Friday, 5 April 2013

My Code made it to a Hollywood Movie



One of the first things I do every morning is check the Twitter chatter about my website (@SecurityTube) . I was pleasantly surprised to see this:


I've embedded the image from the tweet:


Source: http://oi49.tinypic.com/2vnrkw8.jpg

I've verified that this really is from the movie White House Down due for release in 2013 from their YouTube trailer at 1:39


The code is question seems to be from multiple programs which I had written way back in 2007-2008 to demonstrate the use of Raw Sockets in writing Packet Injection programs. Here is a list of the code files (GIST embeds at the end of the post) :

  1. http://code.securitytube.net/Programming-an-ARP-DoS-Tool.c
  2. http://code.securitytube.net/Generic-Packet-Injection-Program.c
  3. http://code.securitytube.net/Ethernet-Packet-Injection.c
  4. http://code.securitytube.net/TCP-Packet-Injection.c
  5. http://code.securitytube.net/IP-Packet-Injection.c
I know most of code snippet in the image could have been pretty much from any low level networking tool, so I am just going to focus on the comments :)  which are almost like a programmer's signature.


/* First Get the Interface Index */  and "Error getting Interface index !\n" code is there in all the files:

 Here is the next couple of lines in the screenshot:


Most of the files listed above, contain the "Bind our raw socket to this interface */" as well followed by the sockaddr_ll structure fill:

The next part of the screenshot is partially cut:


So, I used the YouTube video to take a better shot:


"A simple write on the socket ..thats all it takes ! */" is the partial comment, which many of you may agree is an unconventional comment :)  There is there in almost all the code files as well:


The last part of the screenshot is below:



Looks like this was from the Generic Packet Injection program, if you look closely:


The special effects guys seem to have removed most of the whitespace, so you see longer lines but it is clear to identify the code if you look close enough.

[Update Added Later] More Proof that the code is mine

The original code was posted on 2 of my sites: security-freak.net and then later on securitytube.net. I eventually discontinued security-freak.net  . A quick whois search will tell you both the sites belong to me.

I used the WayBack Machine as 3rd party validation. Here is the exact code link mined from my site on June 29th 2007 by the wayback machine's spiders:

http://web.archive.org/web/20070629181430/http://www.security-freak.net/packet-injection/PacketInjection.c

The original Packet Injection basics page where this and the other code presented here are linked. The wayback machine has a copy dating back to July 9th 2007:

http://web.archive.org/web/20070708223642/http://www.security-freak.net/packet-injection/packet-injection.html

During the same time, I had even announced that I had made some free videos on Packet Sniffing, Packet Injection (this is where all the code is form) etc. and sent an email to the SecurityFocus.com mailing list.

Original email:



A few google searches led me to open source projects and even Wiki pages who have used my code. Some cited the original site (security-freak.net) while others did not.


How do I feel about this? Great :) If not me, at least my code made it to a 3 second clip in a Hollywood Movie :)  Also, the character in front of the computer seems quite excited (hands raised) as he is downloading / viewing / running my code :) What could make a developer more happy than to see his code inciting such thrill! :)

Quirks: 

  • I hope the code would be compiled before use! :) 
  • The source / destination MAC, IP, etc. are hardcoded in most of the scripts so hopefully the hacker in the movie changed them before using :)
  • The Generic Packet Injection program just sends "A"* 1024 times onto the wire. This was just to demonstrate it's possible to send arbitrary data on the wire with raw sockets, even total garbage :)

The only thing I felt a bit dissapointed about was to see a couple of open source projects use snippets of my code without any form of acknowledgement.

OK, finally here are all the Code Snippets if you want to play with them. They are pretty old so some of the #includes may have to be changed based on the platform you are using. Note that the original links on the Internet have been posted above, the Gists were created today to embed them here.




