// methods
protected override void Decode(byte[] message)
{
base.Decode(message);
short targetNameSize = BitConverterLE.ToInt16(message, 12);
int targetNameOffset = BitConverterLE.ToInt32(message, 16);
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 20);
Buffer.BlockCopy(message, 24, _nonce, 0, 8);
if (Version == NtlmVersion.Version1)
{
return;
}
Buffer.BlockCopy(message, 32, _context, 0, 8);
short targetInfoSize = BitConverterLE.ToInt16(message, 40);
int targetInfoOffset = BitConverterLE.ToInt32(message, 44);
if (Version == NtlmVersion.Version3)
{
Buffer.BlockCopy(OSVersion, 0, message, 48, OSVersion.Length);
}
Encoding enc = (Flags & NtlmFlags.NegotiateUnicode) != 0 ? Encoding.Unicode : Encoding.UTF8;
if (targetNameSize > 0)
{
TargetName = enc.GetString(message, targetNameOffset, targetNameSize);
}
_target.Decode(message, targetInfoOffset, targetInfoSize);
}
public override void FromXmlString(string xmlString)
{
if (xmlString == null)
{
throw new ArgumentNullException("xmlString");
}
DSAParameters dsaParams = new DSAParameters();
try {
dsaParams.P = GetNamedParam(xmlString, "P");
dsaParams.Q = GetNamedParam(xmlString, "Q");
dsaParams.G = GetNamedParam(xmlString, "G");
dsaParams.J = GetNamedParam(xmlString, "J");
dsaParams.Y = GetNamedParam(xmlString, "Y");
dsaParams.X = GetNamedParam(xmlString, "X");
dsaParams.Seed = GetNamedParam(xmlString, "Seed");
byte[] counter = GetNamedParam(xmlString, "PgenCounter");
if (counter != null)
{
byte[] counter4b = new byte [4]; // always 4 bytes
Buffer.BlockCopy(counter, 0, counter4b, 0, counter.Length);
dsaParams.Counter = BitConverterLE.ToInt32(counter4b, 0);
}
ImportParameters(dsaParams);
}
catch {
ZeroizePrivateKey(dsaParams);
throw;
}
finally {
ZeroizePrivateKey(dsaParams);
}
}
internal int ProcessFirstBlock()
{
if (this.fs == null)
{
return(1);
}
this.fs.Position = 0L;
this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length);
this.blockNo = 1;
if (this.blockLength < 0x40)
{
return(2);
}
if (BitConverterLE.ToUInt16(this.fileblock, 0) != 0x5a4d)
{
return(3);
}
this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60);
if (this.peOffset > this.fileblock.Length)
{
throw new NotSupportedException(string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length));
}
if (this.peOffset > this.fs.Length)
{
return(4);
}
if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 0x4550)
{
return(5);
}
this.dirSecurityOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x98);
this.dirSecuritySize = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x9c);
this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12);
return(0);
}
internal int ProcessFirstBlock()
{
if (fs == null)
{
return(1);
}
fs.Position = 0;
// read first block - it will include (100% sure)
// the MZ header and (99.9% sure) the PE header
blockLength = fs.Read(fileblock, 0, fileblock.Length);
blockNo = 1;
if (blockLength < 64)
{
return(2); // invalid PE file
}
// 1. Validate the MZ header informations
// 1.1. Check for magic MZ at start of header
if (BitConverterLE.ToUInt16(fileblock, 0) != 0x5A4D)
{
return(3);
}
// 1.2. Find the offset of the PE header
peOffset = BitConverterLE.ToInt32(fileblock, 60);
if (peOffset > fileblock.Length)
{
// just in case (0.1%) this can actually happen
string msg = String.Format(
"Размер заголовка слишком большой (> {0} байт).",
fileblock.Length);
throw new NotSupportedException(msg);
}
if (peOffset > fs.Length)
{
return(4);
}
// 2. Read between DOS header and first part of PE header
// 2.1. Check for magic PE at start of header
// PE - NT header ('P' 'E' 0x00 0x00)
if (BitConverterLE.ToUInt32(fileblock, peOffset) != 0x4550)
{
return(5);
}
// 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size)
dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152);
dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156);
// COFF symbol tables are deprecated - we'll strip them if we see them!
