// TODO: Figure out how to not do this!
private static byte[] ToByteArray(BitwiseStream data)
{
var length = (data.LengthBits + 7) / 8;
var buffer = new byte[length];
var offset = 0;
var count = buffer.Length;
data.Seek(0, System.IO.SeekOrigin.Begin);
int nread;
while ((nread = data.Read(buffer, offset, count)) != 0)
{
offset += nread;
count -= nread;
}
if (count != 0)
{
System.Diagnostics.Debug.Assert(count == 1);
ulong bits;
nread = data.ReadBits(out bits, 64);
System.Diagnostics.Debug.Assert(nread > 0);
System.Diagnostics.Debug.Assert(nread < 8);
buffer[offset] = (byte)(bits << (8 - nread));
}
return(buffer);
}
protected override void OnOutput(BitwiseStream data)
{
/*
* An Abc Proto Packet is structured:
*
+-------+-------+-------+-------
* [ Hdr ][ Length ]
* [ Data ]...
*
* Hdr = 2 btyes, Length = 2 bytes (network byte order)
* Data is variable length
*/
// Calculate the Length of the Entire Encapsulated Packet (Data + Abc Proto Hdr Len [2 bytes] + Abc Proto Len [2 bytes]
int totalPktLen = (int)data.Length + 4;
if (StrictLength)
{
/*
* Here we're restricting the size of the mutated data. This is an important item to
* note. Long string mutations are a major part of fuzzing, and by implementing this
* sort of logic in our custom publisher, we're limiting our test cases. It might
* be a better approach to ignore this length restriction.. but i'll leave that up
* to the user via the StrictLength parameter.
*/
if (totalPktLen > 65535)
{
Logger.Debug("ABC Proto Max Packet Length Reached, capping at 65535");
totalPktLen = 65535;
}
if (totalPktLen <= 0)
{
Logger.Debug("ABC Proto Min PacketLength Reached, just setting to 4 to account for header and length fields");
totalPktLen = 4;
}
}
// Abc Proto Header - 1234 indicates the start of an abcproto packet
byte[] abcProtoHdr = { 0x12, 0x34 };
// Create a new buffer that will the final encapsulated packet
var buffer = new byte[totalPktLen];
// Copy Abc Proto Header into our new buffer
Array.Copy(abcProtoHdr, 0, buffer, 0, abcProtoHdr.Length);
// Copy AbcProto Length into buffer after Abc Proto Hdr - We're also doing a bit of a int to short conversion here
Array.Copy(BitConverter.GetBytes(totalPktLen - 4), 0, buffer, abcProtoHdr.Length, sizeof(ushort));
// Rearrange the Length to be in Big Endian (Network Byte Order)
Array.Reverse(buffer, abcProtoHdr.Length, sizeof(ushort));
//Copy Data into buffer
data.Read(buffer, abcProtoHdr.Length + sizeof(ushort), buffer.Length - 4);
// Call the original OnOutput() using the buffer as our new BitStream
base.OnOutput(new BitStream(buffer));
}
protected override void OnOutput(BitwiseStream data)
{
var request = new OnOutputRequest();
request.data = new byte[data.Length];
data.Read(request.data, 0, (int)data.Length);
data.Position = 0;
Send("output", JsonConvert.SerializeObject(request));
}
protected override BitwiseStream internalEncode(BitwiseStream data)
{
byte[] buf = new byte[data.Length];
data.Read(buf, 0, (int)data.Length);
byte[] retbuf = new byte[Huffman.ENCODER.GetEncodedLength(buf)];
MemoryStream ms = new MemoryStream(retbuf);
using (BinaryWriter bw = new BinaryWriter(ms))
Huffman.ENCODER.Encode(bw, buf);
return(new BitStream(retbuf));
}
protected override void OnOutput(BitwiseStream data)
{
System.Diagnostics.Debug.Assert(_socket != null);
if (Logger.IsDebugEnabled)
{
Logger.Debug("\n\n" + Utilities.HexDump(data));
}
long count = data.Length;
var buffer = new byte[MaxSendSize];
int size = data.Read(buffer, 0, buffer.Length);
try
{
FilterOutput(buffer, 0, size);
var ar = _socket.BeginSendTo(buffer, 0, size, SocketFlags.None, _remoteEp, null, null);
if (!ar.AsyncWaitHandle.WaitOne(TimeSpan.FromMilliseconds(Timeout)))
{
throw new TimeoutException();
}
size = _socket.EndSendTo(ar);
if (count != size)
{
throw new Exception(string.Format("Only sent {0} of {1} byte {2} packet.", size, count, _type));
}
}
catch (Exception ex)
{
if (ex is TimeoutException)
{
Logger.Debug("{0} packet not sent to {1}:{2} in {3}ms, timing out.",
_type, Host, Port, Timeout);
}
else
{
Logger.Error("Unable to send {0} packet to {1}:{2}. {3}",
_type, Host, Port, ex.Message);
}
throw new SoftException(ex);
}
}
/// <summary>
/// Returns a new BitStream composed of the first 'length' bytes of src.
