[:)] Hidden in the IP address
I. Introduction
This article mainly describes how to hide the IP address in the program. In fact, this thing is not written. Among them, I am too lazy to typing, so copying, paste the lonely swordsman, thank you! The code section refers to a program written by foreign program XES. So this is just a by-product in the learning process. Since the program is already done, it will be exchanged with you by the way, and we will improve it together. This article only wants to explain the structure and transmission mechanism of IP data. If someone change it to a malicious IP attack tool, the consequences are at your own risk.
Second, IP head structure
We know that all TCP / IP network data is all transmitted on the IP packet in the IP packet, which is packaged to establish an IP datagram containing IP headers and data. In general, network software always generates IP headers with multiple 32-bit words, even if IP headers must be filled with additional 0. The IP header contains all necessary information for transmitting the package data in the IP packet. The data structure and description of the IP header are as follows:
Member length (BIT) description
Version 4 IP header version number, currently IPv4, the latest IPv6
Header Length 4 IP header length, if there is no special choice, IP header is always 20-byte length
Type of Service 8 service type defines features such as priority, delay, throughput, and reliability of data transmission.
Total Packet Length 16 IP package length, if there is no special option, generally 20-byte length
Identification 16 IP package identifier, host uses it unique to determine each sending data report
Flag 3 IP Data Segmentation Sign
FRAGMENT OFFSET 13 IP Data Segmentation Offset
Time to Live 8 Data report on the survival time on the network, every passage, this value is reduced
Protocol 8 TCP / IP protocol type, such as: ICMP is 1, IGMP is 2, TCP is 6,
UDP is 17, etc.
Header Checksum 16 head inspection and
Source IP Address 32 Source IP Address
Destination IP Address 32 Destination IP Address
Other? Other options
Data? Data
Implementing your own defined IP head is a very meaningful thing, for example, by changing the priority and TTL of TOS in the IP head, you can make your own data package with stronger transmission capabilities and life, by modifying IP headers The source IP address can hide the IP address of your machine, and the like. The famous attack program "Teardrop TearDrop" is achieved by deliberate manufacturing systems that cannot be processed, and SYN FLOODER and
UDP Flooder is deceived by generating random source IP.
Third, the principle of implementation
In general, custom IP headers are implemented by using Socket's library function setsockopt () option ip_hdrincl, although it is easy to implement on UNIX and Linux platforms, but unfortunately, Winsock1.1 and Winsock2 in Windows platforms. .0 function library setsockopt () does not support IP_HDRINCL options, so in Windows 9x / NT is unable to implement IP header from the WINSOCK library, of course, can be implemented by writing a virtual device driver, but it is more complicated, but The emergence of Windows 2000 breaks this situation, and Windows2000's Winsock 2.2 library fully supports setsockopt () option ip_hdrincl so that we can easily implement custom IP headers. The implementation method is as follows:
Fourth, code part
{
1. This program can only run in Window 2000.
2. You must have administrator permissions.
3. Programs need to use a Button and a memo. ------------------------------------------------------------------------------------------------------------------------------------------------ --------------------------------
Before running the program, please change the value of SRCIP, Srcport, Destip, and Destport according to your needs.
-------------------------------------------------- --------------------
If you don't understand the following code, it is best not to run it.
