Skip to content

JJJollyjim/wireshark-goodix

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 

Repository files navigation

wireshark-goodix

Wireshark protocol dissector for the SPI protocol of the GXFP5187.

SPI packets are to be provided as fake UDP packets on Port 1, since I don't think pcap has a SPI linktype.

goodix_message.lua describes the interesting packet information. goodix_v2.lua is an encapsulation format that specifies whether or not the packet is encrypted with TLS. Decrypted data is then fed back in to the goodix_message dissector.

Sample SPI data is available in sample_data.pcap

Usage

Drop both .lua files in ~/.local/lib/wireshark/plugins (or another plugin directory)

For USB, right click a packet and select "Decode As...", then select GOODIX from the dropdown

Decryption

Enter your 48-byte PSK (as 96 bytes of hex) in Edit -> Preferences -> Protocols -> TLS -> Pre-Shared-Key

Wireshark may complain in the TLS Application Data packet dissection that the packet length exceeds the maximum from the spec -- this appears to not matter, the data all decrypts correctly anyway.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages