mirror
/
wmbusmeters
kopia lustrzana https://github.com/weetmuts/wmbusmeters
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Improve analyze information for failed decryption situations.

pull/505/head
Fredrik Öhrström 2022-03-28 19:15:47 +02:00
rodzic a2507f5ab5
commit 3a357e47e2
4 zmienionych plików z 47 dodań i 20 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

55
src/wmbus.cc
Wyświetl plik

@ -1044,12 +1044,14 @@ bool Telegram::parseELL(vector<uchar>::iterator &pos)
int len = distance(pos+2, frame.end());
uint16_t check = crc16_EN13757(&(frame[dist]), len);
addExplanationAndIncrementPos(pos, 2, KindOfData::PROTOCOL, Understanding::FULL,
"%02x%02x payload crc (calculated %02x%02x %s)",
ell_pl_crc_b[0], ell_pl_crc_b[1],
check & 0xff, check >> 8, (ell_pl_crc==check?"OK":"ERROR"));
if (ell_pl_crc == check || FUZZING)
{
addExplanationAndIncrementPos(pos, 2, KindOfData::PROTOCOL, Understanding::FULL,
"%02x%02x payload crc (calculated %02x%02x %s)",
ell_pl_crc_b[0], ell_pl_crc_b[1],
check & 0xff, check >> 8, (ell_pl_crc==check?"OK":"ERROR"));
}
else
{
@ -1057,10 +1059,10 @@ bool Telegram::parseELL(vector<uchar>::iterator &pos)
// A wrong key, or no key was probably used for decryption.
decryption_failed = true;
// Log the content as encrypted.
// Log the content as failed decryption.
int num_encrypted_bytes = frame.end()-pos;
string info = bin2hex(pos, frame.end(), num_encrypted_bytes);
info += " encrypted";
string info = bin2hex(pos, frame.end(), num_encrypted_bytes);
info += " failed decryption. Wrong key?";
addExplanationAndIncrementPos(pos, num_encrypted_bytes, KindOfData::CONTENT, Understanding::ENCRYPTED, info.c_str());
if (parser_warns_)
@ -1511,6 +1513,7 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
&num_encrypted_bytes, &num_not_encrypted_at_end);
if (!ok)
{
// No key supplied.
string info = bin2hex(pos, frame.end(), num_encrypted_bytes);
info += " encrypted";
addExplanationAndIncrementPos(pos, num_encrypted_bytes, KindOfData::CONTENT, Understanding::ENCRYPTED, info.c_str());
@ -1535,14 +1538,27 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
// Now the frame from pos and onwards has been decrypted.
CHECK(2);
if ((*(pos+0) != 0x2f || *(pos+1) != 0x2f) && !FUZZING)
uchar a = *(pos+0);
uchar b = *(pos+1);
addExplanationAndIncrementPos(pos, 2, KindOfData::PROTOCOL, Understanding::FULL,
"%02x%02x decrypt check bytes (%s)", *(pos+0), *(pos+1),
(*(pos+0) == 0x2f && *(pos+1) == 0x2f) ? "OK":"ERROR should be 2f2f");
if ((a != 0x2f || b != 0x2f) && !FUZZING)
{
// Wrong key supplied.
int num_bytes = distance(pos, frame.end());
string info = bin2hex(pos, frame.end(), num_bytes);
info += " failed decryption. Wrong key?";
addExplanationAndIncrementPos(pos, num_bytes, KindOfData::CONTENT, Understanding::ENCRYPTED, info.c_str());
if (parser_warns_)
{
if (!beingAnalyzed() && (isVerboseEnabled() || isDebugEnabled() || !warned_for_telegram_before(this, dll_a)))
{
// Print this warning only once! Unless you are using verbose or debug.
warning("(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? "
warning("(wmbus) WARNING!! decrypted content failed check, did you use the correct decryption key? "
"Permanently ignoring telegrams from id: %02x%02x%02x%02x mfct: (%s) %s (0x%02x) type: %s (0x%02x) ver: 0x%02x\n",
dll_id_b[3], dll_id_b[2], dll_id_b[1], dll_id_b[0],
manufacturerFlag(dll_mfct).c_str(),
@ -1554,8 +1570,6 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
}
return false;
}
addExplanationAndIncrementPos(pos, 2, KindOfData::PROTOCOL, Understanding::FULL,
"%02x%02x decrypt check bytes", *(pos+0), *(pos+1));
}
else if (tpl_sec_mode == TPLSecurityMode::AES_CBC_NO_IV)
{
@ -1627,14 +1641,25 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
// Now the frame from pos and onwards has been decrypted.
CHECK(2);
if ((*(pos+0) != 0x2f || *(pos+1) != 0x2f) && !FUZZING)
uchar a = *(pos+0);
uchar b = *(pos+1);
addExplanationAndIncrementPos(pos, 2, KindOfData::PROTOCOL, Understanding::FULL,
"%02x%02x decrypt check bytes (%s)", a, b,
(a == 0x2f && b == 0x2f) ? "OK":"ERROR should be 2f2f");
if ((a != 0x2f || b != 0x2f) && !FUZZING)
{
// Wrong key supplied.
string info = bin2hex(pos, frame.end(), num_encrypted_bytes);
info += " failed decryption. Wrong key?";
addExplanationAndIncrementPos(pos, num_encrypted_bytes, KindOfData::CONTENT, Understanding::ENCRYPTED, info.c_str());
if (parser_warns_)
{
if (!beingAnalyzed() && (isVerboseEnabled() || isDebugEnabled() || !warned_for_telegram_before(this, dll_a)))
{
// Print this warning only once! Unless you are using verbose or debug.
warning("(wmbus) WARNING!! decrypted content failed check, did you use the correct decryption key? "
warning("(wmbus) WARNING!!! decrypted content failed check, did you use the correct decryption key? "
"Permanently ignoring telegrams from id: %02x%02x%02x%02x mfct: (%s) %s (0x%02x) type: %s (0x%02x) ver: 0x%02x\n",
dll_id_b[3], dll_id_b[2], dll_id_b[1], dll_id_b[0],
manufacturerFlag(dll_mfct).c_str(),
@ -1646,8 +1671,6 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
}
return false;
}
addExplanationAndIncrementPos(pos, 2, KindOfData::PROTOCOL, Understanding::FULL,
"%02x%02x decrypt check bytes", *(pos+0), *(pos+1));
}
else if (tpl_sec_mode == TPLSecurityMode::SPECIFIC_16_31)
{
@ -1723,6 +1746,7 @@ bool Telegram::parse_TPL_79(vector<uchar>::iterator &pos)
CHECK(2);
uchar ecrc0 = *(pos+0);
uchar ecrc1 = *(pos+1);
size_t offset = distance(frame.begin(), pos);
addExplanationAndIncrementPos(pos, 2, KindOfData::PROTOCOL, Understanding::FULL,
"%02x%02x format signature", ecrc0, ecrc1);
format_signature = ecrc1<<8 | ecrc0;
@ -1735,6 +1759,7 @@ bool Telegram::parse_TPL_79(vector<uchar>::iterator &pos)
ok = findFormatBytesFromKnownMeterSignatures(&format_bytes);
if (!ok)
{
addMoreExplanation(offset, " (unknown)");
int num_compressed_bytes = distance(pos, frame.end());
string info = bin2hex(pos, frame.end(), num_compressed_bytes);
info += " compressed and signature unknown";

