internal static int parseCryptInfo(RdpPacket data)
{
int num2 = 0;
int num3 = 0;
int num4 = 0;
int num5 = 0;
int num6 = 0;
int num7 = 0;
num7 = data.getLittleEndian32();
if (data.getLittleEndian32() == 0)
{
if (!Network.SSLConnection)
{
throw new RDFatalException("Server does not support encrypted connections!");
}
return(0);
}
int count = data.getLittleEndian32();
num2 = data.getLittleEndian32();
if (count != 0x20)
{
string[] strArray = new string[] { "Wrong size of random key size! Accepted ", count.ToString(), " but ", 0x20.ToString(), "!" };
throw new RDFatalException(string.Concat(strArray));
}
m_Server_Random = new byte[count];
data.Read(m_Server_Random, 0, count);
num6 = ((int)data.Position) + num2;
if (num6 > data.Length)
{
throw new RDFatalException("Crypt Info too short!");
}
if ((data.getLittleEndian32() & 1) != 0)
{
data.Position += 8L;
while (data.Position < data.Length)
{
num3 = data.getLittleEndian16();
num4 = data.getLittleEndian16();
num5 = ((int)data.Position) + num4;
switch (num3)
{
case 6:
if (parsePublicKey(data))
{
break;
}
return(0);
}
data.Position = num5;
}
return(num7);
}
int num9 = data.getLittleEndian32();
int num10 = 0;
if (num9 < 2)
{
throw new RDFatalException("Illegal number of certificates " + num9.ToString());
}
while (num9 > 2)
{
num10 = data.getLittleEndian32();
data.Position += num10;
num9--;
}
byte[] buffer = new byte[data.getLittleEndian32()];
data.Read(buffer, 0, buffer.Length);
X509Certificate certificate = new X509Certificate(buffer);
m_Server_Public_Key = new byte[StaticSettings.SecureValue1];
Array.Copy(certificate.GetPublicKey(), 5, m_Server_Public_Key, 0, StaticSettings.SecureValue1);
byte[] buffer2 = new byte[data.getLittleEndian32()];
data.Read(buffer2, 0, buffer2.Length);
X509Certificate certificate2 = new X509Certificate(buffer2);
m_Server_Public_Key = new byte[StaticSettings.SecureValue1];
Array.Copy(certificate2.GetPublicKey(), 5, m_Server_Public_Key, 0, StaticSettings.SecureValue1);
RDPClient.readCert = true;
return(num7);
}
public void channel_process(RdpPacket data)
{
}
internal static void processServerCapabilities(RdpPacket data, int numCaps)
{
RDPClient.m_bServerSupportsCacheV2 = false;
while (numCaps-- > 0)
{
int num = data.getLittleEndian16();
int num2 = data.getLittleEndian16();
switch (num)
{
case 1:
{
// RDP_CAPSET_GENERAL
data.getLittleEndian16(); // osMajorType
num2 -= 2;
data.getLittleEndian16(); // osMinorType
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.ReadByte();
num2--;
int num3 = data.ReadByte();
num2--;
RDPClient.suppress_output_supported = num3 > 0;
break;
}
case 2:
// RDP_CAPSET_BITMAP
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
data.getLittleEndian16();
num2 -= 2;
break;
case 3:
// RDP_CAPSET_ORDER
break;
case 4:
// RDP_CAPSET_BMPCACHE
break;
case 5:
// RDP_CAPSET_CONTROL
break;
case 8:
// RDP_CAPSET_POINTER
break;
case 9:
// RDP_CAPSET_SHARE
break;
case 10:
// RDP_CAPSET_COLCACHE
break;
case 13:
{
// RDP_CAPSET_INPUT
int num4 = data.getLittleEndian16();
num2 -= 2;
RDPClient.use_fastpath_input = false;
if ((num4 & 0x20) != 0)
{
RDPClient.use_fastpath_input = true;
}
if ((num4 & 8) != 0)
{
RDPClient.use_fastpath_input = true;
}
break;
}
case 14:
// RDP_CAPSET_FONT
break;
case 0x12:
// RDP_CAPSET_BMPCACHE_HOSTSUPPORT
RDPClient.m_bServerSupportsCacheV2 = true;
break;
case 20:
// RDP_CAPSET_VIRTUALCHANNEL
break;
case 0x19:
// RDP_CAPSET_COMPDESK
break;
case 0x1a:
// RDP_CAPSET_MULTIFRAGMENTUPDATE
break;
case 0x1b:
// RDP_CAPSET_LARGE_POINTER
break;
case 0x1c:
// RDP_CAPSET_SURFACE_COMMANDS
break;
case 0x1d:
// RDP_CAPSET_BITMAP_CODECS
break;
default:
// RDP_CAPSET unknown
break;
}
data.Position += num2 - 4;
}
}
private static void logonInfoExtended(RdpPacket data)
{
// Флаг авторизации
if (RDPClient.FullXP)
{
RDPClient.GoodAuth = true;
}
data.getLittleEndian16();
var num2 = (FieldsPresent)data.getLittleEndian32();
// Reconnect Cookie
if (num2.HasFlag(FieldsPresent.LOGON_EX_AUTORECONNECTCOOKIE))
