253 lines
9.4 KiB
Go
253 lines
9.4 KiB
Go
// Command icomnettest is an iteration probe for the Icom IP remote protocol
|
|
// (the LAN server built into the IC-7610 — the one RS-BA1 and wfview talk to).
|
|
// We're reimplementing it from the public protocol description, so this tool
|
|
// drives the CONTROL stream (default UDP 50001) and hex-dumps every packet both
|
|
// ways, letting us confirm the framing / type codes against the real rig before
|
|
// folding it into internal/cat/icomnet. Nothing here is copied from wfview
|
|
// (GPLv3) — it's a clean-room implementation from the protocol structure.
|
|
//
|
|
// This first milestone is the CONNECTION HANDSHAKE only (no login yet):
|
|
// areYouThere → iAmHere → areYouReady → iAmReady → periodic idle pings.
|
|
// Watch the log: if the rig answers our areYouThere we've got the framing right;
|
|
// its reply reveals the remote station ID we echo back. Login (token + user/
|
|
// password) is the next step once the handshake is confirmed.
|
|
//
|
|
// Usage:
|
|
// go run ./cmd/icomnettest 192.168.1.60 # control port 50001
|
|
// go run ./cmd/icomnettest 192.168.1.60 50001 20 # port + run seconds
|
|
//
|
|
// SAFE: only the control stream, no CI-V commands, no TX — it just opens and
|
|
// pings, then disconnects. Share the log and we iterate.
|
|
package main
|
|
|
|
import (
|
|
"encoding/binary"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"net"
|
|
"os"
|
|
"strconv"
|
|
"time"
|
|
)
|
|
|
|
// Control-stream packet types (best-known values from the public protocol
|
|
// description — the very thing we're verifying with this probe).
|
|
const (
|
|
typeAreYouThere = 0x03
|
|
typeIAmHere = 0x04
|
|
typeDisconnect = 0x05
|
|
typeAreYouReady = 0x06 // same type both directions (areYouReady / iAmReady)
|
|
typeIdle = 0x00 // 16-byte keepalive (retransmit/ack carrier)
|
|
typePing = 0x07 // 21-byte ping (offset 16 = 0x00 request / 0x01 reply, +4-byte payload)
|
|
)
|
|
|
|
// ctrlPacket is the 16-byte common control packet, all fields little-endian:
|
|
//
|
|
// uint32 len (=0x10) · uint16 type · uint16 seq · uint32 sentid · uint32 rcvdid
|
|
func ctrlPacket(typ uint16, seq uint16, sentid, rcvdid uint32) []byte {
|
|
b := make([]byte, 16)
|
|
binary.LittleEndian.PutUint32(b[0:], 0x10)
|
|
binary.LittleEndian.PutUint16(b[4:], typ)
|
|
binary.LittleEndian.PutUint16(b[6:], seq)
|
|
binary.LittleEndian.PutUint32(b[8:], sentid)
|
|
binary.LittleEndian.PutUint32(b[12:], rcvdid)
|
|
return b
|
|
}
|
|
|
|
// passcodeSeq is Icom's fixed obfuscation table for the login username/password
|
|
// (used by RS-BA1). BEST-EFFORT public reconstruction — the values that matter
|
|
// for a given credential are sequence[char+index]; if the radio rejects auth,
|
|
// compare the "scrambled" bytes this tool prints against a real login capture to
|
|
// correct the needed entries.
|
|
var passcodeSeq = [256]byte{
|
|
0x47, 0x5d, 0x4c, 0x42, 0x66, 0x20, 0x23, 0x46, 0x4e, 0x57, 0x45, 0x3d, 0x67, 0x76, 0x60, 0x41,
|
|
0x62, 0x39, 0x59, 0x2d, 0x68, 0x7e, 0x20, 0x77, 0x5f, 0x51, 0x3e, 0x70, 0x4d, 0x1f, 0x74, 0x38,
|
|
0x2c, 0x4b, 0x1e, 0x54, 0x30, 0x71, 0x2b, 0x2a, 0x66, 0x27, 0x2e, 0x58, 0x24, 0x21, 0x2f, 0x50,
|
|
0x1b, 0x73, 0x69, 0x36, 0x1d, 0x4f, 0x1c, 0x51, 0x2e, 0x1e, 0x45, 0x2e, 0x22, 0x50, 0x64, 0x66,
|
|
0x24, 0x36, 0x0c, 0x7d, 0x50, 0x25, 0x7c, 0x3f, 0x2d, 0x35, 0x71, 0x6a, 0x0e, 0x41, 0x2a, 0x67,
|
|
0x7c, 0x64, 0x77, 0x67, 0x6d, 0x5b, 0x3d, 0x5b, 0x2b, 0x67, 0x6c, 0x39, 0x35, 0x76, 0x3b, 0x2f,
|
|
0x2f, 0x6d, 0x59, 0x6e, 0x59, 0x77, 0x3b, 0x24, 0x74, 0x7c, 0x6b, 0x37, 0x54, 0x5c, 0x4d, 0x1f,
|
|
0x27, 0x69, 0x5b, 0x2e, 0x28, 0x35, 0x77, 0x74, 0x35, 0x1f, 0x6a, 0x2a, 0x28, 0x30, 0x25, 0x20,
|
|
}
|
|
|
|
// passcode scrambles s (username or password) via the Icom sequence table.
