【毕业设计日记-4月】mark小尝成果

  1 #ifdef _MSC_VER
  2 /*
  3 * we do not want the warnings about the old deprecated and unsecure CRT functions
  4 * since these examples can be compiled under *nix as well
  5 */
  6 #define _CRT_SECURE_NO_WARNINGS
  7 #endif
  8 
  9 
 10 #include "stdafx.h"
 11 #include <stdio.h>
 12 #include <stdlib.h>
 13 #include <sys/types.h>
 14 #include <pcap.h>
 15 #include <remote-ext.h>
 16 #include "zlib.h"
 17 
 18 
 19 #define LINE_LEN 16
 20 
 21 /* 4 bytes IP address */
 22 typedef struct ip_address
 23 {
 24     u_char byte1;
 25     u_char byte2;
 26     u_char byte3;
 27     u_char byte4;
 28 }ip_address;
 29 
 30 /* IPv4 header */
 31 typedef struct ip_header
 32 {
 33     u_char    ver_ihl;        // Version (4 bits) + Internet header length (4 bits)
 34     u_char    tos;            // Type of service 
 35     u_short tlen;            // Total length 
 36     u_short identification; // Identification
 37     u_short flags_fo;        // Flags (3 bits) + Fragment offset (13 bits)
 38     u_char    ttl;            // Time to live
 39     u_char    proto;            // Protocol
 40     u_short crc;            // Header checksum
 41     ip_address    saddr;        // Source address
 42     ip_address    daddr;        // Destination address
 43     u_int    op_pad;            // Option + Padding
 44 }ip_header;
 45 
 46 
 47 /* TCP header*/
 48 typedef struct tcp_header
 49 {
 50     u_short sport;
 51     u_short dport;
 52     u_int seq;
 53     u_int ack;
 54     u_short ofs_res_code;
 55     u_short window;
 56     u_short checksum;
 57     u_short urp;
 58 }tcp_header;
 59 
 60 /* packet handler函数原型 */
 61 void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
 62 
 63 /* dispatcher handler函数原型*/
 64 void dispatcher_handler(u_char *, const struct pcap_pkthdr *, const u_char *);
 65 
 66 int gzdecompress(Bytef *zdata, uLong nzdata, Bytef *data, uLong ndata);
 67 
 68 void rc4_init(unsigned char*s, unsigned char*key, unsigned long Len);
 69 
 70 void rc4_crypt(unsigned char*s, unsigned char*Data, unsigned long Len);
 71 
 72 int main(int argc,char **argv)
 73 {
 74     pcap_if_t *alldevs;
 75     pcap_if_t *d;
 76     int inum;
 77     int i = 0;
 78     pcap_t *adhandle;
 79     pcap_t *fp;
 80     char errbuf[PCAP_ERRBUF_SIZE];
 81     pcap_dumper_t *dumpfile;
 82 
 83     u_int netmask;
 84     char packet_filter[] = "ip and tcp and dst net 115.156.197.44 and tcp src port 80 and greater 530 and less 1500";
 85     struct bpf_program fcode;
 86 
 87     struct pcap_pkthdr *header;
 88     const u_char *pkt_data;
 89     
 90 
 91     char source[PCAP_BUF_SIZE];
 92 
 93     /*检查是否命令行输入了两个参数*/
 94     if (argc != 2)
 95     {
 96         printf("usage: %s filename", argv[0]);
 97         return -1;
 98     }
 99 
100     /*取设备列表*/
101     if (pcap_findalldevs(&alldevs, errbuf) == -1)
102     {
103         fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
104         exit(1);
105     }
106 
107     /*打印设备列表*/
108     for (d = alldevs; d; d = d->next)
109     {
110         printf("%d. %s", ++i, d->name);
111         if (d->description)
112             printf(" (%s)\n", d->description);
113         else
114             printf(" (No description available)\n");
115     }
116 
117     if (i == 0)
118     {
119         printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
120         return -1;
121     }
122 
123     printf("Enter the interface number (1-%d):", i);
124     scanf("%d", &inum);
125 
126 
127     if (inum < 1 || inum > i)
128     {
129         printf("\nAdapter number out of range.\n");
130         /* 释放设备列表 */
131         pcap_freealldevs(alldevs);
132         return -1;
133     }
134 
135     /* 跳转到选中的设备 */
136     for (d = alldevs, i = 0; i< inum - 1; d = d->next, i++);
137 
138     /* 打开设备 */
139     if ((adhandle = pcap_open_live(d->name,    // name of the device
140         65536,            // portion of the packet to capture. 
141         // 65536 grants that the whole packet will be captured on all the MACs.