/// When done, src is positioned at length bytes, and the returned
/// BitStream is positioned at SeekOrigin.End
/// </summary>
/// <param name="src"></param>
/// <param name="length"></param>
/// <returns></returns>
private BitStream copyBytes(BitwiseStream src, long length)
{
if (length > src.Length)
{
throw new ArgumentOutOfRangeException("length");
}
var buf = new byte[BitwiseStream.BlockCopySize];
var ret = new BitStream();
src.Seek(0, SeekOrigin.Begin);
while (length > 0)
{
int len = (int)Math.Min(length, buf.Length);
len = src.Read(buf, 0, len);
ret.Write(buf, 0, len);
length -= len;
}
return(ret);
}
public static byte[] ToArray(this BitwiseStream bs)
{
long pos = bs.PositionBits;
bs.SeekBits(0, SeekOrigin.Begin);
int len = 0;
int count = (int)((bs.LengthBits + 7) / 8);
int offset = 0;
byte[] buffer = new byte[count];
do
{
len = bs.Read(buffer, offset, count);
offset += len;
count -= len;
}while (len != 0);
if (count != 0)
{
ulong remain;
len = bs.ReadBits(out remain, 64);
System.Diagnostics.Debug.Assert(count == 1);
System.Diagnostics.Debug.Assert(len < 8);
System.Diagnostics.Debug.Assert(len > 0);
buffer[offset] = (byte)(remain << (8 - len));
++offset;
--count;
}
bs.SeekBits(pos, SeekOrigin.Begin);
return(buffer);
}
protected override void OnOutput(BitwiseStream data)
{
if (Logger.IsDebugEnabled)
{
Logger.Debug("\n\n" + Utilities.HexDump(data));
}
long count = data.Length;
//var buffer = new byte[MaxMTU];
var buffer = new byte[CAN_MTU];
int size = data.Read(buffer, 0, buffer.Length);
Pollfd[] fds = new Pollfd[1];
fds[0].fd = _socket.Handle;
fds[0].events = PollEvents.POLLOUT;
int expires = Environment.TickCount + Timeout;
int wait = 0;
for (;;)
{
try
{
wait = Math.Max(0, expires - Environment.TickCount);
fds[0].revents = 0;
int ret = Syscall.poll(fds, wait);
if (UnixMarshal.ShouldRetrySyscall(ret))
{
continue;
}
UnixMarshal.ThrowExceptionForLastErrorIf(ret);
if (ret == 0)
{
throw new TimeoutException();
}
if (ret != 1 || (fds[0].revents & PollEvents.POLLOUT) == 0)
{
continue;
}
//_socket.Write(buffer, 0, size);
_socket.Write(buffer, 0, CAN_MTU);
if (count != size)
{
throw new Exception(string.Format("Only sent {0} of {1} byte packet.", size, count));
}
return;
}
catch (Exception ex)
{
Logger.Error("Unable to send CAN packet to {0}. {1}", Interface, ex.Message);
throw new SoftException(ex);
}
}
}
private static string BitsToString(BitwiseStream bs)
{
if (bs.LengthBits == 0)
{
return("");
}
byte[] buf = new byte[32];
long pos = bs.PositionBits;
bs.SeekBits(0, System.IO.SeekOrigin.Begin);
int len = bs.Read(buf, 0, buf.Length);
StringBuilder ret = new StringBuilder();
if (len > 0)
{
ret.AppendFormat("{0:x2}", buf[0]);
}
int end = Math.Min(len, buf.Length);
for (int i = 1; i < end; ++i)
{
ret.AppendFormat(" {0:x2}", buf[i]);
}
long lengthBits = bs.LengthBits;
if ((len * 8) < lengthBits)
{
if (len < buf.Length)
{
ulong tmp;
int bits = bs.ReadBits(out tmp, 64);
System.Diagnostics.Debug.Assert(bits < 8);
tmp <<= (8 - bits);
if (len != 0)
{
ret.Append(" ");
}
ret.AppendFormat("{0:x2}", tmp);
ret.AppendFormat(" (Len: {0} bits)", lengthBits);
}
else if ((lengthBits % 8) == 0)
{
ret.AppendFormat(".. (Len: {0} bytes)", lengthBits / 8);
}
else
{
ret.AppendFormat(".. (Len: {0} bits)", lengthBits);
}
}
bs.SeekBits(pos, System.IO.SeekOrigin.Begin);
return(ret.ToString());
}
protected override void OnOutput(BitwiseStream data)
{
/*
An Abc Proto Packet is structured:
+-------+-------+-------+-------
[ Hdr ][ Length ]
[ Data ]...
