Go to most recent revision | Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 104 | hidnplayr | 1 | ; |
| 2 | ; Automated dhcp client |
||
| 3 | ; |
||
| 4 | ; v 1.1 |
||
| 5 | ; |
||
| 6 | ; by the hidden player |
||
| 7 | ; |
||
| 8 | |||
| 9 | DEBUG equ 1 |
||
| 10 | TIMEOUT equ 60 ; in seconds |
||
| 11 | |||
| 12 | use32 |
||
| 13 | |||
| 14 | org 0x0 |
||
| 15 | |||
| 16 | db 'MENUET01' ; 8 byte id |
||
| 17 | dd 0x01 ; header version |
||
| 18 | dd START ; start of code |
||
| 19 | dd IM_END ; size of image |
||
| 20 | dd I_END ; memory for app |
||
| 21 | dd I_END ; esp |
||
| 22 | dd 0x0 , 0x0 ; I_Param , I_Icon |
||
| 23 | |||
| 24 | include 'macros.inc' |
||
| 25 | |||
| 26 | if DEBUG = 1 |
||
| 27 | include 'debug.inc' |
||
| 28 | end if |
||
| 29 | |||
| 30 | |||
| 31 | START: ; start of execution |
||
| 32 | |||
| 33 | mov eax,40 ; Report events |
||
| 34 | mov ebx,10000000b ; Only Stack |
||
| 35 | int 0x40 |
||
| 36 | |||
| 37 | mov eax,52 ; first, enable the stack |
||
| 38 | mov ebx,2 |
||
| 39 | mov ecx,0x00000383 |
||
| 40 | int 0x40 |
||
| 41 | |||
| 42 | if DEBUG = 1 |
||
| 43 | newline |
||
| 44 | dps "DHCP: Stack Initialized" |
||
| 45 | newline |
||
| 46 | end if |
||
| 47 | |||
| 48 | mov eax, 53 ; then, read in the status |
||
| 49 | mov ebx, 255 |
||
| 50 | mov ecx, 6 |
||
| 51 | int 0x40 |
||
| 52 | |||
| 53 | cmp eax,0 ; if eax is zero, no driver was found |
||
| 54 | jne @f |
||
| 55 | |||
| 56 | if DEBUG = 1 |
||
| 57 | dps "DHCP: No Card detected" |
||
| 58 | newline |
||
| 59 | end if |
||
| 60 | |||
| 61 | jmp close |
||
| 62 | |||
| 63 | @@: |
||
| 64 | if DEBUG = 1 |
||
| 65 | dps "DHCP: Detected card: " |
||
| 66 | dph eax |
||
| 67 | newline |
||
| 68 | end if |
||
| 69 | |||
| 70 | ; now that the stack is running, lets start the dhcp request |
||
| 71 | |||
| 72 | ; First, open socket |
||
| 73 | mov eax, 53 |
||
| 74 | mov ebx, 0 |
||
| 75 | mov ecx, 68 ; local port dhcp client |
||
| 76 | mov edx, 67 ; remote port - dhcp server |
||
| 77 | mov esi, -1 ; broadcast |
||
| 78 | int 0x40 |
||
| 79 | |||
| 80 | mov [socketNum], eax |
||
| 81 | |||
| 82 | if DEBUG = 1 |
||
| 83 | dps "DHCP: Socket opened: " |
||
| 84 | dpd eax |
||
| 85 | newline |
||
| 86 | end if |
||
| 87 | |||
| 88 | ; Setup the first msg we will send |
||
| 89 | mov byte [dhcpMsgType], 0x01 ; DHCP discover |
||
| 90 | mov dword [dhcpLease], esi ; esi is still -1 (-1 = forever) |
||
| 91 | |||
| 92 | ;*************************************************************************** |
||
| 93 | ; Function |
||
| 94 | ; buildRequest |
||
| 95 | ; |
||
| 96 | ; Description |
||
| 97 | ; Creates a DHCP request packet. |
||
| 98 | ; |
||
