Ejemplo n.º 1
0
        public static void TestRedo(string path, long size)
        {
            int bytesPerCluster = 512;

            while (bytesPerCluster <= 65536)
            {
                string volumeLabel = "RedoTest_" + bytesPerCluster.ToString();
                string fileName    = "Test.txt";
                byte[] fileData    = System.Text.Encoding.ASCII.GetBytes("Redone");
                CreateVolumeWithPendingFileCreation(path, size, bytesPerCluster, volumeLabel, fileName, fileData);

                VHDMountHelper.MountVHD(path);
                string driveName = MountHelper.WaitForDriveToMount(volumeLabel);
                if (driveName == null)
                {
                    throw new Exception("Timeout waiting for volume to mount");
                }
                bool isErrorFree = ChkdskHelper.Chkdsk(driveName);
                if (!isErrorFree)
                {
                    throw new InvalidDataException("CHKDSK reported errors");
                }
                byte[] bytesRead = File.ReadAllBytes(driveName + fileName);
                if (!ByteUtils.AreByteArraysEqual(fileData, bytesRead))
                {
                    throw new InvalidDataException("Test failed");
                }
                VHDMountHelper.UnmountVHD(path);
                File.Delete(path);

                bytesPerCluster = bytesPerCluster * 2;
            }
        }
        /// <summary>
        /// https://tools.ietf.org/html/rfc2743
        /// </summary>
        public static SimpleProtectedNegotiationToken ReadToken(byte[] tokenBytes, int offset)
        {
            byte tag = ByteReader.ReadByte(tokenBytes, ref offset);

            if (tag == ApplicationTag)
            {
                // when an InitToken is sent, it is prepended by an Application Constructed Object specifier (0x60),
                // and the OID for SPNEGO (see value in OID table above). This is the generic GSSAPI header.
                int tokenLength = DerEncodingHelper.ReadLength(tokenBytes, ref offset);
                tag = ByteReader.ReadByte(tokenBytes, ref offset);
                if (tag == (byte)DerEncodingTag.ObjectIdentifier)
                {
                    int    objectIdentifierLength = DerEncodingHelper.ReadLength(tokenBytes, ref offset);
                    byte[] objectIdentifier       = ByteReader.ReadBytes(tokenBytes, ref offset, objectIdentifierLength);
                    if (ByteUtils.AreByteArraysEqual(objectIdentifier, SPNEGOIdentifier))
                    {
                        tag = ByteReader.ReadByte(tokenBytes, ref offset);
                        if (tag == SimpleProtectedNegotiationTokenInit.NegTokenInitTag)
                        {
                            return(new SimpleProtectedNegotiationTokenInit(tokenBytes, offset));
                        }
                    }
                }
            }
            else if (tag == SimpleProtectedNegotiationTokenResponse.NegTokenRespTag)
            {
                return(new SimpleProtectedNegotiationTokenResponse(tokenBytes, offset));
            }
            return(null);
        }
Ejemplo n.º 3
0
        /// <summary>
        /// LM v2 / NTLM v2
        /// </summary>
        public User AuthenticateV2(string domainNameToAuth, string accountNameToAuth, byte[] serverChallenge, byte[] lmResponse, byte[] ntlmResponse)
        {
            for (int index = 0; index < this.Count; index++)
            {
                string accountName = this[index].AccountName;
                string password    = this[index].Password;

                if (String.Equals(accountName, accountNameToAuth, StringComparison.InvariantCultureIgnoreCase))
                {
                    byte[] _LMv2ClientChallenge = ByteReader.ReadBytes(lmResponse, 16, 8);
                    byte[] expectedLMv2Response = NTAuthentication.ComputeLMv2Response(serverChallenge, _LMv2ClientChallenge, password, accountName, domainNameToAuth);
                    if (ByteUtils.AreByteArraysEqual(expectedLMv2Response, lmResponse))
                    {
                        return(this[index]);
                    }

                    if (ntlmResponse.Length > 24)
                    {
                        NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(ntlmResponse, 16);
                        byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
                        byte[] expectedNTLMv2Response         = NTAuthentication.ComputeNTLMv2Response(serverChallenge, clientChallengeStructurePadded, password, accountName, domainNameToAuth);

