Beispiel #1
0
        internal static void send_request(byte[] client_random, byte[] rsa_data, byte[] username, byte[] host)
        {
            int       num    = 0x80;
            int       num2   = (username.Length == 0) ? 0 : (username.Length + 1);
            int       num3   = (host.Length == 0) ? 0 : (host.Length + 1);
            int       num4   = (0x80 + num2) + num3;
            RdpPacket packet = new RdpPacket();

            packet.WriteLittleEndian32(num);
            packet.WriteByte(0x13);
            packet.WriteByte(2);
            packet.WriteLittleEndian16((short)num4);
            packet.WriteLittleEndian32(1);
            packet.WriteLittleEndianU32(0xff010000);
            packet.Write(client_random, 0, 0x20);
            packet.WriteLittleEndian16((short)0);
            packet.WriteLittleEndian16((short)(RDPClient.modulus_size + 8));
            packet.Write(rsa_data, 0, RDPClient.modulus_size);
            packet.Position += 8L;
            packet.WriteLittleEndian16((short)15);
            packet.WriteLittleEndian16((short)num2);
            if (num2 != 0)
            {
                packet.Write(username, 0, num2 - 1);
                packet.WriteByte(0);
            }
            packet.WriteLittleEndian16((short)0x10);
            packet.WriteLittleEndian16((short)num3);
            if (num3 != 0)
            {
                packet.Write(host, 0, num3 - 1);
                packet.WriteByte(0);
            }
            IsoLayer.SendMCS(packet, MCS.MSC_GLOBAL_CHANNEL);
        }
Beispiel #2
0
        private static void send_AttachUserRequest()
        {
            RdpPacket data = new RdpPacket();

            data.WriteByte((byte)(AURQ << 2));
            IsoLayer.SendTPKT(data);
        }
Beispiel #3
0
        private static void sendSynchronize()
        {
            RdpPacket packet = new RdpPacket();

            packet.WriteLittleEndian16((short)1);
            packet.WriteLittleEndian16((short)0x3ea);
            IsoLayer.sendDataPDU(packet, IsoLayer.PDUType2.PDUTYPE2_SYNCHRONIZE, Secure.RDPEncrypted() ? MCS.SEC_ENCRYPT : 0);
        }
Beispiel #4
0
        private static void sendControl(int action)
        {
            RdpPacket packet = new RdpPacket();

            packet.WriteLittleEndian16((short)action);
            packet.WriteLittleEndian16((short)0);
            packet.WriteLittleEndian32(0);
            IsoLayer.sendDataPDU(packet, IsoLayer.PDUType2.PDUTYPE2_CONTROL, Secure.RDPEncrypted() ? MCS.SEC_ENCRYPT : 0);
        }
Beispiel #5
0
        private static void send_ErectDomainRequest()
        {
            RdpPacket data = new RdpPacket();

            data.WriteByte((byte)(EDRQ << 2));
            data.WriteBigEndian16((short)1);
            data.WriteBigEndian16((short)1);
            IsoLayer.SendTPKT(data);
        }
Beispiel #6
0
        private static void send_ChannelJoinRequest(int channelid)
        {
            RdpPacket data = new RdpPacket();

            data.WriteByte((byte)(CJRQ << 2));
            data.WriteBigEndian16((short)RDPClient.McsUserID);
            data.WriteBigEndian16((short)channelid);
            IsoLayer.SendTPKT(data);
        }
Beispiel #7
0
        private static void sendFontList()
        {
            RdpPacket packet = new RdpPacket();

            packet.WriteLittleEndian16((short)0);
            packet.WriteLittleEndian16((short)0);
            packet.WriteLittleEndian16((short)3);
            packet.WriteLittleEndian16((short)50);
            IsoLayer.sendDataPDU(packet, IsoLayer.PDUType2.PDUTYPE2_FONTLIST, Secure.RDPEncrypted() ? MCS.SEC_ENCRYPT : 0);
        }
Beispiel #8
0
        private static void sendPersistKeyList()
        {
            int num    = 0;
            int num2   = 0;
            int num3   = 0;
            int num4   = 0;
            int num5   = 0;
            int num6   = 0;
            int num7   = 0;
            int num8   = 0;
            int num9   = 0;
            int num10  = 0;
            int offset = 0;

            while ((((num6 < num) || (num7 < num2)) || ((num8 < num3) || (num9 < num4))) || (num10 < num5))
            {
                int       num12     = 0;
                int       num13     = 0;
                int       num14     = 0;
                int       num15     = 0;
                int       num16     = 0;
                bool      bMoreKeys = false;
                RdpPacket packet    = new RdpPacket();
                packet.WriteLittleEndian16((ushort)num12);
                packet.WriteLittleEndian16((ushort)num13);
                packet.WriteLittleEndian16((ushort)num14);
                packet.WriteLittleEndian16((ushort)num15);
                packet.WriteLittleEndian16((ushort)num16);
                packet.WriteLittleEndian16((ushort)num);
                packet.WriteLittleEndian16((ushort)num2);
                packet.WriteLittleEndian16((ushort)num3);
                packet.WriteLittleEndian16((ushort)num4);
                packet.WriteLittleEndian16((ushort)num5);
                byte num17 = 0;
                if (offset == 0)
                {
                    num17 = (byte)(num17 | 1);
                }
                if (!bMoreKeys)
                {
                    num17 = (byte)(num17 | 2);
                }
                packet.WriteByte(num17);
                packet.WriteByte(0);
                packet.WriteLittleEndian16((short)0);

