Land rapid7#7967, DTC Improvements and Fixes

Author: pbarry-r7

lib/msf/core/post/hardware.rb

@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 module Msf::Post::Hardware
   require 'msf/core/post/hardware/automotive/uds'
+  require 'msf/core/post/hardware/automotive/dtc'
   require 'msf/core/post/hardware/zigbee/utils'
 end

lib/msf/core/post/hardware/automotive/dtc.rb

@@ -37,11 +37,11 @@ def initialize(client)
   # @param bus [String] bus name
   #
   # @return [Boolean] return true if bus is valid
-  def is_valid_bus? bus
+  def is_valid_bus?(bus)
     valid = false
-    get_supported_buses if self.buses == nil
-    if not bus.blank?
-      self.buses.each do |b|
+    get_supported_buses if buses.nil?
+    unless bus.blank?
+      buses.each do |b|
         valid = true if b["bus_name"] == bus
       end
     end
@@ -55,10 +55,10 @@ def is_valid_bus? bus
   #
   # @return [Hash] client.send_request response with "Error" if any exist
   def check_for_errors(data)
-    if data and data.has_key? "Packets"
+    if data && (data.key? "Packets")
       if data["Packets"].size == 1
-        if data["Packets"][0]["DATA"].size > 3 and data["Packets"][0]["DATA"][1].hex == 0x7F
-          if ERR_MNEMONIC.has_key? data["Packets"][0]["DATA"][3].hex
+        if data["Packets"][0]["DATA"].size > 3 && data["Packets"][0]["DATA"][1].hex == 0x7F
+          if ERR_MNEMONIC.key? data["Packets"][0]["DATA"][3].hex
             err = data["Packets"][0]["DATA"][3].hex
             data["error"] = { ERR_MNEMONIC[err] => ERR_DESC[ERR_MNEMONIC[err]] }
           else
@@ -78,16 +78,16 @@ def check_for_errors(data)
   # @return [Array] Array of Hex string equivalents
   def array2hex(arr)
     # We give the flexibility of sending Integers or string hexes in the array
-    arr.map { |b| "%02x" % (b.respond_to?("hex") ? b.hex : b )}
+    arr.map { |b| "%02x" % (b.respond_to?("hex") ? b.hex : b ) }
   end
 
   def set_active_bus(bus)
     self.active_bus = bus
   end
 
   def get_supported_buses
-    self.buses = client.send_request("/automotive/supported_buses")
-    self.buses
+    buses = client.send_request("/automotive/supported_buses")
+    buses
   end
 
   def get_bus_config(bus)
@@ -103,21 +103,23 @@ def cansend(bus, id, data)
     client.send_request("/automotive/#{bus}/cansend?id=#{id}&data=#{data}")
   end
 
-  def send_isotp_and_wait_for_response(bus, srcId, dstId, data, opt={})
-    # TODO Implement sending ISO-TP > 8 bytes
+  def send_isotp_and_wait_for_response(bus, src_id, dst_id, data, opt = {})
+    # TODO: Implement sending ISO-TP > 8 bytes
     data = [ data ] if data.is_a? Integer
     if data.size < 8
       data = array2hex(data).join
-      request_str = "/automotive/#{bus}/isotpsend_and_wait?srcid=#{srcId}&dstid=#{dstId}&data=#{data}"
-      request_str += "&timeout=#{opt["TIMEOUT"]}" if opt.has_key? "TIMEOUT"
-      request_str += "&maxpkts=#{opt["MAXPKTS"]}" if opt.has_key? "MAXPKTS"
+      request_str = "/automotive/#{bus}/isotpsend_and_wait?srcid=#{src_id}&dstid=#{dst_id}&data=#{data}"
+      request_str += "&timeout=#{opt['TIMEOUT']}" if opt.key? "TIMEOUT"
+      request_str += "&maxpkts=#{opt['MAXPKTS']}" if opt.key? "MAXPKTS"
       return check_for_errors(client.send_request(request_str))
     end
-    return nil
+    nil
   end
 
   attr_reader :buses, :active_bus
-private
+
+  private
+
   attr_writer :buses, :active_bus
 
 end

lib/msf/core/post/hardware/automotive/uds.rb

@@ -101,7 +101,7 @@ module UDSErrors
   "SFNSIAS" => "Sub-Function Not Supoorted In Active Session",
   "SNSIAS" => "Service Not Supported In Active Session",
   "RTH" => "RPM Too High",
-  "RTL" => "RPM Too Low".
+  "RTL" => "RPM Too Low",
   "EIR" => "Engine is Running",
   "EINR" => "Engine is not Running",
   "ERTTL" => "Engine Run Time Too Low",

lib/rex/post/hwbridge/extensions/automotive/automotive.rb

@@ -40,20 +40,20 @@ def commands
   #
   def cmd_supported_buses
     buses = client.automotive.get_supported_buses
-    if not buses.size > 0
+    unless !buses.empty?
       print_line("none")
       return
     end
     str = "Available buses\n\n"
     first = true
     buses.each do |bus|
-      if not first
+      unless first
         str += ", "
       end
       first = false
-      str += bus["bus_name"] if bus.has_key? "bus_name"
+      str += bus["bus_name"] if bus.key? "bus_name"
     end
-    str+="\n"
+    str += "\n"
     print_line(str)
   end
 