                        if (ByteUtils.AreByteArraysEqual(expectedNTLMv2Response, ntlmResponse))
                        {
                            return(this[index]);
                        }
                    }
                }
            }
            return(null);
        }
Ejemplo n.º 4
0
 public static bool TestCrc16Ccitt_1()
 {
     byte[] buffer   = new byte[] { 0x06 };
     byte[] checksum = new byte[] { 0x4E, 0x95 };
     byte[] result   = LittleEndianConverter.GetBytes(Crc16Ccitt.ComputeChecksum(buffer));
     return(ByteUtils.AreByteArraysEqual(checksum, result));
 }
Ejemplo n.º 5
0
        // Based on #2 test vector from https://docs.microsoft.com/en-us/archive/blogs/openspecification/encryption-in-smb-3-0-a-protocol-perspective
        public void TestDecryption()
        {
            byte[] key = new byte[] { 0x8F, 0xE2, 0xB5, 0x7E, 0xC3, 0x4D, 0x2D, 0xB5, 0xB1, 0xA9, 0x72, 0x7F, 0x52, 0x6B, 0xBD, 0xB5 };

            byte[] nonce = new byte[] { 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00 };

            byte[] signature = new byte[] { 0xA6, 0x01, 0x55, 0x30, 0xA1, 0x8F, 0x6D, 0x9A, 0xFF, 0xE2, 0x2A, 0xFA, 0xE8, 0xE6, 0x64, 0x84 };

            byte[] associatedData = new byte[] { 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00,
                                                 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00 };

            byte[] encyrptedData = new byte[] { 0xDB, 0xF4, 0x64, 0x35, 0xC5, 0xF1, 0x41, 0x69, 0x29, 0x3C, 0xE0, 0x79, 0xE3, 0x44, 0x47, 0x9B,
                                                0xF6, 0x70, 0x22, 0x7E, 0x49, 0x87, 0x3F, 0x45, 0x86, 0x72, 0xC3, 0x09, 0x8D, 0xAC, 0x46, 0x7D,
                                                0xD5, 0x80, 0x9F, 0x36, 0x9D, 0x67, 0x40, 0x91, 0x66, 0x51, 0x57, 0x87, 0x14, 0x83, 0xE0, 0x1F,
                                                0x7B, 0xEC, 0xD0, 0x20, 0x64, 0xEA, 0xC3, 0xE2, 0x35, 0xF9, 0x13, 0x66, 0x8B, 0xBC, 0x2F, 0x09,
                                                0x79, 0x80, 0xD4, 0xB3, 0x78, 0xF1, 0x99, 0x3E, 0xFF, 0x6E, 0x60, 0xD1, 0x77, 0x30, 0x9E, 0x5B };

            byte[] expectedData = new byte[] { 0xFE, 0x53, 0x4D, 0x42, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x21, 0x00,
                                               0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                               0xFF, 0xFE, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00,
                                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                               0x11, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

            byte[] data = AesCcm.DecryptAndAuthenticate(key, nonce, encyrptedData, associatedData, signature);
            Assert.True(ByteUtils.AreByteArraysEqual(expectedData, data));
        }
Ejemplo n.º 6
0
        public bool IsPasswordEmpty(AuthenticateMessage message)
        {
            // Special case for anonymous authentication, see [MS-NLMP] 3.3.1 - NTLM v1 Authentication
            if (message.LmChallengeResponse.Length == 1 || message.NtChallengeResponse.Length == 0)
            {
                return(true);
            }

            byte[] clientChallenge             = ByteReader.ReadBytes(message.LmChallengeResponse, 0, 8);
            byte[] emptyPasswordNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(m_serverChallenge, clientChallenge, String.Empty);
            if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv1Response, message.NtChallengeResponse))
            {
                return(true);
            }

            if (message.NtChallengeResponse.Length > 24)
            {
                NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(message.NtChallengeResponse, 16);
                byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
                byte[] emptyPasswordNTLMv2Response    = NTAuthentication.ComputeNTLMv2Response(m_serverChallenge, clientChallengeStructurePadded, String.Empty, message.UserName, message.DomainName);
                if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv2Response, message.NtChallengeResponse))
                {
                    return(true);
                }
            }

