How can I get SSID from packet - python-3.x

I have this code:
from scapy.all import *
packet = rdpcap("hand.pcap")[0]
Now when I use print(packet) I get normal bytes
b"\x00\x00\x18\x00+\x00\x00\x00\x19\x81\xea\x02\x00\x00\x00\x00\x10\x00l\t\x00\x00\xdb\x00\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x06\xd6\xaa\xb0x\xe9\x06\xd6\xaa\xb0x\xe9\x80V\x8cAn\xa0\x01\x00\x00\x00d\x00\x11\x15\x00\nHuawei281s\x01\x08\x82\x84\x8b\x96$0Hl\x03\x01\x01\x05\x04\x00\x02\x00\x00\x07\x06HR \x01\r\x14 \x01\x00#\x02\x13\x00*\x01\x022\x04\x0c\x12\x18`0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x0c\x00-\x1a\xad\x01\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x01\x00\x17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x08\x04\x00\x08\x00\x00\x00\x00#\xdd\x05\x00\x162\x80\x00\xdd\x08\x00P\xf2\x11\x02\x00\x00\x00\xdd\x1e\x00\x90L\x04\x08\xbf\x0c\xb2y\x81\x0f\xfa\xff\x00\x00\xfa\xff\x00\x00\xc0\x05\x00\x01\x00\x00\x00\xc3\x02\x00\x02\xdd\t\x00\x10\x18\x02\x01\x00\x1c\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x00\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x1d\x00\x90L\\\x02\x01\n\x00\x08\x07\x01\x0f\x00\x00\x00\x00\x00\x01\n\x01\x01\x01\x01\x0f\x00\x00\x00\x00\x00d\x08\x06~"
When I use hexdump(packet) I get this
0000 00 00 18 00 2B 00 00 00 19 81 EA 02 00 00 00 00 ....+...........
0010 10 00 6C 09 00 00 DB 00 80 00 00 00 FF FF FF FF ..l.............
0020 FF FF 06 D6 AA B0 78 E9 06 D6 AA B0 78 E9 80 56 ......x.....x..V
0030 8C 41 6E A0 01 00 00 00 64 00 11 15 00 0A 48 75 .An.....d.....Hu
0040 61 77 65 69 32 38 31 73 01 08 82 84 8B 96 24 30 awei281s......$0
0050 48 6C 03 01 01 05 04 00 02 00 00 07 06 48 52 20 Hl...........HR
0060 01 0D 14 20 01 00 23 02 13 00 2A 01 02 32 04 0C ... ..#...*..2..
0070 12 18 60 30 14 01 00 00 0F AC 04 01 00 00 0F AC ..`0............
0080 04 01 00 00 0F AC 02 0C 00 2D 1A AD 01 1B FF FF .........-......
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 3D 16 01 00 17 00 00 00 00 00 00 .....=..........
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 7F 08 04 ................
00c0 00 08 00 00 00 00 40 DD 05 00 16 32 80 00 DD 08 ......#....2....
00d0 00 50 F2 11 02 00 00 00 DD 1E 00 90 4C 04 08 BF .P..........L...
00e0 0C B2 79 81 0F FA FF 00 00 FA FF 00 00 C0 05 00 ..y.............
00f0 01 00 00 00 C3 02 00 02 DD 09 00 10 18 02 01 00 ................
0100 1C 00 00 DD 18 00 50 F2 02 01 01 00 00 03 A4 00 ......P.........
0110 00 27 A4 00 00 42 43 5E 00 62 32 2F 00 DD 1D 00 .'...BC^.b2/....
0120 90 4C 5C 02 01 0A 00 08 07 01 0F 00 00 00 00 00 .L\.............
0130 01 0A 01 01 01 01 0F 00 00 00 00 00 64 08 06 7E ............d..~
And in that is my SSID with name Huawei281s in scambled in
