Add pado creation

fedebuonco · Jun 22, 2024 · 4f05c37 · 4f05c37
1 parent a19685f
commit 4f05c37
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 62 deletions.
diff --git a/Successfull_PPPwn.pcap b/Successfull_PPPwn.pcap
diff --git a/expected_pado.bin b/expected_pado.bin
diff --git a/generated_pado.bin b/generated_pado.bin
diff --git a/initial_two_padi.pcap b/initial_two_padi.pcap
diff --git a/padi_ps4.pcap b/padi_ps4.pcap
diff --git a/pado_to_ps4.pcap b/pado_to_ps4.pcap
diff --git a/src/exploit.rs b/src/exploit.rs
@@ -75,6 +75,7 @@ fn is_padi_packet(packet: &Packet) -> bool {
     let pppoe_code = u8::from_be_bytes([data[15]]);
     pppoe_code == constants::PPPOE_CODE_PADI
 }
+
 fn extract_host_uniq(packet: &Packet) -> Result<[u8; 8], Box<dyn std::error::Error>> {
     let data = packet.data;
     let mut result = [0u8; 8];
@@ -104,6 +105,7 @@ fn extract_host_uniq(packet: &Packet) -> Result<[u8; 8], Box<dyn std::error::Err
     }
     Ok(result)
 }
+
 fn extract_ps4_source_mac(packet: &Packet) -> Result<MacAddress64, Box<dyn std::error::Error>> {
     // Extract the source MAC address
     let offset = constants::ETH_SOURCE_MAC;
@@ -115,6 +117,7 @@ fn extract_ps4_source_mac(packet: &Packet) -> Result<MacAddress64, Box<dyn std::
 
     Ok(MacAddress64(mac_address))
 }
+
 pub fn build_fake_ifnet(pppoe_softc: u64) -> Vec<u8> {
     // Fake ifnet
     let mut fake_ifnet = vec![0x41; 0x48]; // Fill with 'A' initially
@@ -149,6 +152,7 @@ pub fn build_fake_ifnet(pppoe_softc: u64) -> Vec<u8> {
     fake_ifnet.extend(&constants::MTX_UNOWNED.to_le_bytes()); // mtx_lock
     fake_ifnet
 }
+
 pub fn create_pado_packet(
     source_mac: [u8; 6],
     target_mac: [u8; 6],
@@ -197,35 +201,41 @@ mod tests {
     #[test]
     fn test_is_padi_packet_from_file() {
         // Open the pcap file
-        let mut cap = Capture::from_file("padi_ps4.pcap").expect("Failed to open pcap file");
-
-        let mut found_padi = false;
+        let mut cap =
+            Capture::from_file("initial_two_padi.pcap").expect("Failed to open pcap file");
+        let mut count = 0;
         while let Ok(packet) = cap.next_packet() {
             if is_padi_packet(&packet) {
-                found_padi = true;
                 println!("Found a PADI packet: {:?}", packet);
+                count += 1;
             }
         }
 
-        // Assert that at least one PADI packet was found
-        assert!(
-            found_padi,
-            "No PADI packets found in the provided pcap file"
-        );
+        // Assert that 2 PADI packet were found
+        assert_eq!(count, 2);
     }
 
     #[test]
     fn test_extract_host_uniq() {
         // Open the pcap file
-        let mut cap = Capture::from_file("padi_ps4.pcap").expect("Failed to open pcap file");
+        let mut cap =
+            Capture::from_file("initial_two_padi.pcap").expect("Failed to open pcap file");
 
