From 5db07102aa680b49da7597a054e0f207d2b53fde Mon Sep 17 00:00:00 2001 From: Paul Hollinsky Date: Wed, 26 Aug 2020 22:43:35 -0400 Subject: [PATCH] PCAP: Listen for ICS_UNSET_MAC On newer firmware, the device will address the PC directly after EnableNetworkComm. Before this, it will set the destination MAC to 00:FC:70:FF:FF:FF. --- platform/posix/pcap.cpp | 7 +++++-- platform/windows/pcap.cpp | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/platform/posix/pcap.cpp b/platform/posix/pcap.cpp index 902b1b8..0445dd7 100644 --- a/platform/posix/pcap.cpp +++ b/platform/posix/pcap.cpp @@ -15,6 +15,7 @@ using namespace icsneo; static const uint8_t BROADCAST_MAC[6] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +static const uint8_t ICS_UNSET_MAC[6] = { 0x00, 0xFC, 0x70, 0xFF, 0xFF, 0xFF }; std::vector PCAP::knownInterfaces; @@ -130,7 +131,8 @@ std::vector PCAP::FindAll() { // Is this an ICS response packet (0xCAB2) from an ICS MAC, either to broadcast or directly to us? if(packet.etherType == 0xCAB2 && packet.srcMAC[0] == 0x00 && packet.srcMAC[1] == 0xFC && packet.srcMAC[2] == 0x70 && ( memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) == 0 || - memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) == 0 + memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) == 0 || + memcmp(packet.destMAC, ICS_UNSET_MAC, sizeof(packet.destMAC)) == 0 )) { /* We have received a packet from a device. We don't know if this is the device we're * looking for, we don't know if it's actually a response to our RequestSerialNumber @@ -255,7 +257,8 @@ void PCAP::readTask() { continue; // Not a packet to host if(memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) != 0 && - memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) != 0) + memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) != 0 && + memcmp(packet.destMAC, ICS_UNSET_MAC, sizeof(packet.destMAC)) != 0) continue; // Packet is not addressed to us or broadcast if(memcmp(packet.srcMAC, deviceMAC, sizeof(deviceMAC)) != 0) diff --git a/platform/windows/pcap.cpp b/platform/windows/pcap.cpp index 40fc31f..6ecd623 100644 --- a/platform/windows/pcap.cpp +++ b/platform/windows/pcap.cpp @@ -13,6 +13,7 @@ using namespace icsneo; static std::wstring_convert> converter; static const uint8_t BROADCAST_MAC[6] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +static const uint8_t ICS_UNSET_MAC[6] = { 0x00, 0xFC, 0x70, 0xFF, 0xFF, 0xFF }; std::vector PCAP::knownInterfaces; @@ -134,7 +135,8 @@ std::vector PCAP::FindAll() { // Is this an ICS response packet (0xCAB2) from an ICS MAC, either to broadcast or directly to us? if(packet.etherType == 0xCAB2 && packet.srcMAC[0] == 0x00 && packet.srcMAC[1] == 0xFC && packet.srcMAC[2] == 0x70 && ( memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) == 0 || - memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) == 0 + memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) == 0 || + memcmp(packet.destMAC, ICS_UNSET_MAC, sizeof(packet.destMAC)) == 0 )) { /* We have received a packet from a device. We don't know if this is the device we're * looking for, we don't know if it's actually a response to our RequestSerialNumber @@ -268,7 +270,8 @@ void PCAP::readTask() { continue; // Not a packet to host if(memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) != 0 && - memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) != 0) + memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) != 0 && + memcmp(packet.destMAC, ICS_UNSET_MAC, sizeof(packet.destMAC)) != 0) continue; // Packet is not addressed to us or broadcast if(memcmp(packet.srcMAC, deviceMAC, sizeof(deviceMAC)) != 0)