When I use print(packet.show)
I get this
<bound method Packet.show of <RadioTap version=0 pad=0 len=24 present=TSFT+Flags+Channel+dBm_AntSignal mac_timestamp=48922905 Flags=FCS ChannelFrequency=2412 ChannelFlags= dBm_AntSignal=-37dBm notdecoded='\x00' |<Dot11FCS subtype=8 type=Management proto=0 FCfield= ID=0 addr1=ff:ff:ff:ff:ff:ff addr2=06:d6:aa:b0:78:e9 addr3=06:d6:aa:b0:78:e9 SC=22144 fcs=0x7e060864 |<Dot11Beacon timestamp=6986547596 beacon_interval=100 cap=res8+short-slot+res12+ESS+privacy |<Dot11Elt ID=SSID len=10 info='Huawei281s' |<Dot11EltRates ID=1 len=8 rates=[0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c] |<Dot11Elt ID=DSset len=1 info='\x01' |<Dot11Elt ID=TIM len=4 info='\x00\x02\x00\x00' |<Dot11EltCountry ID=7 len=6 country_string='HR ' descriptors=[<Dot11EltCountryConstraintTriplet first_channel_number=1 num_channels=13 mtp=20 |>] pad=32 |<Dot11EltRates ID=1 len=0 |<Dot11Elt ID=35 len=2 info='\x13\x00' |<Dot11Elt ID=ERPinfo len=1 info='\x02' |<Dot11Elt ID=ESRates len=4 info='\x0c\x12\x18`' |<Dot11EltRSN ID=48 len=20 version=1 group_cipher_suite=<RSNCipherSuite oui=0xfac cipher=CCMP |> nb_pairwise_cipher_suites=1 pairwise_cipher_suites=[<RSNCipherSuite oui=0xfac cipher=CCMP |>] nb_akm_suites=1 akm_suites=[<AKMSuite oui=0xfac suite=PSK |>] mfp_capable=0 mfp_required=0 gtksa_replay_counter=0 ptksa_replay_counter=3 no_pairwise=0 pre_auth=0 reserved=0 |<Dot11Elt ID=HTCapabilities len=26 info='\xad\x01\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |<Dot11Elt ID=HTinfo len=22 info='\x01\x00\x17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |<Dot11Elt ID=ExtendendCapatibilities len=8 info='\x04\x00\x08\x00\x00\x00\x00#' |<Dot11EltVendorSpecific ID=221 len=5 oui=0x1632 info='\x80\x00' |<Dot11EltVendorSpecific ID=221 len=8 oui=0x50f2 info='\x11\x02\x00\x00\x00' |<Dot11EltVendorSpecific ID=221 len=30 oui=0x904c info='\x04\x08\xbf\x0c\xb2y\x81\x0f\xfa\xff\x00\x00\xfa\xff\x00\x00\xc0\x05\x00\x01\x00\x00\x00\xc3\x02\x00\x02' |<Dot11EltVendorSpecific ID=221 len=9 oui=0x1018 info='\x02\x01\x00\x1c\x00\x00' |<Dot11EltVendorSpecific ID=221 len=24 oui=0x50f2 info="\x02\x01\x01\x00\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00" |<Dot11EltVendorSpecific ID=221 len=29 oui=0x904c info='\\\x02\x01\n\x00\x08\x07\x01\x0f\x00\x00\x00\x00\x00\x01\n\x01\x01\x01\x01\x0f\x00\x00\x00\x00\x00' |>>>>>>>>>>>>>>>>>>>>>>>
And there is my SSID under info
and for print(type(packet.show)) I get
<class 'method'>
And when I use packet.show() I get bunch of data with this
###[ 802.11 Information Element ]###
ID = SSID
len = 10
info = 'Huawei281s'
So im wondering how can I extract my SSID from packet