            return(false);
        }
Ejemplo n.º 7
0
 public void LMv1ResponseTest()
 {
     byte[] challenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
     byte[] response  = NTLMCryptography.ComputeLMv1Response(challenge, "Password");
     byte[] expected  = { 0x98, 0xde, 0xf7, 0xb8, 0x7f, 0x88, 0xaa, 0x5d, 0xaf, 0xe2, 0xdf, 0x77, 0x96, 0x88, 0xa1, 0x72, 0xde, 0xf1, 0x1c, 0x7d, 0x5c, 0xcd, 0xef, 0x13 };
     Assert.True(ByteUtils.AreByteArraysEqual(response, expected));
 }
Ejemplo n.º 8
0
        public void TestEncryption()
        {
            byte[] encryptionKey = new byte[] { 0x26, 0x1B, 0x72, 0x35, 0x05, 0x58, 0xF2, 0xE9, 0xDC, 0xF6, 0x13, 0x07, 0x03, 0x83, 0xED, 0xBF };
            byte[] nonce         = new byte[] { 0x66, 0xE6, 0x9A, 0x11, 0x18, 0x92, 0x58, 0x4F, 0xB5, 0xED, 0x52 };
            ulong  sessionID     = 0x8e40014000011;

            byte[] message = new byte[] { 0xFE, 0x53, 0x4D, 0x42, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x40, 0x00,
                                          0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                          0xFF, 0xFE, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00,
                                          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                          0x31, 0x00, 0x70, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                          0x15, 0x01, 0x00, 0x00, 0x39, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00, 0x39, 0x02, 0x00, 0x00,
                                          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                          0x53, 0x6D, 0x62, 0x33, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x20,
                                          0x74, 0x65, 0x73, 0x74, 0x69, 0x6E, 0x67 };

            byte[] expectedEncrypted = new byte[] { 0x25, 0xC8, 0xFE, 0xE1, 0x66, 0x05, 0xA4, 0x37, 0x83, 0x2D, 0x1C, 0xD5, 0x2D, 0xA9, 0xF4, 0x64,
                                                    0x53, 0x33, 0x48, 0x2A, 0x17, 0x5F, 0xE5, 0x38, 0x45, 0x63, 0xF4, 0x5F, 0xCD, 0xAF, 0xAE, 0xF3,
                                                    0x8B, 0xC6, 0x2B, 0xA4, 0xD5, 0xC6, 0x28, 0x97, 0x99, 0x66, 0x25, 0xA4, 0x4C, 0x29, 0xBE, 0x56,
                                                    0x58, 0xDE, 0x2E, 0x61, 0x17, 0x58, 0x57, 0x79, 0xE7, 0xB5, 0x9F, 0xFD, 0x97, 0x12, 0x78, 0xD0,
                                                    0x85, 0x80, 0xD7, 0xFA, 0x89, 0x9E, 0x41, 0x0E, 0x91, 0x0E, 0xAB, 0xF5, 0xAA, 0x1D, 0xB4, 0x30,
                                                    0x50, 0xB3, 0x3B, 0x49, 0x18, 0x26, 0x37, 0x75, 0x9A, 0xC1, 0x5D, 0x84, 0xBF, 0xCD, 0xF5, 0xB6,
                                                    0xB2, 0x38, 0x99, 0x3C, 0x0F, 0x4C, 0xF4, 0xD6, 0x01, 0x20, 0x23, 0xF6, 0xC6, 0x27, 0x29, 0x70,
                                                    0x75, 0xD8, 0x4B, 0x78, 0x03, 0x91, 0x2D, 0x0A, 0x96, 0x39, 0x63, 0x44, 0x53, 0x59, 0x5E, 0xF3,
                                                    0xE3, 0x3F, 0xFE, 0x4E, 0x7A, 0xC2, 0xAB };

            byte[] expectedSignature = new byte[] { 0x81, 0xA2, 0x86, 0x53, 0x54, 0x15, 0x44, 0x5D, 0xAE, 0x39, 0x39, 0x21, 0xE4, 0x4F, 0xA4, 0x2E };

            byte[] signature;
            byte[] encryptedMessage = SMB2Cryptography.EncryptMessage(encryptionKey, nonce, message, sessionID, out signature);

            Assert.True(ByteUtils.AreByteArraysEqual(expectedEncrypted, encryptedMessage));
            // The associated data in this sample include non-zero nonce padding so we ignore signature validation
        }
Ejemplo n.º 9
0
 public static bool TestCrc16Ccitt_2()
 {
     byte[] buffer   = new byte[] { 0x0d, 0x0f, 0x50, 0x42, 0x4c, 0x5f, 0x44, 0x6c, 0x6f, 0x61, 0x64, 0x56, 0x45, 0x52, 0x31, 0x2e, 0x30 };
     byte[] checksum = new byte[] { 0x37, 0x41 };
     byte[] result   = LittleEndianConverter.GetBytes(Crc16Ccitt.ComputeChecksum(buffer));
     return(ByteUtils.AreByteArraysEqual(checksum, result));
 }
        public static void TestSimultaneousWriteAndRead(string path, long size)
        {
            RawDiskImage disk = RawDiskImage.Create(path, size);

            disk.ExclusiveLock(true);
            int totalSectors = (int)Math.Min(disk.TotalSectors, Int32.MaxValue);