{
if (data.getLittleEndian32() != 0x1c)
{
throw new Exception("Invalid length for AutoReconnectCookie!");
}
data.getLittleEndian32();
RDPClient.LogonID = data.getLittleEndian32();
if (RDPClient.ReconnectCookie == null)
{
RDPClient.ReconnectCookie = new byte[0x10];
}
data.Read(RDPClient.ReconnectCookie, 0, RDPClient.ReconnectCookie.Length);
}
// Error
if (num2.HasFlag(FieldsPresent.LOGON_EX_LOGONERRORS))
{
var ErrorType = (ErrorNotificationType)data.getLittleEndian32();
var ErrorData = (ErrorNotificationData)data.getLittleEndian32();
// Проверка ошибок
if (ErrorType.HasFlag(ErrorNotificationType.LOGON_MSG_NO_PERMISSION) ||
ErrorType.HasFlag(ErrorNotificationType.LOGON_MSG_DISCONNECT_REFUSED) ||
ErrorType.HasFlag(ErrorNotificationType.LOGON_MSG_SESSION_TERMINATE) ||
ErrorData.HasFlag(ErrorNotificationData.LOGON_FAILED_BAD_PASSWORD) ||
ErrorData.HasFlag(ErrorNotificationData.LOGON_WARNING) ||
ErrorData.HasFlag(ErrorNotificationData.LOGON_FAILED_OTHER))
{
// Флаг авторизации
if (RDPClient.FullXP)
{
RDPClient.GoodAuth = false;
}
}
// Проверка на смену пароля
if (ErrorData.HasFlag(ErrorNotificationData.LOGON_FAILED_UPDATE_PASSWORD))
{
// Флаг смены пароля
RDPClient.NeedChangePassword = true;
// Флаг авторизации
if (RDPClient.FullXP)
{
RDPClient.GoodAuth = true;
}
}
}
}
internal static void mainloop()
{
RDPClient.m_bInitialised = false;
RDPClient.m_bHalt = false;
RDPClient.m_bExceptionReported = false;
try
{
while (!RDPClient.m_bHalt)
{
int num;
RdpPacket data = ISO.Secure_Receive(out num);
switch (num)
{
case 0:
case 6:
break;
case 1:
try
{
ControlFlow.processDemandActive(data);
}
catch
{
}
Network.ConnectionAlive = true;
break;
case 7:
processData(data);
break;
case 10:
ControlFlow.processRedirection(data, false);
break;
case 0xff: // 255
// FastPathUpdate
break;
default:
throw new RDFatalException("Illegal type in main process :" + num.ToString());
}
Thread.Sleep(1);
}
}
catch (RDFatalException exception)
{
Network.Close();
if (!RDPClient.m_bExceptionReported)
{
RDPClient.m_bExceptionReported = true;
RDPClient.OnError(exception);
}
}
catch (EndOfTransmissionException)
{
Network.Close();
}
catch (SocketAbortException)
{
}
catch (ThreadAbortException)
{
}
catch (Exception exception2)
{
if (!RDPClient.m_bExceptionReported)
{
RDPClient.m_bExceptionReported = true;
RDPClient.OnError(exception2);
}
}
finally
{
ISO.Disconnect();
RDPClient.OnClosed();
}
}
protected static void WriteLength(RdpPacket packet, string Identifier)
{
RDPClient.m_Fixup.Add(Identifier, new Fixup(Identifier, packet.Position));
WriteByte(packet, 0xff);
}
internal static RdpPacket sendMcsData(bool use_rdp5, int num_channels, int serverSelectedProtocol)
{
RdpPacket packet = new RdpPacket();
string clientName = RDPClient.ClientName;
if (clientName.Length > 15)
{
clientName = clientName.Substring(0, 15);
}
int num = 2 * clientName.Length;
int num2 = 0x9e;
if (use_rdp5)
{
num2 += 0x60;
}
if (use_rdp5 && (num_channels > 0))
{
num2 += (num_channels * 12) + 8;
}
if ((RDPClient.serverNegotiateFlags & NegotiationFlags.EXTENDED_CLIENT_DATA_SUPPORTED) != ((NegotiationFlags)0))
{
num2 += 8;
}
packet.WriteBigEndian16((short)5);
packet.WriteBigEndian16((short)20);
packet.WriteByte(0x7c);
packet.WriteBigEndian16((short)1);
packet.WriteBigEndian16((short)(num2 | 0x8000));
packet.WriteBigEndian16((short)8);
packet.WriteBigEndian16((short)0x10);
packet.WriteByte(0);
packet.WriteLittleEndian16((ushort)0xc001);
packet.WriteByte(0);
packet.WriteLittleEndian32(0x61637544);
packet.WriteBigEndian16((short)((num2 - 14) | 0x8000));
packet.WriteLittleEndian16((ushort)0xc001);
packet.WriteLittleEndian16(use_rdp5 ? ((short)0xd8) : ((short)0x88));
packet.WriteLittleEndian16(use_rdp5 ? ((short)4) : ((short)1));
packet.WriteLittleEndian16((short)8);
packet.WriteLittleEndian16((short)RDPClient.width);
packet.WriteLittleEndian16((short)RDPClient.height);
packet.WriteLittleEndian16((ushort)0xca01);