In this specific case you could use
packet[Dot11Beacon].network_stats()
But have a look at the doc for a more in depth tutorial. it seems you haven't really looked into Scapy's syntax :)

Related

.txt file filter for a specific HEX snipet

I have a .txt that i want to import into excel to plot the values converted from hex. The textfile is much larger (up to 40000 lines) so doing it manually is not an option.
here is an example of the .txt file:
Line DCE(hex)
1
2
3
4 41 14 00 00 9a 7e 00 00
5 00 00 00 00 00 00 00 00
6 00 01 6d 45
7
8
9
10 41 14 00 00 9a 99 00 00
11 00 00 00 00 00 00 00 00
12 00 01 88 45
13
14
15
16 41 14 00 00 9a b0 00 00
17 00 00 00 00 00 00 00 00
18 00 01 9f 45
19
20
21
22 41 14 00 00 9a c7 00 00
23 00 00 00 00 00 00 00 00
24 00 01 b6 45
25
26
27
28 41 14 00 00 9a df 00 00
29 00 00 00 00 00 00 00 00
30 00 01 ce 45
from the DCE(hex) line i need only the part i have written in quotation marks here:
4 41 14 00 00 "9a 7e" 00 00
5 00 00 00 00 00 00 00 00
6 00 01 6d 45
7
8
9
10 41 14 00 00 "9a 99" 00 00
11 00 00 00 00 00 00 00 00
12 00 01 88 45
13
14
15
16 41 14 00 00 "9a b0" 00 00
17 00 00 00 00 00 00 00 00
18 00 01 9f 45
i want the values at the end like this so i can import it in to excel and plot a diagramm.
How can i do this the best way?
1 9a 7e
2 9a 99
3 9a b0
4 9a c7
Thank you very much!

std::map (Enum / CString) is triggering a memory leak in my app - why?