            Parallel.For(0, totalSectors / 2, 1, 4, delegate(int sectorHint)
            {
                long sectorIndex = sectorHint * 2;
                byte[] pattern   = GetTestPattern(sectorIndex, 2, RawDiskImage.DefaultBytesPerSector);
                disk.WriteSectors(sectorIndex, pattern);

                if (sectorIndex > 100)
                {
                    long sectorIndexToVerify = sectorIndex - 100;
                    byte[] expectedPattern   = GetTestPattern(sectorIndexToVerify, 2, RawDiskImage.DefaultBytesPerSector);
                    byte[] sectorBytes       = disk.ReadSectors(sectorIndexToVerify, 2);
                    if (!ByteUtils.AreByteArraysEqual(sectorBytes, expectedPattern))
                    {
                        throw new InvalidDataException("Test failed");
                    }
                }
            });

            disk.ReleaseLock();
        }
Ejemplo n.º 11
0
        // Based on #1 test vector from https://docs.microsoft.com/en-us/archive/blogs/openspecification/encryption-in-smb-3-0-a-protocol-perspective
        public void TestEncryption()
        {
            byte[] key   = new byte[] { 0x26, 0x1B, 0x72, 0x35, 0x05, 0x58, 0xF2, 0xE9, 0xDC, 0xF6, 0x13, 0x07, 0x03, 0x83, 0xED, 0xBF };
            byte[] nonce = new byte[] { 0x66, 0xE6, 0x9A, 0x11, 0x18, 0x92, 0x58, 0x4F, 0xB5, 0xED, 0x52 };

            byte[] data = new byte[] { 0xFE, 0x53, 0x4D, 0x42, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x40, 0x00,
                                       0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                       0xFF, 0xFE, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00,
                                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                       0x31, 0x00, 0x70, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                       0x15, 0x01, 0x00, 0x00, 0x39, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00, 0x39, 0x02, 0x00, 0x00,
                                       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                       0x53, 0x6D, 0x62, 0x33, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x20,
                                       0x74, 0x65, 0x73, 0x74, 0x69, 0x6E, 0x67 };

            byte[] associatedData = new byte[] { 0x66, 0xE6, 0x9A, 0x11, 0x18, 0x92, 0x58, 0x4F, 0xB5, 0xED, 0x52, 0x4A, 0x74, 0x4D, 0xA3, 0xEE,
                                                 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00 };

            byte[] expectedEncrypted = new byte[] { 0x25, 0xC8, 0xFE, 0xE1, 0x66, 0x05, 0xA4, 0x37, 0x83, 0x2D, 0x1C, 0xD5, 0x2D, 0xA9, 0xF4, 0x64,
                                                    0x53, 0x33, 0x48, 0x2A, 0x17, 0x5F, 0xE5, 0x38, 0x45, 0x63, 0xF4, 0x5F, 0xCD, 0xAF, 0xAE, 0xF3,
                                                    0x8B, 0xC6, 0x2B, 0xA4, 0xD5, 0xC6, 0x28, 0x97, 0x99, 0x66, 0x25, 0xA4, 0x4C, 0x29, 0xBE, 0x56,
                                                    0x58, 0xDE, 0x2E, 0x61, 0x17, 0x58, 0x57, 0x79, 0xE7, 0xB5, 0x9F, 0xFD, 0x97, 0x12, 0x78, 0xD0,
                                                    0x85, 0x80, 0xD7, 0xFA, 0x89, 0x9E, 0x41, 0x0E, 0x91, 0x0E, 0xAB, 0xF5, 0xAA, 0x1D, 0xB4, 0x30,
                                                    0x50, 0xB3, 0x3B, 0x49, 0x18, 0x26, 0x37, 0x75, 0x9A, 0xC1, 0x5D, 0x84, 0xBF, 0xCD, 0xF5, 0xB6,
                                                    0xB2, 0x38, 0x99, 0x3C, 0x0F, 0x4C, 0xF4, 0xD6, 0x01, 0x20, 0x23, 0xF6, 0xC6, 0x27, 0x29, 0x70,
                                                    0x75, 0xD8, 0x4B, 0x78, 0x03, 0x91, 0x2D, 0x0A, 0x96, 0x39, 0x63, 0x44, 0x53, 0x59, 0x5E, 0xF3,
                                                    0xE3, 0x3F, 0xFE, 0x4E, 0x7A, 0xC2, 0xAB };