// (otherwise the signature won't work on MS and we don't want to support COFF for that)
coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12);
return(0);
}
private bool Decode(byte[] pvk, string password)
{
if (BitConverterLE.ToUInt32(pvk, 0) != 2964713758u)
{
return(false);
}
if (BitConverterLE.ToUInt32(pvk, 4) != 0u)
{
return(false);
}
this.keyType = BitConverterLE.ToInt32(pvk, 8);
this.encrypted = (BitConverterLE.ToUInt32(pvk, 12) == 1u);
int num = BitConverterLE.ToInt32(pvk, 16);
int num2 = BitConverterLE.ToInt32(pvk, 20);
byte[] array = new byte[num2];
Buffer.BlockCopy(pvk, 24 + num, array, 0, num2);
if (num > 0)
{
if (password == null)
{
return(false);
}
byte[] array2 = new byte[num];
Buffer.BlockCopy(pvk, 24, array2, 0, num);
byte[] array3 = this.DeriveKey(array2, password);
RC4 rc = RC4.Create();
ICryptoTransform cryptoTransform = rc.CreateDecryptor(array3, null);
cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8);
try
{
this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array);
this.weak = false;
}
catch (CryptographicException)
{
this.weak = true;
Buffer.BlockCopy(pvk, 24 + num, array, 0, num2);
Array.Clear(array3, 5, 11);
RC4 rc2 = RC4.Create();
cryptoTransform = rc2.CreateDecryptor(array3, null);
cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8);
this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array);
}
Array.Clear(array3, 0, array3.Length);
}
else
{
this.weak = true;
this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array);
Array.Clear(array, 0, array.Length);
}
Array.Clear(pvk, 0, pvk.Length);
return(this.rsa != null);
}
public JSImplGuid(byte[] b)
{
JSImplGuid.CheckArray(b, 16);
this._a = BitConverterLE.ToInt32(b, 0);
this._b = BitConverterLE.ToInt16(b, 4);
this._c = BitConverterLE.ToInt16(b, 6);
this._d = b[8];
this._e = b[9];
this._f = b[10];
this._g = b[11];
this._h = b[12];
this._i = b[13];
this._j = b[14];
this._k = b[15];
}
private bool Decode(byte[] pvk, string password)
{
if (BitConverterLE.ToUInt32(pvk, 0) != 2964713758U || BitConverterLE.ToUInt32(pvk, 4) != 0U)
{
return(false);
}
this.keyType = BitConverterLE.ToInt32(pvk, 8);
this.encrypted = BitConverterLE.ToUInt32(pvk, 12) == 1U;
int int32_1 = BitConverterLE.ToInt32(pvk, 16);
int int32_2 = BitConverterLE.ToInt32(pvk, 20);
byte[] numArray = new byte[int32_2];
Buffer.BlockCopy((Array)pvk, 24 + int32_1, (Array)numArray, 0, int32_2);
if (int32_1 > 0)
{
if (password == null)
{
return(false);
}
byte[] salt = new byte[int32_1];
Buffer.BlockCopy((Array)pvk, 24, (Array)salt, 0, int32_1);
byte[] rgbKey = this.DeriveKey(salt, password);
RC4.Create().CreateDecryptor(rgbKey, (byte[])null).TransformBlock(numArray, 8, numArray.Length - 8, numArray, 8);
try
{
this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray);
this.weak = false;
}
catch (CryptographicException)
{
this.weak = true;
Buffer.BlockCopy((Array)pvk, 24 + int32_1, (Array)numArray, 0, int32_2);
Array.Clear((Array)rgbKey, 5, 11);
RC4.Create().CreateDecryptor(rgbKey, (byte[])null).TransformBlock(numArray, 8, numArray.Length - 8, numArray, 8);
this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray);
}
Array.Clear((Array)rgbKey, 0, rgbKey.Length);
}
else
{
this.weak = true;
this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray);
Array.Clear((Array)numArray, 0, numArray.Length);
}
Array.Clear((Array)pvk, 0, pvk.Length);
return(this.rsa != null);
}
internal bool ReadFirstBlock()
{
if (this.fs == null)
{
return(false);
}
this.fs.Position = 0L;
this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length);
this.blockNo = 1;
if (this.blockLength < 64)
{
return(false);
}