-------------------------------------------------- --------------------
}
Unit unit1;
Interface
Uses
Windows, Messages, Sysutils, Classes, Graphics, Controls, Forms, Dialogs,
STDCTRLS, OLECTRLS, Registry;
Const
SRCIP = '123.123.123.1'; // Sending party IP address
Srcport = 1234; // Sending party port
Destip = '127.0.0.2'; // destination IP address
Destport = 4321; // destination port
MAX_MESSAGE = 4068;
MAX_PACKET = 4096;
Type
TpacketBuffer = array [0..max_packet-1] of byte;
TFORM1 = Class (TFORM)
Button1: tbutton;
Memo1: TMEMO;
Procedure Button1Click (Sender: TOBJECT);
Private
{Private Declarations}
public
{Public declarations}
Procedure de
END;
// ip header
Type
T_ip_header = record
IP_VERLEN: BYTE;
IP_tos: byte;
IP_TOTALLENGTH: WORD;
IP_ID: WORD;
IP_offset: Word;
IP_TTL: BYTE;
IP_PROTOCOL: BYTE;
IP_CHECKSUM: WORD;
IP_SRCADDR: Longword;
IP_DESTADDR: Longword;
END;
//
UDP header
Type
T_
UDP_HEADER = Record
SRC_Portno: Word;
DST_Portno: Word;
UDP_LENGTH: WORD;
UDP_CHECKSUM: WORD;
END;
// Some type declarations of Winsock 2
u_CHAR = char;
U_SHORT = WORD;
u_INT = integer;
U_long = longint;
Sunb = Packed Record
S_B1, S_B2, S_B3, S_B4: U_CHAR;
END;
SUNW = Packed Record
S_W1, S_W2: U_SHORT;
END;
IN_ADDR = Record
Case Integer of
0: (S_UN_B: Sunb);
1: (S_UN_W: SUNW);
2: (S_ADDR: U_LONG);
END;
TINADDR = IN_ADDR;
SockAddr_in = Record
Case Integer of
0: (SIN_FAMILY: U_SHORT; SIN_PORT: U_SHORT;
SIN_ADDR: TINADDR;
SIN_ZERO: ARRAY [0..7] of char);
1: (SA_FAMILY: U_SHORT;
SA_DATA: ARRAY [0..13] of char)
END;
TsockAddr = SockAddr_in;
Tsocket = u_int;
Const
WSADESCRIPTION_LEN = 256;
WSASYS_STATUS_LEN = 128;
Type
Pwsadata = ^ TWSADATA;
WSADATA = Record // WSDATA
WVERSION: WORD;
WORHVERSION: WORD;
Szdescription: array [0..wsadescription_len] of char;
SzsystemStatus: array [0..wsasys_status_len] of char;
IMAXSOCKETS: WORD;
IMAXUDPDG: WORD;
LPVENDORINFO: PCHAR;
END;
TWSADATA = WSADATA;
// Define some Winsock 2 functions
Function CloseSocket (S: Tsocket): Integer; stdcall;
Function socket (AF, STRUCT, Protocol: Integer): Tsocket; stdcall;
Function Sendto (S: Tsocket; Var Buf; Len, Flags: Integer; VAR AddRTO: TSOCKADDR;
TOLEN: Integer: integer; stdcall; {}
Function setsockopt (s: tsocket; level, optName: integer; optVal: pchar;
Optlen: Integer; integer; stdcall;
Function INET_ADDR (CP: PCHAR): U_LONG; stdcall; {Pinaddr;} {TinAddr}
Function Htons (Hostshort: U_SHORT): u_short; stdcall;
Function Wsagetlasterror: integer; stdcall;
Function WSAStartup (WVersionRequired: Word; Var WSData: TWSADATA): Integer; stdcall;
Function wsacleanup: integer; stdcall;
Const
AF_INET = 2; // InternetWork:
UDP, TCP, ETC.