I have looked at similar discussions (std::map causing memory leaks?) about this issue but according to the debug build of my app this is triggering a memory leak:
void CMeetingScheduleAssistantApp::SetLocale(LanguageMSA eLang)
{
// See: https://www.microsoft.com/resources/msdn/goglobal/default.mspx#ISO2
map<LanguageMSA, CString> mapLocales;
mapLocales.emplace(LanguageMSA::Afrikaans, _T("af"));
mapLocales.emplace(LanguageMSA::Albanian, _T("sqi"));
mapLocales.emplace(LanguageMSA::Arabic, _T("ara"));
mapLocales.emplace(LanguageMSA::Aukan, _T("drk"));
mapLocales.emplace(LanguageMSA::Bulgarian, _T("bgr"));
mapLocales.emplace(LanguageMSA::ChineseSimplified, _T("chs"));
mapLocales.emplace(LanguageMSA::Croatian, _T("hrv"));
mapLocales.emplace(LanguageMSA::Czech, _T("csy"));
mapLocales.emplace(LanguageMSA::Danish, _T("dan"));
mapLocales.emplace(LanguageMSA::Dutch, _T("nld"));
mapLocales.emplace(LanguageMSA::English, _T("eng"));
mapLocales.emplace(LanguageMSA::Estonian, _T("et"));
mapLocales.emplace(LanguageMSA::Finnish, _T("fin"));
mapLocales.emplace(LanguageMSA::French, _T("fra"));
mapLocales.emplace(LanguageMSA::German, _T("deu"));
mapLocales.emplace(LanguageMSA::Greek, _T("ell"));
mapLocales.emplace(LanguageMSA::Gujarati, _T("guj"));
mapLocales.emplace(LanguageMSA::Hindi, _T("hin"));
mapLocales.emplace(LanguageMSA::Hungarian, _T("hu-HU"));
mapLocales.emplace(LanguageMSA::Indonesian, _T("ind"));
mapLocales.emplace(LanguageMSA::Italian, _T("ita"));
mapLocales.emplace(LanguageMSA::Japanese, _T("jpn"));
mapLocales.emplace(LanguageMSA::Lingala, _T("ln-CG"));
mapLocales.emplace(LanguageMSA::Maltese, _T("mt-MT"));
mapLocales.emplace(LanguageMSA::Polish, _T("plk"));
mapLocales.emplace(LanguageMSA::PortugueseBrazil, _T("ptb"));
mapLocales.emplace(LanguageMSA::PortuguesePortugal, _T("pt-PT"));
mapLocales.emplace(LanguageMSA::Punjabi, _T("pa"));
mapLocales.emplace(LanguageMSA::Romanian, _T("rom"));
mapLocales.emplace(LanguageMSA::Russian, _T("rus"));
mapLocales.emplace(LanguageMSA::Saramaccan, _T("fra")); // Special case (uses French)
mapLocales.emplace(LanguageMSA::Setswana, _T("tn-ZA"));
mapLocales.emplace(LanguageMSA::Slovenian, _T("slv"));
mapLocales.emplace(LanguageMSA::Spanish, _T("esp"));
mapLocales.emplace(LanguageMSA::Swahili, _T("swk"));
mapLocales.emplace(LanguageMSA::Swedish, _T("sve"));
mapLocales.emplace(LanguageMSA::Tagalog, _T("fil-PH"));
mapLocales.emplace(LanguageMSA::Tamil, _T("tai"));
mapLocales.emplace(LanguageMSA::Tsonga, _T("tso"));
mapLocales.emplace(LanguageMSA::Turkish, _T("trk"));
mapLocales.emplace(LanguageMSA::Ukrainian, _T("ukr"));
mapLocales.emplace(LanguageMSA::Vietnamese, _T("vit"));
mapLocales.emplace(LanguageMSA::Zulu, _T("zu-ZA"));
CString strLocale = _T("eng"); // Default (also used by some "partial" translations
if (mapLocales.find(eLang) != mapLocales.end())
strLocale = mapLocales[eLang];
_tsetlocale(LC_ALL, strLocale);
}
Please advise if there is anything I need to do to stop this memory leak being listed when the debug version closes. Or is it a red herring in this case?
LanguageMSA is an enum class:
enum class LanguageMSA
{
English = 0,
German,
Spanish,
Italian,
Polish,
French,
PortugueseBrazil,
Dutch,
Swedish,
Slovenian,
Czech,
Finnish,
Danish,
Ukrainian,
Russian,
Tagalog,
HaitianCreole,
Afrikaans,
Albanian,
ChineseSimplified,
Croatian,
Turkish,
Twi,
Swahili, // AJT v11.3.4
Estonian, // AJT v12.0.5
Romanian, // AJT v12.0.8
Greek, // AJT v13.0.0
Bulgarian, // AJT v13.0.2
Malagasy, // AJT v14.0.4‏
Arabic, // AJT v16.0.0
Indonesian, // AJT v16.0.2
Hindi, // AJT v16.0.7
Tamil, // AJT v16.1.0
Vietnamese, // AJT v16.1.1
Zulu, // AJT v16.1.6
Gun, // AJT v17.0.9
Lingala, // AJT v17.0.9
PortuguesePortugal, // AJT v17.1.0
Punjabi, // AJT v17.1.3
Maltese, // AJT v17.2.3
Hungarian, // AJT v17.2.6
Saramaccan, // AJT v18.0.0
Amharic, // AJT v18.0.6
Japanese, // AJT v18.0.6
Setswana, // AJT v18.0.8
Sranantongo,// AJT v18.1.4
Aukan, // AJT v18.1.6
Armenian, // AJT v18.2.1