142         PCAP_OPENFLAG_PROMISCUOUS,                // promiscuous mode (nonzero means promiscuous)
143         1000,            // read timeout
144         errbuf            // error buffer
145         )) == NULL)
146     {
147         fprintf(stderr, "\nUnable to open the adapter. %s is not supported by WinPcap\n");
148         /* 释放设备列表 */
149         pcap_freealldevs(alldevs);
150         return -1;
151     }
152 
153     /* 检查链路层，为了简单我们只检查以太网 */
154     if (pcap_datalink(adhandle) != DLT_EN10MB)
155     {
156         fprintf(stderr, "\nThis program works only on Ethernet networks.\n");
157         /* 释放设备列表 */
158         pcap_freealldevs(alldevs);
159         return -1;
160     }
161 
162     if (d->addresses != NULL)
163         /* 获得接口第一个地址的掩码 */
164         netmask = ((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
165     else
166         /* 如果接口没有地址，我们假设一个C类的掩码 */
167         netmask = 0xffffff;
168 
169     //编译过滤器
170     if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) <0)
171     {
172         fprintf(stderr, "\nUnable to compile the packet filter. Check the syntax.\n");
173         /* 释放设备列表 */
174         pcap_freealldevs(alldevs);
175         return -1;
176     }
177 
178     //设置过滤器
179     if (pcap_setfilter(adhandle, &fcode)<0)
180     {
181         fprintf(stderr, "\nError setting the filter.\n");
182         /* 释放设备列表 */
183         pcap_freealldevs(alldevs);
184         return -1;
185     }
186 
187     /* 打开堆文件 */
188     dumpfile = pcap_dump_open(adhandle, argv[1]);
189 
190     if (dumpfile == NULL)
191     {
192         fprintf(stderr, "\nError opening output file\n");
193         return -1;
194     }
195 
196     printf("\nlistening on %s...\n", d->description);
197 
198     /* 我们不再需要设备，释放设备列表 */
199     pcap_freealldevs(alldevs);
200 
201     /* 开始捕获 */
202     pcap_loop(adhandle, 1, packet_handler, (unsigned char *)dumpfile);
203     pcap_close(adhandle);
204 
205     /* 打开捕获的文件 */
206     if ((fp = pcap_open_offline(argv[1],            // name of the device
207         errbuf                    // error buffer
208         )) == NULL)
209     {
210         fprintf(stderr, "\nUnable to open the file %s.\n", argv[1]);
211         return -1;
212     }
213     /* 读取并处理数据包，直到读到EOF */
214     pcap_loop(fp, 10, dispatcher_handler, NULL);
215     pcap_close(fp);
216 
217     return 0;
218 
219 
220 }
221 
222 /* Callback function invoked by libpcap for every incoming packet */
223 void packet_handler(u_char *dumpfile, const struct pcap_pkthdr *header, const u_char *pkt_data)
224 {
225     /* 将数据包保存到堆文件 */
226     pcap_dump(dumpfile, header, pkt_data);
227 }
228 
229 void dispatcher_handler(u_char *temp1,const struct pcap_pkthdr *header,const u_char *pkt_data)
230 {
231     u_int i = 0;
232     u_int j = 0;
233     u_int tmp1;
234     u_int tmp2;
235 
236     ip_header *ih;
237     tcp_header *th;
238     u_int ip_len;
239 
240     Bytef src[1000] = { 0 };
241     Bytef dst[1000] = { 0 };
242     u_char dst2[1000] = { 0 };
243     u_char dst3[1000] = { 0 };
244 
245     u_char s[256] = { 0 }, s2[256] = { 0 };//S-box
246     char key[256] = { "AzarJ1AmjRQuJoqi" };
247     u_long len=0;
248 
249     /*
250     * unused variable
251     */
252     (VOID*)temp1;
253 
254     /* 打印时间戳和数据包长度 */
255     printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len);
256 
257 
258     /* 获得ip首部地址*/
259     ih = (ip_header *)(pkt_data +14); //length of ethernet header
260 
261     /* 获得tcp首部地址*/
262     ip_len = (ih->ver_ihl & 0xf) * 4;//其实就是20啦！
263     th = (tcp_header *)((u_char*)ih + ip_len);
264 
265     //printf("%d\n", ip_len);
266 
267     /* 打印数据包 */
268     for (i = 346,j = 0 ; (i < header->caplen + 1); i++, j++)
269     {
270         printf("%.2x ", pkt_data[i]);
271         if ((i % LINE_LEN) == 0) printf("\n");
272         src[j] = pkt_data[i];
273     }
274 
275     printf("\n\n");
276     //printf("\nhakuna matata!!!!!!!!!!\n");
277 
278     gzdecompress(src, 1000, dst, 1000);
279     //for (i = 0; dst[i]; i++)
280         //printf("%c", dst[i]);
281 
282     //printf("\nhakuna matata!!!!!!!!!!\n");
283 
284     /*
285         dst[] :json结构
286         dst1[]: 截取的msgContent字符串（Bytef类型）
287         dst2[]: 截取的msgContent字符串（unsigned char类型）
288         dst3[]: msgContent字符串转化为16进制串
289     */
290     for (i = 0; dst[i]; i++)
291     {
292         if (dst[i] == ‘m‘ && dst[i + 1] == ‘s‘ && dst[i + 2] == ‘g‘ && dst[i + 3] == ‘C‘)