IP_HDRINCL = 2; // ip Header Include
SOCK_RAW = 3; // Raw-Protocol Interface
Ipproto_ip = 0; // Dummy for IP
Ipproto_tcp = 6; // TCP
Ipproto_
UDP = 17; // User DataGram Protocol
Ipproto_raw = 255; // raw ip packet
INVALID_SOCKET = TSocket (not (0));
Socket_ERROR = -1;
VAR
FORM1: TFORM1;
IMPLEMENTATION
// Import Winsock 2 functions
Const winsocket = 'ws2_32.dll';
Function CloseSocket; External Winsocket Name 'CloseSocket'; Function Socket; External Winsocket Name 'Socket'
Function Sendto; External Winsocket Name 'Sendto';
Function setsockopt; External Winsocket Name 'setsockopt';
Function INET_ADDR; External Winsocket Name 'INET_ADDR'
Function Htons; External Winsocket Name 'Htons'
Function Wsagetlasterror; External Winsocket Name 'Wsagetlasterror';
Function WSAStartup; External Winsocket Name 'WSAStartup';
Function WSacleanup; External Winsocket Name 'wsacleanup';
{$ R * .dfm}
Function Checksum (Var Buffer; Size: Integer): Word;
Type
TWORDARRAY = array [0..1] of Word;
VAR
Chksum: longword;
i: integer;
Begin
CHKSUM: = 0;
I: = 0;
While size> 1 do begin
Chksum: = CHKSUM TOORDARRAY (BUFFER) [i];
INC (I);
Size: = size - sizeof (word);
END;
If size = 1 Then Chksum: = Chksum Byte (TwordArray (Buffer) [i]);
Chksum: = (CHKSUM SHR 16) (Chksum and $ fff);
Chksum: = CHKSUM (Chksum SHR 16);
Result: = Word (chksum);
END;
Procedure Buildheaders
Fromip: String;
iFromPort: Word;
TOIP: STRING;
ITOPORT: WORD;
Strime: String;
VAR BUF: TPACKETBUFFER;
Var Remote: TsockAddr;
Var hoodsize: word
);
VAR
Dwfromip: longword;
DWTOIP: longword;
IIPVERSION: WORD;
IIPSIZE: WORD;
iPhdr: t_ip_header;
UDphdr: T_
UDP_HEADER;
Iudpsize: Word;
IudpChecksumsize: word;
CKSUM: WORD;
PTR: ^ Byte;
Procedure IncPtr (Value: Integer);
Begin
PTR: = Pointer (Integer (PTR) VALUE;
END;
Begin
// Convert IP Address'ss
dwfromip: = inet_addr (pchar (fromip));
DWTOIP: = inet_addr (pchar (toip));
// Initialize IP header
//
ITOTALSIZE: = SIZEOF (IPHDR) SIZEOF (UDphDR) Length;
IIPVERSION: = 4;
IIPSIZE: = SizeOf (iPhdr) Div sizeof (longword);
iPhdr.ip_verlen: = (IIPVERSION SHL 4) OR IIPSIZE;
iphdr.ip_tos: = 0; // ip Type Of Service
iphdr.ip_totallength: = htons (itotalsize); // Total Packet LEN
iphdr.ip_id: = 0; // Unique Identifier: SET TO 0
iphdr.ip_offset: = 0; // Fragment Offset Field
iphdr.ip_ttl: = 128; // Time to Live
iphdr.ip_protocol: = $ 11; // Protocol
UDP)
iphdr.ip_checksum: = 0; // ip Checksum
iphdr.ip_srcaddr: = dwfromip; // source address
iphdr.ip_destaddr: = dwtoip; // destination address
//
// Initialization
UDP header
//
Iudpsize: = SizeOf (udphdr) length (strmessage);
Udphdr.src_portno: = htons (iFromport);
UDphdr.dst_portno: = HTONS (ITOPORT);
UDphdr.
UDP_LENGTH: = HTONS (IUDPSIZE);
UDphdr.
UDP_CHECKSUM: = 0;
IudpChecksumsize: = 0;
PTR: = @buf [0];
Fillchar (BUF, SIZEOF (BUF), 0);
Move (iphdr.ip_srcaddr, ptr ^, sizeof (iPhdr.ip_srcaddr));
Incptr (sizeof (iPhdr.ip_srcaddr);
Iudpchecksumsize: = iudpchecksumsize sizeof (iPhdr.ip_srcaddr);
Move (iphdr.ip_destaddr, ptr ^, sizeof (iphdr.ip_destaddr);
Incptr (sizeof (iPhdr.ip_DestAddr);
Iudpchecksumsize: = Iudpchecksumsize sizeof (iPhdr.ip_DestAddr);
IncPtr (1);
IudpChecksumsize;
Move (iphdr.ip_protocol, ptr ^, sizeof (iPhdr.ip_protocol);
Incptr (sizeof (iPhdr.ip_protocol);
IudpChecksumsize: = Iudpchecksumsize sizeof (iPhdr.ip_protocol);
Move (udphdr.
