Mirror/rayhunter
1
0
Fork 0
mirror of https://github.com/EFForg/rayhunter.git synced 2026-04-26 23:49:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

chore: cargo fmt

Browse Source
This commit is contained in:
oopsbagel
2025-04-13 22:00:54 -07:00
committed by Will Greenberg
parent 151e186ef9
commit 9fe75ac961
37 changed files with 1246 additions and 819 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/src/analysis/analyzer.rs
View File

@@ -1,14 +1,13 @@
use std::borrow::Cow;
use chrono::{DateTime, FixedOffset};
use serde::Serialize;
use std::borrow::Cow;
use crate::{diag::MessagesContainer, gsmtap_parser};
use crate::util::RuntimeMetadata;
use crate::{diag::MessagesContainer, gsmtap_parser};
use super::{
imsi_requested::ImsiRequestedAnalyzer,
information_element::InformationElement,
connection_redirect_downgrade::ConnectionRedirect2GDowngradeAnalyzer,
imsi_requested::ImsiRequestedAnalyzer, information_element::InformationElement,
priority_2g_downgrade::LteSib6And7DowngradeAnalyzer,
};
@@ -118,14 +117,16 @@ impl Default for Harness {
impl Harness {
pub fn new() -> Self {
Self { analyzers: Vec::new() }
Self {
analyzers: Vec::new(),
}
}
pub fn new_with_all_analyzers() -> Self {
let mut harness = Harness::new();
harness.add_analyzer(Box::new(ImsiRequestedAnalyzer::new()));
harness.add_analyzer(Box::new(ConnectionRedirect2GDowngradeAnalyzer{}));
harness.add_analyzer(Box::new(LteSib6And7DowngradeAnalyzer{}));
harness.add_analyzer(Box::new(ConnectionRedirect2GDowngradeAnalyzer {}));
harness.add_analyzer(Box::new(LteSib6And7DowngradeAnalyzer {}));
// FIXME: our RRC parser is reporting false positives for this due to an
// upstream hampi bug (https://github.com/ystero-dev/hampi/issues/133).
@@ -186,19 +187,22 @@ impl Harness {
}
fn analyze_information_element(&mut self, ie: &InformationElement) -> Vec<Option<Event>> {
self.analyzers.iter_mut()
self.analyzers
.iter_mut()
.map(|analyzer| analyzer.analyze_information_element(ie))
.collect()
}
pub fn get_names(&self) -> Vec<Cow<'_, str>> {
self.analyzers.iter()
self.analyzers
.iter()
.map(|analyzer| analyzer.get_name())
.collect()
}
pub fn get_descriptions(&self) -> Vec<Cow<'_, str>> {
self.analyzers.iter()
self.analyzers
.iter()
.map(|analyzer| analyzer.get_description())
.collect()
}

12
lib/src/analysis/connection_redirect_downgrade.rs
View File

@@ -2,13 +2,15 @@ use std::borrow::Cow;
use super::analyzer::{Analyzer, Event, EventType, Severity};
use super::information_element::{InformationElement, LteInformationElement};
use telcom_parser::lte_rrc::{DL_DCCH_MessageType, DL_DCCH_MessageType_c1, RRCConnectionReleaseCriticalExtensions, RRCConnectionReleaseCriticalExtensions_c1, RedirectedCarrierInfo};
use super::util::unpack;
use telcom_parser::lte_rrc::{
DL_DCCH_MessageType, DL_DCCH_MessageType_c1, RRCConnectionReleaseCriticalExtensions,
RRCConnectionReleaseCriticalExtensions_c1, RedirectedCarrierInfo,
};
// Based on HITBSecConf presentation "Forcing a targeted LTE cellphone into an
// eavesdropping network" by Lin Huang
pub struct ConnectionRedirect2GDowngradeAnalyzer {
}
pub struct ConnectionRedirect2GDowngradeAnalyzer {}
// TODO: keep track of SIB state to compare LTE reselection blocks w/ 2g/3g ones
impl Analyzer for ConnectionRedirect2GDowngradeAnalyzer {
@@ -33,7 +35,9 @@ impl Analyzer for ConnectionRedirect2GDowngradeAnalyzer {
unpack!(Some(carrier_info) = &r8_ies.redirected_carrier_info);
match carrier_info {
RedirectedCarrierInfo::Geran(_carrier_freqs_geran) => Some(Event {
event_type: EventType::QualitativeWarning { severity: Severity::High },
event_type: EventType::QualitativeWarning {
severity: Severity::High,
},
message: "Detected 2G downgrade".to_owned(),
}),
_ => Some(Event {

13
lib/src/analysis/imsi_provided.rs
View File

@@ -5,8 +5,7 @@ use telcom_parser::lte_rrc::{PCCH_MessageType, PCCH_MessageType_c1, PagingUE_Ide
use super::analyzer::{Analyzer, Event, EventType, Severity};
use super::information_element::{InformationElement, LteInformationElement};
pub struct ImsiProvidedAnalyzer {
}
pub struct ImsiProvidedAnalyzer {}
impl Analyzer for ImsiProvidedAnalyzer {
fn get_name(&self) -> Cow<str> {
@@ -19,10 +18,10 @@ impl Analyzer for ImsiProvidedAnalyzer {
fn analyze_information_element(&mut self, ie: &InformationElement) -> Option<Event> {
let pcch_msg = match ie {
InformationElement::LTE(lte_ie) => match &** lte_ie {
InformationElement::LTE(lte_ie) => match &**lte_ie {
LteInformationElement::PCCH(pcch_msg) => pcch_msg,
_ => return None,
}
},
_ => return None,
};
let PCCH_MessageType::C1(PCCH_MessageType_c1::Paging(paging)) = &pcch_msg.message else {
@@ -31,9 +30,11 @@ impl Analyzer for ImsiProvidedAnalyzer {
for record in &paging.paging_record_list.as_ref()?.0 {
if let PagingUE_Identity::Imsi(_) = record.ue_identity {
return Some(Event {
event_type: EventType::QualitativeWarning { severity: Severity::High },
event_type: EventType::QualitativeWarning {
severity: Severity::High,
},
message: "IMSI was provided to cell".to_string(),
})
});
}
}
None

12
lib/src/analysis/imsi_requested.rs
View File

@@ -36,7 +36,7 @@ impl Analyzer for ImsiRequestedAnalyzer {
InformationElement::LTE(inner) => match &**inner {
LteInformationElement::NAS(payload) => payload,
_ => return None,
}
},
_ => return None,
};
@@ -45,7 +45,7 @@ impl Analyzer for ImsiRequestedAnalyzer {
if self.packet_num < PACKET_THRESHHOLD {
return Some(Event {
event_type: EventType::QualitativeWarning {
severity: Severity::Medium
severity: Severity::Medium,
},
message: format!(
"NAS IMSI identity request detected, however it was within \
@@ -53,15 +53,15 @@ impl Analyzer for ImsiRequestedAnalyzer {
turned your device on, this is likely a \
false-positive.",
PACKET_THRESHHOLD
)
})
),
});
} else {
return Some(Event {
event_type: EventType::QualitativeWarning {
severity: Severity::High
severity: Severity::High,
},
message: "NAS IMSI identity request detected".to_owned(),
})
});
}
}
None