#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/if.h>
#include<net/ethernet.h>
#define SRC_ETHER_ADDR "aa:aa:aa:aa:aa:aa"
#define DST_ETHER_ADDR "bb:bb:bb:bb:bb:bb"
int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}
return rawsock;
}
int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{
struct sockaddr_ll sll;
struct ifreq ifr;
bzero(&sll, sizeof(sll));
bzero(&ifr, sizeof(ifr));
/* First Get the Interface Index */
strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}
/* Bind our raw socket to this interface */
sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}
return 1;
}
int SendRawPacket(int rawsock, unsigned char *pkt, int pkt_len)
{
int sent= 0;
printf("Packet len: %d\n", pkt_len);
/* A simple write on the socket ..thats all it takes ! */
if((sent = write(rawsock, pkt, pkt_len)) != pkt_len)
{
/* Error */
printf("Could only send %d bytes of packet of length %d\n", sent, pkt_len);
return 0;
}
return 1;
}
unsigned char* CreateEthernetHeader(char *src_mac, char *dst_mac, int protocol)
{
struct ethhdr *ethernet_header;
ethernet_header = (struct ethhdr *)malloc(sizeof(struct ethhdr));
/* copy the Src mac addr */
memcpy(ethernet_header->h_source, (void *)ether_aton(src_mac), 6);
/* copy the Dst mac addr */
memcpy(ethernet_header->h_dest, (void *)ether_aton(dst_mac), 6);
/* copy the protocol */
ethernet_header->h_proto = htons(protocol);
/* done ...send the header back */
return ((unsigned char *)ethernet_header);
}
/* argv[1] is the device e.g. eth0 */
main(int argc, char **argv)
{
int raw;
unsigned char *packet;
int ethhdr_len;
/* Create the raw socket */
raw = CreateRawSocket(ETH_P_ALL);
/* Bind raw socket to interface */
BindRawSocketToInterface(argv[1], raw, ETH_P_ALL);
/* create Ethernet header */
packet = CreateEthernetHeader(SRC_ETHER_ADDR, DST_ETHER_ADDR, ETHERTYPE_IP);
ethhdr_len = sizeof(struct ethhdr);
if(!SendRawPacket(raw, packet, ethhdr_len))
{
perror("Error sending packet");
}
else
printf("Packet sent successfully\n");
/* Free the ethernet_header back to the heavenly heap */
free(packet);
close(raw);
return 0;
}
view raw Ethernet-Packet-Injection.c hosted with ❤ by GitHub
#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/if.h>
#define PACKET_LENGTH 1024
int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}
return rawsock;
}
int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{
struct sockaddr_ll sll;
struct ifreq ifr;
bzero(&sll, sizeof(sll));
bzero(&ifr, sizeof(ifr));
/* First Get the Interface Index */
strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}
/* Bind our raw socket to this interface */
sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}
return 1;
}
int SendRawPacket(int rawsock, unsigned char *pkt, int pkt_len)
{
int sent= 0;
/* A simple write on the socket ..thats all it takes ! */
if((sent = write(rawsock, pkt, pkt_len)) != pkt_len)
{
return 0;
}
return 1;
}
/* argv[1] is the device e.g. eth0
argv[2] is the number of packets to send
*/
main(int argc, char **argv)
{
int raw;
unsigned char packet[PACKET_LENGTH];
int num_of_pkts;
/* Set the packet to all A's */
memset(packet, 'A', PACKET_LENGTH);
/* Create the raw socket */
raw = CreateRawSocket(ETH_P_ALL);
/* Bind raw socket to interface */
BindRawSocketToInterface(argv[1], raw, ETH_P_ALL);
num_of_pkts = atoi(argv[2]);
while((num_of_pkts--)>0)
{
if(!SendRawPacket(raw, packet, PACKET_LENGTH))
{