packet.WriteLittleEndian16((ushort)0xaa03);
packet.WriteLittleEndian32(0x409);
packet.WriteLittleEndian32(use_rdp5 ? 0xa28 : 0x1a3);
packet.WriteUnicodeString(clientName);
packet.Position += 30 - num;
packet.WriteLittleEndian32(4);
packet.WriteLittleEndian32(0);
packet.WriteLittleEndian32(12);
packet.Position += 0x40L;
packet.WriteLittleEndian16((ushort)0xca01);
packet.WriteLittleEndian16(use_rdp5 ? ((short)1) : ((short)0));
if (use_rdp5)
{
packet.WriteLittleEndian32(0);
packet.WriteLittleEndian16((short)((byte)RDPClient.server_bpp));
packet.WriteLittleEndian16((short)7);
packet.WriteLittleEndian16((short)1);
packet.Position += 0x40L;
packet.WriteByte(0);
packet.WriteByte(0);
packet.WriteLittleEndian32(serverSelectedProtocol);
packet.WriteLittleEndian16((ushort)0xc004);
packet.WriteLittleEndian16((short)12);
int num3 = 13;
if (((RDPClient.flags & HostFlags.ConsoleSession) != ((HostFlags)0)) || (RDPClient.sessionID != 0))
{
num3 |= 2;
}
packet.WriteLittleEndian32(num3);
packet.WriteLittleEndian32(RDPClient.sessionID);
}
packet.WriteLittleEndian16((ushort)0xc002);
packet.WriteLittleEndian16(use_rdp5 ? ((short)12) : ((short)8));
int num4 = 0;
if (serverSelectedProtocol == 0)
{
num4 |= 3;
}
packet.WriteLittleEndian32(num4);
if (use_rdp5)
{
packet.WriteLittleEndian32(0);
}
if (use_rdp5 && (num_channels > 0))
{
packet.WriteLittleEndian16((ushort)0xc003);
packet.WriteLittleEndian16((short)((num_channels * 12) + 8));
packet.WriteLittleEndian32(num_channels);
foreach (IVirtualChannel channel in Channels.RegisteredChannels)
{
packet.WriteString(channel.ChannelName, false);
packet.WriteByte(0);
packet.WriteBigEndian32((uint)0xc0a00000);
}
}
if ((RDPClient.serverNegotiateFlags & NegotiationFlags.EXTENDED_CLIENT_DATA_SUPPORTED) != ((NegotiationFlags)0))
{
packet.WriteLittleEndian16((ushort)0xc006);
packet.WriteLittleEndian16((short)8);
packet.WriteLittleEndian32(0);
}
return(packet);
}
public void Parse(RdpPacket packet)
{
NTLM.AV_ID av_id;
byte[] buffer = null;
do
{
av_id = (NTLM.AV_ID)packet.getLittleEndian16();
int count = packet.getLittleEndian16();
if (count > 0)
{
if (av_id != NTLM.AV_ID.MsvAvFlags)
{
buffer = new byte[count];
packet.Read(buffer, 0, count);
}
else
{
this.Flags = packet.getLittleEndian32();
}
}
switch (av_id)
{
case NTLM.AV_ID.MsvAvNbComputerName:
this.NbComputerName.length = count;
this.NbComputerName.value = buffer;
this.sNbComputerName = Encoding.Unicode.GetString(this.NbComputerName.value, 0, this.NbComputerName.value.Length);
break;
case NTLM.AV_ID.MsvAvNbDomainName:
this.NbDomainName.length = count;
this.NbDomainName.value = buffer;
this.sNbDomainName = Encoding.Unicode.GetString(this.NbDomainName.value, 0, this.NbDomainName.value.Length);
break;
case NTLM.AV_ID.MsvAvDnsComputerName:
this.DnsComputerName.length = count;
this.DnsComputerName.value = buffer;
this.sDnsComputerName = Encoding.Unicode.GetString(this.DnsComputerName.value, 0, this.DnsComputerName.value.Length);
break;
case NTLM.AV_ID.MsvAvDnsDomainName:
this.DnsDomainName.length = count;
this.DnsDomainName.value = buffer;
this.sDnsDomainName = Encoding.Unicode.GetString(this.DnsDomainName.value, 0, this.DnsDomainName.value.Length);
break;
case NTLM.AV_ID.MsvAvDnsTreeName:
this.DnsTreeName.length = count;
this.DnsTreeName.value = buffer;
break;
case NTLM.AV_ID.MsvAvTimestamp:
this.Timestamp.length = count;
this.Timestamp.value = buffer;
break;
case NTLM.AV_ID.MsvAvRestrictions:
this.Restrictions.length = count;
this.Restrictions.value = buffer;
break;
case NTLM.AV_ID.MsvAvTargetName:
this.TargetName.length = count;
this.TargetName.value = buffer;
break;
case NTLM.AV_ID.MsvChannelBindings:
this.ChannelBindings.length = count;
this.ChannelBindings.value = buffer;
break;
}
}while (av_id != NTLM.AV_ID.MsvAvEOL);
}
public byte[] Serialise()
{
RdpPacket packet = new RdpPacket();
if (this.NbDomainName.length > 0)
{
packet.WriteLittleEndian16((short)2);
packet.WriteLittleEndian16((short)this.NbDomainName.length);
