This repository has been archived by the owner on Apr 1, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 22
/
PIBdump.py
45 lines (41 loc) · 1.8 KB
/
PIBdump.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/usr/bin/en python2
from layerscapy.HomePlugAV import *
from optparse import OptionParser
def dump_all(src, dst, iface):
offset = 0
length = 0x400
buff_ = ""
etherhome = Ether(src=src, dst=dst)/HomePlugAV()
pkt = etherhome/ReadModuleDataRequest(Offset=offset, Length=length)
res = srp1(pkt, iface=iface)
tModuleData = ModulePIB(res.ModuleData, offset, length)
PIBlen = tModuleData.PIBLength
nbreq = PIBlen/length
for i in range(0, nbreq*length, length):
pkt = etherhome/ReadModuleDataRequest(Offset=i, Length=length)
res = srp1(pkt, iface=iface)
buff_ += res.ModuleData
pkt = etherhome/ReadModuleDataRequest(Offset=i+length, Length=(PIBlen-nbreq*length))
res = srp1(pkt, iface=iface)
buff_ += res.ModuleData
return buff_
if __name__ == "__main__":
usage = "usage: %prog [options] arg"
parser = OptionParser(usage)
parser.add_option("-i", "--iface", dest="iface", default="eth0",
help="select an interface to dump the PIB", metavar="INTERFACE")
parser.add_option("-s", "--source", dest="sourcemac", default="00:c0:ff:ee:00:00",
help="source MAC address to use", metavar="SOURCEMAC")
parser.add_option("-d", "--destination", dest="destmac",
help="destination MAC address to use", metavar="DESTMARC")
parser.add_option("-o", "--output", dest="output", default="Firmwaredump.pib",
help="Output file name for PIB dump", metavar="OUTPUTNAME")
(options, args) = parser.parse_args()
pib = dump_all(options.sourcemac, options.destmac, options.iface)
if ModulePIB(pib).checksumPIB == chksum32(pib, ModulePIB(pib).checksumPIB):
print "[+] PIB dump: Success!"
f = open(options.output, "w")
f.write(pib)
f.close()
else:
print "Something gone wrong! :("