                IsoLayer.sendDataPDU(packet, IsoLayer.PDUType2.PDUTYPE2_BITMAPCACHE_PERSISTENT_LIST, Secure.RDPEncrypted() ? MCS.SEC_ENCRYPT : 0);
                num6  += num12;
                num7  += num13;
                num8  += num14;
                num9  += num15;
                num10 += num16;
            }
        }
Beispiel #9
0
        public static void Disconnect()
        {
            RdpPacket packet = new RdpPacket();

            packet.WriteLittleEndian16((short)1);
            packet.WriteLittleEndian16((short)0x3ea);
            IsoLayer.sendDataPDU(packet, IsoLayer.PDUType2.PDUTYPE2_SHUTDOWN_REQUEST, Secure.RDPEncrypted() ? SEC_ENCRYPT : 0);
            packet = new RdpPacket();
            packet.WriteByte((byte)(DPUM << 2));
            packet.WriteByte(3);
            IsoLayer.SendTPKT(packet);
        }
Beispiel #10
0
        internal static void send_authresp(byte[] token, byte[] crypt_hwid, byte[] signature)
        {
            int       num    = 0x80;
            int       num2   = 0x3a;
            RdpPacket packet = new RdpPacket();

            packet.WriteLittleEndian32(num);
            packet.WriteByte(0x15);
            packet.WriteByte(2);
            packet.WriteLittleEndian16((short)num2);
            packet.WriteLittleEndian16((short)1);
            packet.WriteLittleEndian16((short)10);
            packet.Write(token, 0, 10);
            packet.WriteLittleEndian16((short)1);
            packet.WriteLittleEndian16((short)20);
            packet.Write(crypt_hwid, 0, 20);
            packet.Write(signature, 0, 0x10);
            IsoLayer.SendMCS(packet, MCS.MSC_GLOBAL_CHANNEL);
        }
Beispiel #11
0
        private static void sendConnectNegotiation(int NegotiationFlags, byte[] loadBalanceToken)
        {
            string domainAndUsername = RDPClient.DomainAndUsername;

            if (domainAndUsername.Length > 9)
            {
                domainAndUsername = domainAndUsername.Substring(0, 9);
            }
            RdpPacket packet = new RdpPacket();

            packet.WriteByte(3);
            packet.WriteByte(0);
            long position = packet.Position;

            packet.WriteBigEndian16((short)0);
            packet.WriteByte(0);
            packet.WriteByte(0xe0);
            packet.WriteBigEndian16((short)0);
            packet.WriteBigEndian16((short)0);
            packet.WriteByte(0);
            if (loadBalanceToken != null)
            {
                packet.Write(loadBalanceToken, 0, loadBalanceToken.Length);
                packet.WriteString("\r\n", false);
            }
            else
            {
                packet.WriteString("Cookie: mstshash=" + domainAndUsername + "\r\n", true);
            }
            packet.WriteByte(1);
            packet.WriteByte(0);
            packet.WriteLittleEndian16((short)8);
            packet.WriteLittleEndian32(NegotiationFlags);
            long num2 = packet.Position;

            packet.Position = position;
            packet.WriteBigEndian16((short)num2);
            packet.WriteByte((byte)(num2 - 5L));
            IsoLayer.Write(packet);
        }
Beispiel #12
0
        internal static void processDemandActive(RdpPacket data)
        {
            int num3;

            RDPClient.rdp_shareid = data.getLittleEndian32();
            int num = data.getLittleEndian16();

            data.getLittleEndian16();
            data.Position += num;
            int numCaps = data.getLittleEndian16();

            data.getLittleEndian16();
            processServerCapabilities(data, numCaps);
            sendConfirmActive();
            sendSynchronize();
            sendControl(4);
            sendControl(1);
            ISO.Secure_Receive(out num3);
            ISO.Secure_Receive(out num3);
            ISO.Secure_Receive(out num3);
            if (!RDPClient.m_bInitialised)
            {
                sendPersistKeyList();
            }
            List <Rdp.InputInfo> inputToSend = new List <Rdp.InputInfo>
            {
                new Rdp.InputInfo(0, Rdp.InputType.INPUT_EVENT_SYNC, 0, 0, 0)
            };