| 99 | ;*************************************************************************** |
||
| 100 | buildRequest: |
||
| 101 | ; Clear dhcpMsg to all zeros |
||
| 102 | xor eax,eax |
||
| 103 | mov edi,dhcpMsg |
||
| 104 | mov ecx,512 |
||
| 105 | cld |
||
| 106 | rep stosb |
||
| 107 | |||
| 108 | mov edx, dhcpMsg |
||
| 109 | |||
| 110 | mov [edx], byte 0x01 ; Boot request |
||
| 111 | mov [edx+1], byte 0x01 ; Ethernet |
||
| 112 | mov [edx+2], byte 0x06 ; Ethernet h/w len |
||
| 113 | mov [edx+4], dword 0x11223344 ; xid |
||
| 114 | mov [edx+10], byte 0x80 ; broadcast flag set |
||
| 115 | mov [edx+236], dword 0x63538263 ; magic number |
||
| 116 | |||
| 117 | ; option DHCP msg type |
||
| 118 | mov [edx+240], word 0x0135 |
||
| 119 | mov al, [dhcpMsgType] |
||
| 120 | mov [edx+240+2], al |
||
| 121 | |||
| 122 | ; option Lease time = infinity |
||
| 123 | mov [edx+240+3], word 0x0433 |
||
| 124 | mov eax, [dhcpLease] |
||
| 125 | mov [edx+240+5], eax |
||
| 126 | |||
| 127 | ; ; option requested IP address |
||
| 128 | mov [edx+240+9], word 0x0432 |
||
| 129 | ; mov eax, [dhcpClientIP] |
||
| 130 | ; mov [edx+240+11], eax |
||
| 131 | |||
| 132 | ; option request list |
||
| 133 | mov [edx+240+15], word 0x0437 |
||
| 134 | mov [edx+240+17], dword 0x0f060301 |
||
| 135 | |||
| 136 | ; Check which msg we are sending |
||
| 137 | cmp [dhcpMsgType], byte 0x01 |
||
| 138 | jne br001 |
||
| 139 | |||
| 140 | ; "Discover" options |
||
| 141 | ; end of options marker |
||
| 142 | mov [edx+240+21], byte 0xff |
||
| 143 | |||
| 144 | mov [dhcpMsgLen], dword 262 |
||
| 145 | jmp ctr000 |
||
| 146 | |||
| 147 | br001: |
||
| 148 | ; "Request" options |
||
| 149 | |||
| 150 | ; server IP |
||
| 151 | mov [edx+240+21], word 0x0436 |
||
| 152 | mov eax, [dhcpServerIP] |
||
| 153 | mov [edx+240+23], eax |
||
| 154 | |||
| 155 | ; end of options marker |
||
| 156 | mov [edx+240+27], byte 0xff |
||
| 157 | |||
| 158 | mov [dhcpMsgLen], dword 268 |
||
| 159 | |||
| 160 | ctr000: |
||
| 161 | |||
| 162 | ; write to socket ( send broadcast request ) |
||
| 163 | mov eax, 53 |
||
| 164 | mov ebx, 4 |
||
| 165 | mov ecx, [socketNum] |
||
| 166 | mov edx, [dhcpMsgLen] |
||
| 167 | mov esi, dhcpMsg |
||
| 168 | int 0x40 |
||
| 169 | |||
| 170 | ; Setup the DHCP buffer to receive response |
||
| 171 | |||
| 172 | mov eax, dhcpMsg |
||
| 173 | mov [dhcpMsgLen], eax ; Used as a pointer to the data |
||
| 174 | |||
| 175 | ; now, we wait for data from remote |
||
| 176 | |||
| 177 | wait_for_data: |
||
| 178 | mov eax,23 ; wait here for event NOTE a TIME-OUT should be placed here |
||
| 179 | mov ebx,TIMEOUT*100 |
||
| 180 | int 0x40 |
||
| 181 | |||
| 182 | ; Any data in the UDP receive buffer? |
||