6
tests/test_analyze.sh
Wyświetl plik

@ -44,7 +44,8 @@ Using driver : multical21(driver should be upgraded) 00/00
011 : 20 ell-cc (slow_resp sync)
012 : 91 ell-acc
013 : d37cac21 sn (AES_CTR)
017 CE: E1D68CDAFFCD3DC452BD802913FF7B1706CA9E355D6C2701CC24 encrypted
017 : e1d6 payload crc (calculated a528 ERROR)
019 CE: 8CDAFFCD3DC452BD802913FF7B1706CA9E355D6C2701CC24 failed decryption. Wrong key?
{
"media":"cold water",
@ -90,7 +91,8 @@ Using driver : multical21(driver should be upgraded) 00/00
011 : 20 ell-cc (slow_resp sync)
012 : 98 ell-acc
013 : 3081b222 sn (AES_CTR)
017 CE: 7A6FA1F10E1B79B5EB4B17E81F930E937EE06C encrypted
017 : 7a6f payload crc (calculated 54d6 ERROR)
019 CE: A1F10E1B79B5EB4B17E81F930E937EE06C failed decryption. Wrong key?
{
"media":"cold water",

2
tests/test_key_warnings.sh
Wyświetl plik

@ -28,7 +28,7 @@ $PROG --format=json simulations/simulation_bad_keys.txt room fhkvdataiv 03065716
cat > $TEST/expected_err.txt <<EOF
(meter) room: meter detection did not match the selected driver fhkvdataiv! correct driver is: fhkvdataiii
(meter) Not printing this warning again for id: 03065716 mfct: (TCH) Techem Service (0x5068) type: Heat Cost Allocator (0x80) ver: 0x94
(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 03065716 mfct: (TCH) Techem Service (0x5068) type: Heat Cost Allocator (0x08) ver: 0x94
(wmbus) WARNING!! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 03065716 mfct: (TCH) Techem Service (0x5068) type: Heat Cost Allocator (0x08) ver: 0x94
EOF
diff $TEST/test_stderr.txt $TEST/expected_err.txt

4
tests/test_wrongkeys.sh
Wyświetl plik

@ -28,11 +28,11 @@ fi
cat <<EOF > $TEST/test_expected.txt
Started config rtlwmbus on stdin listening on any
(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 88888888 mfct: (APA) Apator, Poland (0x601) type: Water meter (0x07) ver: 0x05
(wmbus) WARNING!! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 88888888 mfct: (APA) Apator, Poland (0x601) type: Water meter (0x07) ver: 0x05
(meter) newly created meter (ApWater 88888888 apator162) did not handle telegram!
(wmbus) WARNING! decrypted payload crc failed check, did you use the correct decryption key? 979f payload crc (calculated 3431) Permanently ignoring telegrams from id: 76348799 mfct: (KAM) Kamstrup Energi (0x2c2d) type: Cold water meter (0x16) ver: 0x1b
(meter) newly created meter (Vatten 76348799 multical21) did not handle telegram!
(wmbus) WARNING! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 77777777 mfct: (SON) Sontex, Switzerland (0x4dee) type: Water meter (0x07) ver: 0x3c
(wmbus) WARNING!! decrypted content failed check, did you use the correct decryption key? Permanently ignoring telegrams from id: 77777777 mfct: (SON) Sontex, Switzerland (0x4dee) type: Water meter (0x07) ver: 0x3c
(meter) newly created meter (Wasser 77777777 supercom587) did not handle telegram!
EOF