            IsoLayer.SendInput(inputToSend);
            sendFontList();
            ISO.Secure_Receive(out num3);
            if (RDPClient.m_bInitialised)
            {
                RDPClient.OnInitialise();
            }
            RDPClient.m_bInitialised = true;
            resetOrderState();
        }
Beispiel #13
0
        private static void sendConfirmActive()
        {
            int num  = 390;
            int num2 = 0;

            if (Secure.RDPEncrypted())
            {
                num2 |= MCS.SEC_ENCRYPT;
            }
            RdpPacket data = new RdpPacket();

            data.WriteLittleEndian16((short)((0x10 + num) + RDP_SOURCE.Length));
            data.WriteLittleEndian16((short)0x13);
            data.WriteLittleEndian16((short)(RDPClient.McsUserID + 0x3e9));
            data.WriteLittleEndian32(RDPClient.rdp_shareid);
            data.WriteLittleEndian16((short)0x3ea);
            data.WriteLittleEndian16((short)RDP_SOURCE.Length);
            data.WriteLittleEndian16((short)num);
            data.Write(RDP_SOURCE, 0, RDP_SOURCE.Length);
            data.WriteLittleEndian16((short)13);
            data.Position += 2L;
            sendGeneralCaps(data);
            sendBitmapCaps(data);
            sendOrderCaps(data);
            sendBitmapcacheCaps(data);
            sendColorcacheCaps(data);
            sendActivateCaps(data);
            sendControlCaps(data);
            sendPointerCaps(data);
            sendShareCaps(data);
            sendInputCaps(data);
            sendSoundCaps(data);
            sendFontCaps(data);
            sendGlyphCacheCaps(data);
            IsoLayer.SendMCS_GlobalChannel(data, num2);
        }
Beispiel #14
0
        internal static void send_connection_request(byte[] loadBalanceToken, bool bAutoReconnect)
        {
            int num;

            RDPClient.dec_count     = 0;
            RDPClient.enc_count     = 0;
            Network.ConnectionStage = RDPClient.eConnectionStage.Negotiating;
            if (RDPClient.enableNLA)
            {
                sendConnectNegotiation(3, loadBalanceToken);
                num = receiveConnectNegotiation();

                if (num == 0x10000000)
                {
                    Network.Close();
                    Network.Connect(RDPClient.Host, RDPClient.Port);
                    sendConnectNegotiation(0, loadBalanceToken);
                    num = receiveConnectNegotiation();

                    if (num != 0)
                    {
                        throw new RDFatalException("Security negotiation failed!");
                    }
                }
                else
                {
                    if (((num & 1) != 0) || ((num & 2) != 0))
                    {
                        Network.ConnectionStage = RDPClient.eConnectionStage.Securing;
                        Network.ConnectSSL();
                    }
                    if ((num & 2) != 0)
                    {
                        Network.ConnectionStage = RDPClient.eConnectionStage.Authenticating;
                        CredSSP.Negotiate(Network.GetSSLPublicKey());
                    }
                }
            }
            else
            {
                sendConnectNegotiation(0, loadBalanceToken);
                num = receiveConnectNegotiation();
                if (num != 0)
                {
                    throw new RDFatalException("Security negotiation failed!");
                }
            }

            Network.ConnectionStage = RDPClient.eConnectionStage.Establishing;
            IsoLayer.SendTPKT(sendConnectInitial(sendMcsData(true, Channels.RegisteredChannels.Count, num)));
            receiveConnectResponse();
            send_ErectDomainRequest();
            send_AttachUserRequest();
            RDPClient.McsUserID = receive_AttachUserConfirm();
            send_ChannelJoinRequest(RDPClient.McsUserID + MCS_USERCHANNEL_BASE);
            receive_ChannelJoinConfirm();
            send_ChannelJoinRequest(MSC_GLOBAL_CHANNEL);
            receive_ChannelJoinConfirm();
            foreach (IVirtualChannel channel in Channels.RegisteredChannels)
            {
                send_ChannelJoinRequest(channel.ChannelID);
                receive_ChannelJoinConfirm();
            }
            int num2 = 0x40;

            if (Secure.RDPEncrypted())
            {
                Network.ConnectionStage = RDPClient.eConnectionStage.SecureAndLogin;
                RdpPacket packet = Secure.establishKey();
                packet.Position = 0L;
                IsoLayer.SendMCS(packet, MSC_GLOBAL_CHANNEL);
                num2 |= SEC_ENCRYPT;
            }
            else
            {
                Network.ConnectionStage = RDPClient.eConnectionStage.Login;
            }
            IsoLayer.SendMCS_GlobalChannel(getLoginInfo(RDPClient.Domain, RDPClient.Username, RDPClient.Password, "", "", bAutoReconnect), num2);
        }