Gujarati, // AJT v19.0.9
Sesotho, // AJT v20.0.3
Cebuano, // AJT v20.1.2
Tsonga, // AJT v20.1.5
PidginWestAfrica, // AJT v20.3.0
// Maintain a count of language enums
Count
} ;
Memory leak dump:
Detected memory leaks!
Dumping objects ->
{104257} normal block at 0x0000028AC8015830, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{104255} normal block at 0x0000028AC8015210, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{104253} normal block at 0x0000028AC706A920, 168 bytes long.
Data: < (R ÈŠ > 05 00 00 00 00 00 00 00 28 52 01 C8 8A 02 00 00
{104244} normal block at 0x0000028AE311F820, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{104242} normal block at 0x0000028AE311EEC0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{104241} normal block at 0x0000028AC706A0B0, 168 bytes long.
Data: < Øî ㊠> 04 00 00 00 00 00 00 00 D8 EE 11 E3 8A 02 00 00
{104232} normal block at 0x0000028AC80152F0, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{104230} normal block at 0x0000028AC6CF9690, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{104229} normal block at 0x0000028AC7069C00, 168 bytes long.
Data: < ¨–ÏÆŠ > 03 00 00 00 00 00 00 00 A8 96 CF C6 8A 02 00 00
{104220} normal block at 0x0000028AC8015DE0, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{104218} normal block at 0x0000028AC6CF8F10, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{104217} normal block at 0x0000028AC706B280, 168 bytes long.
Data: < ( ÏÆŠ > 02 00 00 00 00 00 00 00 28 8F CF C6 8A 02 00 00
{104208} normal block at 0x0000028AC80151A0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{104206} normal block at 0x0000028AC80164E0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{104204} normal block at 0x0000028AC706B910, 168 bytes long.
Data: < ød ÈŠ > 01 00 00 00 00 00 00 00 F8 64 01 C8 8A 02 00 00
{104195} normal block at 0x0000028AC8016A20, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{104193} normal block at 0x0000028AC8014560, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{104191} normal block at 0x0000028AC706A830, 168 bytes long.
Data: < xE ÈŠ > 00 00 00 00 00 00 00 00 78 45 01 C8 8A 02 00 00
{103563} normal block at 0x0000028AC80157C0, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{103561} normal block at 0x0000028AC8013B50, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{103559} normal block at 0x0000028AC706B820, 168 bytes long.
Data: < h; ÈŠ > 05 00 00 00 00 00 00 00 68 3B 01 C8 8A 02 00 00
{103550} normal block at 0x0000028AC7090340, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{103548} normal block at 0x0000028AC7090DC0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{103547} normal block at 0x0000028AC706B730, 168 bytes long.
Data: < Ø ÇŠ > 04 00 00 00 00 00 00 00 D8 0D 09 C7 8A 02 00 00
{103538} normal block at 0x0000028AC8016BE0, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{103536} normal block at 0x0000028AC6CF8E90, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{103535} normal block at 0x0000028AC706A290, 168 bytes long.
Data: < ¨ŽÏÆŠ > 03 00 00 00 00 00 00 00 A8 8E CF C6 8A 02 00 00
{103526} normal block at 0x0000028AC80169B0, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{103524} normal block at 0x0000028AC6CF8D10, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{103523} normal block at 0x0000028AC706A380, 168 bytes long.
Data: < ( ÏÆŠ > 02 00 00 00 00 00 00 00 28 8D CF C6 8A 02 00 00
{103514} normal block at 0x0000028AC8015F30, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{103512} normal block at 0x0000028AC8013FB0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{103510} normal block at 0x0000028AC706A650, 168 bytes long.
Data: < È? ÈŠ > 01 00 00 00 00 00 00 00 C8 3F 01 C8 8A 02 00 00
{103501} normal block at 0x0000028AC8013CA0, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{103499} normal block at 0x0000028AC8013760, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{103497} normal block at 0x0000028AC706BA00, 168 bytes long.
