initial network analysis code

4 files changed, 197 insertions, 1 deletions

diff --git a/Makefile b/Makefile
index 8c52e4e..95be347 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 CFLAGS+=-I/usr/include/wireshark -DHAVE_STDARG_H -DHAVE_CONFIG_H -g
-OBJECTS:=src/packet-isi.o src/plugin.o src/isi-simauth.o src/isi-gps.o
+OBJECTS:=src/packet-isi.o src/plugin.o src/isi-simauth.o src/isi-network.o src/isi-gps.o
 
 PREFIX?=/usr
 PLUGINDIR?=lib/wireshark/libwireshark0/plugins
diff --git a/src/isi-network.c b/src/isi-network.c
new file mode 100644
index 0000000..2dfe53d
--- /dev/null
+++ b/src/isi-network.c
@@ -0,0 +1,186 @@
+/* isi-network.c
+ * Dissector for ISI's network resource
+ * Copyright 2010, Sebastian Reichel <sre@ring0.de>
+ * 
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <epan/prefs.h>
+#include <epan/packet.h>
+
+#include "packet-isi.h"
+#include "isi-network.h"
+
+static const value_string isi_network_id[] = {
+	{0x07, "NET_SET_REQ"},
+	{0x08, "NET_SET_RESP"},
+	{0x0B, "NET_RSSI_GET_REQ"},
+	{0x0C, "NET_RSSI_GET_RESP"},
+	{0x1E, "NET_RSSI_IND"},
+	{0x35, "NET_RAT_IND"},
+	{0x36, "NET_RAT_REQ"},
+	{0x37, "NET_RAT_RESP"},
+	{0xE0, "NET_REG_STATUS_GET_REQ"},
+	{0xE1, "NET_REG_STATUS_GET_RESP"},
+	{0xE2, "NET_REG_STATUS_IND"},
+	{0xE3, "NET_AVAILABLE_GET_REQ"},
+	{0xE4, "NET_AVAILABLE_GET_RESP"},
+	{0xE5, "NET_OPER_NAME_READ_REQ"},
+	{0xE6, "NET_OPER_NAME_READ_RESP"},
+	{0xF0, "NET_COMMON_MESSAGE"},
+	{0x00, NULL }
+};
+
+static const value_string isi_network_status_sub_id[] = {
+	{0x00, "NET_REG_INFO_COMMON"},
+	{0x02, "NET_OPERATOR_INFO_COMMON"},
+	{0x04, "NET_RSSI_CURRENT"},
+	{0x09, "NET_GSM_REG_INFO"},
+	{0x0B, "NET_DETAILED_NETWORK_INFO"},
+	{0x0C, "NET_GSM_OPERATOR_INFO"},
+	{0x11, "NET_GSM_BAND_INFO"},
+	{0x2C, "NET_RAT_INFO"},
+	{0xE1, "NET_AVAIL_NETWORK_INFO_COMMON"},
+	{0xE7, "NET_OPER_NAME_INFO"},
+	{0x00, NULL }
+};
+
+static dissector_handle_t isi_network_handle;
+static void dissect_isi_network(tvbuff_t *tvb, packet_info *pinfo, proto_item *tree);
+
+static guint32 hf_isi_network_cmd = -1;
+static guint32 hf_isi_network_data_sub_pkgs = -1;
+static guint32 hf_isi_network_status_sub_type = -1;
+static guint32 hf_isi_network_status_sub_len = -1;
+static guint32 hf_isi_network_status_sub_lac = -1;
+static guint32 hf_isi_network_status_sub_cid = -1;
+static guint32 hf_isi_network_status_sub_msg = -1;
+
+void proto_reg_handoff_isi_network(void) {
+	static gboolean initialized=FALSE;
+
+	if (!initialized) {
+		isi_network_handle = create_dissector_handle(dissect_isi_network, proto_isi);
+		dissector_add("isi.resource", 0x0a, isi_network_handle);
+	}
+}
+
+void proto_register_isi_network(void) {
+	static hf_register_info hf[] = {
+		{ &hf_isi_network_cmd,
+		  { "Command", "isi.network.cmd", FT_UINT8, BASE_HEX, isi_network_id, 0x0, "Command", HFILL }},
+		{ &hf_isi_network_data_sub_pkgs,
+		  { "Number of Subpackets", "isi.network.pkgs", FT_UINT8, BASE_DEC, NULL, 0x0, "Number of Subpackets", HFILL }},
+		{ &hf_isi_network_status_sub_type,
+		  { "Subpacket Type", "isi.network.sub.type", FT_UINT8, BASE_HEX, isi_network_status_sub_id, 0x0, "Subpacket Type", HFILL }},
+		{ &hf_isi_network_status_sub_len,
+		  { "Subpacket Length", "isi.network.sub.len", FT_UINT8, BASE_DEC, NULL, 0x0, "Subpacket Length", HFILL }},
+		{ &hf_isi_network_status_sub_lac,
+		  { "Location Area Code (LAC)", "isi.network.sub.lac", FT_UINT16, BASE_HEX_DEC, NULL, 0x0, "Location Area Code (LAC)", HFILL }},
+		{ &hf_isi_network_status_sub_cid,
+		  { "Cell ID (CID)", "isi.network.sub.cid", FT_UINT32, BASE_HEX_DEC, NULL, 0x0, "Cell ID (CID)", HFILL }},
+		{ & hf_isi_network_status_sub_msg,
+		  { "Text", "isi.network.sub.msg", FT_STRING, BASE_NONE, NULL, 0x0, "Text", HFILL }}