| 183 | mov eax, 53 |
||
| 184 | mov ebx, 2 |
||
| 185 | mov ecx, [socketNum] |
||
| 186 | int 0x40 |
||
| 187 | |||
| 188 | cmp eax, 0 |
||
| 189 | jne ctr002 |
||
| 190 | |||
| 191 | if DEBUG = 1 |
||
| 192 | dps "DHCP: Timeout!" |
||
| 193 | newline |
||
| 194 | end if |
||
| 195 | |||
| 196 | jmp close |
||
| 197 | |||
| 198 | ; we have data - this will be the response |
||
| 199 | ctr002: |
||
| 200 | |||
| 201 | mov eax, 53 |
||
| 202 | mov ebx, 3 |
||
| 203 | mov ecx, [socketNum] |
||
| 204 | int 0x40 ; read byte - block (high byte) |
||
| 205 | |||
| 206 | ; Store the data in the response buffer |
||
| 207 | mov eax, [dhcpMsgLen] |
||
| 208 | mov [eax], bl |
||
| 209 | inc dword [dhcpMsgLen] |
||
| 210 | |||
| 211 | mov eax, 53 |
||
| 212 | mov ebx, 2 |
||
| 213 | mov ecx, [socketNum] |
||
| 214 | int 0x40 ; any more data? |
||
| 215 | |||
| 216 | cmp eax, 0 |
||
| 217 | jne ctr002 ; yes, so get it |
||
| 218 | |||
| 219 | ; depending on which msg we sent, handle the response |
||
| 220 | ; accordingly. |
||
| 221 | ; If the response is to a dhcp discover, then: |
||
| 222 | ; 1) If response is DHCP OFFER then |
||
| 223 | ; 1.1) record server IP, lease time & IP address. |
||
| 224 | ; 1.2) send a request packet |
||
| 225 | ; 2) else exit ( display error ) |
||
| 226 | ; If the response is to a dhcp request, then: |
||
| 227 | ; 1) If the response is DHCP ACK then |
||
| 228 | ; 1.1) extract the DNS & subnet fields. Set them in the stack |
||
| 229 | ; 2) else exit ( display error ) |
||
| 230 | |||
| 231 | |||
| 232 | cmp [dhcpMsgType], byte 0x01 ; did we send a discover? |
||
| 233 | je discover |
||
| 234 | cmp [dhcpMsgType], byte 0x03 ; did we send a request? |
||
| 235 | je request |
||
| 236 | |||
| 237 | ; should never get here - we only send discover or request |
||
| 238 | jmp close |
||
| 239 | |||
| 240 | discover: |
||
| 241 | |||
| 242 | call parseResponse |
||
| 243 | |||
| 244 | ; Was the response an offer? It should be |
||
| 245 | cmp [dhcpMsgType], byte 0x02 |
||
| 246 | jne close ; NO - so quit |
||
| 247 | |||
| 248 | ; send request |
||
| 249 | mov [dhcpMsgType], byte 0x03 ; DHCP request |
||
| 250 | jmp buildRequest |
||
| 251 | |||
| 252 | request: |
||
| 253 | |||
| 254 | call parseResponse |
||
| 255 | |||
| 256 | ; Was the response an ACK? It should be |
||
| 257 | cmp [dhcpMsgType], byte 0x05 |
||
| 258 | jne close ; NO - so quit |
||
| 259 | |||
| 260 | close: |
||
| 261 | |||
| 262 | ; close socket |
||
| 263 | mov eax, 53 |
||
| 264 | mov ebx, 1 |
||
| 265 | mov ecx, [socketNum] |
||
| 266 | int 0x40 |
||
| 267 | |||
| 268 | if DEBUG = 1 |
||
| 269 | dps "DHCP: Exiting" |
||
| 270 | newline |
||
| 271 | end if |
||