UDP_LENGTH, PTR ^, SizeOf (UDphdr.
UDP_LENGTH));
Incm (sizeof (UDphdr)
UDP_LENGTH));
Iudpchecksumsize: = Iudpchecksumsize Sizeof (udphdr.
UDP_LENGTH);
Move (udphdr, ptr ^, sizeof (udphdr)); IncPtr (SizeOf (UDphdr));
Iudpchecksumsize: = Iudpchecksumsize SizeOf (UDphdr);
Move (StrMessage [1], PTR ^, Length (StrMessage));
IncPtr (length (strmessage);
Iudpchecksumsize: = Iudpchecksumsize length (strMessage);
CKSUM: = Checksum (buf, iudpchecksumsize);
UDphdr.
UDP_CHECKSUM: = CKSUM;
//
// Now IP and
UDP header OK, we can send it out.
//
Fillchar (BUF, SIZEOF (BUF), 0);
PTR: = @buf [0];
Move (iPhdr, Ptr ^, SizeOf (iPhdr)); IncPtr (SizeOf (iPhdr));
Move (udphdr, ptr ^, sizeof (udphdr)); IncPtr (SizeOf (UDphdr));
Move (StrMessage [1], PTR ^, Length (StrMessage));
Remote.sin_family: = af_INet;
Remote.sin_port: = HTONS (ITOPORT);
Remote.sin_addr.s_addr: = DWTOIP;
END;
Procedure TFORM1.Sendit;
VAR
sh: tsocket;
Bopt: integer;
RET: Integer;
BUF: TPACKETBUFFER;
Remote: TsockAddr;
Local: TsockAddr;
ITOTALSIZE: WORD;
WSDATA: TWSADATA;
Begin
// Startup Winsock 2
RET: = WSAStartup ($ 0002, WSDATA);
IF RET <> 0 THEN BEGIN
Memo1.Lines.Add ('WSA Startup Failed.');
EXIT;
END;
With memo1.lines do begin
Add ('WSA Startup:');
Add ('dec .:' wsdata.szdescription);
Add ('Status:' WSData.szsystemStatus);
END;
Try
// Create Socket
SH: = Socket (AF_INET, SOCK_RAW, IPPROTO_
UDP);
IF (sh = invalid_socket) THEN Begin
MEMO1.LINES.ADD ('socket () failed:' INTOSTR (Wsagetlasterror));
EXIT;
END;
Memo1.Lines.Add ('socket handle =' INTOSTR (SH);
// Option: Header Include
Bopt: = 1;
RET: = setsockopt (sh, ipproto_ip, ip_hdrincl, @BOPT, SIZEOF (BOPT));
if Ret = Socket_ERROR THEN Begin
Memo1.Lines.Add ('setsockopt (ip_hdrincl) failed:' intentlasterror); exit;
END;
// build the packet
Buildheaders (Srcip, Srcport,
Destip, Destport,
'This is a test packet',
BUF, Remote, ITAOTALSIZE
// send the packet
RET: = Sendto (SH, BUF, ITAOTALSIZE, 0, Remote, SizeOf (remote));
if Ret = Socket_ERROR THEN
Memo1.Lines.Add ('sendto () failed:' INTOSTR (Wsagetlasterror))
Else
Memo1.Lines.Add ('Send' INTOSTR (RET) 'Bytes.');
// Close Socket
CloseSocket (SH);
Finally
// Close Winsock 2
WSACLEANUP;
END;
END;
Procedure TFORM1.BUTTON1CLICK (Sender: TOBJECT);
Begin
Sendit;
END;
End.