perror("Error sending packet");
}
else
{
printf("Packet sent successfully\n");
}
}
close(raw);
return 0;
}
view raw Generic-Packet-Injection-Program.c hosted with ❤ by GitHub
#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/if.h>
#include<net/ethernet.h>
#define SRC_ETHER_ADDR "aa:aa:aa:aa:aa:aa"
#define DST_ETHER_ADDR "bb:bb:bb:bb:bb:bb"
int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}
return rawsock;
}
int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{
struct sockaddr_ll sll;
struct ifreq ifr;
bzero(&sll, sizeof(sll));
bzero(&ifr, sizeof(ifr));
/* First Get the Interface Index */
strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}
/* Bind our raw socket to this interface */
sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}
return 1;
}
int SendRawPacket(int rawsock, unsigned char *pkt, int pkt_len)
{
int sent= 0;
printf("Packet len: %d\n", pkt_len);
/* A simple write on the socket ..thats all it takes ! */
if((sent = write(rawsock, pkt, pkt_len)) != pkt_len)
{
/* Error */
printf("Could only send %d bytes of packet of length %d\n", sent, pkt_len);
return 0;
}
return 1;
}
unsigned char* CreateEthernetHeader(char *src_mac, char *dst_mac, int protocol)
{
struct ethhdr *ethernet_header;
ethernet_header = (struct ethhdr *)malloc(sizeof(struct ethhdr));
/* copy the Src mac addr */
memcpy(ethernet_header->h_source, (void *)ether_aton(src_mac), 6);
/* copy the Dst mac addr */
memcpy(ethernet_header->h_dest, (void *)ether_aton(dst_mac), 6);
/* copy the protocol */
ethernet_header->h_proto = htons(protocol);
/* done ...send the header back */
return ((unsigned char *)ethernet_header);
}
/* argv[1] is the device e.g. eth0 */
main(int argc, char **argv)
{
int raw;
unsigned char *packet;
int ethhdr_len;
/* Create the raw socket */
raw = CreateRawSocket(ETH_P_ALL);
/* Bind raw socket to interface */
BindRawSocketToInterface(argv[1], raw, ETH_P_ALL);
/* create Ethernet header */
packet = CreateEthernetHeader(SRC_ETHER_ADDR, DST_ETHER_ADDR, ETHERTYPE_IP);
ethhdr_len = sizeof(struct ethhdr);
if(!SendRawPacket(raw, packet, ethhdr_len))
{
perror("Error sending packet");
}
else
printf("Packet sent successfully\n");
/* Free the ethernet_header back to the heavenly heap */
free(packet);
close(raw);
return 0;
}
view raw Ethernet-Packet-Injection.c hosted with ❤ by GitHub
#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/if.h>
#include<net/ethernet.h>
#include<linux/ip.h>
#include<arpa/inet.h>
#include<string.h>
#define SRC_ETHER_ADDR "aa:aa:aa:aa:aa:aa"
#define DST_ETHER_ADDR "bb:bb:bb:bb:bb:bb"
#define SRC_IP "192.168.0.10"
#define DST_IP "192.168.0.11"
int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}
return rawsock;
}
int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{
struct sockaddr_ll sll;
struct ifreq ifr;
bzero(&sll, sizeof(sll));
bzero(&ifr, sizeof(ifr));
/* First Get the Interface Index */
strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}
/* Bind our raw socket to this interface */
sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}
return 1;
}
int SendRawPacket(int rawsock, unsigned char *pkt, int pkt_len)
{
int sent= 0;
/* A simple write on the socket ..thats all it takes ! */
if((sent = write(rawsock, pkt, pkt_len)) != pkt_len)
{
/* Error */
printf("Could only send %d bytes of packet of length %d\n", sent, pkt_len);
return 0;
}
return 1;
}
