Live UDP modification?

Discussion in 'Computer Programming, Emulation, and Game Modding' started by Kyohack, Oct 30, 2013.

  1. Kyohack
    OP

    Kyohack Advanced Member

    Newcomer
    98
    62
    Mar 27, 2010
    United States
    Las Vegas, Nevada
    Let's say I have a Windows PC connected to my home Wi-Fi connection, and is setup to share that connection via ethernet to a second router. That second router provides internet to one of my game consoles. Since traffic is being passed through the computer, I can record it with Wireshark just fine.

    But has anyone come across any programs/examples for intercepting and modifying live UDP packets? Proxy servers are out of the question, and I'm just looking for a program that will be able to "see" all traffic passing through a specific network interface, similar to Wireshark. I can't setup a spoofed server because there isn't a DNS address for me to spoof, and also because the traffic is peer-to-peer. I've seen some answers on Google that suggest I'd have to code my own program, and will likely need to use something like winpcap. However, this is beyond my capabilities, and I feel like there's probably a simple example out there that I can tweak to do what I want.

    Basically, I want to edit all UDP packets that have either length A or length B. For packets with length A, I want to replace a few hundred bytes starting at a specific offset, with the contents of a file. For packets with length B, I want to do the same thing but with a different starting offset.

    I'm not trying to do anything fancy here, so I don't have to worry much about speed; from a typical session, I'll see only a few kilobytes of UDP packets (specifically between 200-400) in Wireshark. Only about 2 or 3 of them will actually fit my length criteria for editing.

    If this were as easy as simple string or hex data manipulation, I'd be fine. My trouble lies in the complexity of this involving UDP packets running over a live network, which is something I've never dealt with before. I appreciate any and all suggestions.
     
  2. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,740
    9,612
    Nov 21, 2005
    United Kingdom
    I guess this is for the pokemon stuff? From what I have seen thus far then it looks like a curious mix of "what is secure networking?" and "I read the first few pages of the cretin's guide to network communications".

    Network hacking/packet injection at that level on standard windows is a pain (Windows practically dropped raw sockets some time around late XP SP2 or with XP SP3 and the alternatives are not really any nicer/easier to do, more on raw sockets http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548(v=vs.85).aspx ) and is usually reserved for more linux/BSD type systems as a result. You probably could do it from within a virtual machine though, myself I would come at it the other way and run a VM from within a linux/BSD distro if you need windows to run the modification/generation tools.

    Packet injection is the term for what you want. I assume you can not replay a premodded stream, I am not sure what any timeout for the stuff is either or if there are any back and forth communications after the initial stream.
    If you can replay then capture, edit and send out on a different session if you want. This does also include if any session to session differences are easy to figure out.
    If there is no timeout then you can send up the request, wait for one to come back and block it from initially being received by the 3ds (naturally you want to be capturing it), edit the stuff and send the edited packets. If going by hand such things are likely to take somewhat longer than the average timeout but I have seen it up in the seconds range for some things and going at pace you could do it if this is the case here.
    The communications after the initial stream (especially as it is UDP) would be a stumbling block in that you have to emulate/replicate them but from everything I have seen there is nothing like that, or at least nothing like that of the nature that will pose a great deal of trouble here.

    If you have a big boy router there are things you can do to help here but those things cost a fortune so you probably do not have one (even the WRT based firmwares might quiver at some of the stuff that could help here).

    To this end you get to do it live and you then get to program a tool to do it.
    http://www.secdev.org/projects/scapy/ is a reasonable packet injection tool, it is possibly rather more complex than what you want but the steps down from there tend to land you with things like http://nemesis.sourceforge.net/ which would probably be a pig to do this with, many injection tools will be aimed more at WEP hacking or stress testing than this sort of thing too. I must admit I have not really had to do more than capture and analysis in a while so there could be a nicer tool (reading a list http://code.google.com/p/ostinato/ might be nice though it labels modification of unknown protocols as experimental).