            byte[] expectedSignature = new byte[] { 0x81, 0xA2, 0x86, 0x53, 0x54, 0x15, 0x44, 0x5D, 0xAE, 0x39, 0x39, 0x21, 0xE4, 0x4F, 0xA4, 0x2E };

            byte[] calculatedSignature;
            byte[] encrypted = AesCcm.Encrypt(key, nonce, data, associatedData, 16, out calculatedSignature);
            Assert.True(ByteUtils.AreByteArraysEqual(expectedEncrypted, encrypted));
            Assert.True(ByteUtils.AreByteArraysEqual(expectedSignature, calculatedSignature));
        }
        public static void TestOverlappedWriteAndOverlappedRead(string path, long size)
        {
            RawDiskImage disk = RawDiskImage.Create(path, size);

            disk.ExclusiveLock(true);
            int totalSectors = (int)Math.Min(disk.TotalSectors, Int32.MaxValue);

            Parallel.For(0, totalSectors, 1, 4, delegate(int sectorIndex)
            {
                byte[] pattern = GetTestPattern(sectorIndex, RawDiskImage.DefaultBytesPerSector);
                disk.WriteSectors(sectorIndex, pattern);
            });

            Parallel.For(0, totalSectors, 1, 4, delegate(int sectorIndex)
            {
                byte[] pattern     = GetTestPattern(sectorIndex, RawDiskImage.DefaultBytesPerSector);
                byte[] sectorBytes = disk.ReadSector(sectorIndex);
                if (!ByteUtils.AreByteArraysEqual(pattern, sectorBytes))
                {
                    throw new InvalidDataException("Test failed");
                }
            });

            disk.ReleaseLock();
        }
        public static void TestWriteRead(string path, long size)
        {
            RawDiskImage disk = RawDiskImage.Create(path, size);

            disk.ExclusiveLock();
            for (long sectorIndex = 0; sectorIndex < disk.TotalSectors; sectorIndex += PhysicalDisk.MaximumDirectTransferSizeLBA)
            {
                long   leftToWrite    = disk.TotalSectors - sectorIndex;
                int    sectorsToWrite = (int)Math.Min(leftToWrite, PhysicalDisk.MaximumDirectTransferSizeLBA);
                byte[] pattern        = GetTestPattern(sectorIndex, sectorsToWrite, RawDiskImage.DefaultBytesPerSector);
                disk.WriteSectors(sectorIndex, pattern);
            }

            for (long sectorIndex = 0; sectorIndex < disk.TotalSectors; sectorIndex += PhysicalDisk.MaximumDirectTransferSizeLBA)
            {
                long   leftToRead    = disk.TotalSectors - sectorIndex;
                int    sectorsToRead = (int)Math.Min(leftToRead, PhysicalDisk.MaximumDirectTransferSizeLBA);
                byte[] pattern       = GetTestPattern(sectorIndex, sectorsToRead, RawDiskImage.DefaultBytesPerSector);
                byte[] sectorBytes   = disk.ReadSectors(sectorIndex, sectorsToRead);
                if (!ByteUtils.AreByteArraysEqual(pattern, sectorBytes))
                {
                    throw new InvalidDataException("Test failed");
                }
            }

            disk.ReleaseLock();
        }
        public static bool NTLMv2ChallengeMessageTest()
        {
            byte[] expected = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00,
                                           0x38, 0x00, 0x00, 0x00, 0x33, 0x82, 0x8a, 0xe2, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
                                           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x24, 0x00, 0x44, 0x00, 0x00, 0x00,
                                           0x06, 0x00, 0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00,
                                           0x65, 0x00, 0x72, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00,
                                           0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00,
                                           0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00 };

            byte[]           serverChallenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
            ChallengeMessage message         = new ChallengeMessage();