23
lib/src/analysis/information_element.rs
View File

@@ -3,9 +3,9 @@
//! the term to refer to a structured, fully parsed message in any telcom
//! standard.
use crate::gsmtap::{GsmtapMessage, GsmtapType, LteNasSubtype, LteRrcSubtype};
use telcom_parser::{decode, lte_rrc};
use thiserror::Error;
use crate::gsmtap::{GsmtapMessage, GsmtapType, LteNasSubtype, LteRrcSubtype};
#[derive(Error, Debug)]
pub enum InformationElementError {
@@ -46,7 +46,6 @@ pub enum LteInformationElement {
// FIXME: actually parse NAS messages
NAS(Vec<u8>),
// FIXME: unclear which message these "NB" types map to
//DlCcchNb(),
//DlDcchNb(),
@@ -65,8 +64,8 @@ impl TryFrom<&GsmtapMessage> for InformationElement {
fn try_from(gsmtap_msg: &GsmtapMessage) -> Result<Self, Self::Error> {
match gsmtap_msg.header.gsmtap_type {
GsmtapType::LteRrc(lte_rrc_subtype) => {
use LteRrcSubtype as L;
use LteInformationElement as R;
use LteRrcSubtype as L;
let lte = match lte_rrc_subtype {
L::DlCcch => R::DlCcch(decode(&gsmtap_msg.payload)?),
L::DlDcch => R::DlDcch(Box::new(decode(&gsmtap_msg.payload)?)),
@@ -82,14 +81,20 @@ impl TryFrom<&GsmtapMessage> for InformationElement {
L::BcchDlSchMbms => R::BcchDlSchMbms(decode(&gsmtap_msg.payload)?),
L::SbcchSlBch => R::SbcchSlBch(decode(&gsmtap_msg.payload)?),
L::SbcchSlBchV2x => R::SbcchSlBchV2x(decode(&gsmtap_msg.payload)?),
_ => return Err(InformationElementError::UnsupportedGsmtapType(gsmtap_msg.header.gsmtap_type)),
_ => {
return Err(InformationElementError::UnsupportedGsmtapType(
gsmtap_msg.header.gsmtap_type,
))
}
};
Ok(InformationElement::LTE(Box::new(lte)))
},
GsmtapType::LteNas(LteNasSubtype::Plain) => {
Ok(InformationElement::LTE(Box::new(LteInformationElement::NAS(gsmtap_msg.payload.clone()))))
},
_ => Err(InformationElementError::UnsupportedGsmtapType(gsmtap_msg.header.gsmtap_type)),
}
GsmtapType::LteNas(LteNasSubtype::Plain) => Ok(InformationElement::LTE(Box::new(
LteInformationElement::NAS(gsmtap_msg.payload.clone()),
))),
_ => Err(InformationElementError::UnsupportedGsmtapType(
gsmtap_msg.header.gsmtap_type,
)),
}
}
}

4
lib/src/analysis/mod.rs
View File

@@ -1,8 +1,8 @@
pub mod analyzer;
pub mod information_element;
pub mod priority_2g_downgrade;
pub mod connection_redirect_downgrade;
pub mod imsi_provided;
pub mod imsi_requested;
pub mod information_element;
pub mod null_cipher;
pub mod priority_2g_downgrade;
pub mod util;

83
lib/src/analysis/null_cipher.rs
View File

@@ -1,25 +1,41 @@
use std::borrow::Cow;
use telcom_parser::lte_rrc::{CipheringAlgorithm_r12, DL_DCCH_MessageType, DL_DCCH_MessageType_c1, RRCConnectionReconfiguration, RRCConnectionReconfigurationCriticalExtensions, RRCConnectionReconfigurationCriticalExtensions_c1, SCG_Configuration_r12, SecurityConfigHO_v1530HandoverType_v1530, SecurityModeCommand, SecurityModeCommandCriticalExtensions, SecurityModeCommandCriticalExtensions_c1};
use telcom_parser::lte_rrc::{
CipheringAlgorithm_r12, DL_DCCH_MessageType, DL_DCCH_MessageType_c1,
RRCConnectionReconfiguration, RRCConnectionReconfigurationCriticalExtensions,
RRCConnectionReconfigurationCriticalExtensions_c1, SCG_Configuration_r12,
SecurityConfigHO_v1530HandoverType_v1530, SecurityModeCommand,
SecurityModeCommandCriticalExtensions, SecurityModeCommandCriticalExtensions_c1,
};
use super::analyzer::{Analyzer, Event, EventType, Severity};
use super::information_element::{InformationElement, LteInformationElement};
pub struct NullCipherAnalyzer {
}
pub struct NullCipherAnalyzer {}
impl NullCipherAnalyzer {
fn check_rrc_connection_reconfiguration_cipher(&self, reconfiguration: &RRCConnectionReconfiguration) -> bool {
let RRCConnectionReconfigurationCriticalExtensions::C1(c1) = &reconfiguration.critical_extensions else {
fn check_rrc_connection_reconfiguration_cipher(
&self,
reconfiguration: &RRCConnectionReconfiguration,
) -> bool {
let RRCConnectionReconfigurationCriticalExtensions::C1(c1) =
&reconfiguration.critical_extensions
else {
return false;
};
let RRCConnectionReconfigurationCriticalExtensions_c1::RrcConnectionReconfiguration_r8(c1) = c1 else {
let RRCConnectionReconfigurationCriticalExtensions_c1::RrcConnectionReconfiguration_r8(c1) =
c1
else {
return false;
};
if let Some(handover) = &c1.security_config_ho {
let maybe_security_config = match &handover.handover_type {
telcom_parser::lte_rrc::SecurityConfigHOHandoverType::IntraLTE(lte) => lte.security_algorithm_config.as_ref(),
telcom_parser::lte_rrc::SecurityConfigHOHandoverType::InterRAT(rat) => Some(&rat.security_algorithm_config),
telcom_parser::lte_rrc::SecurityConfigHOHandoverType::IntraLTE(lte) => {
lte.security_algorithm_config.as_ref()
}
telcom_parser::lte_rrc::SecurityConfigHOHandoverType::InterRAT(rat) => {
Some(&rat.security_algorithm_config)
}
};
if let Some(security_config) = maybe_security_config {
if security_config.ciphering_algorithm.0 == CipheringAlgorithm_r12::EEA0 {
@@ -28,7 +44,9 @@ impl NullCipherAnalyzer {
}
}
// Use map/flatten to dig into a long chain of nested Option types
let maybe_v1250 = c1.non_critical_extension.as_ref()
let maybe_v1250 = c1
.non_critical_extension
.as_ref()
.and_then(|v890| v890.non_critical_extension.as_ref())
.and_then(|v920| v920.non_critical_extension.as_ref())
.and_then(|v1020| v1020.non_critical_extension.as_ref())
@@ -37,8 +55,11 @@ impl NullCipherAnalyzer {
return false;
};
if let Some(SCG_Configuration_r12::Setup(scg_setup)) = v1250.scg_configuration_r12.as_ref() {
let maybe_cipher = scg_setup.scg_config_part_scg_r12.as_ref()
if let Some(SCG_Configuration_r12::Setup(scg_setup)) = v1250.scg_configuration_r12.as_ref()
{
let maybe_cipher = scg_setup
.scg_config_part_scg_r12
.as_ref()
.and_then(|scg| scg.mobility_control_info_scg_r12.as_ref())
.and_then(|mci| mci.ciphering_algorithm_scg_r12.as_ref());
if let Some(cipher) = maybe_cipher {
@@ -48,7 +69,9 @@ impl NullCipherAnalyzer {
}
}
let maybe_v1530_security_config = v1250.non_critical_extension.as_ref()
let maybe_v1530_security_config = v1250
.non_critical_extension
.as_ref()
.and_then(|v1310| v1310.non_critical_extension.as_ref())
.and_then(|v1430| v1430.non_critical_extension.as_ref())
.and_then(|v1510| v1510.non_critical_extension.as_ref())
@@ -57,9 +80,15 @@ impl NullCipherAnalyzer {
return false;
};
let maybe_security_algorithm = match &v1530_security_config.handover_type_v1530 {
SecurityConfigHO_v1530HandoverType_v1530::Intra5GC(intra_5gc) => intra_5gc.security_algorithm_config_r15.as_ref(),
SecurityConfigHO_v1530HandoverType_v1530::Fivegc_ToEPC(to_epc) => Some(&to_epc.security_algorithm_config_r15),
SecurityConfigHO_v1530HandoverType_v1530::Epc_To5GC(to_5gc) => Some(&to_5gc.security_algorithm_config_r15),
SecurityConfigHO_v1530HandoverType_v1530::Intra5GC(intra_5gc) => {
intra_5gc.security_algorithm_config_r15.as_ref()
}
SecurityConfigHO_v1530HandoverType_v1530::Fivegc_ToEPC(to_epc) => {
Some(&to_epc.security_algorithm_config_r15)
}
SecurityConfigHO_v1530HandoverType_v1530::Epc_To5GC(to_5gc) => {
Some(&to_5gc.security_algorithm_config_r15)
}
};
if let Some(security_algorithm) = maybe_security_algorithm {
if security_algorithm.ciphering_algorithm.0 == CipheringAlgorithm_r12::EEA0 {
@@ -76,7 +105,13 @@ impl NullCipherAnalyzer {
let SecurityModeCommandCriticalExtensions_c1::SecurityModeCommand_r8(r8) = &c1 else {
return false;
};
if r8.security_config_smc.security_algorithm_config.ciphering_algorithm.0 == CipheringAlgorithm_r12::EEA0 {
if r8
.security_config_smc
.security_algorithm_config
.ciphering_algorithm
.0
== CipheringAlgorithm_r12::EEA0
{
return true;
}
false
@@ -94,23 +129,29 @@ impl Analyzer for NullCipherAnalyzer {
fn analyze_information_element(&mut self, ie: &InformationElement) -> Option<Event> {
let dcch_msg = match ie {
InformationElement::LTE(lte_ie) => match &** lte_ie {
InformationElement::LTE(lte_ie) => match &**lte_ie {
LteInformationElement::DlDcch(dcch_msg) => dcch_msg,
_ => return None,
}
},
_ => return None,
};
let DL_DCCH_MessageType::C1(c1) = &dcch_msg.message else {
return None;
};
let null_cipher_detected = match c1 {
DL_DCCH_MessageType_c1::RrcConnectionReconfiguration(reconfiguration) => self.check_rrc_connection_reconfiguration_cipher(reconfiguration),
DL_DCCH_MessageType_c1::SecurityModeCommand(command) => self.check_security_mode_command_cipher(command),
DL_DCCH_MessageType_c1::RrcConnectionReconfiguration(reconfiguration) => {
self.check_rrc_connection_reconfiguration_cipher(reconfiguration)
}
DL_DCCH_MessageType_c1::SecurityModeCommand(command) => {
self.check_security_mode_command_cipher(command)
}
_ => return None,
};
if null_cipher_detected {
return Some(Event {
event_type: EventType::QualitativeWarning { severity: Severity::High },
event_type: EventType::QualitativeWarning {
severity: Severity::High,
},
message: "Cell suggested use of null cipher".to_string(),
});
}