         while let Ok(packet) = cap.next_packet() {
             if is_padi_packet(&packet) {
                 match extract_host_uniq(&packet) {
                     Ok(host_uniq) => {
                         println!("Extracted Host-Uniq: {:?}", host_uniq);
+                        println!("Extracted Host-Uniq: {:?}", u64::from_be_bytes(host_uniq));
+                        // Print the value as hexadecimal
+                        println!(
+                            "Converted value in hex: 0x{:016x}",
+                            u64::from_be_bytes(host_uniq)
+                        );
+
                         // Assert that the Host-Uniq value has the expected length
                         assert_eq!(host_uniq.len(), 8);
+                        assert_eq!(u64::from_be_bytes(host_uniq), 0x002cf606ba9bffff)
                     }
                     Err(e) => {
                         panic!("Failed to extract Host-Uniq: {:?}", e);
@@ -238,7 +248,8 @@ mod tests {
     #[test]
     fn test_extract_source_mac() {
         // Open the pcap file
-        let mut cap = Capture::from_file("padi_ps4.pcap").expect("Failed to open pcap file");
+        let mut cap =
+            Capture::from_file("initial_two_padi.pcap").expect("Failed to open pcap file");
 
         while let Ok(packet) = cap.next_packet() {
             if is_padi_packet(&packet) {
@@ -298,54 +309,6 @@ mod tests {
         }
     }
 
-    #[test]
-    fn test_ppp_negotiation() {
-        // Open the pcap file
-        let cap = Capture::from_file("padi_ps4.pcap").expect("Failed to open pcap file");
-        // Cap device
-        let interface = "en10";
-        // Open the specified interface
-
-        let mut exploit = Exploit {
-            target_mac: MacAddress64::from_u64(0),
-            pppoe_softc: 0,
-            source_mac: MacAddress64([41, 41, 41, 41, 41, 41, 41, 41]),
-            host_uniq: [0, 0, 0, 0, 0, 0, 0, 0],
-        };
-
-        exploit.ppp_negotiation(cap);
-
-        // Assertions to verify the PPP negotiation process
-        // Ensure the `target_mac` has been updated correctly
-        assert_eq!(
-            exploit.target_mac,
-            MacAddress64([0xc8, 0x63, 0xf1, 0x44, 0x45, 0x97, 0, 0]),
-            "The target MAC address was not updated correctly"
-        );
-
-        // Ensure the `pppoe_softc` has been set from the extracted Host-Uniq tag
-        assert_eq!(
-            exploit.pppoe_softc,
-            0x123456789ABCDEF0, // Replace with the actual expected value from the pcap file
-            "The PPPoE softc value was not set correctly"
-        );
-
-        // Ensure the `source_mac` has been updated after calculating the planted value
-        let expected_planted_bytes = (exploit.pppoe_softc + 0x07 & 0xffffffffffff).to_be_bytes();
-        assert_eq!(
-            exploit.source_mac,
-            MacAddress64(expected_planted_bytes),
-            "The source MAC address was not updated correctly after calculating the planted value"
-        );
-
-        // Ensure the `host_uniq` has been set correctly from the PADI packet
-        let expected_host_uniq: [u8; 8] = [0xc8, 0x63, 0xf1, 0x44, 0x45, 0x97, 0, 0];
-        assert_eq!(
-            exploit.host_uniq, expected_host_uniq,
-            "The Host-Uniq tag value was not set correctly"
-        );
-    }
-
     #[test]
     fn test_pado_packet() {
         // Open the pcap file containing the expected PADO packet
@@ -355,10 +318,11 @@ mod tests {
         let expected_packet = cap.next_packet().expect("Failed to read PADO packet");
 
         // Define the input parameters for creating the PADO packet
-        let source_mac = [0x07, 0x2c, 0x4f, 0x07, 0xba, 0x9b];
+        let source_mac = [0x07, 0x2c, 0xf6, 0x06, 0xba, 0x9b];
         let target_mac = [0xc8, 0x63, 0xf1, 0x44, 0x45, 0x97];
-        let ac_cookie = build_fake_ifnet(0x002C4F07BA9BFFFF);
-        let host_uniq = [0x00, 0x2c, 0x4f, 0x07, 0xba, 0x9b, 0xff, 0xff];
+        let ifnet = build_fake_ifnet(0xffff9bba06f62c00);
+        let ac_cookie = ifnet;
+        let host_uniq = [0x00, 0x2c, 0xf6, 0x06, 0xba, 0x9b, 0xff, 0xff];
 
         // Create the PADO packet using the provided function
         let generated_pado_packet =