| 272 | |||
| 273 | mov eax,-1 ; at last, exit |
||
| 274 | int 0x40 |
||
| 275 | |||
| 276 | |||
| 277 | ;*************************************************************************** |
||
| 278 | ; Function |
||
| 279 | ; parseResponse |
||
| 280 | ; |
||
| 281 | ; Description |
||
| 282 | ; extracts the fields ( client IP address and options ) from |
||
| 283 | ; a DHCP response |
||
| 284 | ; The values go into |
||
| 285 | ; dhcpMsgType,dhcpLease,dhcpClientIP,dhcpServerIP, |
||
| 286 | ; dhcpDNSIP, dhcpSubnet |
||
| 287 | ; The message is stored in dhcpMsg |
||
| 288 | ; |
||
| 289 | ;*************************************************************************** |
||
| 290 | parseResponse: |
||
| 291 | |||
| 292 | if DEBUG = 1 |
||
| 293 | dps "DHCP: Data received, parsing response" |
||
| 294 | newline |
||
| 295 | end if |
||
| 296 | |||
| 297 | mov edx, dhcpMsg |
||
| 298 | |||
| 299 | pusha |
||
| 300 | |||
| 301 | mov eax,52 ; Set Client IP |
||
| 302 | mov ebx,3 |
||
| 303 | mov ecx, [edx+16] |
||
| 304 | int 0x40 |
||
| 305 | |||
| 306 | if DEBUG = 1 |
||
| 307 | dps "DHCP: Client: " |
||
| 308 | |||
| 309 | xor esi,esi |
||
| 310 | .loop: |
||
| 311 | |||
| 312 | pusha |
||
| 313 | movzx eax,byte[edx+esi+16] |
||
| 314 | call debug_outdec |
||
| 315 | popa |
||
| 316 | |||
| 317 | inc esi |
||
| 318 | cmp esi,4 |
||
| 319 | jne .loop |
||
| 320 | |||
| 321 | newline |
||
| 322 | end if |
||
| 323 | |||
| 324 | popa |
||
| 325 | |||
| 326 | ; Scan options |
||
| 327 | |||
| 328 | add edx, 240 ; Point to first option |
||
| 329 | |||
| 330 | pr001: |
||
| 331 | ; Get option id |
||
| 332 | mov al, [edx] |
||
| 333 | cmp al, 0xff ; End of options? |
||
| 334 | je pr_exit |
||
| 335 | |||
| 336 | cmp al, 53 ; Msg type is a single byte option |
||
| 337 | jne pr002 |
||
| 338 | |||
| 339 | mov al, [edx+2] |
||
| 340 | mov [dhcpMsgType], al |
||
| 341 | add edx, 3 |
||
| 342 | jmp pr001 ; Get next option |
||
| 343 | |||
| 344 | pr002: |
||
| 345 | ; All other (accepted) options are 4 bytes in length |
||
| 346 | inc edx |
||
| 347 | movzx ecx, byte [edx] |
||
| 348 | inc edx ; point to data |
||
| 349 | |||
| 350 | cmp al, 54 ; server id |
||
| 351 | jne pr0021 |
||
| 352 | mov eax, [edx] ; All options are 4 bytes, so get it |
||
| 353 | mov [dhcpServerIP], eax |
||
| 354 | jmp pr003 |
||
| 355 | |||
| 356 | pr0021: |
||
| 357 | cmp al, 51 ; lease |
||
| 358 | jne pr0022 |
||
| 359 | |||
| 360 | if DEBUG = 1 |
||
| 361 | pusha |
||
| 362 | dps "DHCP: lease: " |
||
| 363 | |||
| 364 | cmp dword[edx],-1 |
||
| 365 | jne no_lease_forever |
||
| 366 | dps "forever" |
||
| 367 | jmp lease_newline |
||
| 368 | no_lease_forever: |
||
| 369 | dpd [edx] |
||