61
lib/src/analysis/priority_2g_downgrade.rs
View File

@@ -2,18 +2,29 @@ use std::borrow::Cow;
use super::analyzer::{Analyzer, Event, EventType, Severity};
use super::information_element::{InformationElement, LteInformationElement};
use telcom_parser::lte_rrc::{BCCH_DL_SCH_MessageType, BCCH_DL_SCH_MessageType_c1, CellReselectionPriority, SystemInformationBlockType7, SystemInformationCriticalExtensions, SystemInformation_r8_IEsSib_TypeAndInfo, SystemInformation_r8_IEsSib_TypeAndInfo_Entry};
use telcom_parser::lte_rrc::{
BCCH_DL_SCH_MessageType, BCCH_DL_SCH_MessageType_c1, CellReselectionPriority,
SystemInformationBlockType7, SystemInformationCriticalExtensions,
SystemInformation_r8_IEsSib_TypeAndInfo, SystemInformation_r8_IEsSib_TypeAndInfo_Entry,
};
/// Based on heuristic T7 from Shinjo Park's "Why We Cannot Win".
pub struct LteSib6And7DowngradeAnalyzer {
}
pub struct LteSib6And7DowngradeAnalyzer {}
impl LteSib6And7DowngradeAnalyzer {
fn unpack_system_information<'a>(&self, ie: &'a InformationElement) -> Option<&'a SystemInformation_r8_IEsSib_TypeAndInfo> {
fn unpack_system_information<'a>(
&self,
ie: &'a InformationElement,
) -> Option<&'a SystemInformation_r8_IEsSib_TypeAndInfo> {
if let InformationElement::LTE(lte_ie) = ie {
if let LteInformationElement::BcchDlSch(bcch_dl_sch_message) = &**lte_ie {
if let BCCH_DL_SCH_MessageType::C1(BCCH_DL_SCH_MessageType_c1::SystemInformation(system_information)) = &bcch_dl_sch_message.message {
if let SystemInformationCriticalExtensions::SystemInformation_r8(sib) = &system_information.critical_extensions {
if let BCCH_DL_SCH_MessageType::C1(BCCH_DL_SCH_MessageType_c1::SystemInformation(
system_information,
)) = &bcch_dl_sch_message.message
{
if let SystemInformationCriticalExtensions::SystemInformation_r8(sib) =
&system_information.critical_extensions
{
return Some(&sib.sib_type_and_info);
}
}
@@ -33,14 +44,19 @@ impl Analyzer for LteSib6And7DowngradeAnalyzer {
Cow::from("Tests for LTE cells broadcasting a SIB type 6 and 7 which include 2G/3G frequencies with higher priorities.")
}
fn analyze_information_element(&mut self, ie: &InformationElement) -> Option<super::analyzer::Event> {
fn analyze_information_element(
&mut self,
ie: &InformationElement,
) -> Option<super::analyzer::Event> {
let sibs = &self.unpack_system_information(ie)?.0;
for sib in sibs {
match sib {
SystemInformation_r8_IEsSib_TypeAndInfo_Entry::Sib6(sib6) => {
if let Some(carrier_info_list) = sib6.carrier_freq_list_utra_fdd.as_ref() {
for carrier_info in &carrier_info_list.0 {
if let Some(CellReselectionPriority(p)) = carrier_info.cell_reselection_priority {
if let Some(CellReselectionPriority(p)) =
carrier_info.cell_reselection_priority
{
if p == 0 {
return Some(Event {
event_type: EventType::QualitativeWarning { severity: Severity::High },
@@ -52,7 +68,9 @@ impl Analyzer for LteSib6And7DowngradeAnalyzer {
}
if let Some(carrier_info_list) = sib6.carrier_freq_list_utra_tdd.as_ref() {
for carrier_info in &carrier_info_list.0 {
if let Some(CellReselectionPriority(p)) = carrier_info.cell_reselection_priority {
if let Some(CellReselectionPriority(p)) =
carrier_info.cell_reselection_priority
{
if p == 0 {
return Some(Event {
event_type: EventType::QualitativeWarning { severity: Severity::High },
@@ -62,20 +80,31 @@ impl Analyzer for LteSib6And7DowngradeAnalyzer {
}
}
}
},
SystemInformation_r8_IEsSib_TypeAndInfo_Entry::Sib7(SystemInformationBlockType7 { carrier_freqs_info_list: Some(carrier_info_list), .. }) => {
}
SystemInformation_r8_IEsSib_TypeAndInfo_Entry::Sib7(
SystemInformationBlockType7 {
carrier_freqs_info_list: Some(carrier_info_list),
..
},
) => {
for carrier_info in &carrier_info_list.0 {
if let Some(CellReselectionPriority(p)) = carrier_info.common_info.cell_reselection_priority {
if let Some(CellReselectionPriority(p)) =
carrier_info.common_info.cell_reselection_priority
{
if p == 0 {
return Some(Event {
event_type: EventType::QualitativeWarning { severity: Severity::High },
message: "LTE cell advertised a 2G cell for priority 0 reselection".to_string(),
event_type: EventType::QualitativeWarning {
severity: Severity::High,
},
message:
"LTE cell advertised a 2G cell for priority 0 reselection"
.to_string(),
});
}
}
}
},
_ => {},
}
_ => {}
}
}
None

5
lib/src/analysis/util.rs
View File

@@ -1,4 +1,3 @@
// Unpacks a pattern, or returns None.
//
// # Examples
@@ -24,7 +23,9 @@
//
macro_rules! unpack {
($pat:pat = $val:expr) => {
let $pat = $val else { return None; };
let $pat = $val else {
return None;
};
};
}