@@ -76,11 +76,12 @@ def cmd_busconfig(*args)
         bus = val
       end
     end
-    if not client.automotive.is_valid_bus? bus
+    unless client.automotive.is_valid_bus? bus
       print_error("You must specify a valid bus via -b")
       return
     end
     config = client.automotive.get_bus_config(bus)
+    config
   end
 
   #
@@ -103,13 +104,14 @@ def cmd_connect(*args)
         bus = val
       end
     end
-    if not client.automotive.is_valid_bus? bus
+    unless client.automotive.is_valid_bus? bus
       print_error("You must specify a valid bus via -b")
       return
     end
-    self.active_bus = bus
+    active_bus = bus
     client.automotive.set_active_bus(bus)
     hw_methods = client.automotive.get_supported_methods(bus)
+    hw_methods
   end
 
   #
@@ -139,16 +141,17 @@ def cmd_cansend(*args)
         data = val
       end
     end
-    bus = self.active_bus if bus.blank? and not self.active_bus == nil
-    if not client.automotive.is_valid_bus? bus
+    bus = active_bus if bus.blank? && !active_bus.nil?
+    unless client.automotive.is_valid_bus? bus
       print_error("You must specify a valid bus via -b")
       return
     end
-    if id.blank? or data.blank?
+    if id.blank? || data.blank?
       print_error("You must specify a CAN ID (-I) and the data packets (-D)")
       return
     end
     success = client.automotive.cansend(bus, id, data)
+    success
   end
 
   #
@@ -158,7 +161,8 @@ def name
     'Automotive'
   end
 
-private
+  private
+
   attr_accessor :active_bus
 
 end

lib/rex/post/hwbridge/extensions/automotive/uds_errors.rb

@@ -39,15 +39,15 @@ def initialize(info={})
         'References'    =>
           [
             [ 'URL', 'http://opengarages.org/hwbridge' ]  # TODO
-          ],
+          ]
       }
       ))
     register_options(
       [
         Opt::RPORT(8080),
         Opt::RHOST("127.0.0.1"),
         OptBool.new("DEBUGJSON", [false, "Additional debugging out for JSON requests to HW Bridge", false]),
-        OptString.new('TARGETURI', [ true,  "The path to the hwbridge API", '/'])
+        OptString.new('TARGETURI', [ true, "The path to the hwbridge API", '/'])
       ],
       self.class
     )
@@ -58,14 +58,14 @@ def initialize(info={})
   # Generic fetch json call. returns hash of json
   #
   def fetch_json(uri)
-    tpath = normalize_uri("#{datastore["TARGETURI"]}/#{uri}")
+    tpath = normalize_uri("#{datastore['TARGETURI']}/#{uri}")
     res = send_request_cgi({
       'uri' => tpath,
-      'method' => 'GET',
+      'method' => 'GET'
     })
-    return nil if not res or not res.body or not res.code
-    if (res.code == 200)
-      print_status res.body if datastore["DEBUGJSON"] == true
+    return nil if !res || !res.body || !res.code
+    if res.code == 200
+      print_status res.body if datastore['DEBUGJSON'] == true
       return JSON.parse(res.body)
     elsif res.code == 401
       print_error "Access Denied: #{res.body}"
@@ -97,7 +97,7 @@ def print_disclaimer
   # Uses status information to automatically load proper extensions
   #
   def autoload_extensions(sess)
-    if self.hw_specialty.has_key? "automotive"
+    if self.hw_specialty.key? "automotive"
       sess.load_automotive if self.hw_specialty["automotive"] == true
     end
     if self.hw_specialty.has_key? "zigbee"
@@ -109,7 +109,7 @@ def autoload_extensions(sess)
   # If the hardware contains custom methods, create functions for those
   #
   def load_custom_methods(sess)
-    if self.hw_capabilities.has_key? "custom_methods"
+    if self.hw_capabilities.key? "custom_methods"
       sess.load_custom_methods if self.hw_capabilities["custom_methods"] == true
     end
   end
@@ -119,23 +119,23 @@ def load_custom_methods(sess)
   #
   def get_status
     data = fetch_json("/status")
-    if not data == nil
-      if data.has_key? "operational"
+    unless data.nil?
+      if data.key? "operational"
         @last_access = Time.now
-        if data.has_key? "hw_specialty"
+        if data.key? "hw_specialty"
           self.hw_specialty = data["hw_specialty"]
         end
-        if data.has_key? "hw_capabilities"
+        if data.key? "hw_capabilities"
           self.hw_capabilities = data["hw_capabilities"]
         end
       end
     end
   end
 
   def run
-    print_status "Attempting to connect to #{datastore["RHOST"]}..."
+    print_status "Attempting to connect to #{datastore['RHOST']}..."
     self.get_status()
-    if not @last_access == nil
+    if !@last_access.nil?
       sess = Msf::Sessions::HWBridge.new(self)
       sess.set_from_exploit(self)
 
@@ -152,7 +152,9 @@ def run
 
   attr_reader :hw_specialty
   attr_reader :hw_capabilities
-protected
+
+  protected
+
   attr_writer :hw_specialty
   attr_writer :hw_capabilities
 end