Data: < x7 ÈŠ > 00 00 00 00 00 00 00 00 78 37 01 C8 8A 02 00 00
{101036} normal block at 0x0000028AC8013990, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{101034} normal block at 0x0000028AC8014640, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{101032} normal block at 0x0000028AC706B190, 168 bytes long.
Data: < XF ÈŠ > 05 00 00 00 00 00 00 00 58 46 01 C8 8A 02 00 00
{101023} normal block at 0x0000028AE311F700, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{101021} normal block at 0x0000028AE311E5C0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{101020} normal block at 0x0000028AC706A740, 168 bytes long.
Data: < Øå ㊠> 04 00 00 00 00 00 00 00 D8 E5 11 E3 8A 02 00 00
{101011} normal block at 0x0000028AC8013680, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{101009} normal block at 0x0000028AC6CDEA80, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{101008} normal block at 0x0000028AC706A560, 168 bytes long.
Data: < êÍÆŠ > 03 00 00 00 00 00 00 00 98 EA CD C6 8A 02 00 00
{100999} normal block at 0x0000028AC8015050, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{100997} normal block at 0x0000028AC6CDF900, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{100996} normal block at 0x0000028AC706ADD0, 168 bytes long.
Data: < ùÍÆŠ > 02 00 00 00 00 00 00 00 18 F9 CD C6 8A 02 00 00
{100987} normal block at 0x0000028AC80135A0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{100985} normal block at 0x0000028AC8014FE0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{100983} normal block at 0x0000028AC706B0A0, 168 bytes long.
Data: < øO ÈŠ > 01 00 00 00 00 00 00 00 F8 4F 01 C8 8A 02 00 00
{100974} normal block at 0x0000028AC80145D0, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{100972} normal block at 0x0000028AC8014480, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{100970} normal block at 0x0000028AC706B460, 168 bytes long.
Data: < D ÈŠ > 00 00 00 00 00 00 00 00 98 44 01 C8 8A 02 00 00
{12591} normal block at 0x0000028AC64B5970, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{12589} normal block at 0x0000028AC64B5740, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{12587} normal block at 0x0000028AC7F8D9D0, 168 bytes long.
Data: < XWKÆŠ > 05 00 00 00 00 00 00 00 58 57 4B C6 8A 02 00 00
{12578} normal block at 0x0000028AC7F06DB0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{12576} normal block at 0x0000028AC7F07830, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{12575} normal block at 0x0000028AC7F8D8E0, 168 bytes long.
Data: < HxðÇŠ > 04 00 00 00 00 00 00 00 48 78 F0 C7 8A 02 00 00
{12566} normal block at 0x0000028AC64B5890, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{12564} normal block at 0x0000028AC6496AE0, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{12563} normal block at 0x0000028AC7F8D7F0, 168 bytes long.
Data: < øjIÆŠ > 03 00 00 00 00 00 00 00 F8 6A 49 C6 8A 02 00 00
{12554} normal block at 0x0000028AC64B5820, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{12552} normal block at 0x0000028AC64965E0, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{12551} normal block at 0x0000028AC7F8E240, 168 bytes long.
Data: < øeIÆŠ > 02 00 00 00 00 00 00 00 F8 65 49 C6 8A 02 00 00
{12542} normal block at 0x0000028AC64B4E10, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{12540} normal block at 0x0000028AC64B53C0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{12538} normal block at 0x0000028AC7F8D610, 168 bytes long.
Data: < ØSKÆŠ > 01 00 00 00 00 00 00 00 D8 53 4B C6 8A 02 00 00
{12529} normal block at 0x0000028AC64B4D30, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{12527} normal block at 0x0000028AC64B4C50, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{12525} normal block at 0x0000028AC7EE7740, 168 bytes long.
Data: < hLKÆŠ > 00 00 00 00 00 00 00 00 68 4C 4B C6 8A 02 00 00
Object dump complete.

