internal static void process_authreq(RdpPacket data)
{
byte[] destinationArray = new byte[10];
byte[] outData = new byte[10];
byte[] buffer3 = new byte[20];
byte[] buffer4 = new byte[30];
byte[] signature = new byte[0x10];
RC4 rc = new RC4();
byte[] buffer6 = null;
if (!parse_authreq(data))
{
throw new RDFatalException("Authentication request is incorrect!");
}
Array.Copy(m_In_Token, 0, destinationArray, 0, 10);
buffer6 = new byte[m_LicenceKey.Length];
Array.Copy(m_LicenceKey, 0, buffer6, 0, m_LicenceKey.Length);
rc.engineInitDecrypt(buffer6);
rc.crypt(m_In_Token, 0, 10, outData, 0);
byte[] sourceArray = generate_hwid();
Array.Copy(outData, 0, buffer4, 0, 10);
Array.Copy(sourceArray, 0, buffer4, 10, 20);
signature = Secure.sign(m_Licence_Sign_Key, 0x10, 0x10, buffer4, buffer4.Length);
Array.Copy(m_LicenceKey, 0, buffer6, 0, m_LicenceKey.Length);
rc.engineInitEncrypt(buffer6);
rc.crypt(sourceArray, 0, 20, buffer3, 0);
send_authresp(destinationArray, buffer3, signature);
}
internal static byte[] update(byte[] key, byte[] update_key)
{
byte[] buffer = new byte[20];
byte[] destinationArray = new byte[m_KeyLength];
byte[] sourceArray = new byte[key.Length];
MemoryStream stream = new MemoryStream();
stream.Write(update_key, 0, m_KeyLength);
stream.Write(m_Pad_54, 0, 40);
stream.Write(key, 0, m_KeyLength);
stream.Position = 0L;
buffer = SHA1.ComputeHash(stream);
stream = new MemoryStream();
stream.Write(update_key, 0, m_KeyLength);
stream.Write(m_Pad_92, 0, 0x30);
stream.Write(buffer, 0, 20);
stream.Position = 0L;
sourceArray = MD5.ComputeHash(stream);
Array.Copy(sourceArray, 0, destinationArray, 0, m_KeyLength);
RC4 rc = new RC4();
rc.engineInitDecrypt(destinationArray);
sourceArray = rc.crypt(sourceArray, 0, m_KeyLength);
if (m_KeyLength == 8)
{
Sign.make40bit(sourceArray);
}
return(sourceArray);
}
private void InitSignKeys(byte[] exportedSessionKey)
{
byte[] bytes = ASCIIEncoding.GetBytes("session key to client-to-server signing key magic constant\0");
byte[] constant = ASCIIEncoding.GetBytes("session key to client-to-server sealing key magic constant\0");
byte[] buffer3 = ASCIIEncoding.GetBytes("session key to server-to-client signing key magic constant\0");
byte[] buffer4 = ASCIIEncoding.GetBytes("session key to server-to-client sealing key magic constant\0");
this.ClientSigningKey = GenerateSignKey(exportedSessionKey, bytes);
this.ServerSigningKey = GenerateSignKey(exportedSessionKey, buffer3);
this.ClientSealingKey = GenerateSealKey(exportedSessionKey, constant);
this.ServerSealingKey = GenerateSealKey(exportedSessionKey, buffer4);
this.m_ClientSealingRC4 = new RC4();
this.m_ClientSealingRC4.engineInitEncrypt(this.ClientSealingKey);
this.m_ServerSealingRC4 = new RC4();
this.m_ServerSealingRC4.engineInitDecrypt(this.ServerSealingKey);
this.m_SigningSequenceNum = this.m_ReceiveSequenceNum = 0;
}
internal static void process_issue(RdpPacket data)
{
int count = 0;
RC4 rc = new RC4();
byte[] destinationArray = new byte[m_LicenceKey.Length];
Array.Copy(m_LicenceKey, 0, destinationArray, 0, m_LicenceKey.Length);
data.ReadLittleEndian16();
count = data.ReadLittleEndian16();
if ((data.Position + count) <= data.Length)
{
rc.engineInitDecrypt(destinationArray);
byte[] buffer = new byte[count];
data.Read(buffer, 0, count);
rc.crypt(buffer, 0, count, buffer, 0);
}
}
private static byte[] MakeSignature(RC4 SealKey, byte[] SignKey, byte[] message, ref uint sequenceNum)
{
HMACT64 hmact = new HMACT64(SignKey);
byte[] bytes = BitConverter.GetBytes(sequenceNum++);
hmact.update(bytes);
hmact.update(message);
byte[] data = hmact.digest();
byte[] collection = SealKey.crypt(data, 0, 8);
List <byte> list = new List <byte> {
1, 0, 0, 0
};
list.AddRange(collection);
list.AddRange(bytes);
return(list.ToArray());
}
public byte[] ProcessChallenge(byte[] Challenge)
{
byte[] bytes;
RdpPacket packet = new RdpPacket();
this.m_ChallengeMsg = Challenge;
