diff options
author | Peter Wu <lekensteyn@gmail.com> | 2013-12-24 12:52:30 +0100 |
---|---|---|
committer | Peter Wu <lekensteyn@gmail.com> | 2013-12-24 12:52:30 +0100 |
commit | c234f2db5c2f9a6e046829107d538b2495a39d62 (patch) | |
tree | e0527282cc55cc106701c378ebd6a8b7fd1f8e18 | |
parent | 8cbcfcf6a406b9c79f222c2d217e3b1ddf0e9240 (diff) | |
download | wireshark-c234f2db5c2f9a6e046829107d538b2495a39d62.tar.gz |
Add dissector for Clash of Clans protocol
Stash from 9 December 2013 (not updated since), dissector started on 30
November 2013. Earliest capture if from 5 October 2013.
-rw-r--r-- | doc/packet-PROTOABBREV.c | 4 | ||||
-rw-r--r-- | epan/CMakeLists.txt | 1 | ||||
-rw-r--r-- | epan/dissectors/Makefile.common | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-coc.c | 233 |
4 files changed, 238 insertions, 1 deletions
diff --git a/doc/packet-PROTOABBREV.c b/doc/packet-PROTOABBREV.c index 625e165349..9ff75ac3e2 100644 --- a/doc/packet-PROTOABBREV.c +++ b/doc/packet-PROTOABBREV.c @@ -215,7 +215,9 @@ proto_register_PROTOABBREV(void) /* Setup protocol expert items */ static ei_register_info ei[] = { - { &ei_PROTOABBREV_EXPERTABBREV, { "PROTOABBREV.EXPERTABBREV", PI_SEVERITY, PI_GROUP, "EXPERTDESCR", EXPFILL }}, + /* see epan/expert.h for possible values for PI_GROUP + * (expert_group_vals) and PI_SEVERITY (expert_severity_vals) */ + { &ei_PROTOABBREV_EXPERTABBREV, { "PROTOABBREV.EXPERTABBREV", PI_GROUP, PI_SEVERITY, "EXPERTDESCR", EXPFILL }}, }; /* Register the protocol name and description */ diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt index ababa4df4b..4dce4255b1 100644 --- a/epan/CMakeLists.txt +++ b/epan/CMakeLists.txt @@ -464,6 +464,7 @@ set(DISSECTOR_SRC dissectors/packet-cmpp.c dissectors/packet-cnip.c dissectors/packet-coap.c + dissectors/packet-coc.c dissectors/packet-collectd.c dissectors/packet-componentstatus.c dissectors/packet-cops.c diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index 37d626201f..47cd00459d 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -385,6 +385,7 @@ DISSECTOR_SRC = \ packet-cmpp.c \ packet-cnip.c \ packet-coap.c \ + packet-coc.c \ packet-collectd.c \ packet-componentstatus.c \ packet-cops.c \ diff --git a/epan/dissectors/packet-coc.c b/epan/dissectors/packet-coc.c new file mode 100644 index 0000000000..e447861ecd --- /dev/null +++ b/epan/dissectors/packet-coc.c @@ -0,0 +1,233 @@ +/* packet-coc.c + * Routines for Clash of Clans dissection + * Copyright 2013, Peter Wu <lekensteyn@gmail.com> + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include <glib.h> + +#include <epan/packet.h> +#include <epan/expert.h> +#include "packet-tcp.h" + +/* find duplicate IDs: +awk -F'[,{ ]*' < epan/dissectors/packet-coc.c '/value_string/{p=1}p{if(/^}/)exit;if($2 ~ /^0x/)print $2}' | sort | uniq -d +*/ + +const value_string types[] = { + { 0x2775, "Request: login?"}, // always the same for every time the program opens + /* ???? while viewing battle log of clan */ + { 0x277c, "Req: 0x277c? req for 0x4e8c" }, /* 0 bytes, every 30s while in attack log of clan */ + //{ 0x2781, "Resp: update check result?" }, // 36 bytes sent by client [5 Oct] + { 0x2910, "Req: ?"