I need to parse and decode the data field from a CAN Message.
I sent the transmitted the request and i got back the data field :
02 01 20 00 00 00 00 00
Now I have to decode it in a SWITCH, the first byte is the length(02) but how I split the whole data field in separate bytes and then take them 1 by 1 to decode?
I do not know the SWITCH protocol, but I can help you with accessing byte by byte the payload of the message you are interested in.
Lets say your message ID is 0x100 (or you have its name by database dbc, your call to define the message).
If you are working in a test environment (test node like CAPL/XML test node), you can define a testcase/function, and in it the following sequence:
message 0x100 MessageContainer;
then you wait for your message in the point where you expect the payload to be to your liking:
..
.
.
.
.
testwaitformessage(0x100,cycletimeofMessage); /*Cycletime the message has, or maximum time you expect your message to arrive*/
testGetWaitEventMsgData(MessageContainer); /*the message object MessageContainer will be filled with the content of the message catched early in testwaitformessage()*/
write("%X",MessageContainer.byte(0)); /*you access the bytes through the .byte selector field of the message object and do whatever you wish with it.*/
If you want to do the decoding in a Simulation Node, you can do it only through on events, and it is much simpler:
on message 0x100
{
write("The first byte of the captured message 0x100 is 0x%X",this.byte(0));
}
Of course, this on event procedure is working in test environments also.
Related
Modbus function 2B "Encapsulated Interface Transport" has encapsulated MEI type 0E "Read Device Identification". Server responce for this request has "Number Of Objects" field that is described as "Number of identification Object returned in the response (for an individual access, Number Of Objects = 1)".
If the response packet has no enough space to place all identification objects, transaction may be splitted to separate packets. In this case the field "More Follows" must be equal to FF, the field "Next Object Id" must be equal to number of first object that weren't placed into this packet. But what the field "Number of objects" must be equal to?
Modbus Application Protocol Specification has an example:
First transaction:
Request
Response
Field Name
Value
Field Name
Value
Function
2B
Function
2B
MEI Type
0E
MEI type
0E
Read Dev Id Code
01
Read Dev Id Code
01
Object Id
00
Conformity Level
01
More Follows
FF
Next Object Id
02
Number Of Objects
03
Object Id
00
Object Length
16
Object Value
"Company identification"
Object Id
01
Object Length
1C
Object Value
"Product code XXXXXX"
Second transaction:
Request
Response
Field Name
Value
Field Name
Value
Function
2B
Function
2B
MEI Type
0E
MEI type
0E
Read Dev Id Code
01
Read Dev Id Code
01
Object Id
02
Conformity Level
01
More Follows
00
Next Object Id
00
Number Of Objects
03
Object Id
02
Object Length
05
Object Value
"V2.11"
In this example both responses have "Number of object" = 3, so this field must be equal to entire number of objects for selected Read Dev Id Code. There the very bad Modbus feature goes to scene: Modbus ADU doesn't contains full packet length. When identification packet has "Number of objects" = 3, calculating of actual packet size is impossible. Specification doesn't contains any explanation of what Number of objects must be equal when MoreFollows==FF. Is it error in Modbus Application Protocol Specification?
I examined several Modbus libraries for this subject. Most libraries have not implemented Modbus Encapsulated Interface, so I found only two convient libraries.
pymodbus
https://github.com/riptideio/pymodbus/blob/dev/pymodbus/mei_message.py
Constructing responce:
Line 181
When this lib constructs device identification response it places number of objects that is actually presented in packet.
Parsing response:
Line 194
When this lib parses device identification response it reads number of object from corresponding packet field, after that reads each object until packet ended.
Qt
https://github.com/qt/qtserialbus/blob/dev/src/serialbus/qmodbusdeviceidentification.cpp
Parsing response:
Line 213
When this lib parses device identification response it reads number of objects from corresponding packet field, after that reads Number Of Object objects.
Qt has no identification response constructor.
So, we have at least two libraries that implements identification response putting actually presented number of objects.
Your opinions, what Number of objects must be equal to when More Follows == FF?
The document I referenced:
https://modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
in RFC5389 MESSAGE-INTEGRITY calculation includes itself but with dummy content
dummy content is not defined
how can MESSAGE-INTEGRITY be verified without knowing dummy content value?
why would MESSAGE-INTEGRITY calculation include itself?
is't it faster to calculate MESSAGE-INTEGRITY and equally secure if it didn't include itself?
Since the MESSAGE-INTEGRITY attribute itself is not part of the hash, you can append whatever you want for the last 20 bytes. Just replace it with the hash of all the bytes leading up to the attribute itself.
The algorithm is basically this:
Let L be the original size of the STUN message byte stream. Should be the same as the value for MESSAGE LENGTH in the STUN message header.
Append a 4 byte header onto the STUN message followed by 20 null bytes
Adjust the LENGTH field of the STUN message to account for these 24 new bytes.