unsigned char* CreateEthernetHeader(char *src_mac, char *dst_mac, int protocol)
{
struct ethhdr *ethernet_header;
ethernet_header = (struct ethhdr *)malloc(sizeof(struct ethhdr));
/* copy the Src mac addr */
memcpy(ethernet_header->h_source, (void *)ether_aton(src_mac), 6);
/* copy the Dst mac addr */
memcpy(ethernet_header->h_dest, (void *)ether_aton(dst_mac), 6);
/* copy the protocol */
ethernet_header->h_proto = htons(protocol);
/* done ...send the header back */
return ((unsigned char *)ethernet_header);
}
/* Ripped from Richard Stevans Book */
unsigned short ComputeIpChecksum(unsigned char *header, int len)
{
long sum = 0; /* assume 32 bit long, 16 bit short */
unsigned short *ip_header = (unsigned short *)header;
while(len > 1){
sum += *((unsigned short*) ip_header)++;
if(sum & 0x80000000) /* if high order bit set, fold */
sum = (sum & 0xFFFF) + (sum >> 16);
len -= 2;
}
if(len) /* take care of left over byte */
sum += (unsigned short) *(unsigned char *)ip_header;
while(sum>>16)
sum = (sum & 0xFFFF) + (sum >> 16);
return ~sum;
}
unsigned char *CreateIPHeader(/* Customize this as an exercise */)
{
struct iphdr *ip_header;
ip_header = (struct iphdr *)malloc(sizeof(struct iphdr));
ip_header->version = 4;
ip_header->ihl = (sizeof(struct iphdr))/4 ;
ip_header->tos = 0;
ip_header->tot_len = htons(sizeof(struct iphdr));
ip_header->id = htons(111);
ip_header->frag_off = 0;
ip_header->ttl = 111;
ip_header->protocol = IPPROTO_TCP;
ip_header->check = 0; /* We will calculate the checksum later */
(in_addr_t)ip_header->saddr = inet_addr(SRC_IP);
(in_addr_t)ip_header->daddr = inet_addr(DST_IP);
/* Calculate the IP checksum now :
The IP Checksum is only over the IP header */
ip_header->check = ComputeIpChecksum((unsigned char *)ip_header, ip_header->ihl*4);
return ((unsigned char *)ip_header);
}
/* argv[1] is the device e.g. eth0 */
main(int argc, char **argv)
{
int raw;
unsigned char *packet;
unsigned char *ethernet_header;
unsigned char *ip_header;
int pkt_len;
/* Create the raw socket */
raw = CreateRawSocket(ETH_P_ALL);
/* Bind raw socket to interface */
BindRawSocketToInterface(argv[1], raw, ETH_P_ALL);
/* create Ethernet header */
ethernet_header = CreateEthernetHeader(SRC_ETHER_ADDR, DST_ETHER_ADDR, ETHERTYPE_IP);
/* Create IP Header */
ip_header = CreateIPHeader();
/* Packet length = ETH + IP header */
pkt_len = sizeof(struct ethhdr) + sizeof(struct iphdr);
/* Allocate memory */
packet = (unsigned char *)malloc(pkt_len);
/* Copy the Ethernet header first */
memcpy(packet, ethernet_header, sizeof(struct ethhdr));
/* Copy the IP header -- but after the ethernet header */
memcpy((packet + sizeof(struct ethhdr)), ip_header, sizeof(struct iphdr));
/* send the packet on the wire */
if(!SendRawPacket(raw, packet, pkt_len))
{
perror("Error sending packet");
}
else
printf("Packet sent successfully\n");
/* Free the headers back to the heavenly heap */
free(ethernet_header);
free(ip_header);
free(packet);
close(raw);
return 0;
}
view raw IP-Packet-Injection.c hosted with ❤ by GitHub
#include<stdio.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<features.h>
#include<linux/if_packet.h>
#include<linux/if_ether.h>
#include<errno.h>
#include<sys/ioctl.h>
#include<net/if.h>
#include<net/ethernet.h>
#include<linux/ip.h>
#include<linux/tcp.h>
#include<arpa/inet.h>
#include<string.h>
#include<sys/time.h>
#define DATA_SIZE 100
#define SRC_ETHER_ADDR "aa:aa:aa:aa:aa:aa"
