The hidden IP address, preface this article mainly shows how to hide the IP address in the program. In fact, this thing is not written. Among them, I am too lazy to typing, so copying, paste the lonely swordsman, thank you! The code section refers to a program written by foreign program XES. So this is just a by-product in the learning process. Since the program is already done, it will be exchanged with you by the way, and we will improve it together. This article only wants to explain the structure and transmission mechanism of IP data. If someone change it to a malicious IP attack tool, the consequences are at your own risk. Second, IP header structure We know that TCP / IP network data is all transmitted on the IP packet in the IP packet, which is also packaged to establish an IP datagram containing IP headers and data. In general, network software always generates IP headers with multiple 32-bit words, even if IP headers must be filled with additional 0. The IP header contains all necessary information for transmitting the package data in the IP packet. The data structure and description of the IP header are as follows:
Member length (bit) describes the version number of the version 4 IP header, is currently IPv4, the latest is the length of IPv6 Header Length 4 IP header, if there is no special choice, IP header is always 20-byte long Type of Service 8 service type, definition The length of the priority, latency, throughput, and reliability of data transmission TOTAL PACKET LENGTH 16 IP package, if there is no special option, generally 20-byte long Identification 16 IP package identifier, the host uses it unique to determine each send Data News FLAG 3 IP Data Segmentation Sign Fragment Offset 13 IP Data Segmentation Offset Time Time 8 Datashery Survival time on the network, every router, this value minus a protocol 8 TCP / IP protocol type, such as ICMP For 1, IGMP is 2, TCP is 6, UDP is 17, etc. Header Checksum 16 Header Check and Source IP Address 32 Source IP Address Destination IP Address 32 Destination IP Address Other • Other Options DATA? Data Implementing your own defined IP header A very meaningful thing, for example, by changing the priority and TTL of the TOS in the IP head, you can make your own packets with stronger transfer capacity and life, by modifying the source IP address in the IP header Hide your machine's IP address, etc. The famous attack program "Teardrop" is implemented by deliberately manufacturing a slice IP package that cannot be handled by the system, and SYN FLOODER and UDP FLOODER are deceived by generating random source IP. Third, the implementation principle In general, custom IP headers are implemented by using the option ip_hdrincl using the socket library function setsockopt (), although it is easy to implement on UNIX and Linux platforms, but unfortunately, Winsock1 on the Windows platform .1 and Winsock 2.0 Library SetsockOpt () does not support IP_HDRINCL options, so in Windows 9x / NT is unable to implement IP header customs through the WINSOCK library, of course, can be implemented by writing a virtual device driver, but More complicated, but Windows 2000 has broken this situation, and the Windows2000's Winsock2.2 library fully supports setsockopt () option IP_HDRINCL, making it easy to customize the IP header. The implementation method is as follows: 4, code section {1. This program can only run on Window 2000. 2. You must have Administrator privileges. 3. The program needs to use a Button and a Memo. ------------ -------------------------------------------------- ---------- Before running the program, please change the value of SRCIP, Srcport, Destip, and Destport according to your needs --------------------- ------------------------------------------------- in case You don't understand the following code, it is best not to run it. -------------------------------------------------- --------------------} Unit Unit1; Interface Uses Windows, Messages, Sysutils, Classes, Graphics, Controls, Forms, Dialogs, Stdctrls, Olectrls, Registry;
Const srcip = '123.123.123.1'; // Transmitter IP address srcport = 1234; file: // Transmitter port Destip = '127.0.0.2'; file: // destination IP address DESTPORT = 4321; file: // Port Max_Message = 4068; max_packet = 4096;
Type
TpacketBuffer = array [0..max_packet-1] of byte;
TFORM1 = Class (TFORM) Button1: TButton; Memo1: TMemo; Procedure Button1Click (Sender: Tobject); private {private declarations} PUBLIC {Public Declarations}.