packet.Write(this.NbDomainName.value, 0, this.NbDomainName.length);
}
if (this.NbComputerName.length > 0)
{
packet.WriteLittleEndian16((short)1);
packet.WriteLittleEndian16((short)this.NbComputerName.length);
packet.Write(this.NbComputerName.value, 0, this.NbComputerName.length);
}
if (this.DnsDomainName.length > 0)
{
packet.WriteLittleEndian16((short)4);
packet.WriteLittleEndian16((short)this.DnsDomainName.length);
packet.Write(this.DnsDomainName.value, 0, this.DnsDomainName.length);
}
if (this.DnsComputerName.length > 0)
{
packet.WriteLittleEndian16((short)3);
packet.WriteLittleEndian16((short)this.DnsComputerName.length);
packet.Write(this.DnsComputerName.value, 0, this.DnsComputerName.length);
}
if (this.DnsTreeName.length > 0)
{
packet.WriteLittleEndian16((short)5);
packet.WriteLittleEndian16((short)this.DnsTreeName.length);
packet.Write(this.DnsTreeName.value, 0, this.DnsTreeName.length);
}
if (this.Timestamp.length > 0)
{
packet.WriteLittleEndian16((short)7);
packet.WriteLittleEndian16((short)this.Timestamp.length);
packet.Write(this.Timestamp.value, 0, this.Timestamp.length);
}
if (this.Flags != 0)
{
packet.WriteLittleEndian16((short)6);
packet.WriteLittleEndian16((short)4);
packet.WriteLittleEndian32(this.Flags);
}
if (this.Restrictions.length > 0)
{
packet.WriteLittleEndian16((short)8);
packet.WriteLittleEndian16((short)this.Restrictions.length);
packet.Write(this.Restrictions.value, 0, this.Restrictions.length);
}
if (this.ChannelBindings.length > 0)
{
packet.WriteLittleEndian16((short)10);
packet.WriteLittleEndian16((short)this.ChannelBindings.length);
packet.Write(this.ChannelBindings.value, 0, this.ChannelBindings.length);
}
if (this.TargetName.value != null)
{
packet.WriteLittleEndian16((short)9);
packet.WriteLittleEndian16((short)this.TargetName.length);
packet.Write(this.TargetName.value, 0, this.TargetName.length);
}
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WritePadding(8);
byte[] buffer = new byte[packet.Length];
packet.Position = 0L;
packet.Read(buffer, 0, buffer.Length);
return(buffer);
}
public byte[] ProcessChallenge(byte[] Challenge)
{
byte[] bytes;
RdpPacket packet = new RdpPacket();
this.m_ChallengeMsg = Challenge;
packet.Write(Challenge, 0, Challenge.Length);
packet.Position = 0L;
long position = packet.Position;
if (packet.ReadString(8) != "NTLMSSP\0")
{
throw new Exception("Invalid negotiation token!");
}
if (packet.getLittleEndian32() != 2)
{
throw new Exception("Expected challenge!");
}
int count = packet.getLittleEndian16();
packet.getLittleEndian16();
int num4 = packet.getLittleEndian32();
uint flags = (uint)packet.getLittleEndian32();
DumpFlags(flags);
byte[] buffer = new byte[8];
packet.Read(buffer, 0, 8);
byte[] buffer2 = new byte[8];
packet.Read(buffer2, 0, 8);
int num5 = packet.getLittleEndian16();
packet.getLittleEndian16();
int num6 = packet.getLittleEndian32();
if ((flags & 0x2000000) != 0)
{
byte[] buffer3 = new byte[8];
packet.Read(buffer3, 0, 8);
}
if ((flags & 0x20000000) == 0)
{
throw new Exception("Strong Encryption not supported by server");
}
byte[] buffer4 = null;
if (count > 0)
{
buffer4 = new byte[count];
packet.Position = position + num4;
packet.Read(buffer4, 0, count);
Encoding.Unicode.GetString(buffer4, 0, buffer4.Length);
}
AV_PAIRS av_pairs = new AV_PAIRS();
byte[] buffer5 = null;
if (num5 <= 0)
{
throw new Exception("No TargetInfo!");
}
packet.Position = position + num6;
buffer5 = new byte[num5];
packet.Read(buffer5, 0, num5);
packet = new RdpPacket();
packet.Write(buffer5, 0, buffer5.Length);
packet.Position = 0L;
av_pairs.Parse(packet);
byte[] data = nTOWFv2(this.m_sDomain, this.m_sUsername, this.m_sPassword);
m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ResponseKeyNT, data);
byte[] blob = new byte[8];
RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
provider.GetBytes(blob);
m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ClientChallenge, blob);