}, + { 0x3715, "Req: refresh own village details" }, /* response: 0x5e25, 0 bytes */ + { 0x371a, "Req: attack via defender log (vengeance)" }, + /* 12 byte per "click" (elixer/gold claim/gravestones cleanup); insert unit + * in battle */ + { 0x3716, "Req: pos update+actions" }, + { 0x3721, "Req: ? 8 bytes, while typing msg battle log " }, /* shown while typing msg for "share battle" */ + /* shown when pressing "show battle" from defender log, but also when having + * enemy open (just attacked it, now visiting it and looking around) */ + { 0x3722, "Req: show battle" }, /* response: 0x5e32 */ + /* while in battle log of clan, a few seconds before it ends */ + { 0x37e6, "Req: 12 bytes" }, /* results in 0x5e2f? */ + { 0x37eb, "Send chat message" }, + { 0x4e87, "Resp: server maintenance" }, /* response to 0x2775, always 28 bytes */ + { 0x4e88, "Resp: login?"}, + { 0x4e89, "Resp: (5+6 after login)??"}, + { 0x4e8c, "Resp: 0x4e8c? resp for 0227c" }, /* 0 bytes */ + /* first after login; shown when clicking "Stop" at countdown for vengeance */ + { 0x5e25, "Resp: own village details update" }, /* response to 0x3715; e.g. 14234, 14235 bytes */ + /* return to home from battle log; cancel vengeance countdown (defender) */ + { 0x5e27, "Resp: vengeance not possible, player is online" }, + { 0x5e2b, "Resp: village details of enemy" }, /* via vengeance "attack", "skip attack", varying size, seen 12028, 16370, others */ + { 0x5e2f, "Resp: new unit recruited??" }, /* got this from svr three times in two seconds when at recruit screen, also switching between buildings */ + { 0x5e31, "Resp: ? 19047 bytes, while typing msg battle log" }, /* shown while typing msg for "share battle", resp to 0x3721 */ + { 0x5e32, "Resp: view attack log (as defender)" }, + { 0x5ef7, "Resp: (2 after login)??"}, + //{ 0x5ef8, "Resp: update check?" }, // see below[5 Oct] + { 0x5ef8, "Resp: clan update? New troops received?" }, + { 0x5efe, "Recv chat message" }, /* actually, confirms message above; 8 bytes for "plz donate troops counter increased"? */ + { 0x5f5b, "Resp: (4 after login)??"}, + { 0x5f62, "Resp: 0x5f62??" }, /* not really 'resp', but svr send 8 bytes to us, after 3 seconds client send 0x3715*/ + /* in one case 2.6 sec after getting enemy village details (attack, 0x5e2b); ??? sync maybe? Also notifies when new troops received */ + { 0x608b, "Resp: sync client state?" }, /* varying size */ + { 0x0000, NULL } +}; +/* + * 0x2775 Login req: always 441 bytes, the same data + * 0x4e88 Login resp: always 347 bytes, different data: + * - 103 bytes the same + * Note: share battle report did not immediately send report. + * Building did not increase the size of the 0x3716 request (12 bytes) + * + * 3 seconds after receiving last 0x608b message from svr (game is already + * closed for 40 seconds), svr sends FIN/ACK. + */ + +void proto_reg_handoff_coc(void); + +/* Initialize the protocol and registered fields */ +static int proto_coc = -1; +static int hf_coc_type = -1; +static int hf_coc_len = -1; +static int hf_coc_other = -1; +static int hf_coc_data = -1; +static expert_field ei_coc_type_unknown = EI_INIT; +static expert_field ei_coc_type_notsure = EI_INIT; + +#define COC_PORT 9339 + +/* Initialize the subtree pointers */ +static gint ett_coc = -1; + +/* header: type (2 bytes), length (3 bytes), other (2 bytes) */ +#define COC_HDR_LENGTH 7 + +static