-
Notifications
You must be signed in to change notification settings - Fork 296
/
tplink-smarthome.lua
88 lines (74 loc) · 2.59 KB
/
tplink-smarthome.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
-- TP-Link Smart Home Protocol (Port 9999) Wireshark Dissector
-- For decrypting local network traffic between TP-Link
-- Smart Home Devices and the Kasa Smart Home App
--
-- Install under:
-- (Windows) %APPDATA%\Wireshark\plugins\
-- (Linux, Mac) $HOME/.wireshark/plugins
--
-- by Lubomir Stroetmann
-- Copyright 2016 softScheck GmbH
--
-- Licensed under the Apache License, Version 2.0 (the "License");
-- you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
--
-- Create TP-Link Smart Home protocol and its fields
p_tplink = Proto ("TPLink-SmartHome","TP-Link Smart Home Protocol")
-- Dissector function
function p_tplink.dissector (buf, pkt, root)
-- Validate packet length
if buf:len() == 0 then return end
pkt.cols.protocol = p_tplink.name
-- Decode data
local ascii = ""
local hex = ""
-- Skip first 4 bytes (header)
start = 4
endPosition = buf:len() - 1
-- Decryption key is -85 (256-85=171)
local key = 171
-- Decrypt Autokey XOR
-- Save results as ascii and hex
for index = start, endPosition do
local c = buf(index,1):uint()
-- XOR first byte with key
d = bit32.bxor(c,key)
-- Use byte as next key
key = c
hex = hex .. string.format("%x", d)
-- Convert to printable characters
if d >= 0x20 and d <= 0x7E then
ascii = ascii .. string.format("%c", d)
else
-- Use dot for non-printable bytes
ascii = ascii .. "."
end
end
-- Create subtree
subtree = root:add(p_tplink, buf(0))
-- Add data to subtree
subtree:add(ascii)
-- Description of payload
subtree:append_text(" (decrypted)")
-- Call JSON Dissector with decrypted data
local b = ByteArray.new(hex)
local tvb = ByteArray.tvb(b, "JSON TVB")
Dissector.get("json"):call(tvb, pkt, root)
end
-- Initialization routine
function p_tplink.init()
end
-- Register a chained dissector for port 9999
local tcp_dissector_table = DissectorTable.get("tcp.port")
dissector = tcp_dissector_table:get_dissector(9999)
tcp_dissector_table:add(9999, p_tplink)