byte[] buffer8 = getLMv2Response(data, buffer, blob);
if (this.m_bNTLMv2)
{
Array.Clear(buffer8, 0, buffer8.Length);
}
bool bGenerateMIC = false;
if ((av_pairs.Timestamp.length <= 0) || !this.m_bNTLMv2)
{
bytes = BitConverter.GetBytes(DateTime.UtcNow.ToFileTimeUtc());
}
else
{
bytes = av_pairs.Timestamp.value;
bGenerateMIC = true;
av_pairs.ProcessForNTLMv2();
buffer5 = av_pairs.Serialise();
}
byte[] keyExchangeKey = null;
byte[] buffer11 = getNTLMv2Response(data, buffer, blob, bytes, buffer5, out keyExchangeKey);
m_Socket.AddBlob(PacketLogger.PacketType.NTLM_KeyExchangeKey, keyExchangeKey);
byte[] encryptedRandomSessionKey = null;
byte[] buffer13 = null;
buffer13 = new byte[0x10];
provider.GetBytes(buffer13);
m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ExportedSessionKey, buffer13);
encryptedRandomSessionKey = new byte[0x10];
RC4 rc = new RC4();
rc.engineInitEncrypt(keyExchangeKey);
encryptedRandomSessionKey = rc.crypt(buffer13);
if ((flags & 0x40000000) == 0)
{
encryptedRandomSessionKey = new byte[0];
buffer13 = keyExchangeKey;
}
this.InitSignKeys(buffer13);
return(this.Authenticate(buffer8, buffer11, this.m_sDomain, this.m_sUsername, this.m_sWorkstation, encryptedRandomSessionKey, buffer13, bGenerateMIC));
}
private byte[] Authenticate(byte[] lmChallengeResponse, byte[] ntChallengeResponse, string sDomainName, string sUser, string sWorkstation, byte[] EncryptedRandomSessionKey, byte[] ExportedSessionKey, bool bGenerateMIC)
{
RdpPacket packet = new RdpPacket();
uint flags = ((((((0xe2800000 | RDPClient.NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY) | RDPClient.NTLMSSP_NEGOTIATE_ALWAYS_SIGN) | RDPClient.NTLMSSP_NEGOTIATE_NTLM) | RDPClient.NTLMSSP_NEGOTIATE_SEAL) | RDPClient.NTLMSSP_NEGOTIATE_SIGN) | RDPClient.NTLMSSP_REQUEST_TARGET) | RDPClient.NTLMSSP_NEGOTIATE_UNICODE;
DumpFlags(flags);
int position = (int)packet.Position;
packet.WriteString("NTLMSSP", false);
packet.WriteByte(0);
packet.WriteLittleEndian32(3);
int num3 = ((int)packet.Position) - position;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 4;
if ((flags & 0x2000000) != 0)
{
num3 += 8;
}
if (bGenerateMIC)
{
num3 += 0x10;
}
byte[] bytes = Encoding.Unicode.GetBytes(sDomainName);
byte[] buffer = Encoding.Unicode.GetBytes(sUser);
byte[] buffer3 = Encoding.Unicode.GetBytes(sWorkstation);
int num4 = num3;
int num5 = num4 + bytes.Length;
int num6 = num5 + buffer.Length;
int num7 = num6 + buffer3.Length;
int num8 = num7 + lmChallengeResponse.Length;
int num9 = num8 + ntChallengeResponse.Length;
packet.WriteLittleEndian16((ushort)lmChallengeResponse.Length);
packet.WriteLittleEndian16((ushort)lmChallengeResponse.Length);
packet.WriteLittleEndian32(num7);
num3 += lmChallengeResponse.Length;
packet.WriteLittleEndian16((ushort)ntChallengeResponse.Length);
packet.WriteLittleEndian16((ushort)ntChallengeResponse.Length);
packet.WriteLittleEndian32(num8);
num3 += ntChallengeResponse.Length;
packet.WriteLittleEndian16((ushort)bytes.Length);
packet.WriteLittleEndian16((ushort)bytes.Length);
packet.WriteLittleEndian32(num4);
num3 += bytes.Length;
packet.WriteLittleEndian16((ushort)buffer.Length);
packet.WriteLittleEndian16((ushort)buffer.Length);
packet.WriteLittleEndian32(num5);
num3 += buffer.Length;
packet.WriteLittleEndian16((ushort)buffer3.Length);
packet.WriteLittleEndian16((ushort)buffer3.Length);
packet.WriteLittleEndian32(num6);
num3 += buffer3.Length;
packet.WriteLittleEndian16((ushort)EncryptedRandomSessionKey.Length);
packet.WriteLittleEndian16((ushort)EncryptedRandomSessionKey.Length);
packet.WriteLittleEndian32(num9);
num3 += EncryptedRandomSessionKey.Length;
packet.WriteLittleEndian32(flags);
if ((flags & 0x2000000) != 0)
{
this.WriteVersion(packet);
}
long num10 = packet.Position;
if (bGenerateMIC)
{
packet.WritePadding(0x10);
}
packet.Write(bytes, 0, bytes.Length);
packet.Write(buffer, 0, buffer.Length);
packet.Write(buffer3, 0, buffer3.Length);
packet.Write(lmChallengeResponse, 0, lmChallengeResponse.Length);
