From 12ebe3fed54e666fd22054645a801cef38852bfc Mon Sep 17 00:00:00 2001 From: Beau Kujath Date: Mon, 10 Jul 2023 13:34:19 -0600 Subject: [PATCH] debug server can send arbitrary IP packet to genie app to send out from android --- .../eu/faircode/netguard/ServiceSinkhole.java | 9 -------- .../app/src/main/jni/netguard/debug_conn.c | 21 ++++++++++++------- NetGuard/app/src/main/jni/netguard/ip.c | 2 ++ NetGuard/app/src/main/jni/netguard/netguard.h | 6 ++++++ NetGuard/app/src/main/jni/netguard/tcp.c | 4 +++- debugServer/sniffer.py | 9 +++++++- 6 files changed, 33 insertions(+), 18 deletions(-) diff --git a/NetGuard/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java b/NetGuard/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java index 0938a66..de06cef 100644 --- a/NetGuard/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java +++ b/NetGuard/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java @@ -1260,9 +1260,6 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS boolean filter = prefs.getBoolean("filter", false); boolean system = prefs.getBoolean("manage_system", false); - subnet = true; - - Log.i(TAG, "filter value " + filter + " subnet: " + subnet + " tethering: " + tethering); // Build VPN service @@ -1314,12 +1311,6 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS listExclude.add(new IPUtil.CIDR("172.16.0.0", 12)); listExclude.add(new IPUtil.CIDR("192.168.0.0", 16)); } - - Log.i(TAG, "filter value " + filter); - // Add debug server to exclude list - listExclude.add(new IPUtil.CIDR("207.246.62.210", 32)); - //Log.i(TAG, "current list excludes: " + listExclude.toString()); - if (!filter) { for (InetAddress dns : getDns(ServiceSinkhole.this)) diff --git a/NetGuard/app/src/main/jni/netguard/debug_conn.c b/NetGuard/app/src/main/jni/netguard/debug_conn.c index 8d3b1b5..ac6656c 100644 --- a/NetGuard/app/src/main/jni/netguard/debug_conn.c +++ b/NetGuard/app/src/main/jni/netguard/debug_conn.c @@ -391,12 +391,10 @@ void read_debug_socket() { } void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_num) { - // TODO: This function is modelled after write_pcap_ret so I made - // parameters for this function the same since we basically want to do the same thing. + // Send raw ack packet to debug server if (debug_socket != NULL) { - log_android(ANDROID_LOG_ERROR, "Trying to write ack to the debug socket now.."); - //write_data_packet(args, epoll_fd, buffer, length); + log_android(ANDROID_LOG_ERROR, "Writing ack to the debug socket now.."); char* packet; int packet_len; @@ -408,15 +406,24 @@ void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_nu void write_debug_socket(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length) { - // TODO: This function is modelled after write_pcap_ret so I made - // parameters for this function the same since we basically want to do the same thing. + // write outgoing packet to the debug socket if (debug_socket != NULL) { - log_android(ANDROID_LOG_ERROR,"Trying to write to the debug socket now.."); + log_android(ANDROID_LOG_ERROR,"Writing to the debug socket now.."); write_data_packet(args, epoll_fd, buffer, length); } } +void handle_debug_packet(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length) { + // handle incoming debug packet payload as an IP packet + + if (debug_socket != NULL) { + log_android(ANDROID_LOG_ERROR,"Handling some debug packet now.."); + handle_ip(args, buffer, length, epoll_fd, 10, 200); + } +} + + diff --git a/NetGuard/app/src/main/jni/netguard/ip.c b/NetGuard/app/src/main/jni/netguard/ip.c index 3ece427..5a85cc3 100644 --- a/NetGuard/app/src/main/jni/netguard/ip.c +++ b/NetGuard/app/src/main/jni/netguard/ip.c @@ -138,6 +138,8 @@ void handle_ip(const struct arguments *args, int flen = 0; uint8_t *payload; + log_android(ANDROID_LOG_ERROR, "In handle IP packet with length: %u", length); + // Get protocol, addresses & payload uint8_t version = (*pkt) >> 4; if (version == 4) { diff --git a/NetGuard/app/src/main/jni/netguard/netguard.h b/NetGuard/app/src/main/jni/netguard/netguard.h index a3a36a3..a75b073 100644 --- a/NetGuard/app/src/main/jni/netguard/netguard.h +++ b/NetGuard/app/src/main/jni/netguard/netguard.h @@ -461,6 +461,12 @@ void write_debug_ack(const struct arguments *args, int epoll_fd, uint32_t seq_nu struct ng_session *get_debug_session(const struct arguments *args); +void handle_debug_packet(const struct arguments *args, int epoll_fd, const uint8_t *buffer, size_t length); + + + + + void queue_tcp(const struct arguments *args, const struct tcphdr *tcphdr, const char *session, struct tcp_session *cur, diff --git a/NetGuard/app/src/main/jni/netguard/tcp.c b/NetGuard/app/src/main/jni/netguard/tcp.c index 1e1f662..5da0462 100644 --- a/NetGuard/app/src/main/jni/netguard/tcp.c +++ b/NetGuard/app/src/main/jni/netguard/tcp.c @@ -657,9 +657,11 @@ void check_tcp_socket(const struct arguments *args, } - // TODO: process debug server responses + // if the received payload bytes are from debug server then handle it as an outgoing packet + // if (ntohs(s->tcp.dest) == 50508 && bytes > 0) { log_android(ANDROID_LOG_ERROR, "Received bytes from debug server, length: %u, %s", (size_t) bytes, buffer); + handle_debug_packet(args, epoll_fd, buffer, (size_t) bytes); } // Forward to tun diff --git a/debugServer/sniffer.py b/debugServer/sniffer.py index 0c2992d..7f6d2dd 100644 --- a/debugServer/sniffer.py +++ b/debugServer/sniffer.py @@ -91,7 +91,14 @@ class Sniffer(Thread): def get_send_payload(): - payload = "BBBBBBBBBBB" + payload = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" + + send_pkt = IP(dst="9.9.9.9", src="10.0.0.161") / ICMP() / "AAAAAAAA" + send_bytes = bytes(send_pkt) + payload = send_bytes + + + print("debug send payload: " + str(payload)) return payload