packet.Write(Challenge, 0, Challenge.Length);
packet.Position = 0L;
long position = packet.Position;
if (packet.ReadString(8) != "NTLMSSP\0")
{
throw new Exception("Invalid negotiation token!");
}
if (packet.ReadLittleEndian32() != 2)
{
throw new Exception("Expected challenge!");
}
int count = packet.ReadLittleEndian16();
packet.ReadLittleEndian16();
int num4 = packet.ReadLittleEndian32();
uint flags = (uint)packet.ReadLittleEndian32();
DumpFlags(flags);
byte[] buffer = new byte[8];
packet.Read(buffer, 0, 8);
DumpHex(buffer, buffer.Length, "Server Challenge");
byte[] buffer2 = new byte[8];
packet.Read(buffer2, 0, 8);
int num5 = packet.ReadLittleEndian16();
packet.ReadLittleEndian16();
int num6 = packet.ReadLittleEndian32();
if ((flags & 0x2000000) != 0)
{
byte[] buffer3 = new byte[8];
packet.Read(buffer3, 0, 8);
}
if ((flags & 0x20000000) == 0)
{
throw new Exception("Strong Encryption not supported by server");
}
byte[] buffer4 = null;
if (count > 0)
{
buffer4 = new byte[count];
packet.Position = position + num4;
packet.Read(buffer4, 0, count);
Encoding.Unicode.GetString(buffer4, 0, buffer4.Length);
}
AV_PAIRS av_pairs = new AV_PAIRS();
byte[] buffer5 = null;
if (num5 <= 0)
{
throw new Exception("No TargetInfo!");
}
packet.Position = position + num6;
buffer5 = new byte[num5];
packet.Read(buffer5, 0, num5);
packet = new RdpPacket();
packet.Write(buffer5, 0, buffer5.Length);
packet.Position = 0L;
av_pairs.Parse(packet);
buffer5 = av_pairs.Serialise();
byte[] data = nTOWFv2(this.m_sDomain, this.m_sUsername, this.m_sPassword);
if (Network.Logger != null)
{
if (Network.Logger.Reading)
{
data = this.m_Socket.GetBlob(PacketLogger.PacketType.NTLM_ResponseKeyNT);
}
else
{
this.m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ResponseKeyNT, data);
}
}
byte[] blob = new byte[8];
RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
provider.GetBytes(blob);
if (Network.Logger != null)
{
if (Network.Logger.Reading)
{
blob = this.m_Socket.GetBlob(PacketLogger.PacketType.NTLM_ClientChallenge);
}
else
{
this.m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ClientChallenge, blob);
}
}
DumpHex(blob, blob.Length, "Client Challenge");
byte[] buffer8 = getLMv2Response(data, buffer, blob);
DumpHex(buffer8, buffer8.Length, "LM Response");
if (this.m_bNTLMv2)
{
Array.Clear(buffer8, 0, buffer8.Length);
}
bool bGenerateMIC = false;
if ((av_pairs.Timestamp.length <= 0) || !this.m_bNTLMv2)
{
bytes = BitConverter.GetBytes(DateTime.UtcNow.ToFileTimeUtc());
}
else
{
bytes = av_pairs.Timestamp.value;
bGenerateMIC = true;
av_pairs.ProcessForNTLMv2();
buffer5 = av_pairs.Serialise();
}
DumpHex(buffer5, buffer5.Length, "targetinfo");
byte[] keyExchangeKey = null;
byte[] buffer11 = getNTLMv2Response(data, buffer, blob, bytes, buffer5, out keyExchangeKey);
DumpHex(buffer11, buffer11.Length, "NTLMv2 Response");
if (Network.Logger != null)
{
if (Network.Logger.Reading)
{
keyExchangeKey = this.m_Socket.GetBlob(PacketLogger.PacketType.NTLM_KeyExchangeKey);
}
else
{
this.m_Socket.AddBlob(PacketLogger.PacketType.NTLM_KeyExchangeKey, keyExchangeKey);
}
}
byte[] encryptedRandomSessionKey = null;
byte[] buffer13 = null;
buffer13 = new byte[0x10];
provider.GetBytes(buffer13);
if (Network.Logger != null)
{
if (Network.Logger.Reading)
{
buffer13 = this.m_Socket.GetBlob(PacketLogger.PacketType.NTLM_ExportedSessionKey);
}
else
{
this.m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ExportedSessionKey, buffer13);
}
}
encryptedRandomSessionKey = new byte[0x10];
RC4 rc = new RC4();
rc.engineInitEncrypt(keyExchangeKey);
encryptedRandomSessionKey = rc.crypt(buffer13);
if ((flags & 0x40000000) == 0)
{
encryptedRandomSessionKey = new byte[0];
buffer13 = keyExchangeKey;
}
this.InitSignKeys(buffer13);
return(this.Authenticate(buffer8, buffer11, this.m_sDomain, this.m_sUsername, this.m_sWorkstation, encryptedRandomSessionKey, buffer13, bGenerateMIC));
}