packet.Write(ntChallengeResponse, 0, ntChallengeResponse.Length);
packet.Write(EncryptedRandomSessionKey, 0, EncryptedRandomSessionKey.Length);
if (bGenerateMIC)
{
packet.Position = 0L;
byte[] buffer4 = new byte[packet.Length];
packet.Read(buffer4, 0, buffer4.Length);
HMACT64 hmact = new HMACT64(ExportedSessionKey);
hmact.update(this.m_NegotiateMsg);
hmact.update(this.m_ChallengeMsg);
hmact.update(buffer4);
byte[] buffer5 = hmact.digest();
packet.Position = num10;
packet.Write(buffer5, 0, buffer5.Length);
}
packet.Position = 0L;
byte[] buffer6 = new byte[packet.Length];
packet.Read(buffer6, 0, buffer6.Length);
return(buffer6);
}
internal static void SendInput(List <Rdp.InputInfo> InputToSend)
{
if (RDPClient.use_fastpath_input)
{
RdpPacket packet = new RdpPacket();
ushort num = 1;
int count = InputToSend.Count;
if (count < 0x10)
{
packet.WriteByte((byte)(count << 2));
}
else
{
packet.WriteByte(0);
num = (ushort)(num + 1);
}
foreach (Rdp.InputInfo info in InputToSend)
{
switch (info.Message_Type)
{
case Rdp.InputType.INPUT_EVENT_SCANCODE:
num = (ushort)(num + 2);
break;
case Rdp.InputType.INPUT_EVENT_UNICODE:
num = (ushort)(num + 3);
break;
case Rdp.InputType.INPUT_EVENT_MOUSE:
num = (ushort)(num + 7);
break;
case Rdp.InputType.INPUT_EVENT_SYNC:
num = (ushort)(num + 1);
break;
}
}
num = (ushort)(num + 1);
if (num > 0x7f)
{
num = (ushort)(num + 1);
}
packet.WriteEncodedUnsigned16(num);
if (count >= 0x10)
{
packet.WriteByte((byte)count);
}
foreach (Rdp.InputInfo info2 in InputToSend)
{
int num3 = 0;
switch (info2.Message_Type)
{
case Rdp.InputType.INPUT_EVENT_SCANCODE:
if ((info2.Device_Flags & 0x8000) != 0)
{
num3 |= 1;
}
if ((info2.Device_Flags & 0x100) != 0)
{
num3 |= 2;
}
packet.WriteByte((byte)num3);
packet.WriteByte((byte)info2.Param1);
break;
case Rdp.InputType.INPUT_EVENT_UNICODE:
if ((info2.Device_Flags & 0x8000) != 0)
{
num3 |= 1;
}
packet.WriteByte((byte)(0x80 | num3));
packet.WriteLittleEndian16((ushort)info2.Param1);
break;
case Rdp.InputType.INPUT_EVENT_MOUSE:
packet.WriteByte(0x20);
packet.WriteLittleEndian16((ushort)info2.Device_Flags);
packet.WriteLittleEndian16((ushort)info2.Param1);
packet.WriteLittleEndian16((ushort)info2.Param2);
break;
case Rdp.InputType.INPUT_EVENT_SYNC:
packet.WriteByte(0x60);
break;
}
}
Write(packet);
}
else
{
foreach (Rdp.InputInfo info3 in InputToSend)
{
internal_sendInput(info3.Time, (int)info3.Message_Type, info3.Device_Flags, info3.Param1, info3.Param2);
}
}
}
internal static void SendMCS_GlobalChannel(RdpPacket sec_data, int sec_flags)
{
send_to_channel(sec_data, sec_flags, MCS.MSC_GLOBAL_CHANNEL);
}
private static RdpPacket getLoginInfo(string domain, string username, string password, string command, string directory, bool bAutoReconnect)
{
int num = 2 * "127.0.0.1".Length;
int num2 = 2 * @"C:\WINNT\System32\mstscax.dll".Length;
int num1 = _p;
int num3 = 2 * domain.Length;
int num4 = 2 * username.Length;
int num5 = 2 * password.Length;
int num6 = 2 * command.Length;
int num7 = 2 * directory.Length;
RdpPacket packet = new RdpPacket();
int num8 = 0x213b;
packet.WriteLittleEndian32(0);
packet.WriteLittleEndian32(num8);
packet.WriteLittleEndian16((short)num3);
packet.WriteLittleEndian16((short)num4);
if ((num8 & 8) != 0)
{
packet.WriteLittleEndian16((short)num5);
}
else
{
packet.WriteLittleEndian16((short)0);
}
packet.WriteLittleEndian16((short)num6);
packet.WriteLittleEndian16((short)num7);
if (0 < num3)
{
packet.WriteUnicodeString(domain);
}
else
{
packet.WriteLittleEndian16((short)0);
}
packet.WriteUnicodeString(username);
if ((num8 & 8) != 0)
{
packet.WriteUnicodeString(password);
}
else
{
packet.WriteLittleEndian16((short)0);
}
if (0 < num6)
{
packet.WriteUnicodeString(command);
}
else
{
packet.WriteLittleEndian16((short)0);
}
if (0 < num7)
{
packet.WriteUnicodeString(directory);
}
else
{
packet.WriteLittleEndian16((short)0);
}
packet.WriteLittleEndian16((short)2);
packet.WriteLittleEndian16((short)(num + 2));
