package; import android.accounts.Account; import android.accounts.AccountManager; import android.content.ContentResolver; import android.content.Context; import android.content.SharedPreferences; import android.location.Location; import android.os.Bundle; import android.preference.PreferenceManager; import android.util.Log; import org.apache.http.HttpResponse; import org.apache.http.HttpVersion; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.conn.ClientConnectionManager; import org.apache.http.conn.scheme.PlainSocketFactory; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.scheme.SchemeRegistry; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager; import org.apache.http.params.BasicHttpParams; import org.apache.http.params.HttpParams; import org.apache.http.params.HttpProtocolParams; import org.apache.http.protocol.HTTP; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; import; import; import; import; import; import; import; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.GregorianCalendar; import java.util.HashMap; import java.util.List; import java.util.Map; import de.tudarmstadt.informatik.hostage.location.MyLocationManager; import de.tudarmstadt.informatik.hostage.logging.MessageRecord; import de.tudarmstadt.informatik.hostage.logging.NetworkRecord; import de.tudarmstadt.informatik.hostage.logging.Record; import de.tudarmstadt.informatik.hostage.logging.SyncData; import de.tudarmstadt.informatik.hostage.logging.SyncInfo; import de.tudarmstadt.informatik.hostage.logging.SyncRecord; import; import de.tudarmstadt.informatik.hostage.sync.Synchronizer; import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity; /** * Created by abrakowski */ public class SyncUtils { private static final long SYNC_FREQUENCY = 60 * 60; // 1 hour (in seconds) public static final String CONTENT_AUTHORITY = "de.tudarmstadt.informatik.hostage"; private static final String PREF_SETUP_COMPLETE = "sync_setup_complete"; private static final Map protocolsTypeMap; static { protocolsTypeMap = new HashMap(); protocolsTypeMap.put("UNKNOWN", 0); protocolsTypeMap.put("ECHO", 1); protocolsTypeMap.put("GHOST", 2); protocolsTypeMap.put("PORTSCAN", 11); protocolsTypeMap.put("SSH", 20); protocolsTypeMap.put("MySQL", 31); protocolsTypeMap.put("SMB", 40); protocolsTypeMap.put("SIP", 50); protocolsTypeMap.put("FTP", 60); protocolsTypeMap.put("HTTP", 70); protocolsTypeMap.put("HTTPS", 71); protocolsTypeMap.put("TELNET", 80); } /** * Create an entry for this application in the system account list, if it isn't already there. * * @param context Context */ public static void CreateSyncAccount(Context context) { boolean newAccount = false; boolean setupComplete = PreferenceManager .getDefaultSharedPreferences(context).getBoolean(PREF_SETUP_COMPLETE, false); // Create account, if it's missing. (Either first run, or user has deleted account.) Account account = HostageAccountService.GetAccount(); AccountManager accountManager = (AccountManager) context.getSystemService(Context.ACCOUNT_SERVICE); if (accountManager.addAccountExplicitly(account, null, null)) { // Inform the system that this account supports sync ContentResolver.setIsSyncable(account, CONTENT_AUTHORITY, 1); // Inform the system that this account is eligible for auto sync when the network is up ContentResolver.setSyncAutomatically(account, CONTENT_AUTHORITY, true); // Recommend a schedule for automatic synchronization. The system may modify this based // on other scheduled syncs and network utilization. ContentResolver.addPeriodicSync( account, CONTENT_AUTHORITY, new Bundle(),SYNC_FREQUENCY); newAccount = true; } // Schedule an initial sync if we detect problems with either our account or our local // data has been deleted. (Note that it's possible to clear app data WITHOUT affecting // the account list, so wee need to check both.) if (newAccount || !setupComplete) { TriggerRefresh(); PreferenceManager.getDefaultSharedPreferences(context).edit() .putBoolean(PREF_SETUP_COMPLETE, true).commit(); } } public static void