Hdr = 2 btyes, Length = 2 bytes (network byte order)
Data is variable length
*/
// Calculate the Length of the Entire Encapsulated Packet (Data + Abc Proto Hdr Len [2 bytes] + Abc Proto Len [2 bytes]
int totalPktLen = (int)data.Length + 4;
if (StrictLength) {
/*
Here we're restricting the size of the mutated data. This is an important item to
note. Long string mutations are a major part of fuzzing, and by implementing this
sort of logic in our custom publisher, we're limiting our test cases. It might
be a better approach to ignore this length restriction.. but i'll leave that up
to the user via the StrictLength parameter.
*/
if (totalPktLen > 65535) {
Logger.Debug("ABC Proto Max Packet Length Reached, capping at 65535");
totalPktLen = 65535;
}
if ( totalPktLen <= 0 ) {
Logger.Debug("ABC Proto Min PacketLength Reached, just setting to 4 to account for header and length fields");
totalPktLen = 4;
}
}
// Abc Proto Header - 1234 indicates the start of an abcproto packet
byte[] abcProtoHdr = { 0x12, 0x34 } ;
// Create a new buffer that will the final encapsulated packet
var buffer = new byte[totalPktLen];
// Copy Abc Proto Header into our new buffer
Array.Copy(abcProtoHdr, 0, buffer, 0, abcProtoHdr.Length);
// Copy AbcProto Length into buffer after Abc Proto Hdr - We're also doing a bit of a int to short conversion here
Array.Copy(BitConverter.GetBytes(totalPktLen - 4), 0, buffer, abcProtoHdr.Length, sizeof(ushort));
// Rearrange the Length to be in Big Endian (Network Byte Order)
Array.Reverse(buffer, abcProtoHdr.Length, sizeof(ushort));
//Copy Data into buffer
data.Read(buffer, abcProtoHdr.Length + sizeof(ushort), buffer.Length - 4);
// Call the original OnOutput() using the buffer as our new BitStream
base.OnOutput(new BitStream(buffer));
}
protected override void OnOutput(BitwiseStream data)
{
IAsyncResult ar = null;
int offset = 0;
int length = 0;
try
{
while (true)
{
lock (_clientLock)
{
//Check to make sure buffer has been initilized before continuing.
if (_client == null)
{
// First time through, propigate error
if (ar == null)
{
throw new PeachException("Error on data output, the client is not initalized.");
}
// Client has been closed!
return;
}
if (Logger.IsDebugEnabled && ar == null)
{
Logger.Debug("\n\n" + Utilities.HexDump(data));
}
if (ar != null)
{
offset += ClientEndWrite(ar);
}
if (offset == length)
{
offset = 0;
length = data.Read(_sendBuf, 0, _sendBuf.Length);
if (length == 0)
{
return;
}
}
ar = ClientBeginWrite(_sendBuf, offset, length - offset, null, null);
}
if (SendTimeout == 0)
{
ar.AsyncWaitHandle.WaitOne();
}
else if (!ar.AsyncWaitHandle.WaitOne(SendTimeout))
{
throw new TimeoutException();
}
}
}
catch (Exception ex)
{
Logger.Error("output: Error during send. " + ex.Message);
throw new SoftException(ex);
}
}
protected override void OnOutput(BitwiseStream data)
{
if (Logger.IsDebugEnabled)
Logger.Debug("\n\n" + Utilities.HexDump(data));
long count = data.Length;
//var buffer = new byte[MaxMTU];
var buffer = new byte[CAN_MTU];
int size = data.Read(buffer, 0, buffer.Length);
Pollfd[] fds = new Pollfd[1];
fds[0].fd = _socket.Handle;
fds[0].events = PollEvents.POLLOUT;
int expires = Environment.TickCount + Timeout;
int wait = 0;
for (;;)
{
try
{
wait = Math.Max(0, expires - Environment.TickCount);
fds[0].revents = 0;
int ret = Syscall.poll(fds, wait);
if (UnixMarshal.ShouldRetrySyscall(ret))
continue;
UnixMarshal.ThrowExceptionForLastErrorIf(ret);
if (ret == 0)
throw new TimeoutException();
if (ret != 1 || (fds[0].revents & PollEvents.POLLOUT) == 0)
continue;
//_socket.Write(buffer, 0, size);
_socket.Write(buffer, 0, CAN_MTU);
if (count != size)
throw new Exception(string.Format("Only sent {0} of {1} byte packet.", size, count));
return;
}
catch (Exception ex)
{
Logger.Error("Unable to send CAN packet to {0}. {1}", Interface, ex.Message);
throw new SoftException(ex);
}
}
}