if (BitConverterLE.ToUInt16(this.fileblock, 0) != 23117)
{
return(false);
}
this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60);
if (this.peOffset > this.fileblock.Length)
{
string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length);
throw new NotSupportedException(message);
}
if ((long)this.peOffset > this.fs.Length)
{
return(false);
}
if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 17744u)
{
return(false);
}
this.dirSecurityOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 152);
this.dirSecuritySize = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 156);
this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12);
return(true);
}
/// <summary>Reconstructs a <see cref="T:System.Security.Cryptography.DSA" /> object from an XML string.</summary>
/// <param name="xmlString">The XML string to use to reconstruct the <see cref="T:System.Security.Cryptography.DSA" /> object. </param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="xmlString" /> parameter is null. </exception>
/// <exception cref="T:System.Security.Cryptography.CryptographicException">The format of the <paramref name="xmlString" /> parameter is not valid. </exception>
public override void FromXmlString(string xmlString)
{
if (xmlString == null)
{
throw new ArgumentNullException("xmlString");
}
DSAParameters parameters = default(DSAParameters);
try
{
parameters.P = AsymmetricAlgorithm.GetNamedParam(xmlString, "P");
parameters.Q = AsymmetricAlgorithm.GetNamedParam(xmlString, "Q");
parameters.G = AsymmetricAlgorithm.GetNamedParam(xmlString, "G");
parameters.J = AsymmetricAlgorithm.GetNamedParam(xmlString, "J");
parameters.Y = AsymmetricAlgorithm.GetNamedParam(xmlString, "Y");
parameters.X = AsymmetricAlgorithm.GetNamedParam(xmlString, "X");
parameters.Seed = AsymmetricAlgorithm.GetNamedParam(xmlString, "Seed");
byte[] namedParam = AsymmetricAlgorithm.GetNamedParam(xmlString, "PgenCounter");
if (namedParam != null)
{
byte[] array = new byte[4];
Buffer.BlockCopy(namedParam, 0, array, 0, namedParam.Length);
parameters.Counter = BitConverterLE.ToInt32(array, 0);
}
this.ImportParameters(parameters);
}
catch
{
this.ZeroizePrivateKey(parameters);
throw;
}
finally
{
this.ZeroizePrivateKey(parameters);
}
}
internal int ProcessFirstBlock()
{
if (fs == null)
{
return(1);
}
fs.Position = 0L;
blockLength = fs.Read(fileblock, 0, fileblock.Length);
blockNo = 1;
if (blockLength < 64)
{
return(2);
}
if (BitConverterLE.ToUInt16(fileblock, 0) != 23117)
{
return(3);
}
peOffset = BitConverterLE.ToInt32(fileblock, 60);
if (peOffset > fileblock.Length)
{
string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), fileblock.Length);
throw new NotSupportedException(message);
}
if (peOffset > fs.Length)
{
return(4);
}
if (BitConverterLE.ToUInt32(fileblock, peOffset) != 17744)
{
return(5);
}
dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152);
dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156);
coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12);
return(0);
}
private bool Decode(byte[] pvk, string password)
{
// DWORD magic
if (BitConverterLE.ToUInt32(pvk, 0) != magic)
{
return(false);
}
// DWORD reserved
if (BitConverterLE.ToUInt32(pvk, 4) != 0x0)
{
return(false);
}
// DWORD keytype
keyType = BitConverterLE.ToInt32(pvk, 8);
// DWORD encrypted
encrypted = (BitConverterLE.ToUInt32(pvk, 12) == 1);
// DWORD saltlen
int saltlen = BitConverterLE.ToInt32(pvk, 16);
// DWORD keylen
int keylen = BitConverterLE.ToInt32(pvk, 20);
byte[] keypair = new byte [keylen];
Buffer.BlockCopy(pvk, 24 + saltlen, keypair, 0, keylen);
// read salt (if present)
if (saltlen > 0)
{