editing hex / binary files in limited linux

I have a very limited linux w/ few basic linux commands.
I need to replace a few chars in a hex / binary file:
INPUT:
# hexdump -C block.bin
00000000 11 11 50 04 42 00 00 00 58 00 00 00 3c 0e e2 d4 |..P.B...X...<...|
00000010 50 0b 00 00 00 80 00 00 00 00 00 00 00 00 d0 d7 |P...............|
00000020 1f 09 00 00 00 00 02 00 00 00 00 04 ff ff ff ff |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040 28 31 98 5b d3 0e 05 00 00 00 00 00 00 00 00 00 |(1.[............|
00000050 00 00 00 00 00 00 00 00 64 00 00 00 00 00 10 00 |........d.......|
00000060 00 ff ff ff ff 00 00 00 00 03 01 0d 03 01 0d 01 |................|
00000070 00 00 00 00 0c 00 01 02 00 00 00 00 00 ff ff ff |................|
00000080 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*
00000180 00 00 20 00 00 00 ff ff ff ff 01 00 00 0c 00 00 |.. .............|
00000190 04 00 00 00 02 00 00 04 00 00 00 00 00 00 ff ff |................|
000001a0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*
00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
I need to change the following:
00000060 00 ff ff ff ff 00 00 00 00 03 01 0d 03 01 0d 01 |................|
00000070 00 00 00 00 0c 00 01 02 00 00 00 00 00 ff ff ff |................|
to (and rewrite back to the same file):
00000060 00 ff ff ff ff 00 00 00 00 03 01 0d 03 01 0d 02 |................|
00000070 01 00 00 00 0c 00 01 02 00 00 00 00 00 ff ff ff |................|
Like I've said, I have a handful of commands: hexdump, od, vi, nano, awk, sed, python.
Looking through the internet, many solutions require 3rd party installs or the use of 'xxd'. Both I cannot use.
Any suggestions?
Thanks!
I don't think trying this with sed or awk is a sane idea, so we're stuck with python, which is certainly powerful enough for this task. I'm thinking along these lines:
#!/usr/bin/python
# open file in binary mode for reading and writing
f = open("block.bin", "r+b")
# seek to position and read two bytes
f.seek(0x6f)
data = f.read(2)
# seek to position again
f.seek(0x6f)
# and write the transformed characters back
for d in data:
f.write(chr(ord(d) + 1))
f.close()

hexadecimal string to wireshark pcap

I have a hex string which I want to convert into a Wireshark pcap. Wireshark accepts a hex dump in the following format:
0000 00 00 00 00 00 aa 00 00 00 00 00 01 88 47 00 3e
0010 80 0a 00 00 d1 0a 10 00 89 02 20 01 05 46 00 00
0020 00 01 00 02 04 03 6d 64 31 02 03 6d 61 57 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060 00 00 00 00 00
I have the following stream:
0000000000AA0000000000018847003E800A0000D10A100089022001054600000001000204036D643102036D615700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
I have been experimenting with od -Ax -tc1 -v command in linux but can not seem to get the correct output. Does anyone know how this can be done?
First put the hex stream into a text file "a.txt",
0000000000AA0000000000018847003E800A0000D10A100089022001054600000001000204036D643102036D615700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
then convert the text file into a binary file:
xxd -r -p a.txt a.bin
using od and text2pcap to convert the binary file to a pcap file.
od -Ax -tx1 -v a.bin | text2pcap - a.pcap
You can use the following script. This is just a workaround. od and hexdump will interpret 0 as the character '0', and use the byte 48, so you may not get proper output. The script reads two chars for 16 times, and offset is incremented accordingly. Pretty simple to understand I guess:)
#!/bin/bash
off=0
while [ 1 ]
do
printf "%04x " $off
for ((i=0;i<16;i++))
do
read -n 2 a
[ $? -ne 0 ] && echo && exit
echo -n "$a "
done
echo
off=`expr $off + 16`
done <test
where test is the file that holds the stream. I got the following output for your input.
0000 00 00 00 00 00 AA 00 00 00 00 00 01 88 47 00 3E
0010 80 0A 00 00 D1 0A 10 00 89 02 20 01 05 46 00 00
0020 00 01 00 02 04 03 6D 64 31 02 03 6D 61 57 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060 00 00 00 00 00

nodejs canvas Slowbuffer to string

I use node-canvas;
....
var content = canvas.toBuffer();
var length=content.length;
console.log(content);
result:
<SlowBuffer 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 00 57 02 f9 87 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 ...>
And
var buf=new SlowBuffer(length);
buf.write(content.toString());
console.log(buf);
result:
<Buffer ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 28 00 28 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 ...>
They are not equal:( ,so when I store it into redis ,I can't get it back;
Depending on the format you want, you can use the following methods:
buf.toJSON() // Straight to JSON format
buf.toString('utf8') ; // UTF8 format
Read on for more alternatives: https://nodejs.org/api/buffer.html#buffer_buf_tostring_encoding_start_end
You can't just call Buffer.toString and assume that everything will be all right, since the default encoding is utf8. If you want to encode binary data, you need base64 encoding.

Resources