|
|
func passcode(s string) []byte {
|
|
out := make([]byte, len(s))
|
|
for i := 0; i < len(s); i++ {
|
|
p := int(s[i]) + i
|
|
if p > 0x7f {
|
|
p = ((p - 0x7f) % 0x33) - 1
|
|
if p < 0 {
|
|
p = 0
|
|
}
|
|
}
|
|
out[i] = passcodeSeq[p&0xff]
|
|
}
|
|
return out
|
|
}
|
|
|
|
// buildLogin builds the 0x80-byte login packet: control header + username/
|
|
// password (scrambled) at 0x40/0x50 and the app name at 0x60. The middle fields
|
|
// (payload size, request type, inner seq, token request) are a best-effort
|
|
// reconstruction and may need adjustment against a capture.
|
|
func buildLogin(seq uint16, sentid, rcvdid uint32, innerSeq, tokRequest uint16, user, pass, name string) []byte {
|
|
b := make([]byte, 0x80)
|
|
binary.LittleEndian.PutUint32(b[0:], 0x80) // len
|
|
// type (b[4:6]) = 0x00
|
|
binary.LittleEndian.PutUint16(b[6:], seq)
|
|
binary.LittleEndian.PutUint32(b[8:], sentid)
|
|
binary.LittleEndian.PutUint32(b[12:], rcvdid)
|
|
binary.LittleEndian.PutUint32(b[16:], 0x70) // payload size (len - 0x10)
|
|
binary.LittleEndian.PutUint16(b[20:], 0x00) // requesttype
|
|
binary.LittleEndian.PutUint16(b[22:], 0x01) // requestreply
|
|
binary.LittleEndian.PutUint16(b[24:], innerSeq)
|
|
binary.LittleEndian.PutUint16(b[26:], tokRequest)
|
|
// token (b[0x20:0x24]) = 0 until the rig grants one
|
|
copy(b[0x40:0x50], passcode(user))
|
|
copy(b[0x50:0x60], passcode(pass))
|
|
nm := name
|
|
if len(nm) > 16 {
|
|
nm = nm[:16]
|
|
}
|
|
copy(b[0x60:0x70], []byte(nm))
|
|
return b
|
|
}
|
|
|
|
func parseHeader(b []byte) (length uint32, typ, seq uint16, sentid, rcvdid uint32, ok bool) {
|
|
if len(b) < 16 {
|
|
return 0, 0, 0, 0, 0, false
|
|
}
|
|
length = binary.LittleEndian.Uint32(b[0:])
|
|
typ = binary.LittleEndian.Uint16(b[4:])
|
|
seq = binary.LittleEndian.Uint16(b[6:])
|
|
sentid = binary.LittleEndian.Uint32(b[8:])
|
|
rcvdid = binary.LittleEndian.Uint32(b[12:])
|
|
return length, typ, seq, sentid, rcvdid, true
|
|
}
|
|
|
|
func main() {
|
|
if len(os.Args) < 2 {
|
|
fmt.Println("usage: icomnettest <rig-ip> [user] [password]")
|
|
fmt.Println(" <rig-ip> only → handshake + ping probe")
|
|
fmt.Println(" <rig-ip> <user> <pass> → also attempt login")
|
|
fmt.Println("example: icomnettest 192.168.1.60 f6bgc cgb6f1")
|
|
os.Exit(2)
|
|
}
|
|
ip := os.Args[1]
|
|
port := 50001
|
|
runSecs := 25
|
|
user, pass := "", ""
|
|
if len(os.Args) >= 4 {
|
|
user, pass = os.Args[2], os.Args[3]
|
|
}
|
|
|
|
target := net.JoinHostPort(ip, strconv.Itoa(port))
|
|
conn, err := net.Dial("udp4", target)
|
|
if err != nil {
|
|
fmt.Printf("dial %s: %v\n", target, err)
|
|
os.Exit(1)
|
|
}
|
|
defer conn.Close()
|
|
|
|
// Our local station ID. Real clients derive it from the local IP:port; a
|
|
// stable non-zero value is fine for probing. We'll refine once we see how the
|
|
// rig echoes it back.