if (password == null)
{
return(false);
}
byte[] salt = new byte [saltlen];
Buffer.BlockCopy(pvk, 24, salt, 0, saltlen);
// first try with full (128) bits
byte[] key = DeriveKey(salt, password);
// decrypt in place and try this
RC4 rc4 = RC4.Create();
ICryptoTransform dec = rc4.CreateDecryptor(key, null);
dec.TransformBlock(keypair, 8, keypair.Length - 8, keypair, 8);
try
{
rsa = CryptoConvert.FromCapiPrivateKeyBlob(keypair);
weak = false;
}
catch (CryptographicException)
{
weak = true;
// second chance using weak crypto
Buffer.BlockCopy(pvk, 24 + saltlen, keypair, 0, keylen);
// truncate the key to 40 bits
Array.Clear(key, 5, 11);
// decrypt
RC4 rc4b = RC4.Create();
dec = rc4b.CreateDecryptor(key, null);
dec.TransformBlock(keypair, 8, keypair.Length - 8, keypair, 8);
rsa = CryptoConvert.FromCapiPrivateKeyBlob(keypair);
}
Array.Clear(key, 0, key.Length);
}
else
{
weak = true;
// read unencrypted keypair
rsa = CryptoConvert.FromCapiPrivateKeyBlob(keypair);
Array.Clear(keypair, 0, keypair.Length);
}
// zeroize pvk (which could contain the unencrypted private key)
Array.Clear(pvk, 0, pvk.Length);
return(rsa != null);
}
internal int ProcessFirstBlock()
{
if (fs == null)
{
return(1);
}
fs.Position = 0;
// read first block - it will include (100% sure)
// the MZ header and (99.9% sure) the PE header
blockLength = fs.Read(fileblock, 0, fileblock.Length);
blockNo = 1;
if (blockLength < 64)
{
return(2); // invalid PE file
}
// 1. Validate the MZ header informations
// 1.1. Check for magic MZ at start of header
if (BitConverterLE.ToUInt16(fileblock, 0) != 0x5A4D)
{
return(3);
}
// 1.2. Find the offset of the PE header
peOffset = BitConverterLE.ToInt32(fileblock, 60);
if (peOffset > fileblock.Length)
{
// just in case (0.1%) this can actually happen
// FIXME This does not mean the file is invalid,
// just that this code cannot handle it.
// FIXME Read the entire file into memory.
// See earlier comments.
string msg = String.Format(Locale.GetText(
"Header size too big (> {0} bytes)."),
fileblock.Length);
throw new NotSupportedException(msg);
}
// FIXME This verifies that PE starts within the file,
// but not that it fits.
if (peOffset > fs.Length)
{
return(4);
}
// 2. Read between DOS header and first part of PE header
// 2.1. Check for magic PE at start of header
// PE - NT header ('P' 'E' 0x00 0x00)
if (BitConverterLE.ToUInt32(fileblock, peOffset) != 0x4550)
{
return(5);
}
// PE signature is followed by 20 byte file header, and
// then 2 byte magic 0x10B for PE32 or 0x20B for PE32+,
// or 0x107 for the obscure ROM case.
// FIXME The code historically ignored this magic value
// entirely, so we only treat 0x20B differently to maintain
// this dubious behavior.
// FIXME The code also lacks range checks in a number of places,
// and will access arrays out of bounds for valid files.
ushort magic = BitConverterLE.ToUInt16(fileblock, peOffset + 24);
const int IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20B;
pe64 = magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC;
// FIXME This fails to validate NumberOfRvasAndSizes.
// 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size)
// These offsets are from the documentation, but add 24 for
// PE signature and file header.
if (pe64)
{
dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 168);
dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 168 + 4);
}
else
{
dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152);
dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156);
}
// FIXME Remove this code and the dependency on it.
coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12);
return(0);
}