154
lib/src/diag.rs
View File

@@ -5,7 +5,7 @@ use crc::{Algorithm, Crc};
use deku::prelude::*;
use crate::hdlc::{self, hdlc_decapsulate};
use log::{warn, error};
use log::{error, warn};
use thiserror::Error;
pub const MESSAGE_TERMINATOR: u8 = 0x7e;
@@ -42,7 +42,7 @@ pub enum LogConfigRequest {
log_type: u32,
log_mask_bitsize: u32,
log_mask: Vec<u8>,
}
},
}
#[derive(Debug, Clone, PartialEq, DekuRead, DekuWrite)]
@@ -93,13 +93,19 @@ impl MessagesContainer {
Ok(data) => match Message::from_bytes((&data, 0)) {
Ok(((leftover_bytes, _), res)) => {
if !leftover_bytes.is_empty() {
warn!("warning: {} leftover bytes when parsing Message", leftover_bytes.len());
warn!(
"warning: {} leftover bytes when parsing Message",
leftover_bytes.len()
);
}
result.push(Ok(res));
},
}
Err(e) => result.push(Err(DiagParsingError::MessageParsingError(e, data))),
},
Err(err) => result.push(Err(DiagParsingError::HdlcDecapsulationError(err, sub_msg.to_vec()))),
Err(err) => result.push(Err(DiagParsingError::HdlcDecapsulationError(
err,
sub_msg.to_vec(),
))),
}
}
}
@@ -171,7 +177,7 @@ pub enum LogBody {
msg: Vec<u8>,
},
#[deku(id = "0xb0c0")]
LteRrcOtaMessage{
LteRrcOtaMessage {
ext_header_version: u8,
#[deku(ctx = "*ext_header_version")]
packet: LteRrcOtaPacket,
@@ -210,7 +216,7 @@ pub enum LogBody {
NrRrcOtaMessage {
#[deku(count = "hdr_len")]
msg: Vec<u8>,
}
},
}
#[derive(Debug, Clone, PartialEq, DekuRead, DekuWrite)]
@@ -364,15 +370,17 @@ pub enum ResponsePayload {
#[deku(ctx = "subopcode: u32", id = "subopcode")]
pub enum LogConfigResponse {
#[deku(id = "1")]
RetrieveIdRanges {
log_mask_sizes: [u32; 16],
},
RetrieveIdRanges { log_mask_sizes: [u32; 16] },
#[deku(id = "3")]
SetMask,
}
pub fn build_log_mask_request(log_type: u32, log_mask_bitsize: u32, accepted_log_codes: &[u32]) -> Request {
pub fn build_log_mask_request(
log_type: u32,
log_mask_bitsize: u32,
accepted_log_codes: &[u32],
) -> Request {
let mut current_byte: u8 = 0;
let mut num_bits_written: u8 = 0;
let mut log_mask: Vec<u8> = vec![];
@@ -413,31 +421,35 @@ mod test {
log_mask_bitsize: 0,
log_mask: vec![],
});
assert_eq!(req.to_bytes().unwrap(), vec![
115, 0, 0, 0,
3, 0, 0, 0,
0, 0, 0, 0,
0, 0, 0, 0,
]);
assert_eq!(
req.to_bytes().unwrap(),
vec![115, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,]
);
}
#[test]
fn test_build_log_mask_request() {
let log_type = 11;
let bitsize = 513;
let req = build_log_mask_request(log_type, bitsize, &crate::diag_device::LOG_CODES_FOR_RAW_PACKET_LOGGING);
assert_eq!(req, Request::LogConfig(LogConfigRequest::SetMask {
let req = build_log_mask_request(
log_type,
log_mask_bitsize: bitsize,
log_mask: vec![
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0,
0x0, 0x0, 0xc, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0,
],
}));
bitsize,
&crate::diag_device::LOG_CODES_FOR_RAW_PACKET_LOGGING,
);
assert_eq!(
req,
Request::LogConfig(LogConfigRequest::SetMask {
log_type,
log_mask_bitsize: bitsize,
log_mask: vec![
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xc, 0x30, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0,
],
})
);
}
#[test]
@@ -448,53 +460,53 @@ mod test {
mdm_field: -1,
hdlc_encapsulated_request: vec![1, 2, 3, 4],
};
assert_eq!(req.to_bytes().unwrap(), vec![
32, 0, 0, 0,
1, 2, 3, 4,
]);
assert_eq!(req.to_bytes().unwrap(), vec![32, 0, 0, 0, 1, 2, 3, 4,]);
let req = RequestContainer {
data_type: DataType::UserSpace,
use_mdm: true,
mdm_field: -1,
hdlc_encapsulated_request: vec![1, 2, 3, 4],
};
assert_eq!(req.to_bytes().unwrap(), vec![
32, 0, 0, 0,
255, 255, 255, 255,
1, 2, 3, 4,
]);
assert_eq!(
req.to_bytes().unwrap(),
vec![32, 0, 0, 0, 255, 255, 255, 255, 1, 2, 3, 4,]
);
}
#[test]
fn test_logs() {
let data = vec![
16, 0, 38, 0, 38, 0, 192, 176, 26, 165, 245, 135, 118, 35, 2, 1, 20,
14, 48, 0, 160, 0, 2, 8, 0, 0, 217, 15, 5, 0, 0, 0, 0, 7, 0, 64, 1,
238, 173, 213, 77, 208
16, 0, 38, 0, 38, 0, 192, 176, 26, 165, 245, 135, 118, 35, 2, 1, 20, 14, 48, 0, 160, 0,
2, 8, 0, 0, 217, 15, 5, 0, 0, 0, 0, 7, 0, 64, 1, 238, 173, 213, 77, 208,
];
let msg = Message::from_bytes((&data, 0)).unwrap().1;
assert_eq!(msg, Message::Log {
pending_msgs: 0,
outer_length: 38,
inner_length: 38,
log_type: 0xb0c0,
timestamp: Timestamp { ts: 72659535985485082 },
body: LogBody::LteRrcOtaMessage {
ext_header_version: 20,
packet: LteRrcOtaPacket::V8 {
rrc_rel_maj: 14,
rrc_rel_min: 48,
bearer_id: 0,
phy_cell_id: 160,
earfcn: 2050,
sfn_subfn: 4057,
pdu_num: 5,
sib_mask: 0,
len: 7,
packet: vec![0x40, 0x1, 0xee, 0xad, 0xd5, 0x4d, 0xd0],
assert_eq!(
msg,
Message::Log {
pending_msgs: 0,
outer_length: 38,
inner_length: 38,
log_type: 0xb0c0,
timestamp: Timestamp {
ts: 72659535985485082
},
},
});
body: LogBody::LteRrcOtaMessage {
ext_header_version: 20,
packet: LteRrcOtaPacket::V8 {
rrc_rel_maj: 14,
rrc_rel_min: 48,
bearer_id: 0,
phy_cell_id: 160,
earfcn: 2050,
sfn_subfn: 4057,
pdu_num: 5,
sib_mask: 0,
len: 7,
packet: vec![0x40, 0x1, 0xee, 0xad, 0xd5, 0x4d, 0xd0],
},
},
}
);
}
fn make_container(data_type: DataType, message: HdlcEncapsulatedMessage) -> MessagesContainer {
@@ -515,7 +527,9 @@ mod test {
outer_length: length_with_payload,
inner_length: length_with_payload,
log_type: 0xb0c0,
timestamp: Timestamp { ts: 72659535985485082 },
timestamp: Timestamp {
ts: 72659535985485082,
},
body: LogBody::LteRrcOtaMessage {
ext_header_version: 20,
packet: LteRrcOtaPacket::V8 {
@@ -532,7 +546,9 @@ mod test {
},
},
};
let serialized = message.to_bytes().expect("failed to serialize test message");
let serialized = message
.to_bytes()
.expect("failed to serialize test message");
let encapsulated_data = hdlc::hdlc_encapsulate(&serialized, &CRC_CCITT);
let encapsulated = HdlcEncapsulatedMessage {
len: encapsulated_data.len() as u32,
@@ -574,7 +590,10 @@ mod test {
container.num_messages += 1;
let result = container.into_messages();
assert_eq!(result[0], Ok(message1));
assert!(matches!(result[1], Err(DiagParsingError::MessageParsingError(_, _))));
assert!(matches!(
result[1],
Err(DiagParsingError::MessageParsingError(_, _))
));
}
#[test]
@@ -589,6 +608,9 @@ mod test {
container.num_messages += 1;
let result = container.into_messages();
assert_eq!(result[0], Ok(message1));
assert!(matches!(result[1], Err(DiagParsingError::HdlcDecapsulationError(_, _))));
assert!(matches!(
result[1],
Err(DiagParsingError::HdlcDecapsulationError(_, _))
));
}
}