#define DST_ETHER_ADDR "bb:bb:bb:bb:bb:bb"
#define SRC_IP "192.168.0.10"
#define DST_IP "192.168.0.11"
#define SRC_PORT 80
#define DST_PORT 100
typedef struct PseudoHeader{
unsigned long int source_ip;
unsigned long int dest_ip;
unsigned char reserved;
unsigned char protocol;
unsigned short int tcp_length;
}PseudoHeader;
int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}
return rawsock;
}
int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{
struct sockaddr_ll sll;
struct ifreq ifr;
bzero(&sll, sizeof(sll));
bzero(&ifr, sizeof(ifr));
/* First Get the Interface Index */
strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}
/* Bind our raw socket to this interface */
sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}
return 1;
}
int SendRawPacket(int rawsock, unsigned char *pkt, int pkt_len)
{
int sent= 0;
/* A simple write on the socket ..thats all it takes ! */
if((sent = write(rawsock, pkt, pkt_len)) != pkt_len)
{
/* Error */
printf("Could only send %d bytes of packet of length %d\n", sent, pkt_len);
return 0;
}
return 1;
}
struct ethhdr* CreateEthernetHeader(char *src_mac, char *dst_mac, int protocol)
{
struct ethhdr *ethernet_header;
ethernet_header = (struct ethhdr *)malloc(sizeof(struct ethhdr));
/* copy the Src mac addr */
memcpy(ethernet_header->h_source, (void *)ether_aton(src_mac), 6);
/* copy the Dst mac addr */
memcpy(ethernet_header->h_dest, (void *)ether_aton(dst_mac), 6);
/* copy the protocol */
ethernet_header->h_proto = htons(protocol);
/* done ...send the header back */
return (ethernet_header);
}
/* Ripped from Richard Stevans Book */
unsigned short ComputeChecksum(unsigned char *data, int len)
{
long sum = 0; /* assume 32 bit long, 16 bit short */
unsigned short *temp = (unsigned short *)data;
while(len > 1){
sum += *temp++;
if(sum & 0x80000000) /* if high order bit set, fold */
sum = (sum & 0xFFFF) + (sum >> 16);
len -= 2;
}
if(len) /* take care of left over byte */
sum += (unsigned short) *((unsigned char *)temp);
while(sum>>16)
sum = (sum & 0xFFFF) + (sum >> 16);
return ~sum;
}
struct iphdr *CreateIPHeader(/* Customize this as an exercise */)
{
struct iphdr *ip_header;
ip_header = (struct iphdr *)malloc(sizeof(struct iphdr));
ip_header->version = 4;
ip_header->ihl = (sizeof(struct iphdr))/4 ;
ip_header->tos = 0;
ip_header->tot_len = htons(sizeof(struct iphdr) + sizeof(struct tcphdr) + DATA_SIZE);
ip_header->id = htons(111);
ip_header->frag_off = 0;
ip_header->ttl = 111;
ip_header->protocol = IPPROTO_TCP;
ip_header->check = 0; /* We will calculate the checksum later */
(in_addr_t)ip_header->saddr = inet_addr(SRC_IP);
(in_addr_t)ip_header->daddr = inet_addr(DST_IP);
/* Calculate the IP checksum now :
The IP Checksum is only over the IP header */
ip_header->check = ComputeChecksum((unsigned char *)ip_header, ip_header->ihl*4);
return (ip_header);
}
struct tcphdr *CreateTcpHeader(/* Customization Exercise */)
{
struct tcphdr *tcp_header;
/* Check /usr/include/linux/tcp.h for header definiation */
tcp_header = (struct tcphdr *)malloc(sizeof(struct tcphdr));
tcp_header->source = htons(SRC_PORT);
tcp_header->dest = htons(DST_PORT);
tcp_header->seq = htonl(111);
tcp_header->ack_seq = htonl(111);
tcp_header->res1 = 0;
tcp_header->doff = (sizeof(struct tcphdr))/4;
tcp_header->syn = 1;
tcp_header->window = htons(100);
tcp_header->check = 0; /* Will calculate the checksum with pseudo-header later */
