible.

Actually, if this limitation (128 channels) applies per modem, and you have 5 wireless modems on the computer (the 6th is wired, so you can transmit the sniffed data to a main computer), it would only take 103 computers.

Edited on 15 July 2015 - 10:20 PM

Cloud Ninja #8

374 posts

Posted 15 July 2015 - 11:51 PM

H4X0RZ, on 15 July 2015 - 05:54 PM said:
-snip-

You don't even need any knowledge about the messages you want to sniff.
CC modes have a maximum of 65535 channels. One computer can open 128 channels at the same time. So you could sniff every channel with 512 computers. This isn't practical, but it is possible.

Actually, if this limitation (128 channels) applies per modem, and you have 5 wireless modems on the computer (the 6th is wired, so you can transmit the sniffed data to a main computer), it would only take 103 computers.

Completely true, but for spoofing you need to format a message correctly, but it IS very easy as long as you read the rednet API and the send function.

flaghacker #9

656 posts

Posted 16 July 2015 - 08:43 PM

I didn't want to hijack some else's thread, so I'll post this here:

CloudNinja, on 16 July 2015 - 05:24 PM said:
flaghacker, on 16 July 2015 - 09:04 AM said:
CloudNinja, on 16 July 2015 - 03:01 AM said:
So does this spoof rednet messages as well? or does it just return a desired ID when running the ID command? If it's the latter, theres a MUCH easier way of doing this.

You could just read the code…

Yes, it spoofs rednet, that's the point. What easier way do you have?
I didnt know if it was able to use rednet still or not. I have a way that when you run ID it returns any value you desire, but it breaks rednet (for some reason, i dont know yet)
function os.getComputerID()
return VALUE
end
I also dont want to be THAT guy, but i find it ironic that the instant I release my spoofer, so does someone else :P/>/> Yours is pretty good though, looks like you put a bit of time in.

Overriding that function is the only way to spoof your id, and it should work with rednet perfectly fine, if you return a number. How does it "break" rednet? What error/behaviour?

Cloud Ninja #10

374 posts

Posted 16 July 2015 - 09:16 PM

flaghacker, on 16 July 2015 - 08:43 PM said:
I didn't want to hijack some else's thread, so I'll post this here:
CloudNinja, on 16 July 2015 - 05:24 PM said:
flaghacker, on 16 July 2015 - 09:04 AM said:
CloudNinja, on 16 July 2015 - 03:01 AM said:
So does this spoof rednet messages as well? or does it just return a desired ID when running the ID command? If it's the latter, theres a MUCH easier way of doing this.

You could just read the code…

Yes, it spoofs rednet, that's the point. What easier way do you have?
I didnt know if it was able to use rednet still or not. I have a way that when you run ID it returns any value you desire, but it breaks rednet (for some reason, i dont know yet)
function os.getComputerID()
return VALUE
end
I also dont want to be THAT guy, but i find it ironic that the instant I release my spoofer, so does someone else :P/>/> Yours is pretty good though, looks like you put a bit of time in.
Overriding that function is the only way to spoof your id, and it should work with rednet perfectly fine, if you return a number. How does it "break" rednet? What error/behaviour?

I dont remember correctly, but how about we keep that thread in that thread. It errors, i forget what it says but it does. And no, to spoof your ID via rednet you dont have to override any functions.

Scoopta #11

Scoopta's profile picture

23 posts

Location California, United States

Posted 22 July 2015 - 08:08 AM

flaghacker, on 16 July 2015 - 08:43 PM said:
I didn't want to hijack some else's thread, so I'll post this here:
CloudNinja, on 16 July 2015 - 05:24 PM said:
flaghacker, on 16 July 2015 - 09:04 AM said:
CloudNinja, on 16 July 2015 - 03:01 AM said:
So does this spoof rednet messages as well? or does it just return a desired ID when running the ID command? If it's the latter, theres a MUCH easier way of doing this.

You could just read the code…

Yes, it spoofs rednet, that's the point. What easier way do you have?
I didnt know if it was able to use rednet still or not. I have a way that when you run ID it returns any value you desire, but it breaks rednet (for some reason, i dont know yet)
function os.getComputerID()
return VALUE
end
I also dont want to be THAT guy, but i find it ironic that the instant I release my spoofer, so does someone else :P/>/> Yours is pretty good though, looks like you put a bit of time in.
Overriding that function is the only way to spoof your id, and it should work with rednet perfectly fine, if you return a number. How does it "break" rednet? What error/behaviour?

That's the easy way but less powerful way of dealing with rednet spoofing. libspoofer allows for far more power than that. Instead of overwriting that function every time you can just call libspoofer.send(msg, toid, fromid) without ever touching os.getComputerID() or your actual id.

flaghacker #12

656 posts

Posted 22 July 2015 - 12:35 PM

How is that more powerful? Overwriting that function makes everything use the new ID, including rednet.broadcast and every program that uses the id.

Cloud Ninja #13

374 posts

Posted 22 July 2015 - 01:21 PM

flaghacker, on 22 July 2015 - 12:35 PM said:
How is that more powerful? Overwriting that function makes everything use the new ID, including rednet.broadcast and every program that uses the id.

Yes while it overwrites anything that uses it, lets say you only need it for rednet functions, while you could spoof the id, send the message, then unspoof, it would be more of a hassle than using our API. lets say, for example


args = {...}
oldID = os.getComputerID()
function os.getComputerID()
return args[1]
end
rednet.broadcast("Test")
function os.getComputerID()
return oldID
end

you can just libspoofer.send(message, toid, fromid) and all without needing to write the API code yourself.

H4X0RZ #14

H4X0RZ's profile picture

1583 posts

Location Germany

Posted 22 July 2015 - 05:08 PM

CloudNinja, on 22 July 2015 - 01:21 PM said:
flaghacker, on 22 July 2015 - 12:35 PM said:
How is that more powerful? Overwriting that function makes everything use the new ID, including rednet.broadcast and every program that uses the id.
Yes while it overwrites anything that uses it, lets say you only need it for rednet functions, while you could spoof the id, send the message, then unspoof, it would be more of a hassle than using our API. lets say, for example
args = {...}
oldID = os.getComputerID()
function os.getComputerID()
return args[1]
end
rednet.broadcast("Test")
function os.getComputerID()
return oldID
end
you can just libspoofer.send(message, toid, fromid) and all without needing to write the API code yourself.

or you just do this?


local modem = peripheral.wrap("SomeRandomSide")
modem.transmit(toID,fromID,message)

Cloud Ninja #15

374 posts

Posted 22 July 2015 - 05:23 PM

H4X0RZ, on 22 July 2015 - 05:08 PM said:
-snip-

or you just do this?
local modem = peripheral.wrap("SomeRandomSide")
modem.transmit(toID,fromID,message)

Yes and no. For transmitting only via modem, yes you can do that. but lets say you're using rednet (which would be idiotic due to it being super insecure) you have to format a rednet message fairly specifically using modem, rednet just does it for you automatically. With our API, you can send over modem AND rednet, not just one or the other. if you look at the API you can see how the message is formatted.

3dsboy08 #16

3dsboy08's profile picture

32 posts

Posted 28 July 2015 - 06:27 PM

I got an error when using the wireshark utility: Here it is

netutil:46: attempt to concatenate string and table

Cloud Ninja #17

374 posts

Posted 28 July 2015 - 07:36 PM

3dsboy08, on 28 July 2015 - 06:27 PM said:
I got an error when using the wireshark utility: Here it is

netutil:46: attempt to concatenate string and table

What was the rednet.send or rednet.broadcast that was sent? Its attempting to loop through the message table in it.