packet.WriteUnicodeString("127.0.0.1");
packet.WriteLittleEndian16((short)(num2 + 2));
packet.WriteUnicodeString(@"C:\WINNT\System32\mstscax.dll");
TimeZoneInfo info = TimeZoneInfo.Local;
packet.WriteLittleEndian32((int)info.BaseUtcOffset.TotalMinutes);
packet.WriteUnicodeString(info.StandardName);
packet.Position += 0x3e - (2 * info.StandardName.Length);
if (info.SupportsDaylightSavingTime)
{
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((ushort)10);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)30);
packet.WriteLittleEndian16((short)2);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32(0);
}
else
{
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32(0);
}
packet.WriteUnicodeString(info.DaylightName);
packet.Position += 0x3e - (2 * info.DaylightName.Length);
if (info.SupportsDaylightSavingTime)
{
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((ushort)3);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0x1b);
packet.WriteLittleEndian16((short)1);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32((int)(info.BaseUtcOffset.TotalMinutes + 1.0));
}
else
{
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32(0);
}
packet.WriteLittleEndianU32(0);
PerformanceFlags flags = (PerformanceFlags)0;
if (!RDPClient.IsHostFlagSet(HostFlags.DesktopBackground))
{
flags |= PerformanceFlags.PERF_DISABLE_WALLPAPER;
}
if (RDPClient.IsHostFlagSet(HostFlags.FontSmoothing))
{
flags |= PerformanceFlags.PERF_ENABLE_FONT_SMOOTHING;
}
if (RDPClient.IsHostFlagSet(HostFlags.DesktopComposition))
{
flags |= PerformanceFlags.PERF_ENABLE_DESKTOP_COMPOSITION;
}
if (!RDPClient.IsHostFlagSet(HostFlags.ShowWindowContents))
{
flags |= PerformanceFlags.PERF_DISABLE_FULLWINDOWDRAG;
}
if (!RDPClient.IsHostFlagSet(HostFlags.MenuAnimation))
{
flags |= PerformanceFlags.PERF_DISABLE_MENUANIMATIONS;
}
if (!RDPClient.IsHostFlagSet(HostFlags.VisualStyles))
{
flags |= PerformanceFlags.PERF_DISABLE_THEMING;
}
packet.WriteLittleEndian32((int)flags);
if (bAutoReconnect)
{
packet.WriteLittleEndian32(0x1c);
packet.WriteLittleEndian32(0x1c);
packet.WriteLittleEndian32(1);
packet.WriteLittleEndian32(RDPClient.LogonID);
HMACT64 hmact = new HMACT64(RDPClient.ReconnectCookie);
hmact.update(Secure.GetClentRandom());
byte[] buffer = hmact.digest();
packet.Write(buffer, 0, buffer.Length);
return(packet);
}
packet.WriteLittleEndian32(0);
return(packet);
}
protected static void UpdateLength(RdpPacket packet, string Identifier)
{
Fixup fixup = RDPClient.m_Fixup[Identifier];
RDPClient.m_Fixup.Remove(Identifier);
long position = packet.Position;
if (fixup.Length != -1)
{
long num2 = packet.Position - fixup.Offset;
if (num2 != fixup.Length)
{
throw new Exception("DER Tag length invalid");
}
}
else
{
long num3 = packet.Position - (fixup.Offset + 1L);
byte[] bytes = BitConverter.GetBytes(num3);
packet.Position = fixup.Offset;
if (num3 > 0xffffffL)
{
packet.WriteByte(0x84);
packet.InsertByte(bytes[3]);
position += 1L;
packet.InsertByte(bytes[2]);
position += 1L;
packet.InsertByte(bytes[1]);
position += 1L;
packet.InsertByte(bytes[0]);
position += 1L;
}
else if (num3 > 0xffffL)
{
packet.WriteByte(0x83);
packet.InsertByte(bytes[2]);
position += 1L;
packet.InsertByte(bytes[1]);
position += 1L;
packet.InsertByte(bytes[0]);
position += 1L;
}
else if (num3 > 0xffL)
{
packet.WriteByte(130);
packet.InsertByte(bytes[1]);
position += 1L;
packet.InsertByte(bytes[0]);
position += 1L;
}
else if (num3 > 0x7fL)
{
packet.WriteByte(0x81);
packet.InsertByte(bytes[0]);
position += 1L;
}
else
{
packet.WriteByte(bytes[0]);
}
packet.Position = position;
}
}
public void append(RdpPacket value)
{
byte[] buffer = new byte[value.Length - value.Position];
value.Read(buffer, 0, buffer.Length);
Write(buffer, 0, buffer.Length);
}
protected static void WriteByte(RdpPacket packet, int value)
{
packet.WriteByte((byte)value);
}
private static bool processData(RdpPacket data)
{
int num3;
int num = 0;