// IP header type T_IP_Header = record ip_verlen: Byte; ip_tos: Byte; ip_totallength: Word; ip_id: Word; ip_offset: Word; ip_ttl: Byte; ip_protocol: Byte; ip_checksum: Word; ip_srcaddr: LongWord; ip_destaddr: LongWord; end;
// UDP head TYPE T_UDP_HEADER = Record SRC_PortNo: Word; DST_Portno: Word; UDP_LENGTH: WORD; UDP_CHECKSUM: WORD;
// Some types of WINSOCK 2 declaration u_CHAR = char; u_short = word; u_int = integer; u_long = longint;
Sunb = packed record s_b1, s_b2, s_b3, s_b4: u_char; end; sunw = packed record s_w1, s_w2: u_short; end; in_addr = record case integer of 0: (s_un_b: sunb); 1: (S_UN_W: Sunw); 2: (s_addr: u_long); end; tinaddr = in_addr; sockaddr_in = record case integer of 0: (SIN_FAMILY: U_SHORT; SIN_PORT: U_SHORT; SIN_ADDR: TINADDR; SIN_ZERO: Array [0..7] of char); 1: (SA_FAMILY: U_SHORT; SA_DATA: Array [0..13] of char) end; tsockaddr = sockaddr_in; tsocket = u_int;
Const Wsadescription_len = 256; WSASYS_STATUS_LEN = 128;
type PWSAData = ^ TWSAData; WSAData = record // WSDATA wVersion: Word; wHighVersion: Word; szDescription: array [0..WSADESCRIPTION_LEN] of Char; szSystemStatus: array [0..WSASYS_STATUS_LEN] of Char; iMaxSockets: Word; iMaxUdpDg: Word; lpVendorInfo: PChar; end; TWSAData = WSAData; file: // define some functions winsock 2 function closesocket (s: TSocket): Integer; stdcall; function socket (af, Struct, protocol: Integer): TSocket; stdcall; function Sendto (s: tsocket; var buf; len, flags: integer; var address; {} function setsockopt (s: tsocket; iptval: pchar; optlen: Integer): Integer; stdcall; function inet_addr (cp: PChar): u_long; stdcall; {PInAddr;} {TInAddr} function htons (hostshort: u_short): u_short; stdcall; function WSAGetLastError: Integer; stdcall; function WSAStartup (wVersionRequired: Word; var wsdata: twsadata): integer; stdcall; function wsacleanup: integer; stdcall;
Const AF_Inet = 2; // Internetwork: UDP, TCP, etc.
IP_HDRINCL = 2; // ip Header Include
SOCK_RAW = 3; // Raw-Protocol Interface
Ipproto_ip = 0; // Dummy for ip ipproto_tcp = 6; // TCP IPPROTO_UDP = 17; // user datagram protocol ipproto_raw = 255; // raw ip packet
INVALID_SOCKET = TSOCKET (NOT (0)); socket_error = -1;
Var Form1: TFORM1;
IMPLEMENTATION
// Import Winsock 2 functions const winsocket = 'ws2_32.dll';
function closesocket; external winsocket name 'closesocket'; function socket; external winsocket name 'socket'; function sendto; external winsocket name 'sendto'; function setsockopt; external winsocket name 'setsockopt'; function inet_addr; external winsocket name 'inet_addr'; function htons; external winsocket name 'htons'; function WSAGetLastError; external winsocket name 'WSAGetLastError'; function WSAStartup; external winsocket name 'WSAStartup'; function WSACleanup; external winsocket name 'WSACleanup'; {$ R * .DFM}
Function checksum (var buffer; size: integer: word; type twordAdArray = array [0..1] of word; var chksum: longword; i: integer; begin chksum: = 0; i: = 0; while size> 1 Do Begin Chksum: = Chksum TwordArray (Buffer); INC (I); Size: = Size - SIZEOF (WORD);
IF size = 1 Then Chksum: = Chksum Byte (TwordArray (Buffer);
Chksum: = (Chksum SHR 16) (CHKSUM AND $ FFFF); Chksum: = Chksum (Chksum SHR 16);
Result: = Word (chksum);
procedure BuildHeaders (FromIP: String; iFromPort: Word; ToIP: String; iToPort: Word; StrMessage: String; Var Buf: TPacketBuffer; Var remote: TSockAddr; Var iTotalSize: Word); Var dwFromIP: LongWord; dwToIP: LongWord;
Iipversion: Word; IipHDR: t_ip_header; udphdr: t_udp_header;
Iudpsize: Word; Iudpchecksumsize: Word; CKSUM: WORD;
PTR: ^ Byte;
Procedure incord; begin Ptr: = Pointer (Integer (PTR) Value);
Begin // Convert IP Address'sS