92
lib/src/diag_device.rs
View File

@@ -1,13 +1,16 @@
use crate::diag::{
build_log_mask_request, DataType, DiagParsingError, LogConfigRequest, LogConfigResponse,
Message, MessagesContainer, Request, RequestContainer, ResponsePayload, CRC_CCITT,
};
use crate::hdlc::hdlc_encapsulate;
use crate::diag::{build_log_mask_request, DataType, DiagParsingError, LogConfigRequest, LogConfigResponse, Message, MessagesContainer, Request, RequestContainer, ResponsePayload, CRC_CCITT};
use crate::log_codes;
use deku::prelude::*;
use futures_core::TryStream;
use log::{error, info};
use std::io::ErrorKind;
use std::os::fd::AsRawFd;
use futures_core::TryStream;
use thiserror::Error;
use log::{info, error};
use deku::prelude::*;
use tokio::fs::File;
use tokio::io::{AsyncReadExt, AsyncWriteExt};
@@ -38,22 +41,19 @@ pub enum DiagDeviceError {
pub const LOG_CODES_FOR_RAW_PACKET_LOGGING: [u32; 11] = [
// Layer 2:
log_codes::LOG_GPRS_MAC_SIGNALLING_MESSAGE_C, // 0x5226
// Layer 3:
log_codes::LOG_GSM_RR_SIGNALING_MESSAGE_C, // 0x512f
log_codes::WCDMA_SIGNALLING_MESSAGE, // 0x412f
log_codes::LOG_LTE_RRC_OTA_MSG_LOG_C, // 0xb0c0
log_codes::LOG_NR_RRC_OTA_MSG_LOG_C, // 0xb821
log_codes::WCDMA_SIGNALLING_MESSAGE, // 0x412f
log_codes::LOG_LTE_RRC_OTA_MSG_LOG_C, // 0xb0c0
log_codes::LOG_NR_RRC_OTA_MSG_LOG_C, // 0xb821
// NAS:
log_codes::LOG_UMTS_NAS_OTA_MESSAGE_LOG_PACKET_C, // 0x713a
log_codes::LOG_LTE_NAS_ESM_OTA_IN_MSG_LOG_C, // 0xb0e2
log_codes::LOG_LTE_NAS_ESM_OTA_OUT_MSG_LOG_C, // 0xb0e3
log_codes::LOG_LTE_NAS_EMM_OTA_IN_MSG_LOG_C, // 0xb0ec
log_codes::LOG_LTE_NAS_EMM_OTA_OUT_MSG_LOG_C, // 0xb0ed
log_codes::LOG_LTE_NAS_ESM_OTA_IN_MSG_LOG_C, // 0xb0e2
log_codes::LOG_LTE_NAS_ESM_OTA_OUT_MSG_LOG_C, // 0xb0e3
log_codes::LOG_LTE_NAS_EMM_OTA_IN_MSG_LOG_C, // 0xb0ec
log_codes::LOG_LTE_NAS_EMM_OTA_OUT_MSG_LOG_C, // 0xb0ed
// User IP traffic:
log_codes::LOG_DATA_PROTOCOL_LOGGING_C // 0x11eb
log_codes::LOG_DATA_PROTOCOL_LOGGING_C, // 0x11eb
];
const BUFFER_LEN: usize = 1024 * 1024 * 10;
@@ -68,9 +68,9 @@ const DIAG_IOCTL_REMOTE_DEV: u64 = 32;
#[cfg(target_arch = "arm")]
const DIAG_IOCTL_SWITCH_LOGGING: u32 = 7;
#[cfg(target_arch = "x86_64")]
#[cfg(target_arch = "x86_64")]
const DIAG_IOCTL_SWITCH_LOGGING: u64 = 7;
#[cfg(target_arch = "aarch64")]
#[cfg(target_arch = "aarch64")]
const DIAG_IOCTL_SWITCH_LOGGING: u64 = 7;
pub struct DiagDevice {
@@ -99,7 +99,9 @@ impl DiagDevice {
})
}
pub fn as_stream(&mut self) -> impl TryStream<Ok = MessagesContainer, Error = DiagDeviceError> + '_ {
pub fn as_stream(
&mut self,
) -> impl TryStream<Ok = MessagesContainer, Error = DiagDeviceError> + '_ {
futures::stream::try_unfold(self, |dev| async {
let container = dev.get_next_messages_container().await?;
Ok(Some((container, dev)))
@@ -110,11 +112,18 @@ impl DiagDevice {
let mut bytes_read = 0;
// TP-Link M7350 sometimes sends too small messages, we need to be able to deal with short reads.
while bytes_read <= 8 {
bytes_read = self.file.read(&mut self.read_buf).await
bytes_read = self
.file
.read(&mut self.read_buf)
.await
.map_err(DiagDeviceError::DeviceReadFailed)?;
}
info!("Parsing messages container size = {:?} [{:?}]", bytes_read, &self.read_buf[0..bytes_read]);
info!(
"Parsing messages container size = {:?} [{:?}]",
bytes_read,
&self.read_buf[0..bytes_read]
);
match MessagesContainer::from_bytes((&self.read_buf[0..bytes_read], 0)) {
Ok((_, container)) => return Ok(container),
@@ -129,7 +138,9 @@ impl DiagDevice {
use_mdm: self.use_mdm > 0,
mdm_field: -1,
hdlc_encapsulated_request: hdlc_encapsulate(req_bytes, &CRC_CCITT),
}.to_bytes().expect("Failed to serialize RequestContainer");
}
.to_bytes()
.expect("Failed to serialize RequestContainer");
if let Err(err) = self.file.write(&buf).await {
// For reasons I don't entirely understand, calls to write(2) on
// /dev/diag always return 0 bytes written, though the written
@@ -164,13 +175,17 @@ impl DiagDevice {
for msg in self.read_response().await? {
match msg {
Ok(Message::Log { .. }) => info!("skipping log response..."),
Ok(Message::Response { payload, status, .. }) => match payload {
ResponsePayload::LogConfig(LogConfigResponse::RetrieveIdRanges { log_mask_sizes }) => {
Ok(Message::Response {
payload, status, ..
}) => match payload {
ResponsePayload::LogConfig(LogConfigResponse::RetrieveIdRanges {
log_mask_sizes,
}) => {
if status != 0 {
return Err(DiagDeviceError::RequestFailed(status, req));
}
return Ok(log_mask_sizes);
},
}
_ => info!("skipping non-LogConfigResponse response..."),
},
Err(e) => error!("error parsing message: {:?}", e),
@@ -181,20 +196,26 @@ impl DiagDevice {
}
async fn set_log_mask(&mut self, log_type: u32, log_mask_bitsize: u32) -> DiagResult<()> {
let req = build_log_mask_request(log_type, log_mask_bitsize, &LOG_CODES_FOR_RAW_PACKET_LOGGING);
let req = build_log_mask_request(
log_type,
log_mask_bitsize,
&LOG_CODES_FOR_RAW_PACKET_LOGGING,
);
self.write_request(&req).await?;
for msg in self.read_response().await? {
match msg {
Ok(Message::Log { .. }) => info!("skipping log response..."),
Ok(Message::Response { payload, status, .. }) => {
Ok(Message::Response {
payload, status, ..
}) => {
if let ResponsePayload::LogConfig(LogConfigResponse::SetMask) = payload {
if status != 0 {
return Err(DiagDeviceError::RequestFailed(status, req));
}
return Ok(());
}
},
}
Err(e) => error!("error parsing message: {:?}", e),
}
}
@@ -229,7 +250,7 @@ impl DiagDevice {
struct diag_logging_mode_param_t {
req_mode: u32,
peripheral_mask: u32,
mode_param: u8
mode_param: u8,
}
// Triggers the diag device's debug logging mode
@@ -254,11 +275,18 @@ fn enable_frame_readwrite(fd: i32, mode: u32) -> DiagResult<()> {
fd,
DIAG_IOCTL_SWITCH_LOGGING,
&mut params as *mut _,
std::mem::size_of::<diag_logging_mode_param_t>(), 0, 0, 0, 0
std::mem::size_of::<diag_logging_mode_param_t>(),
0,
0,
0,
0,
);
if ret < 0 {
let msg = format!("DIAG_IOCTL_SWITCH_LOGGING ioctl failed with error code {}", ret);
return Err(DiagDeviceError::InitializationFailed(msg))
let msg = format!(
"DIAG_IOCTL_SWITCH_LOGGING ioctl failed with error code {}",
ret
);
return Err(DiagDeviceError::InitializationFailed(msg));
}
}
}
@@ -272,7 +300,7 @@ fn determine_use_mdm(fd: i32) -> DiagResult<i32> {
unsafe {
if libc::ioctl(fd, DIAG_IOCTL_REMOTE_DEV, &use_mdm as *const i32) < 0 {
let msg = format!("DIAG_IOCTL_REMOTE_DEV ioctl failed with error code {}", 0);
return Err(DiagDeviceError::InitializationFailed(msg))
return Err(DiagDeviceError::InitializationFailed(msg));
}
}
Ok(use_mdm)