| 370 | lease_newline: |
||
| 371 | newline |
||
| 372 | popa |
||
| 373 | end if |
||
| 374 | |||
| 375 | jmp pr003 |
||
| 376 | |||
| 377 | pr0022: |
||
| 378 | cmp al, 1 ; subnet mask |
||
| 379 | jne pr0023 |
||
| 380 | |||
| 381 | pusha |
||
| 382 | mov eax,52 |
||
| 383 | mov ebx,12 |
||
| 384 | mov ecx,[edx] |
||
| 385 | int 0x40 |
||
| 386 | |||
| 387 | |||
| 388 | if DEBUG = 1 |
||
| 389 | dps "DHCP: Subnet: " |
||
| 390 | |||
| 391 | xor esi,esi |
||
| 392 | .loop: |
||
| 393 | |||
| 394 | pusha |
||
| 395 | movzx eax,byte[edx+esi] |
||
| 396 | call debug_outdec |
||
| 397 | popa |
||
| 398 | |||
| 399 | inc esi |
||
| 400 | cmp esi,4 |
||
| 401 | jne .loop |
||
| 402 | |||
| 403 | newline |
||
| 404 | end if |
||
| 405 | |||
| 406 | popa |
||
| 407 | |||
| 408 | jmp pr003 |
||
| 409 | |||
| 410 | pr0023: |
||
| 411 | cmp al, 6 ; dns ip |
||
| 412 | jne pr0024 |
||
| 413 | |||
| 414 | pusha |
||
| 415 | |||
| 416 | mov eax,52 |
||
| 417 | mov ebx,14 |
||
| 418 | mov ecx,[edx] |
||
| 419 | int 0x40 |
||
| 420 | |||
| 421 | |||
| 422 | if DEBUG = 1 |
||
| 423 | dps "DHCP: DNS IP: " |
||
| 424 | |||
| 425 | xor esi,esi |
||
| 426 | .loop: |
||
| 427 | |||
| 428 | pusha |
||
| 429 | movzx eax,byte[edx+esi] |
||
| 430 | call debug_outdec |
||
| 431 | popa |
||
| 432 | |||
| 433 | inc esi |
||
| 434 | cmp esi,4 |
||
| 435 | jne .loop |
||
| 436 | |||
| 437 | newline |
||
| 438 | end if |
||
| 439 | |||
| 440 | popa |
||
| 441 | |||
| 442 | pr0024: |
||
| 443 | cmp al, 3 ; gateway ip |
||
| 444 | jne pr003 |
||
| 445 | |||
| 446 | pusha |
||
| 447 | |||
| 448 | mov eax,52 |
||
| 449 | mov ebx,11 |
||
| 450 | mov ecx,[edx] |
||
| 451 | int 0x40 |
||
| 452 | |||
| 453 | |||
| 454 | if DEBUG = 1 |
||
| 455 | dps "DHCP: Gateway:" |
||
| 456 | |||
| 457 | xor esi,esi |
||
| 458 | .loop: |
||
| 459 | |||
| 460 | pusha |
||
| 461 | movzx eax,byte[edx+esi] |
||
| 462 | call debug_outdec |
||
| 463 | popa |
||
| 464 | |||
| 465 | inc esi |
||
| 466 | cmp esi,4 |
||
| 467 | jne .loop |
||
| 468 | |||
| 469 | newline |
||
| 470 | end if |
||
| 471 | |||
| 472 | popa |
||
| 473 | |||
| 474 | pr003: |
||
| 475 | add edx, ecx |
||
| 476 | jmp pr001 |
||
| 477 | |||
| 478 | pr_exit: |
||
| 479 | |||
| 480 | if DEBUG = 1 |
||
| 481 | dps "DHCP: Done" |
||
| 482 | newline |
||
| 483 | end if |
||
| 484 | |||
| 485 | jmp close |
||
| 486 | |||
| 487 | |||
| 488 | ; DATA AREA |
||
| 489 | |||
| 490 | IM_END: |
||
| 491 | |||
| 492 | dhcpMsgType: db 0 |
||
| 493 | dhcpLease: dd 0 |
||
| 494 | ;dhcpClientIP: dd 0 |
||
| 495 | dhcpServerIP: dd 0 |
||
| 496 | |||
| 497 | dhcpMsgLen: dd 0 |
||
| 498 | socketNum: dd 0xFFFF |
||
| 499 | dhcpMsg: rb 512 |
||
| 500 | |||
| 501 | I_END: |