Compute the HMAC/SHA1 of the first L bytes of the message (all but the 24 bytes you just appended).
replace the 20 null bytes with the 20 bytes of the computed hash
And as discussed in comments, the bytes don't have to be null bytes, they can be anything - since they aren't included in the hash computation.
There's an implementation of MESSAGE-INTEGRITY for both short-term and long-term credentials on my Github: here and here
While sending data from javacard in the form APDU commands using the apdu.sendBytesLong() Function, I am able to send 127 bytes data as response but 128 bytes data give error code 6f00(SW_UNKNOWN).
Why is this happening and can anybody suggest the way around without splitting the data into two apdu commands.
le = apdu.setOutgoing();
if(le != 128)
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
apdu.setOutgoingLength((byte)le);
apdu.sendBytesLong(mod_PkAIKR,(short)0, le);
where mod_PkAIKR is an byte array of 128 bytes.
Thank you
Change
apdu.setOutgoingLength((byte)le);
to
apdu.setOutgoingLength(le);
The parameter type of api apdu.setOutgoing() is short, it didn't needs type convert.
If you convert le to type byte, the parameter value will be a nagative. the value of (byte) 128 is -128.
I have implemented a Perl script that sends push notifications through Apples apns services. I am having some issues with the error handling. As per APNS documentation:
If the stream isn't ready for writing, see if the stream is available for reading. If it is, read everything available from the stream. If you get zero bytes back, the connection was closed because of an error such as an invalid command byte or other parsing error. If you get six bytes back, that's an error response that you can check for the response code and the ID of the notification that caused the error. You'll need to send every notification following that one again.
I am doing the same. Whenever I get a write error due to connection drop; I read the socket. Everytime I get 6 bytes return from the socket. Meaning APNS is sending me back an error_response. The format of error-response packet as per APNS documentation is like below
The packet has a command value of 8 followed by a one-byte status code and the notification identifier of the malformed notification.
I am using the below code to unpack the data I read from the socket:
my $hex = unpack( 'H*', $data );
print $hex;
Everytime, I get the same value 080800000000. As per APNS documentation the first byte will always be 8, the next byte will represent the error status code. 8 means "Invalid Token". Up to this part it is OK. However, the remaining 4 bytes which is the identifier, always gives me 00000000. What does it mean ?
APNS has two different push notification format, Simple Notification Format and Enhanced Notification Format. The Simple Notification Format does not have a field for specifying the message ID (notification identifier). I was using a Perl module (Net::APNS::Persistent) for communicating with APNS; that only supports Simple Notification Format. Thats why I was always getting 00000000 for the notification identifier part. I updated the code of the module to use the enhanced format which is :
pack(
'cNNnH*na*', # format
1, # command
$id, # Notification identifier
0, # expiry timestamp
32, # token length
$devicetoken, # token
length $json, # payload length
$json # payload
);
Then for reading the response I used the below message format:
my($c,$status,$identifier) = unpack('ccN',$error);
Where $error is the response from APNS. Now the whole thing is working fine.
I am writing the callout driver for Hyper-V 2012 where I need to filter the packets sent from virtual machines.
I added filter at FWPM_LAYER_EGRESS_VSWITCH_TRANSPORT_V4 layer in WFP. Callout function receive packet buffer which I am typecasting it to NET_BUFFER_LIST. I am doing following to get the data pointer
pNetBuffer = NET_BUFFER_LIST_FIRST_NB((NET_BUFFER_LIST*)pClassifyData->pPacket);
pContiguousData = NdisGetDataBuffer(pNetBuffer, NET_BUFFER_DATA_LENGTH(pNetBuffer), 0, 1, 0);
I have simple client-server application to test the packet data. Client is on VM and server is another machine. As I observed, data sent from client to server is truncated and some garbage value is added at the end. There is no issue for sending message from server to client. If I dont add this layer filter client-server works without any issue.
Callback function receives the metadata which incldues ipHeaderSize and transportHeaderSize. Both these values are zero. Are these correct values or should those be non-zero??
Can somebody help me to extract the data from packet in callout function and forward it safely to further layers?
Thank You.
These are the TCP packets. I looked into size and offset information. It seems the problem is consistent across packets.
I checked below values in (NET_BUFFER_LIST*)pClassifyData->pPacket.
NET_BUFFER_LIST->NetBUfferListHeader->NetBUfferListData->FirstNetBuffer->NetBuffe rHeader->NetBufferData->CurrentMdl->MappedSystemVa
First 24 bytes are only sent correctly and remaining are garbage.
For example total size of the packet is 0x36 + 0x18 = 0x4E I don't know what is there in first 0x36 bytes which is constant for all the packets. Is it a TCP/IP header? Second part 0x18 is the actual data which i sent.
I even tried with API NdisQueryMdl() to retrieve from MDL list.
So on the receiver side I get only 24 bytes correct and remaining is the garbage. How to read the full buffer from NET_BUFFER_LIST?