data.Position += 6L;
data.getLittleEndian16();
num = data.ReadByte();
data.ReadByte();
data.getLittleEndian16();
switch (num)
{
case 0x26: // 38
// RDP_DATA_PDU_SAVE_SESSION_INFO
processLogonInfo(data);
goto Label_015E;
case 0x2f: // 47
// RDP_DATA_PDU_SET_ERROR_INFO
num3 = data.getLittleEndian32();
switch (num3)
{
case 0:
case 12:
goto Label_015E;
case 1:
throw new RDFatalException("The disconnection was initiated by an administrative tool on the server in another session.");
case 2:
throw new RDFatalException("The disconnection was due to a forced logoff initiated by an administrative tool on the server in another session.");
case 3:
throw new RDFatalException("The idle session limit timer on the server has elapsed.");
case 4:
throw new RDFatalException("The active session limit timer on the server has elapsed.");
case 5:
throw new RDFatalException("Another user connected to the server, forcing the disconnection of the current connection.");
case 7:
throw new RDFatalException("The server denied the connection.");
case 9:
throw new RDFatalException("The user cannot connect to the server due to insufficient access privileges.");
case 11:
throw new RDFatalException("The disconnection was initiated by an administrative tool on the server running in the user's session.");
case 0x102:
throw new RDFatalException("There are no Client Access Licenses available for the target remote computer, please contact your network administrator.");
}
break;
case 2:
// processUpdate
return(false);
case 0x1b: // 27
return(false);
default:
goto Label_015E;
}
throw new RDFatalException("Error code: " + num3.ToString("X8") + ", please contact Support with this error code");
Label_015E:
return(false);
}
protected static void WriteTag(RdpPacket packet, int Tag, string Identifier)
{
WriteByte(packet, Tag);
WriteLength(packet, Identifier);
}
internal static void send_connection_request(byte[] loadBalanceToken, bool bAutoReconnect)
{
int num;
RDPClient.dec_count = 0;
RDPClient.enc_count = 0;
Network.ConnectionStage = RDPClient.eConnectionStage.Negotiating;
if (RDPClient.enableNLA)
{
sendConnectNegotiation(3, loadBalanceToken);
num = receiveConnectNegotiation();
if (num == 0x10000000)
{
Network.Close();
Network.Connect(RDPClient.Host, RDPClient.Port);
sendConnectNegotiation(0, loadBalanceToken);
num = receiveConnectNegotiation();
if (num != 0)
{
throw new RDFatalException("Security negotiation failed!");
}
}
else
{
if (((num & 1) != 0) || ((num & 2) != 0))
{
Network.ConnectionStage = RDPClient.eConnectionStage.Securing;
Network.ConnectSSL();
}
if ((num & 2) != 0)
{
Network.ConnectionStage = RDPClient.eConnectionStage.Authenticating;
CredSSP.Negotiate(Network.GetSSLPublicKey());
}
}
}
else
{
sendConnectNegotiation(0, loadBalanceToken);
num = receiveConnectNegotiation();
if (num != 0)
{
throw new RDFatalException("Security negotiation failed!");
}
}
Network.ConnectionStage = RDPClient.eConnectionStage.Establishing;
IsoLayer.SendTPKT(sendConnectInitial(sendMcsData(true, Channels.RegisteredChannels.Count, num)));
receiveConnectResponse();
send_ErectDomainRequest();
send_AttachUserRequest();
RDPClient.McsUserID = receive_AttachUserConfirm();
send_ChannelJoinRequest(RDPClient.McsUserID + MCS_USERCHANNEL_BASE);
receive_ChannelJoinConfirm();
send_ChannelJoinRequest(MSC_GLOBAL_CHANNEL);
receive_ChannelJoinConfirm();
foreach (IVirtualChannel channel in Channels.RegisteredChannels)
{
send_ChannelJoinRequest(channel.ChannelID);
receive_ChannelJoinConfirm();
}
int num2 = 0x40;
if (Secure.RDPEncrypted())
{
Network.ConnectionStage = RDPClient.eConnectionStage.SecureAndLogin;
RdpPacket packet = Secure.establishKey();
packet.Position = 0L;
IsoLayer.SendMCS(packet, MSC_GLOBAL_CHANNEL);
num2 |= SEC_ENCRYPT;
}
else
{
Network.ConnectionStage = RDPClient.eConnectionStage.Login;
}
IsoLayer.SendMCS_GlobalChannel(getLoginInfo(RDPClient.Domain, RDPClient.Username, RDPClient.Password, "", "", bAutoReconnect), num2);
}