TriggerRefresh() { Bundle b = new Bundle(); // Disable sync backoff and ignore sync preferences. In other words...perform sync NOW! b.putBoolean(ContentResolver.SYNC_EXTRAS_MANUAL, true); b.putBoolean(ContentResolver.SYNC_EXTRAS_EXPEDITED, true); ContentResolver.requestSync( HostageAccountService.GetAccount(), // Sync account CONTENT_AUTHORITY, // Content authority b); // Extras } public static String getProtocolFromInt(int p){ for(Map.Entry entry: protocolsTypeMap.entrySet()){ if(entry.getValue() == p) return entry.getKey(); } return "UNKNOWN"; } public static void appendRecordToStringWriter(Record record, Writer stream){ try { stream.append( "{" + "\"sensor\":{" + "\"name\":\"HosTaGe\"," + "\"type\":\"Honeypot\"" + "}," + "\"src\":{" + "\"ip\":\"" + record.getRemoteIP() + "\"," + "\"port\":" + record.getRemotePort() + "}," + "\"dst\":{" + "\"ip\":\"" + record.getExternalIP() /*record.getLocalIP()*/ + "\"," + "\"port\":" + record.getLocalPort() + "}," + "\"type\":" + (protocolsTypeMap.containsKey(record.getProtocol()) ? protocolsTypeMap.get(record.getProtocol()) : 0) + "," + "\"log\":\"" + record.getProtocol() + "\"," + "\"md5sum\":\"\"," + "\"date\":" + (int)(record.getTimestamp() / 1000) + "," + "\"bssid\":\"" + record.getBssid() + "\"," + "\"ssid\":\"" + record.getSsid() + "\"," + "\"device\":\"" + record.getDevice() + "\"," + "\"sync_id\":\"" + record.getSync_id() + "\"" + "}\n" ); } catch (IOException e) { e.printStackTrace(); } } public static boolean uploadRecordsToServer(String entity, String serverAddress){ HttpPost httppost; try { HttpClient httpClient = createHttpClient(); // Create HttpPost httppost = new HttpPost(serverAddress); StringEntity se = new StringEntity(entity); httppost.addHeader("content-type", "application/json+newline"); httppost.setEntity(se); // Execute HttpPost HttpResponse response = httpClient.execute(httppost); if(response.getStatusLine().getStatusCode() >= 400 && response.getStatusLine().getStatusCode() < 600){ return false; } Log.i("TracingSyncService", "Status Code: " + response.getStatusLine().getStatusCode()); } catch (Exception e) { e.printStackTrace(); return false; } return true; } public static T downloadFromServer(String address, Class klass){ HttpGet httpget; try { HttpClient httpClient = createHttpClient(); httpget = new HttpGet(address); httpget.addHeader("Accept", "application/json"); HttpResponse response = httpClient.execute(httpget); Log.i("downloadFromServer", "Status Code: " + response.getStatusLine().getStatusCode()); if(response.getStatusLine().getStatusCode() >= 400 && response.getStatusLine().getStatusCode() < 600){ return klass.newInstance(); } return klass.getConstructor(klass).newInstance(readResponseToString(response)); } catch (Exception e) { e.printStackTrace(); return null; } } public static String readResponseToString(HttpResponse response){ StringBuilder builder = new StringBuilder(); try { BufferedReader bReader = new BufferedReader(new InputStreamReader(response.getEntity().getContent())); String line; while ((line = bReader.readLine()) != null) { builder.append(line); } } catch (IOException e) { e.printStackTrace(); } return builder.toString(); } public static SyncData getSyncDataFromTracing(Context context, Synchronizer synchronizer){ SharedPreferences pref = PreferenceManager.getDefaultSharedPreferences(context); String serverAddress = pref.getString("pref_upload_server", ""); HttpPost httppost; try { HttpClient httpClient = createHttpClient(); // Create HttpPost httppost = new HttpPost(serverAddress + "/sync"); SyncInfo info = synchronizer.getSyncInfo(); JSONArray deviceMap = new JSONArray(); for(Map.Entry entry: info.deviceMap.entrySet()){ JSONObject m = new JSONObject(); m.put("sync_id", entry.getValue()); m.put("device", entry.getKey()); deviceMap.put(m); } JSONObject req = new JSONObject(); req.put("condition", ""); req.put("info", deviceMap); StringEntity se = new StringEntity(req.toString()); httppost.addHeader("content-type", "application/json"); httppost.setEntity(se); // Execute