32
lib/src/gsmtap.rs
View File

@@ -6,24 +6,24 @@ use deku::prelude::*;
pub enum GsmtapType {
Um(UmSubtype),
Abis,
UmBurst, /* raw burst bits */
SIM, /* ISO 7816 smart card interface */
TetraI1, /* tetra air interface */
UmBurst, /* raw burst bits */
SIM, /* ISO 7816 smart card interface */
TetraI1, /* tetra air interface */
TetraI1Burst, /* tetra air interface */
WmxBurst, /* WiMAX burst */
GbLlc, /* GPRS Gb interface: LLC */
GbSndcp, /* GPRS Gb interface: SNDCP */
Gmr1Um, /* GMR-1 L2 packets */
WmxBurst, /* WiMAX burst */
GbLlc, /* GPRS Gb interface: LLC */
GbSndcp, /* GPRS Gb interface: SNDCP */
Gmr1Um, /* GMR-1 L2 packets */
UmtsRlcMac,
UmtsRrc(UmtsRrcSubtype),
LteRrc(LteRrcSubtype), /* LTE interface */
LteMac, /* LTE MAC interface */
LteMacFramed, /* LTE MAC with context hdr */
OsmocoreLog, /* libosmocore logging */
QcDiag, /* Qualcomm DIAG frame */
LteMac, /* LTE MAC interface */
LteMacFramed, /* LTE MAC with context hdr */
OsmocoreLog, /* libosmocore logging */
QcDiag, /* Qualcomm DIAG frame */
LteNas(LteNasSubtype), /* LTE Non-Access Stratum */
E1T1, /* E1/T1 Lines */
GsmRlp, /* GSM RLP frames as per 3GPP TS 24.022 */
E1T1, /* E1/T1 Lines */
GsmRlp, /* GSM RLP frames as per 3GPP TS 24.022 */
}
// based on https://github.com/fgsect/scat/blob/97442580e628de414c9f7c2a185f4e28d0ee7523/src/scat/parsers/qualcomm/diagltelogparser.py#L1337
@@ -119,7 +119,7 @@ pub enum UmtsRrcSubtype {
SysInfoTypeSB1 = 58,
SysInfoTypeSB2 = 59,
ToTargetRNCContainer = 60,
TargetRNCToSourceRNCContainer = 61
TargetRNCToSourceRNCContainer = 61,
}
#[repr(u8)]
@@ -218,9 +218,7 @@ pub struct GsmtapHeader {
}
impl GsmtapHeader {
pub fn new(
gsmtap_type: GsmtapType,
) -> Self {
pub fn new(gsmtap_type: GsmtapType) -> Self {
GsmtapHeader {
gsmtap_type,
version: 2,

64
lib/src/gsmtap_parser.rs
View File

@@ -13,7 +13,10 @@ pub enum GsmtapParserError {
}
pub fn parse(msg: Message) -> Result<Option<(Timestamp, GsmtapMessage)>, GsmtapParserError> {
if let Message::Log { timestamp, body, .. } = msg {
if let Message::Log {
timestamp, body, ..
} = msg
{
match log_to_gsmtap(body)? {
Some(msg) => Ok(Some((timestamp, msg))),
None => Ok(None),
@@ -25,9 +28,13 @@ pub fn parse(msg: Message) -> Result<Option<(Timestamp, GsmtapMessage)>, GsmtapP
fn log_to_gsmtap(value: LogBody) -> Result<Option<GsmtapMessage>, GsmtapParserError> {
match value {
LogBody::LteRrcOtaMessage { ext_header_version, packet } => {
LogBody::LteRrcOtaMessage {
ext_header_version,
packet,
} => {
let gsmtap_type = match ext_header_version {
0x02 | 0x03 | 0x04 | 0x06 | 0x07 | 0x08 | 0x0d | 0x16 => match packet.get_pdu_num() {
0x02 | 0x03 | 0x04 | 0x06 | 0x07 | 0x08 | 0x0d | 0x16 => match packet.get_pdu_num()
{
1 => GsmtapType::LteRrc(LteRrcSubtype::BcchBch),
2 => GsmtapType::LteRrc(LteRrcSubtype::BcchDlSch),
3 => GsmtapType::LteRrc(LteRrcSubtype::MCCH),
@@ -36,7 +43,12 @@ fn log_to_gsmtap(value: LogBody) -> Result<Option<GsmtapMessage>, GsmtapParserEr
6 => GsmtapType::LteRrc(LteRrcSubtype::DlDcch),
7 => GsmtapType::LteRrc(LteRrcSubtype::UlCcch),
8 => GsmtapType::LteRrc(LteRrcSubtype::UlDcch),
pdu => return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(ext_header_version, pdu)),
pdu => {
return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(
ext_header_version,
pdu,
))
}
},
0x09 | 0x0c => match packet.get_pdu_num() {
8 => GsmtapType::LteRrc(LteRrcSubtype::BcchBch),
@@ -47,7 +59,12 @@ fn log_to_gsmtap(value: LogBody) -> Result<Option<GsmtapMessage>, GsmtapParserEr
13 => GsmtapType::LteRrc(LteRrcSubtype::DlDcch),
14 => GsmtapType::LteRrc(LteRrcSubtype::UlCcch),
15 => GsmtapType::LteRrc(LteRrcSubtype::UlDcch),
pdu => return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(ext_header_version, pdu)),
pdu => {
return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(
ext_header_version,
pdu,
))
}
},
0x0e..=0x10 => match packet.get_pdu_num() {
1 => GsmtapType::LteRrc(LteRrcSubtype::BcchBch),
@@ -58,7 +75,12 @@ fn log_to_gsmtap(value: LogBody) -> Result<Option<GsmtapMessage>, GsmtapParserEr
7 => GsmtapType::LteRrc(LteRrcSubtype::DlDcch),
8 => GsmtapType::LteRrc(LteRrcSubtype::UlCcch),
9 => GsmtapType::LteRrc(LteRrcSubtype::UlDcch),
pdu => return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(ext_header_version, pdu)),
pdu => {
return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(
ext_header_version,
pdu,
))
}
},
0x13 | 0x1a | 0x1b => match packet.get_pdu_num() {
1 => GsmtapType::LteRrc(LteRrcSubtype::BcchBch),
@@ -76,8 +98,13 @@ fn log_to_gsmtap(value: LogBody) -> Result<Option<GsmtapMessage>, GsmtapParserEr
49 => GsmtapType::LteRrc(LteRrcSubtype::DlDcchNb),
50 => GsmtapType::LteRrc(LteRrcSubtype::UlCcchNb),
52 => GsmtapType::LteRrc(LteRrcSubtype::UlDcchNb),
pdu => return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(ext_header_version, pdu)),
}
pdu => {
return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(
ext_header_version,
pdu,
))
}
},
0x14 | 0x18 | 0x19 => match packet.get_pdu_num() {
1 => GsmtapType::LteRrc(LteRrcSubtype::BcchBch),
2 => GsmtapType::LteRrc(LteRrcSubtype::BcchDlSch),
@@ -94,9 +121,18 @@ fn log_to_gsmtap(value: LogBody) -> Result<Option<GsmtapMessage>, GsmtapParserEr
58 => GsmtapType::LteRrc(LteRrcSubtype::DlDcchNb),
59 => GsmtapType::LteRrc(LteRrcSubtype::UlCcchNb),
61 => GsmtapType::LteRrc(LteRrcSubtype::UlDcchNb),
pdu => return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(ext_header_version, pdu)),
pdu => {
return Err(GsmtapParserError::InvalidLteRrcOtaHeaderPduNum(
ext_header_version,
pdu,
))
}
},
_ => return Err(GsmtapParserError::InvalidLteRrcOtaExtHeaderVersion(ext_header_version)),
_ => {
return Err(GsmtapParserError::InvalidLteRrcOtaExtHeaderVersion(
ext_header_version,
))
}
};
let mut header = GsmtapHeader::new(gsmtap_type);
header.arfcn = packet.get_earfcn().try_into().unwrap_or(0);
@@ -106,19 +142,19 @@ fn log_to_gsmtap(value: LogBody) -> Result<Option<GsmtapMessage>, GsmtapParserEr
header,
payload: packet.take_payload(),
}))
},
}
LogBody::Nas4GMessage { msg, direction, .. } => {
// currently we only handle "plain" (i.e. non-secure) NAS messages
let mut header = GsmtapHeader::new(GsmtapType::LteNas(LteNasSubtype::Plain));
header.uplink = matches!(direction, Nas4GMessageDirection::Uplink);
header.uplink = matches!(direction, Nas4GMessageDirection::Uplink);
Ok(Some(GsmtapMessage {
header,
payload: msg,
}))
},
}
_ => {
error!("gsmtap_sink: ignoring unhandled log type: {:?}", value);
Ok(None)
},
}
}
}

