Within the last months I had some time to work on my code and today I’m releasing some of that: a new version of dizzy as well as two new loki modules.
New version of dizzy:
Download version 0.8.2 here.
USB target support
Dizzy is able to use neighbor travis’ facedancer to emulate a client device. Two fuzzing modes are available for USB descriptor fuzzing and USB endpoint fuzzing.
Here is an example cmd to start usb configuration descriptor fuzzing:
python3 dizzy.py -o usb-dscr -d usb_devices/RTL2838UHIDIR.usb -e CD -w 20 -W 120 -vvv dizzes/usb/configuration_descriptor.dizz
Python 3
To be able to use the facedancer python bindings, I had to port dizzy from python 2 to python 3. So remember to use the python3 interpreter from now on.
New dizz Objects
There are a few new objects to use in your .dizz files:
The fill object takes a source object, a maximum length and some data to fill with. The length of the object is the defined maximum length minus the length of the source object.
The padding object acts almost like the length function, so it takes a start and an end object but also a modulo value and some data to pad with. It takes the length from the start to the end object and pads it with the given data to match the modulo.
New dizz Functions:
The time function fills a given object with the current time. The length of the target object must be 64 bits.
New loki Modules:
We got a new loki module, implementing IS-IS support. loki is now able to participate in the IS-IS routing protocol and inject LSPs for IPv4 and IPv6. The HMAC-MD5 authentication can be brute forced, once captured.
The module can be found here, but it also needs the bindings for brute forcing from here. So if you want to try this, you better build loki from the svn (see below) as the module is not yet in any of the packages.
Also Cicos DTP protocol is now supported by loki (slowly replacing yersinia 😉 and can be found here. It doesn’t need any bindings, so just copy the .py and .glade files to your loki modules folder and you’re good to go.
Building loki from source
For all of you trying to build loki from source (and you all should 😉 here is a short step by step example:
What you need:
subversion
automake, autoconf, make
python, pygtk, libglade, dnet, pylibpcap, dpkt, ipy
Checkout the latest version from svn:
#svn export http://c0decafe.de/svn/codename_loki/trunk
Are you using a debian derivative? (ubuntu, mint etc)
Unfortunately there is a naming conflict with an already existing libdnet, so they called it libdumbnet. check the build_loki-ubuntu file in the pkg_scripts folder and use sed:
find trunk -name "*.h" -exec sed -i "s/dnet\.h/dumbnet\.h/g" {} ";"
find trunk -name "*.py" -exec sed -i "s/dnet/dumbnet/g" {} ";"
sed -i "s/dnet/dumbnet/g" trunk/setup.py.in
Change to the trunk folder and generate the build files.
#cd trunk
#aclocal && automake --add-missing --copy && autoconf
Run configure and build loki:
#./configure
#make
#make install
If everything went well you can launch loki:
#sudo loki.py
Also there is a bunch of loki binary builds and build files in the svn.
Packages
Have a a lot of fun
/daniel