dwfromip: = inet_addr (pchar (fromip)); DWTOIP: = INET_ADDR (Pchar (toip));
// Initialize IP head // ketitalsize: = sizeof (iPhdr) sizeof (udphdr); IIPVersion: = 4; iipsize: = sizeof (iphdr) Div sizeof (longword);
iPhdr.ip_verlen: = (Iipversion SHL 4) or iipsize; iphdr.ip_tos: = 0; // ip type of service iphdr.ip_totallength: = htons (itotalsize); // Total packet len iphdr.ip_ID: = 0; // Unique IDentifier: set to 0 iphdr.ip_offset: = 0; // Fragment Offset Field iPhdr.ip_ttl: = 128; // Time To Live iPhdr.ip_Protocol: = $ 11; // Protocol (UDP) iphdr.ip_checksum: = 0; // ip checksum iphdr.ip_srcaddr: = dwfromip; // source address iphdr.ip_destaddr: = dwtoip; // destination address //// Initialization UDP head // Iudpsize: = sizeof (udphdr) length (StrMessage);
Udphdr.src_portno: = htons (iFromport); udphdr.dst_portno: = htons (iTOport); udphdr.udp_length: = htons (iudpsize); udphdr.udp_checksum: = 0;
IudpChecksumsize: = 0;
PTR: = @buf [0]; Fillchar (BUF, SIZEOF (BUF), 0);
Move (iPhdr.ip_srcaddr, ptr ^, sizeof (iphdr.ip_srcaddr)); IncPtr (sizeof (iPhdr.ip_srcaddr);
Iudpchecksumsize: = iudpchecksumsize sizeof (iPhdr.ip_srcaddr);
Move (iphdr.ip_destaddr, ptr ^, sizeof (iphdr.ip_destaddr)); IncPtr (sizeof (iPhdr.ip_DestAddr);
Iudpchecksumsize: = Iudpchecksumsize sizeof (iPhdr.ip_DestAddr);
IncPtr (1);
IudpChecksumsize;
Move (iphdr.ip_protocol, ptr ^, sizeof (iphdr.ip_protocol); incttr (sizeof (iphdr.ip_protocol); iudpchecksumsize: = Iudpchecksumsize sizeof (iPhdr.ip_protocol);
Move (udphdr.udp_length, ptr ^, sizeof (udphdr.udp_length); incttr (sizeof (udphdr.udp_length); iudpchecksumsize: = Iudpchecksumsize sizeof (udphdr.udp_length);
move (udpHdr, ptr ^, sizeof (udpHdr)); IncPtr (sizeof (udpHdr)); iUdpChecksumSize: = iUdpCheckSumSize sizeof (udpHdr); Move (StrMessage [1], ptr ^, Length (strMessage)); IncPtr (Length StrMessage));
Iudpchecksumsize: = Iudpchecksumsize length (strMessage);
Cksum: = Checksum (buf, Iudpchecksumsize); udphdr.udp_checksum: = CKSUM
// // Now IP and UDP header OK, we can send it out. // Fillchar (BUF, SIZEOF (BUF), 0); PTR: = @buf [0];
Move (iPhdr, PTR ^, SIZEOF (IPHDR)); INCPTR (IPHDR)); Move (udphdr, ptr ^, sizeof (udphdr)); incttr (sizeof (udphdr)); Move (StrMessage [1], PTR ^, Length (StrMessage));
Remote.sin_family: = af_INET; Remote.sin_Port: = HTONS (ITOPORT); Remote.SIN_ADDR.S_ADDR: = DWTOIP; END;
PROCED: TSDATA: TSDATA: TsockAddr; Twsadata; iptate: tsockaddr; iptate: bass;
Begin // Startup Winsock 2 Ret: = WSAStartup ($ 0002, WSDATA); if Ret <> 0 THEN BEGIN MEMO1.LINES.ADD ('WSA Startup Failed.'); EXIT; End; With Memo1.Lines Do Begin Add (' WSA Startup: '); add (' dec .: ' wsdata.szdescription); add (' status: ' wsdata.szsystemstatus); end;
Try // Create Socket SH: = Socket (AF_INET, SOCK_RAW, IPPROTO_UDP); if (sh = invalid_socket) THEN BEGIN MEMO1.LINES.ADD ('socket () failed:' INTOSTOSTR (WsageTlasterror); EXIT; End; Memo1 .lines.add ('socket handle =' INTOSTOSTR (SH);
// Option: Header Include bOpt: = 1; ret: = SetSockOpt (sh, IPPROTO_IP, IP_HDRINCL, @bOpt, SizeOf (bOpt)); if ret = SOCKET_ERROR then begin Memo1.lines.add ( 'setsockopt (IP_HDRINCL) failed: ' INTOSTR (Wsagetlasterror); EXIT;
// Build The Packet Buildheaders (srcip, srcport, destip, destport, 'this is a test packet ", buf, remote, itotalsize; // send the packet return: = sendto (sh, buf, itotalsize, 0, remote, SizeOf (Remote)); if Ret = Socket_ERROR THEN MEMO1.LINES.ADD ('sendto () failed:' INTOSTR (Wsagetlasterror) ELSE MEMO1.LINES.ADD ('Send' INTOSTR (RET) 'Bytes.' );
// Close Socket CloseSocket (SH); Finally // Close Winsock 2 wsacleanup; end;
Procedure TFORM1.BUTTON1CLICK (Sender: TOBJECT); begin sendit;
End.