            message.ServerChallenge = serverChallenge;
            message.Version         = new NTLMVersion(6, 0, 6000, 15);
            message.NegotiateFlags  = NegotiateFlags.UnicodeEncoding | NegotiateFlags.OEMEncoding | NegotiateFlags.Sign | NegotiateFlags.Seal | NegotiateFlags.NTLMSessionSecurity | NegotiateFlags.AlwaysSign | NegotiateFlags.TargetTypeServer | NegotiateFlags.ExtendedSessionSecurity | NegotiateFlags.TargetInfo | NegotiateFlags.Version | NegotiateFlags.Use128BitEncryption | NegotiateFlags.KeyExchange | NegotiateFlags.Use56BitEncryption;
            message.TargetName      = "Server";
            byte[] serverAVPair = AVPairUtils.GetAVPairSequence("Domain", "Server");
            message.TargetInfo = serverAVPair;

            byte[] messageBytes = message.GetBytes();
            bool   success      = ByteUtils.AreByteArraysEqual(expected, messageBytes);

            return(success);
        }
        /// <summary>
        /// LM v1 / NTLM v1 Extended Session Security
        /// </summary>
        private static bool AuthenticateV1Extended(string password, byte[] serverChallenge, byte[] lmResponse, byte[] ntResponse)
        {
            byte[] clientChallenge        = ByteReader.ReadBytes(lmResponse, 0, 8);
            byte[] expectedNTLMv1Response = NTLMCryptography.ComputeNTLMv1ExtendedSessionSecurityResponse(serverChallenge, clientChallenge, password);

            return(ByteUtils.AreByteArraysEqual(expectedNTLMv1Response, ntResponse));
        }
Ejemplo n.º 16
0
        public void TestDecryption()
        {
            byte[] decryptionKey = new byte[] { 0x8F, 0xE2, 0xB5, 0x7E, 0xC3, 0x4D, 0x2D, 0xB5, 0xB1, 0xA9, 0x72, 0x7F, 0x52, 0x6B, 0xBD, 0xB5 };

            byte[] transformedPacket = new byte[] { 0xFD, 0x53, 0x4D, 0x42, 0xA6, 0x01, 0x55, 0x30, 0xA1, 0x8F, 0x6D, 0x9A, 0xFF, 0xE2, 0x2A, 0xFA,
                                                    0xE8, 0xE6, 0x64, 0x84, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14,
                                                    0x00, 0xE4, 0x08, 0x00, 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x00, 0x00, 0x14,
                                                    0x00, 0xE4, 0x08, 0x00, 0xDB, 0xF4, 0x64, 0x35, 0xC5, 0xF1, 0x41, 0x69, 0x29, 0x3C, 0xE0, 0x79,
                                                    0xE3, 0x44, 0x47, 0x9B, 0xF6, 0x70, 0x22, 0x7E, 0x49, 0x87, 0x3F, 0x45, 0x86, 0x72, 0xC3, 0x09,
                                                    0x8D, 0xAC, 0x46, 0x7D, 0xD5, 0x80, 0x9F, 0x36, 0x9D, 0x67, 0x40, 0x91, 0x66, 0x51, 0x57, 0x87,
                                                    0x14, 0x83, 0xE0, 0x1F, 0x7B, 0xEC, 0xD0, 0x20, 0x64, 0xEA, 0xC3, 0xE2, 0x35, 0xF9, 0x13, 0x66,
                                                    0x8B, 0xBC, 0x2F, 0x09, 0x79, 0x80, 0xD4, 0xB3, 0x78, 0xF1, 0x99, 0x3E, 0xFF, 0x6E, 0x60, 0xD1,
                                                    0x77, 0x30, 0x9E, 0x5B };

            byte[] expectedDecryptedMessage = new byte[] { 0xFE, 0x53, 0x4D, 0x42, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x21, 0x00,
                                                           0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                                           0xFF, 0xFE, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00,
                                                           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                                           0x11, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

            SMB2TransformHeader transformHeader = new SMB2TransformHeader(transformedPacket, 0);

            byte[] encryptedMessage = ByteReader.ReadBytes(transformedPacket, SMB2TransformHeader.Length, (int)transformHeader.OriginalMessageSize);
            byte[] decryptedMessage = SMB2Cryptography.DecryptMessage(decryptionKey, transformHeader, encryptedMessage);