|
|
local := conn.LocalAddr().(*net.UDPAddr)
|
|
myID := uint32(local.IP.To4()[0])<<24 | uint32(local.IP.To4()[1])<<16 | uint32(uint16(local.Port))
|
|
var remoteID uint32
|
|
var seq uint16
|
|
|
|
logTx := func(name string, p []byte) {
|
|
fmt.Printf("TX %-14s (%d bytes)\n%s\n", name, len(p), hex.Dump(p))
|
|
if _, err := conn.Write(p); err != nil {
|
|
fmt.Printf(" write error: %v\n", err)
|
|
}
|
|
}
|
|
|
|
fmt.Printf("Probing Icom control stream at %s (myID=0x%08X)\n\n", target, myID)
|
|
if user != "" {
|
|
fmt.Printf("Login mode: user=%q pass=%q\n", user, pass)
|
|
fmt.Printf(" scrambled user = % X\n", passcode(user))
|
|
fmt.Printf(" scrambled pass = % X\n\n", passcode(pass))
|
|
}
|
|
var innerSeq uint16 = 0x0001
|
|
var tokRequest uint16 = 0x1234 // fixed for reproducibility (no RNG in this probe)
|
|
loginSent := false
|
|
|
|
// 1) areYouThere — ask the rig to announce itself.
|
|
seq++
|
|
logTx("areYouThere", ctrlPacket(typeAreYouThere, seq, myID, 0))
|
|
|
|
// Read loop: dump everything, and advance the handshake when we recognise a
|
|
// reply. Runs for runSecs then disconnects.
|
|
deadline := time.Now().Add(time.Duration(runSecs) * time.Second)
|
|
buf := make([]byte, 2048)
|
|
lastIdle := time.Now()
|
|
readyStarted := false
|
|
for time.Now().Before(deadline) {
|
|
_ = conn.SetReadDeadline(time.Now().Add(200 * time.Millisecond))
|
|
n, err := conn.Read(buf)
|
|
if err != nil {
|
|
if ne, ok := err.(net.Error); ok && ne.Timeout() {
|
|
// Periodic idle keepalive once connected.
|
|
if remoteID != 0 && time.Since(lastIdle) > 100*time.Millisecond {
|
|
seq++
|
|
logTx("idle", ctrlPacket(typeIdle, seq, myID, remoteID))
|
|
lastIdle = time.Now()
|
|
}
|
|
continue
|
|
}
|
|
fmt.Printf("read error: %v\n", err)
|
|
break
|
|
}
|
|
pkt := append([]byte(nil), buf[:n]...)
|
|
length, typ, rseq, sentid, rcvdid, ok := parseHeader(pkt)
|
|
if !ok {
|
|
fmt.Printf("RX (%d bytes, too short to parse)\n%s\n", n, hex.Dump(pkt))
|
|
continue
|
|
}
|
|
fmt.Printf("RX len=%d type=0x%02X seq=%d sentid=0x%08X rcvdid=0x%08X (%d bytes)\n%s\n",
|
|
length, typ, rseq, sentid, rcvdid, n, hex.Dump(pkt))
|
|
|
|
switch typ {
|
|
case typeIAmHere:
|
|
remoteID = sentid // the rig's ID — echo it back as rcvdid from now on
|
|
fmt.Printf(">> iAmHere: remoteID=0x%08X — sending areYouReady\n\n", remoteID)
|
|
seq++
|
|
logTx("areYouReady", ctrlPacket(typeAreYouReady, seq, myID, remoteID))
|
|
readyStarted = true
|
|
case typeAreYouReady:
|
|
if readyStarted && !loginSent {
|
|
fmt.Printf(">> iAmReady — control link is up.\n\n")
|
|
if user != "" {
|
|
seq++
|
|
lg := buildLogin(seq, myID, remoteID, innerSeq, tokRequest, user, pass, "OpsLog")
|
|
fmt.Printf(">> sending login (user=%q)\n", user)
|
|
logTx("login", lg)
|
|
loginSent = true
|
|
}
|
|
}
|
|
case typePing:
|
|
// Reply to the rig's ping: mirror the packet, swap sender/receiver IDs,
|
|
// set the reply flag at offset 16. Keeps the link healthy so we can
|
|
// observe the connection long enough to work on login.
|
|
reply := append([]byte(nil), pkt...)
|
|
if len(reply) >= 17 {
|
|
binary.LittleEndian.PutUint32(reply[8:], myID)
|
|
binary.LittleEndian.PutUint32(reply[12:], remoteID)
|
|
reply[16] = 0x01 // request → reply
|
|
logTx("pingReply", reply)
|
|
}
|
|
case typeDisconnect:
|
|
fmt.Printf(">> rig sent disconnect\n\n")
|
|
}
|
|
}
|
|
|
|
// Clean disconnect.
|
|
if remoteID != 0 {
|
|
seq++
|
|
logTx("disconnect", ctrlPacket(typeDisconnect, seq, myID, remoteID))
|
|
}
|
|
fmt.Println("Done. Paste the log — especially the rig's replies to areYouThere.")
|
|
}
|