293             break;
294     }
295     i += 13;
296     j = 0;
297     while (dst[i] != ‘"‘)
298     {
299         //printf("%.2x ", dst[i]);
300         dst2[j] =(u_char) dst[i];
301         //printf("%.2x", dst2[j]);
302         i++; j++;
303     }
304     //printf("\nhakuna matata!!!!!!!!!!\n");
305 
306     i = 0; j = 0;
307     while (dst2[j])
308     {
309         switch (dst2[j])
310         {
311         case ‘A‘:
312             tmp1 = 10;
313             break;
314         case ‘B‘:
315             tmp1 = 11;
316             break;
317         case ‘C‘:
318             tmp1 = 12;
319             break;
320         case ‘D‘:
321             tmp1 = 13;
322             break;
323         case ‘E‘:
324             tmp1 = 14;
325             break;
326         case ‘F‘:
327             tmp1 = 15;
328             break;
329         default:
330             tmp1 = dst2[j] - ‘0‘;
331             break;
332         }
333         switch (dst2[j + 1])
334         {
335         case ‘A‘:
336             tmp2 = 10;
337             break;
338         case ‘B‘:
339             tmp2 = 11;
340             break;
341         case ‘C‘:
342             tmp2 = 12;
343             break;
344         case ‘D‘:
345             tmp2 = 13;
346             break;
347         case ‘E‘:
348             tmp2 = 14;
349             break;
350         case ‘F‘:
351             tmp2 = 15;
352             break;
353         default:
354             tmp2 = dst2[j + 1] - ‘0‘;
355             break;
356         }
357         dst3[i] = (tmp1 << 4) + tmp2;
358         printf("%x ", dst3[i]);
359         i++; j += 2;
360     }
361 
362     printf("\n\n");
363 
364     /*解密部分*/
365     rc4_init(s, (unsigned char*)key, strlen(key));//已经完成了初始化
366     for (i = 0; dst3[i]; i++)
367         len++;
368     rc4_crypt(s, (unsigned char*)dst3, len);//解密
369     printf("%s", dst3);
370 
371 
372     printf("\n\n");
373     printf("%u\n\n", len);
374 
375 }
376 
377 
378 /* 解压gizp部分 */
379 
380 /* zdata 原数据 nzdata 原数据长度 data 解压后数据 ndata 解压后长度 */
381 int gzdecompress(Bytef *zdata, uLong nzdata,Bytef *data, uLong ndata)
382 {
383     int err = 0;
384     z_stream d_stream = { 0 }; /* decompression stream */
385     static char dummy_head[2] = {
386         0x8 + 0x7 * 0x10,
387         (((0x8 + 0x7 * 0x10) * 0x100 + 30) / 31 * 31) & 0xFF,
388     };
389     d_stream.zalloc = NULL;
390     d_stream.zfree = NULL;
391     d_stream.opaque = NULL;
392     d_stream.next_in = zdata;
393     d_stream.avail_in = 0;
394     d_stream.next_out = data;
395     //只有设置为MAX_WBITS + 16才能解压带header和trailer的文本
396     if (inflateInit2(&d_stream, MAX_WBITS + 16) != Z_OK) return -1;
397     //if(inflateInit2(&d_stream, 47) != Z_OK) return -1;
398     while (d_stream.total_out < ndata && d_stream.total_in < nzdata) {
399         d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
400         if ((err = inflate(&d_stream, Z_NO_FLUSH)) == Z_STREAM_END) break;
401         if (err != Z_OK) {
402             if (err == Z_DATA_ERROR) {
403                 d_stream.next_in = (Bytef*)dummy_head;
404                 d_stream.avail_in = sizeof(dummy_head);
405                 if ((err = inflate(&d_stream, Z_NO_FLUSH)) != Z_OK) {
406                     return -1;
407                 }
408             }
409             else return -1;
410         }
411     }
412     if (inflateEnd(&d_stream) != Z_OK) return -1;
413     ndata = d_stream.total_out;
414     return 0;
415 }
416 
417 
418 /* RC4部分 */
419 
420 /*初始化函数*/
421 void rc4_init(unsigned char*s, unsigned char*key, unsigned long Len)
422 {
423     int i = 0, j = 0;
424     char k[256] = { 0 };
425     unsigned char tmp = 0;
426     for (i = 0; i<256; i++)
427     {
428         s[i] = i;
429         k[i] = key[i%Len];
430     }
431     for (i = 0; i<256; i++)
432     {
433         j = (j + s[i] + k[i]) % 256;
434         tmp = s[i];
435         s[i] = s[j];//交换s[i]和s[j]
436         s[j] = tmp;
437     }
438 }
439 
440 /*加解密*/
441 void rc4_crypt(unsigned char*s, unsigned char*Data, unsigned long Len)
442 {
443     int i = 0, j = 0, t = 0;
444     unsigned long k = 0;
445     unsigned char tmp;
446     for (k = 0; k<Len; k++)
447     {
448         i = (i + 1) % 256;
449         j = (j + s[i]) % 256;
450         tmp = s[i];
451         s[i] = s[j];//交换s[x]和s[y]
452         s[j] = tmp;
453         t = (s[i] + s[j]) % 256;
454         Data[k] ^= s[t];
455     }
456 }