+	};
+
+	proto_register_field_array(proto_isi, hf, array_length(hf));
+	register_dissector("isi.network", dissect_isi_network, proto_isi);
+}
+
+/* would be nice if wireshark could handle unicode... */
+static void* utf16_to_ascii(char *in, guint16 len) {
+	char *out = malloc(len+1);
+
+	int i;
+	for(i=0; i<len; i++) {
+		out[i] = in[(i*2)+1];
+	}
+
+	out[len] = 0x00;
+
+	return out;
+}
+
+static void dissect_isi_network_status(tvbuff_t *tvb, packet_info *pinfo, proto_item *item, proto_tree *tree) {
+	guint8 len = tvb->length;
+	int i;
+
+	guint8 pkgcount = tvb_get_guint8(tvb, 0x02);
+	proto_tree_add_item(tree, hf_isi_network_data_sub_pkgs, tvb, 0x02, 1, FALSE);
+
+	size_t offset = 0x03; // subpackets start here
+	for(i=0; i<pkgcount; i++) {
+		guint8 sptype = tvb_get_guint8(tvb, offset+0);
+		guint8 splen = tvb_get_guint8(tvb, offset+1);
+
+		proto_item *subitem = proto_tree_add_text(tree, tvb, offset, splen, "Subpacket (%s)", val_to_str(sptype, isi_network_status_sub_id, "unknown: 0x%x"));
+		proto_tree *subtree = proto_item_add_subtree(subitem, ett_isi_msg);
+
+		proto_tree_add_item(subtree, hf_isi_network_status_sub_type, tvb, offset+0, 1, FALSE);
+		proto_tree_add_item(subtree, hf_isi_network_status_sub_len, tvb,  offset+1, 1, FALSE);
+
+		offset += 2;
+
+		switch(sptype) {
+			case 0x00: // NET_REG_INFO_COMMON
+				/* FIXME: TODO */
+				break;
+			case 0x09: // NET_GSM_REG_INFO
+				proto_tree_add_item(subtree, hf_isi_network_status_sub_lac, tvb, offset+0, 2, FALSE);
+				proto_tree_add_item(subtree, hf_isi_network_status_sub_cid, tvb, offset+4, 4, FALSE);
+				/* FIXME: TODO */
+				break;
+			case 0xe3: ; // UNKNOWN
+				/* FIXME: TODO, byte 0-2: ???, encoding is UTF-16 */
+				guint16 strlen = tvb_get_ntohs(tvb, offset+2);
+				/* TODO: output string length */
+				char *utf16 = tvb_memdup(tvb, offset+4, strlen*2);
+				char *ascii = utf16_to_ascii(utf16, strlen);
+				proto_item *subitem = proto_tree_add_string(subtree, hf_isi_network_status_sub_msg, tvb, offset+4, strlen*2, ascii);
+				break;
+			default:
+				break;
+		}
+
+		offset += splen - 2;
+	}
+}
+
+static void dissect_isi_network(tvbuff_t *tvb, packet_info *pinfo, proto_item *isitree) {
+	proto_item *item = NULL;
+	proto_tree *tree = NULL;
+	guint8 cmd, code;
+
+	if(isitree) {
+		item = proto_tree_add_text(isitree, tvb, 0, -1, "Payload");
+		tree = proto_item_add_subtree(item, ett_isi_msg);
+
+		proto_tree_add_item(tree, hf_isi_network_cmd, tvb, 0, 1, FALSE);
+		cmd = tvb_get_guint8(tvb, 0);
+
+		switch(cmd) {
+			case 0xE2:
+				col_set_str(pinfo->cinfo, COL_INFO, "Network Status Indication");
+				dissect_isi_network_status(tvb, pinfo, item, tree);
+				break;
+			default:
+				col_set_str(pinfo->cinfo, COL_INFO, "unknown Network packet");
+				break;
+		}
+	}
+}
diff --git a/src/isi-network.h b/src/isi-network.h
new file mode 100644
index 0000000..5bbaac0
--- /dev/null
+++ b/src/isi-network.h
@@ -0,0 +1,7 @@
+#ifndef _ISI_SIMAUTH_H
+#define _ISI_SIMAUTH_H
+
+void proto_reg_handoff_isi_network(void);
+void proto_register_isi_network(void);
+
+#endif
diff --git a/src/packet-isi.c b/src/packet-isi.c
index 5abffb9..6e06413 100644
--- a/src/packet-isi.c
+++ b/src/packet-isi.c
@@ -24,6 +24,7 @@
 #include <epan/packet.h>
 
 #include "packet-isi.h"
+#include "isi-network.h"
 #include "isi-simauth.h"
 #include "isi-gps.h"
 
@@ -86,6 +87,7 @@ void proto_reg_handoff_isi(void) {
 
 		/* handoff resource dissectors */
 		proto_reg_handoff_isi_sim_auth();
+		proto_reg_handoff_isi_network();
 		proto_reg_handoff_isi_gps();
 	}
 }
@@ -137,6 +139,7 @@ void proto_register_isi(void) {
 
 	/* register resource dissectors */
 	proto_register_isi_sim_auth();
+	proto_register_isi_network();
 	proto_register_isi_gps();
 }