20
lib/src/hdlc.rs
View File

@@ -3,11 +3,14 @@
//! here:
//! https://github.com/P1sec/QCSuper/blob/master/docs/The%20Diag%20protocol.md#the-diag-protocol-over-usb
use crc::Crc;
use bytes::Buf;
use crc::Crc;
use thiserror::Error;
use crate::diag::{MESSAGE_ESCAPE_CHAR, MESSAGE_TERMINATOR, ESCAPED_MESSAGE_ESCAPE_CHAR, ESCAPED_MESSAGE_TERMINATOR};
use crate::diag::{
ESCAPED_MESSAGE_ESCAPE_CHAR, ESCAPED_MESSAGE_TERMINATOR, MESSAGE_ESCAPE_CHAR,
MESSAGE_TERMINATOR,
};
#[derive(Debug, Clone, Error, PartialEq)]
pub enum HdlcError {
@@ -29,7 +32,9 @@ pub fn hdlc_encapsulate(data: &[u8], crc: &Crc<u16>) -> Vec<u8> {
for &b in data {
match b {
MESSAGE_TERMINATOR => result.extend([MESSAGE_ESCAPE_CHAR, ESCAPED_MESSAGE_TERMINATOR]),
MESSAGE_ESCAPE_CHAR => result.extend([MESSAGE_ESCAPE_CHAR, ESCAPED_MESSAGE_ESCAPE_CHAR]),
MESSAGE_ESCAPE_CHAR => {
result.extend([MESSAGE_ESCAPE_CHAR, ESCAPED_MESSAGE_ESCAPE_CHAR])
}
_ => result.push(b),
}
}
@@ -37,7 +42,9 @@ pub fn hdlc_encapsulate(data: &[u8], crc: &Crc<u16>) -> Vec<u8> {
for b in crc.checksum(data).to_le_bytes() {
match b {
MESSAGE_TERMINATOR => result.extend([MESSAGE_ESCAPE_CHAR, ESCAPED_MESSAGE_TERMINATOR]),
MESSAGE_ESCAPE_CHAR => result.extend([MESSAGE_ESCAPE_CHAR, ESCAPED_MESSAGE_ESCAPE_CHAR]),
MESSAGE_ESCAPE_CHAR => {
result.extend([MESSAGE_ESCAPE_CHAR, ESCAPED_MESSAGE_ESCAPE_CHAR])
}
_ => result.push(b),
}
}
@@ -77,7 +84,10 @@ pub fn hdlc_decapsulate(data: &[u8], crc: &Crc<u16>) -> Result<Vec<u8>, HdlcErro
let checksum_lo = unescaped.pop().ok_or(HdlcError::MissingChecksum)?;
let checksum = [checksum_lo, checksum_hi].as_slice().get_u16_le();
if checksum != crc.checksum(&unescaped) {
return Err(HdlcError::InvalidChecksum(checksum, crc.checksum(&unescaped)));
return Err(HdlcError::InvalidChecksum(
checksum,
crc.checksum(&unescaped),
));
}
Ok(unescaped)

8
lib/src/lib.rs
View File

@@ -1,11 +1,11 @@
pub mod hdlc;
pub mod analysis;
pub mod diag;
pub mod qmdl;
pub mod log_codes;
pub mod gsmtap;
pub mod gsmtap_parser;
pub mod hdlc;
pub mod log_codes;
pub mod pcap;
pub mod analysis;
pub mod qmdl;
pub mod util;
// bin/check.rs may target windows and does not use this mod

3
lib/src/log_codes.rs
View File

@@ -1,6 +1,5 @@
//! Enumerates some relevant diag log codes. Copied from QCSuper
// These are 2G-related log types.
pub const LOG_GSM_RR_SIGNALING_MESSAGE_C: u32 = 0x512f;
@@ -95,12 +94,10 @@ pub const RRCLOG_SIG_DL_MSCH: u32 = 8;
pub const RRCLOG_EXTENSION_SIB: u32 = 9;
pub const RRCLOG_SIB_CONTAINER: u32 = 10;
// 3G layer 3 packets:
pub const WCDMA_SIGNALLING_MESSAGE: u32 = 0x412f;
// Upper layers
pub const LOG_DATA_PROTOCOL_LOGGING_C: u32 = 0x11eb;