tcp_header->urg_ptr = 0;
return (tcp_header);
}
CreatePseudoHeaderAndComputeTcpChecksum(struct tcphdr *tcp_header, struct iphdr *ip_header, unsigned char *data)
{
/*The TCP Checksum is calculated over the PseudoHeader + TCP header +Data*/
/* Find the size of the TCP Header + Data */
int segment_len = ntohs(ip_header->tot_len) - ip_header->ihl*4;
/* Total length over which TCP checksum will be computed */
int header_len = sizeof(PseudoHeader) + segment_len;
/* Allocate the memory */
unsigned char *hdr = (unsigned char *)malloc(header_len);
/* Fill in the pseudo header first */
PseudoHeader *pseudo_header = (PseudoHeader *)hdr;
pseudo_header->source_ip = ip_header->saddr;
pseudo_header->dest_ip = ip_header->daddr;
pseudo_header->reserved = 0;
pseudo_header->protocol = ip_header->protocol;
pseudo_header->tcp_length = htons(segment_len);
/* Now copy TCP */
memcpy((hdr + sizeof(PseudoHeader)), (void *)tcp_header, tcp_header->doff*4);
/* Now copy the Data */
memcpy((hdr + sizeof(PseudoHeader) + tcp_header->doff*4), data, DATA_SIZE);
/* Calculate the Checksum */
tcp_header->check = ComputeChecksum(hdr, header_len);
/* Free the PseudoHeader */
free(hdr);
return ;
}
unsigned char *CreateData(int len)
{
unsigned char *data = (unsigned char *)malloc(len);
struct timeval tv;
struct timezone tz;
int counter = len;
/* get time of the day */
gettimeofday(&tv, &tz);
/* seed the random number generator */
srand(tv.tv_sec);
/* Add random data for now */
for(counter = 0 ; counter < len; counter++)
data[counter] = 255.0 *rand()/(RAND_MAX +1.0);
return data;
}
/* argv[1] is the device e.g. eth0 */
main(int argc, char **argv)
{
int raw;
unsigned char *packet;
struct ethhdr* ethernet_header;
struct iphdr *ip_header;
struct tcphdr *tcp_header;
unsigned char *data;
int pkt_len;
/* Create the raw socket */
raw = CreateRawSocket(ETH_P_ALL);
/* Bind raw socket to interface */
BindRawSocketToInterface(argv[1], raw, ETH_P_ALL);
/* create Ethernet header */
ethernet_header = CreateEthernetHeader(SRC_ETHER_ADDR, DST_ETHER_ADDR, ETHERTYPE_IP);
/* Create IP Header */
ip_header = CreateIPHeader();
/* Create TCP Header */
tcp_header = CreateTcpHeader();
/* Create Data */
data = CreateData(DATA_SIZE);
/* Create PseudoHeader and compute TCP Checksum */
CreatePseudoHeaderAndComputeTcpChecksum(tcp_header, ip_header, data);
/* Packet length = ETH + IP header + TCP header + Data*/
pkt_len = sizeof(struct ethhdr) + ntohs(ip_header->tot_len);
/* Allocate memory */
packet = (unsigned char *)malloc(pkt_len);
/* Copy the Ethernet header first */
memcpy(packet, ethernet_header, sizeof(struct ethhdr));
/* Copy the IP header -- but after the ethernet header */
memcpy((packet + sizeof(struct ethhdr)), ip_header, ip_header->ihl*4);
/* Copy the TCP header after the IP header */
memcpy((packet + sizeof(struct ethhdr) + ip_header->ihl*4),tcp_header, tcp_header->doff*4);
/* Copy the Data after the TCP header */
memcpy((packet + sizeof(struct ethhdr) + ip_header->ihl*4 + tcp_header->doff*4), data, DATA_SIZE);
/* send the packet on the wire */
if(!SendRawPacket(raw, packet, pkt_len))
{
perror("Error sending packet");
}
else
printf("Packet sent successfully\n");
/* Free the headers back to the heavenly heap */
free(ethernet_header);
free(ip_header);
free(tcp_header);
free(data);
free(packet);
close(raw);
return 0;
}
view raw TCP-Packet-Injection.c hosted with ❤ by GitHub
Posted by at