            Assert.True(ByteUtils.AreByteArraysEqual(expectedDecryptedMessage, decryptedMessage));
        }
Ejemplo n.º 17
0
        public static bool ValidateCertificate(byte[] issuingCertificate, byte[] certificateToValidate)
        {
            RSAParameters rsaParameters = GetRSAParameters(issuingCertificate);

            byte[] certificateSignature = ByteReader.ReadBytes(certificateToValidate, certificateToValidate.Length - 256, 256);
            byte[] decodedSignature     = RSAHelper.DecryptSignature(certificateSignature, rsaParameters);
            byte[] tbsCertificate       = CertificateHelper.ExtractTbsCertificate(certificateToValidate);
            if (StartsWith(decodedSignature, SHA_256_PKCS_ID))
            {
                byte[]        expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_256_PKCS_ID.Length, 32);
                SHA256Managed sha256       = new SHA256Managed();
                byte[]        hash         = sha256.ComputeHash(tbsCertificate);
                return(ByteUtils.AreByteArraysEqual(hash, expectedHash));
            }
            else if (StartsWith(decodedSignature, SHA_160_PKCS_ID))
            {
                byte[]      expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_160_PKCS_ID.Length, 20);
                SHA1Managed sha1         = new SHA1Managed();
                byte[]      hash         = sha1.ComputeHash(tbsCertificate);
                return(ByteUtils.AreByteArraysEqual(hash, expectedHash));
            }
            else
            {
                throw new NotImplementedException("Unsupported Signature PKCS ID");
            }
        }
Ejemplo n.º 18
0
 public void NTLMv1ResponseTest()
 {
     byte[] challenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
     byte[] response  = NTLMCryptography.ComputeNTLMv1Response(challenge, "Password");
     byte[] expected  = { 0x67, 0xc4, 0x30, 0x11, 0xf3, 0x02, 0x98, 0xa2, 0xad, 0x35, 0xec, 0xe6, 0x4f, 0x16, 0x33, 0x1c, 0x44, 0xbd, 0xbe, 0xd9, 0x27, 0x84, 0x1f, 0x94 };
     Assert.True(ByteUtils.AreByteArraysEqual(response, expected));
 }
Ejemplo n.º 19
0
        /// <summary>
        /// Get Windows Volume Guid of MBR disk
        /// </summary>
        /// <param name="partitionStartOffset">In bytes</param>
        /// <returns></returns>
        public static Guid?GetWindowsVolumeGuid(uint mbrDiskSignature, ulong partitionStartOffset)
        {
            byte[] identifier = new byte[12];
            LittleEndianWriter.WriteUInt32(identifier, 0, mbrDiskSignature);
            LittleEndianWriter.WriteUInt64(identifier, 4, partitionStartOffset);

            RegistryKey mountedDevices = Registry.LocalMachine.OpenSubKey(@"SYSTEM\MountedDevices");

            foreach (string valueName in mountedDevices.GetValueNames())
            {
                object valueObject = mountedDevices.GetValue(valueName);
                byte[] value       = valueObject as byte[];
                if (value != null && value.Length == 12)
                {
                    if (ByteUtils.AreByteArraysEqual(value, identifier))
                    {
                        if (valueName.StartsWith(@"\??\Volume"))
                        {
                            string guidString = valueName.Substring(10);
                            return(new Guid(guidString));
                        }
                    }
                }
            }
            return(null);
        }
Ejemplo n.º 20
0
        public static bool VerifyImageSignature(byte[] imageBytes, byte[] softwareID, byte[] hardwareID)
        {
            if (softwareID.Length != 8)
            {
                throw new ArgumentException("SoftwareID should be 8 bytes long");
            }

            if (hardwareID.Length != 8)
            {
                throw new ArgumentException("HardwareID should be 8 bytes long");
            }

            byte[] expectedHash = DecryptFileSignature(imageBytes);

            byte[] imageHeader = ByteReader.ReadBytes(imageBytes, 0, ApplicationExecutableHeader.Length);
            byte[] codeBytes   = ApplicationExecutableHelper.ExtractCode(imageBytes);

            HashAlgorithm hashAlgorithm;