35
lib/src/pcap.rs
View File

@@ -1,10 +1,8 @@
//! Parse QMDL files and create a pcap file.
//! Creates a plausible IP header and [GSMtap](https://osmocom.org/projects/baseband/wiki/GSMTAP) header and then puts the rest of the data under that for wireshark to parse.
use crate::gsmtap::GsmtapMessage;
//! Parse QMDL files and create a pcap file.
//! Creates a plausible IP header and [GSMtap](https://osmocom.org/projects/baseband/wiki/GSMTAP) header and then puts the rest of the data under that for wireshark to parse.
use crate::diag::Timestamp;
use crate::gsmtap::GsmtapMessage;
use tokio::io::AsyncWrite;
use std::borrow::Cow;
use chrono::prelude::*;
use deku::prelude::*;
use pcap_file_tokio::pcapng::blocks::enhanced_packet::EnhancedPacketBlock;
@@ -12,7 +10,9 @@ use pcap_file_tokio::pcapng::blocks::interface_description::InterfaceDescription
use pcap_file_tokio::pcapng::blocks::section_header::{SectionHeaderBlock, SectionHeaderOption};
use pcap_file_tokio::pcapng::PcapNgWriter;
use pcap_file_tokio::{Endianness, PcapError};
use std::borrow::Cow;
use thiserror::Error;
use tokio::io::AsyncWrite;
#[derive(Error, Debug)]
pub enum GsmtapPcapError {
@@ -26,7 +26,10 @@ pub enum GsmtapPcapError {
Deku(#[from] DekuError),
}
pub struct GsmtapPcapWriter<T> where T: AsyncWrite {
pub struct GsmtapPcapWriter<T>
where
T: AsyncWrite,
{
writer: PcapNgWriter<T>,
ip_id: u16,
}
@@ -59,10 +62,17 @@ struct UdpHeader {
checksum: u16,
}
impl<T> GsmtapPcapWriter<T> where T: AsyncWrite + Unpin + Send {
impl<T> GsmtapPcapWriter<T>
where
T: AsyncWrite + Unpin + Send,
{
pub async fn new(writer: T) -> Result<Self, GsmtapPcapError> {
let metadata = crate::util::RuntimeMetadata::new();
let package = format!("{} {}", env!("CARGO_PKG_NAME").to_owned(), metadata.rayhunter_version);
let package = format!(
"{} {}",
env!("CARGO_PKG_NAME").to_owned(),
metadata.rayhunter_version
);
let section = SectionHeaderBlock {
endianness: Endianness::Big,
major_version: 1,
@@ -88,8 +98,13 @@ impl<T> GsmtapPcapWriter<T> where T: AsyncWrite + Unpin + Send {
Ok(())
}
pub async fn write_gsmtap_message(&mut self, msg: GsmtapMessage, timestamp: Timestamp) -> Result<(), GsmtapPcapError> {
let duration = timestamp.to_datetime()
pub async fn write_gsmtap_message(
&mut self,
msg: GsmtapMessage,
timestamp: Timestamp,
) -> Result<(), GsmtapPcapError> {
let duration = timestamp
.to_datetime()
.signed_duration_since(DateTime::UNIX_EPOCH)
.to_std()?;

97
lib/src/qmdl.rs
View File

@@ -3,18 +3,24 @@
//! QmdlReader and QmdlWriter can read and write MessagesContainers to and from
//! QMDL files.
use crate::diag::{MessagesContainer, MESSAGE_TERMINATOR, HdlcEncapsulatedMessage, DataType};
use crate::diag::{DataType, HdlcEncapsulatedMessage, MessagesContainer, MESSAGE_TERMINATOR};
use futures::TryStream;
use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt, BufReader, AsyncBufReadExt};
use log::error;
use tokio::io::{AsyncBufReadExt, AsyncRead, AsyncWrite, AsyncWriteExt, BufReader};
pub struct QmdlWriter<T> where T: AsyncWrite + Unpin {
pub struct QmdlWriter<T>
where
T: AsyncWrite + Unpin,
{
writer: T,
pub total_written: usize,
}
impl<T> QmdlWriter<T> where T: AsyncWrite + Unpin {
impl<T> QmdlWriter<T>
where
T: AsyncWrite + Unpin,
{
pub fn new(writer: T) -> Self {
QmdlWriter::new_with_existing_size(writer, 0)
}
@@ -35,13 +41,19 @@ impl<T> QmdlWriter<T> where T: AsyncWrite + Unpin {
}
}
pub struct QmdlReader<T> where T: AsyncRead {
pub struct QmdlReader<T>
where
T: AsyncRead,
{
reader: BufReader<T>,
bytes_read: usize,
max_bytes: Option<usize>,
}
impl<T> QmdlReader<T> where T: AsyncRead + Unpin {
impl<T> QmdlReader<T>
where
T: AsyncRead + Unpin,
{
pub fn new(reader: T, max_bytes: Option<usize>) -> Self {
QmdlReader {
reader: BufReader::new(reader),
@@ -50,21 +62,28 @@ impl<T> QmdlReader<T> where T: AsyncRead + Unpin {
}
}
pub fn as_stream(&mut self) -> impl TryStream<Ok = MessagesContainer, Error = std::io::Error> + '_ {
pub fn as_stream(
&mut self,
) -> impl TryStream<Ok = MessagesContainer, Error = std::io::Error> + '_ {
futures::stream::try_unfold(self, |reader| async {
let maybe_container = reader.get_next_messages_container().await?;
match maybe_container {
Some(container) => Ok(Some((container, reader))),
None => Ok(None)
None => Ok(None),
}
})
}
pub async fn get_next_messages_container(&mut self) -> Result<Option<MessagesContainer>, std::io::Error> {
pub async fn get_next_messages_container(
&mut self,
) -> Result<Option<MessagesContainer>, std::io::Error> {
if let Some(max_bytes) = self.max_bytes {
if self.bytes_read >= max_bytes {
if self.bytes_read > max_bytes {
error!("warning: {} bytes read, but max_bytes was {}", self.bytes_read, max_bytes);
error!(
"warning: {} bytes read, but max_bytes was {}",
self.bytes_read, max_bytes
);
}
return Ok(None);
}
@@ -82,12 +101,10 @@ impl<T> QmdlReader<T> where T: AsyncRead + Unpin {
Ok(Some(MessagesContainer {
data_type: DataType::UserSpace,
num_messages: 1,
messages: vec![
HdlcEncapsulatedMessage {
len: bytes_read as u32,
data: buf,
},
]
messages: vec![HdlcEncapsulatedMessage {
len: bytes_read as u32,
data: buf,
}],
}))
}
}
@@ -96,26 +113,29 @@ impl<T> QmdlReader<T> where T: AsyncRead + Unpin {
mod test {
use std::io::Cursor;
use crate::hdlc::hdlc_encapsulate;
use crate::diag::CRC_CCITT;
use crate::hdlc::hdlc_encapsulate;
use super::*;
fn get_test_messages() -> Vec<HdlcEncapsulatedMessage> {
let messages: Vec<HdlcEncapsulatedMessage> = (10..20).map(|i| {
let data = hdlc_encapsulate(&vec![i as u8; i], &CRC_CCITT);
HdlcEncapsulatedMessage {
len: data.len() as u32,
data,
}
}).collect();
let messages: Vec<HdlcEncapsulatedMessage> = (10..20)
.map(|i| {
let data = hdlc_encapsulate(&vec![i as u8; i], &CRC_CCITT);
HdlcEncapsulatedMessage {
len: data.len() as u32,
data,
}
})
.collect();
messages
}
// returns a byte array consisting of concatenated HDLC encapsulated
// test messages
fn get_test_message_bytes() -> Vec<u8> {
get_test_messages().iter()
get_test_messages()
.iter()
.flat_map(|msg| msg.data.clone())
.collect()
}
@@ -132,7 +152,7 @@ mod test {
MessagesContainer {
data_type: DataType::UserSpace,
num_messages: messages2.len() as u32,
messages: messages2.to_vec()
messages: messages2.to_vec(),
},
]
}
@@ -148,7 +168,10 @@ mod test {
num_messages: 1,
messages: vec![message],
};
assert_eq!(expected_container, reader.get_next_messages_container().await.unwrap().unwrap());
assert_eq!(
expected_container,
reader.get_next_messages_container().await.unwrap().unwrap()
);
}
}
@@ -167,9 +190,15 @@ mod test {
num_messages: 1,
messages: vec![message],
};
assert_eq!(expected_container, reader.get_next_messages_container().await.unwrap().unwrap());
assert_eq!(
expected_container,
reader.get_next_messages_container().await.unwrap().unwrap()
);
}
assert!(matches!(reader.get_next_messages_container().await, Ok(None)));
assert!(matches!(
reader.get_next_messages_container().await,
Ok(None)
));
}
#[tokio::test]
@@ -202,8 +231,14 @@ mod test {
num_messages: 1,
messages: vec![message],
};
assert_eq!(expected_container, reader.get_next_messages_container().await.unwrap().unwrap());
assert_eq!(
expected_container,
reader.get_next_messages_container().await.unwrap().unwrap()
);
}
assert!(matches!(reader.get_next_messages_container().await, Ok(None)));
assert!(matches!(
reader.get_next_messages_container().await,
Ok(None)
));
}
}