19 comments:

  1. Soner Gönül6 April 2013 at 02:24

    I wish someone use my code at their movie :(

    ReplyDelete
  2. Ege6 April 2013 at 02:41

    Wow, if I were you, I'd insist that they include me in the closing credits =)

    ReplyDelete
  3. Unknown6 April 2013 at 03:05

    eww strncpy

    ReplyDelete
  4. Jaggi6 April 2013 at 03:26

    Thats kewl!

    Find out the programmer of the movie and tell if he can acknowledge it for you.. if not in movie, at least on somewhere net!! :P

    ReplyDelete
  5. Unknown6 April 2013 at 04:12

    Royalties!

    ReplyDelete
  6. Anonymous6 April 2013 at 05:42

    OF COURSE they should include you inte closing credits!

    ReplyDelete
  7. Unknown6 April 2013 at 07:03

    I'm impressed that their upload progress meter seems to have 11 digits of precision.

    ReplyDelete
    Replies
    1. vib.h.u6 April 2013 at 20:39

      ha, i lold hard! 11 digits of precision... no wonder why the movie name is White House Down

      code on the big screen is an esoteric but interesting topic to find out about

      Delete
    2. Unknown9 April 2013 at 08:08

      Why not? You think there are no programmers with sense of humor in the movies? %)))

      Delete
    3. Unknown3 February 2014 at 03:31

      haha! nice one

      Delete
  8. Grarr Dexx6 April 2013 at 07:37

    The Skunk still plays EVE? I remember that guy from my Corp1 days in Aridia!

    ReplyDelete
  9. Unknown6 April 2013 at 09:31

    n1ce 1 :>

    ReplyDelete
  10. Unknown6 April 2013 at 09:32

    Nice one!
    The movie is a Roland Emmerich, BANG BOOM AMERICA FBI AGENTS WHITEHOUSE, not my favourite kind of movie, but anyways, awesome.
    Achievement Unlocked: Hollywood Movie uses your code for bogus hacker scene.
    Hope you'll be credited in the movie.

    ReplyDelete
  11. Anonymous6 April 2013 at 13:49

    Grarr Dexx, wrong guy... Eve Skunk refers to my website, www.eveskunk.com.

    ReplyDelete
  12. Peter7 April 2013 at 01:02

    Yes, it's kind of your duty as a citizen to sue them. For human rights and fairness. These chances rarely appears. You should not sue them for more than the movie has cashed in yet and theoretically will though.

    ReplyDelete
  13. Jay8 April 2013 at 18:40

    Ha, that would be pretty awesome. Day after the movie goes up, WHOOPS, movie gets pulled.

    ReplyDelete
  14. Chochos9 April 2013 at 08:42

    Interesting... did you publish this code under a FOSS license? IANAL but I guess if your code is GPL then you could force the studio into adding you to the end credits and adding a link to the original code, to comply with the license (I won't even get into details about making profit from the code, since it's obvious they could have used any other code for the scene; something with a BSD or Apache license would be perfeclty valid).

    Now, while I'm thinking about this... the code is being used not as software per se, but as content of some sort (it's a prop for the scene). So maybe now we should also add some Creative Commons license along with the software license when we publish FOSS code, to prevent it from being used this way without permission from the author...

    ReplyDelete
  15. Ed. Caracas12 April 2013 at 09:04

    Big Brother is watching us.

    ReplyDelete
  16. Greg Bulmash12 April 2013 at 09:45

    Chochos beat me to it on the licensing question, but I was hoping you could force them to release the movie under the GPL. :-)

    ReplyDelete

Subscribe to: Post Comments (Atom)