int +dissect_coc_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + void *data _U_) +{ + proto_item *ti, *pi_type; + proto_tree *coc_tree; + + guint type; + const gchar *type_str; + guint data_len; + guint offset = 0; + + /*** COLUMN DATA ***/ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "CoC"); + + type = tvb_get_ntohs(tvb, 0); + data_len = tvb_get_ntoh24(tvb, 2); + col_add_fstr(pinfo->cinfo, COL_INFO, + "%s, %u bytes", val_to_str(type, types, "Unknown type %04x"), data_len); + + /*** PROTOCOL TREE ***/ + ti = proto_tree_add_item(tree, proto_coc, tvb, 0, -1, ENC_NA); + + coc_tree = proto_item_add_subtree(ti, ett_coc); + + pi_type = proto_tree_add_item(coc_tree, hf_coc_type, tvb, offset, 2, ENC_BIG_ENDIAN); + type_str = try_val_to_str(type, types); + if (type_str == NULL) { + expert_add_info(pinfo, pi_type, &ei_coc_type_unknown); + } else if (type_str[0] == '?') { + expert_add_info(pinfo, pi_type, &ei_coc_type_notsure); + } + offset += 2; + proto_tree_add_item(coc_tree, hf_coc_len, tvb, offset, 3, ENC_BIG_ENDIAN); + offset += 3; + proto_tree_add_item(coc_tree, hf_coc_other, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + proto_tree_add_item(coc_tree, hf_coc_data, tvb, offset, data_len, ENC_NA); + + return tvb_length(tvb); +} + +static guint +get_coc_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset) +{ + return COC_HDR_LENGTH + tvb_get_ntoh24(tvb, offset + 2); +} + +static int +dissect_coc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +{ + tcp_dissect_pdus(tvb, pinfo, tree, TRUE, COC_HDR_LENGTH, + get_coc_pdu_len, dissect_coc_common, data); + return tvb_length(tvb); +} + +void +proto_register_coc(void) +{ + expert_module_t *expert_coc; + static hf_register_info hf[] = { + { &hf_coc_type, + { "Type", "coc.type", + FT_UINT16, BASE_HEX, VALS(types), 0x0, + "Packet type", HFILL } + }, + { &hf_coc_len, + { "Length", "coc.len", + FT_UINT24, BASE_DEC, NULL, 0x0, + "Data length", HFILL } + }, + { &hf_coc_other, + { "Other", "coc.len", + FT_UINT16, BASE_HEX, NULL, 0x0, + "Unknown data field, version?", HFILL } + }, + { &hf_coc_data, + { "Data", "coc.data", + FT_BYTES, BASE_NONE, NULL, 0x0, + "Packet data", HFILL } + }, + }; + + /* Setup protocol subtree array */ + static gint *ett[] = { + &ett_coc + }; + + static ei_register_info ei[] = { + { &ei_coc_type_unknown, { "coc.type.unknown", PI_UNDECODED, PI_WARN, "Unknown type", EXPFILL }}, + { &ei_coc_type_notsure, { "coc.type.notsure", PI_UNDECODED, PI_NOTE, "Uncertain type", EXPFILL }}, + }; + + /* Register the protocol name and description */ + proto_coc = proto_register_protocol("Clash of Clans", + "CoC", "coc"); + + /* Required function calls to register the header fields and subtrees */ + proto_register_field_array(proto_coc, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + expert_coc = expert_register_protocol(proto_coc); + expert_register_field_array(expert_coc, ei, array_length(ei)); +} + +void +proto_reg_handoff_coc(void) +{ + dissector_handle_t coc_handle; + + coc_handle = new_create_dissector_handle(dissect_coc, proto_coc); + dissector_add_uint("tcp.port", COC_PORT, coc_handle); +} + +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * vi: set shiftwidth=4 tabstop=8 expandtab: + * :indentSize=4:tabSize=8:noTabs=true: + */ |