            if (expectedHash.Length == 20)
            {
                hashAlgorithm = SHA1.Create();
            }
            else if (expectedHash.Length == 32)
            {
                hashAlgorithm = SHA256.Create();
            }
            else
            {
                throw new Exception("Unknown hash algorithm");
            }
            byte[] message = hashAlgorithm.ComputeHash(ByteUtils.Concatenate(imageHeader, codeBytes));
            byte[] hash    = HMAC(softwareID, hardwareID, message, hashAlgorithm);
            return(ByteUtils.AreByteArraysEqual(expectedHash, hash));
        }
Ejemplo n.º 21
0
 public static bool Test2()
 {
     byte[] key            = new byte[] { 0x61, 0x8A, 0x63, 0xD2, 0xFB };
     byte[] text           = new byte[] { 0xDC, 0xEE, 0x4C, 0xF9, 0x2C };
     byte[] expectedCipher = new byte[] { 0xF1, 0x38, 0x29, 0xC9, 0xDE };
     byte[] cipher         = RC4.Encrypt(key, text);
     return(ByteUtils.AreByteArraysEqual(cipher, expectedCipher));
 }
Ejemplo n.º 22
0
 public static bool Test1()
 {
     byte[] key            = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
     byte[] text           = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
     byte[] expectedCipher = new byte[] { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 };
     byte[] cipher         = RC4.Encrypt(key, text);
     return(ByteUtils.AreByteArraysEqual(cipher, expectedCipher));
 }
Ejemplo n.º 23
0
 public void Test2()
 {
     byte[] key            = new byte[] { 0x61, 0x8A, 0x63, 0xD2, 0xFB };
     byte[] text           = new byte[] { 0xDC, 0xEE, 0x4C, 0xF9, 0x2C };
     byte[] expectedCipher = new byte[] { 0xF1, 0x38, 0x29, 0xC9, 0xDE };
     byte[] cipher         = RC4.Encrypt(key, text);
     Assert.IsTrue(ByteUtils.AreByteArraysEqual(cipher, expectedCipher));
 }
        public static bool LMv1HashTest()
        {
            byte[] hash     = NTLMCryptography.LMOWFv1("Password");
            byte[] expected = new byte[] { 0xe5, 0x2c, 0xac, 0x67, 0x41, 0x9a, 0x9a, 0x22, 0x4a, 0x3b, 0x10, 0x8f, 0x3f, 0xa6, 0xcb, 0x6d };
            bool   success  = ByteUtils.AreByteArraysEqual(hash, expected);

            return(success);
        }
        public static bool NTv2HashTest()
        {
            byte[] hash     = NTLMCryptography.NTOWFv2("Password", "User", "Domain");
            byte[] expected = new byte[] { 0x0c, 0x86, 0x8a, 0x40, 0x3b, 0xfd, 0x7a, 0x93, 0xa3, 0x00, 0x1e, 0xf2, 0x2e, 0xf0, 0x2e, 0x3f };
            bool   success  = ByteUtils.AreByteArraysEqual(hash, expected);

            return(success);
        }
Ejemplo n.º 26
0
 public void LMv2ResponseTest()
 {
     byte[] serverChallenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
     byte[] clientChallenge = new byte[] { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
     byte[] response        = NTLMCryptography.ComputeLMv2Response(serverChallenge, clientChallenge, "Password", "User", "Domain");
     byte[] expected        = new byte[] { 0x86, 0xc3, 0x50, 0x97, 0xac, 0x9c, 0xec, 0x10, 0x25, 0x54, 0x76, 0x4a, 0x57, 0xcc, 0xcc, 0x19, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
     Assert.True(ByteUtils.AreByteArraysEqual(response, expected));
 }
        public static bool NTv1HashTest()
        {
            byte[] hash     = NTLMCryptography.NTOWFv1("Password");
            byte[] expected = new byte[] { 0xa4, 0xf4, 0x9c, 0x40, 0x65, 0x10, 0xbd, 0xca, 0xb6, 0x82, 0x4e, 0xe7, 0xc3, 0x0f, 0xd8, 0x52 };
            bool   success  = ByteUtils.AreByteArraysEqual(hash, expected);

            return(success);
        }
Ejemplo n.º 28
0
 public void Test1()
 {
     byte[] key            = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
     byte[] text           = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
     byte[] expectedCipher = { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 };
     byte[] cipher         = RC4.Encrypt(key, text);
     Assert.True(ByteUtils.AreByteArraysEqual(cipher, expectedCipher));
 }
Ejemplo n.º 29
0
 public static bool StartsWith(byte[] array1, byte[] array2)
 {
     if (array1.Length >= array2.Length)
     {
         byte[] start = ByteReader.ReadBytes(array1, 0, array2.Length);
         return(ByteUtils.AreByteArraysEqual(start, array2));
     }
     return(false);
 }
Ejemplo n.º 30
0
        public void Test2()
        {
            byte[] buffer = { 0x20, 0x46, 0x47, 0x45, 0x4e, 0x44, 0x4a, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x41, 0x41, 0x00 };
            int    offset = 0;
            string name   = NetBiosUtils.DecodeName(buffer, ref offset);

            byte[] encodedName = NetBiosUtils.EncodeName(name, string.Empty);
            Assert.True(ByteUtils.AreByteArraysEqual(buffer, encodedName));
        }