HttpPost HttpResponse response = httpClient.execute(httppost); Log.i("TracingSyncService", "Status Code: " + response.getStatusLine().getStatusCode()); if(response.getStatusLine().getStatusCode() >= 400 && response.getStatusLine().getStatusCode() < 600){ return null; } String responseBody = readResponseToString(response); JSONArray syncData = new JSONArray(responseBody); ArrayList syncRecords = new ArrayList(); Map networkRecordMap = new HashMap(); SyncData result = new SyncData(); for(int i=0; i(networkRecordMap.values()); result.syncRecords = syncRecords; return result; } catch (Exception e) { e.printStackTrace(); return null; } } public static String urlEncodeUTF8(String s) { try { return URLEncoder.encode(s, "UTF-8"); } catch (UnsupportedEncodingException e) { throw new UnsupportedOperationException(e); } } public static String[] convertMapToStringArray(Map map){ String[] array = new String[map.size() * 2]; int i = 0; for(Map.Entry entry: map.entrySet()){ array[i] = entry.getKey(); array[i + 1] = entry.getValue(); i += 2; } return array; } public static String buildUrlFromBase(String baseUrl, String... query){ StringBuilder sb = new StringBuilder(baseUrl); if(query.length >= 2){ sb.append("?"); } for(int i=0; i 0){ sb.append("&"); } sb.append(String.format("%s=%s", urlEncodeUTF8(query[i]), urlEncodeUTF8(query[i + 1]) )); } return sb.toString(); } public static String buildUrlFromBase(String baseUrl, Map query){ return buildUrlFromBase(baseUrl, convertMapToStringArray(query)); } public static String buildUrl(String protocol, String domain, int port, String path, String ... query){ return buildUrlFromBase( String.format("%s://%s:%d/%s", urlEncodeUTF8(protocol), urlEncodeUTF8(domain), port, path), query ); } public static String buildUrl(String protocol, String domain, int port, String path, Map query){ return buildUrl(protocol, domain, port, path, convertMapToStringArray(query)); } public static List getCountriesFromServer(String serverAddress){ List ret = new ArrayList(); JSONArray array = downloadFromServer(serverAddress + "/get_countries", JSONArray.class); try { for (int i = 0; i < array.length(); i++) { JSONObject ob = array.getJSONObject(i); ret.add(new String[]{ob.getString("cc"), ob.getString("country")}); } } catch(Exception e){ e.printStackTrace(); } return ret; } public static String fromCalendar(final Calendar calendar) { Date date = calendar.getTime(); String formatted = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ") .format(date); return formatted.substring(0, 22) + ":" + formatted.substring(22); } public static Calendar toCalendar(final String iso8601string) throws ParseException { Calendar calendar = GregorianCalendar.getInstance(); String s = iso8601string.replace("Z", "0+0000"); try { s = s.substring(0, 22) + s.substring(23); // to get rid of the ":" } catch (IndexOutOfBoundsException e) { throw new ParseException("Invalid length", 0); } Date date = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").parse(s); calendar.setTime(date); return calendar; } public static JSONArray retrieveNewAttacks(Context context, boolean fromPosition){ SharedPreferences pref = PreferenceManager.getDefaultSharedPreferences(context); String serverAddress = pref.getString("pref_download_server", ""); long lastDownloadTime = pref.getLong("pref_download_last_time", 0); Calendar calendar = GregorianCalendar.getInstance(); calendar.setTimeInMillis(lastDownloadTime); String baseUri = serverAddress + "/get_attacks"; Map query = new HashMap(); query.put("start", fromCalendar(calendar)); if(fromPosition){ Location location = MyLocationManager.getNewestLocation(); if(location != null) { query.put("latitude", String.valueOf(location.getLatitude())); query.put("longitude", String.valueOf(location.getLongitude())); query.put("distance", "300"); } } return downloadFromServer(buildUrlFromBase(baseUri, "start", fromCalendar(calendar)), JSONArray.class); } public static void logNewAttacks(Context context, JSONArray attacks){ Map networks = new HashMap(); for(int i=0; i