ai_reverse_engineer.py

from scapy.all import *
from openai import OpenAI

client = OpenAI(
    base_url='http://localhost:11434/v1/',
    api_key='ollama',
)

def analyze_packet(packet):
    packet_data = hexdump(packet, dump=True)
    prompt = f"""
You are an AI reverse engineer. Your task is to analyze the given network packet data and provide insights about the potential protocol structure and functionality.

Packet Data:
{packet_data}

Please provide a brief analysis of the packet, including:
1. Possible protocol identification
2. Key fields and their potential meanings
3. Packet type and purpose
"""

    response = client.chat.completions.create(
        messages=[
            {
                'role': 'system',
                'content': prompt,
            }
        ],
        model='llama3',
        stream=False
    )

    analysis = response.choices[0].message.content
    return analysis

def packet_callback(packet):
    analysis = analyze_packet(packet)
    print(f"Packet Analysis:\n{analysis}\n")

    # Extract protocol and packet type from the analysis
    protocol = re.search(r'Protocol:\s*(\w+)', analysis, re.IGNORECASE)
    packet_type = re.search(r'Packet Type:\s*(\w+)', analysis, re.IGNORECASE)

    if protocol and packet_type:
        protocol = protocol.group(1)
        packet_type = packet_type.group(1)
        print(f"Grouping: Protocol={protocol}, Packet Type={packet_type}")
        # Perform grouping or further analysis based on the protocol and packet type
    else:
        print("Unable to extract protocol and packet type from the analysis.")

    print("---")

# Start capturing packets
print("Starting packet capture...")
sniff(prn=packet_callback, count=10)