Exemple #1
0
        internal static void process_authreq(RdpPacket data)
        {
            byte[] destinationArray = new byte[10];
            byte[] outData          = new byte[10];
            byte[] buffer3          = new byte[20];
            byte[] buffer4          = new byte[30];
            byte[] signature        = new byte[0x10];
            RC4    rc = new RC4();

            byte[] buffer6 = null;

            if (!parse_authreq(data))
            {
                throw new RDFatalException("Authentication request is incorrect!");
            }

            Array.Copy(m_In_Token, 0, destinationArray, 0, 10);
            buffer6 = new byte[m_LicenceKey.Length];
            Array.Copy(m_LicenceKey, 0, buffer6, 0, m_LicenceKey.Length);
            rc.engineInitDecrypt(buffer6);
            rc.crypt(m_In_Token, 0, 10, outData, 0);
            byte[] sourceArray = generate_hwid();
            Array.Copy(outData, 0, buffer4, 0, 10);
            Array.Copy(sourceArray, 0, buffer4, 10, 20);
            signature = Secure.sign(m_Licence_Sign_Key, 0x10, 0x10, buffer4, buffer4.Length);
            Array.Copy(m_LicenceKey, 0, buffer6, 0, m_LicenceKey.Length);
            rc.engineInitEncrypt(buffer6);
            rc.crypt(sourceArray, 0, 20, buffer3, 0);

            send_authresp(destinationArray, buffer3, signature);
        }
Exemple #2
0
        internal static byte[] update(byte[] key, byte[] update_key)
        {
            byte[]       buffer           = new byte[20];
            byte[]       destinationArray = new byte[m_KeyLength];
            byte[]       sourceArray      = new byte[key.Length];
            MemoryStream stream           = new MemoryStream();

            stream.Write(update_key, 0, m_KeyLength);
            stream.Write(m_Pad_54, 0, 40);
            stream.Write(key, 0, m_KeyLength);
            stream.Position = 0L;
            buffer          = SHA1.ComputeHash(stream);
            stream          = new MemoryStream();
            stream.Write(update_key, 0, m_KeyLength);
            stream.Write(m_Pad_92, 0, 0x30);
            stream.Write(buffer, 0, 20);
            stream.Position = 0L;
            sourceArray     = MD5.ComputeHash(stream);
            Array.Copy(sourceArray, 0, destinationArray, 0, m_KeyLength);
            RC4 rc = new RC4();

            rc.engineInitDecrypt(destinationArray);
            sourceArray = rc.crypt(sourceArray, 0, m_KeyLength);
            if (m_KeyLength == 8)
            {
                Sign.make40bit(sourceArray);
            }
            return(sourceArray);
        }
Exemple #3
0
 private void InitSignKeys(byte[] exportedSessionKey)
 {
     byte[] bytes    = ASCIIEncoding.GetBytes("session key to client-to-server signing key magic constant\0");
     byte[] constant = ASCIIEncoding.GetBytes("session key to client-to-server sealing key magic constant\0");
     byte[] buffer3  = ASCIIEncoding.GetBytes("session key to server-to-client signing key magic constant\0");
     byte[] buffer4  = ASCIIEncoding.GetBytes("session key to server-to-client sealing key magic constant\0");
     this.ClientSigningKey   = GenerateSignKey(exportedSessionKey, bytes);
     this.ServerSigningKey   = GenerateSignKey(exportedSessionKey, buffer3);
     this.ClientSealingKey   = GenerateSealKey(exportedSessionKey, constant);
     this.ServerSealingKey   = GenerateSealKey(exportedSessionKey, buffer4);
     this.m_ClientSealingRC4 = new RC4();
     this.m_ClientSealingRC4.engineInitEncrypt(this.ClientSealingKey);
     this.m_ServerSealingRC4 = new RC4();
     this.m_ServerSealingRC4.engineInitDecrypt(this.ServerSealingKey);
     this.m_SigningSequenceNum = this.m_ReceiveSequenceNum = 0;
 }
Exemple #4
0
        internal static void process_issue(RdpPacket data)
        {
            int count = 0;
            RC4 rc    = new RC4();

            byte[] destinationArray = new byte[m_LicenceKey.Length];
            Array.Copy(m_LicenceKey, 0, destinationArray, 0, m_LicenceKey.Length);
            data.ReadLittleEndian16();
            count = data.ReadLittleEndian16();

            if ((data.Position + count) <= data.Length)
            {
                rc.engineInitDecrypt(destinationArray);
                byte[] buffer = new byte[count];
                data.Read(buffer, 0, count);
                rc.crypt(buffer, 0, count, buffer, 0);
            }
        }
Exemple #5
0
        private static byte[] MakeSignature(RC4 SealKey, byte[] SignKey, byte[] message, ref uint sequenceNum)
        {
            HMACT64 hmact = new HMACT64(SignKey);

            byte[] bytes = BitConverter.GetBytes(sequenceNum++);
            hmact.update(bytes);
            hmact.update(message);
            byte[]      data       = hmact.digest();
            byte[]      collection = SealKey.crypt(data, 0, 8);
            List <byte> list       = new List <byte> {
                1, 0, 0, 0
            };

            list.AddRange(collection);
            list.AddRange(bytes);

            return(list.ToArray());
        }
Exemple #6
0
        public byte[] ProcessChallenge(byte[] Challenge)
        {
            byte[]    bytes;
            RdpPacket packet = new RdpPacket();

            this.m_ChallengeMsg = Challenge;
            packet.Write(Challenge, 0, Challenge.Length);
            packet.Position = 0L;
            long position = packet.Position;

            if (packet.ReadString(8) != "NTLMSSP\0")
            {
                throw new Exception("Invalid negotiation token!");
            }

            if (packet.ReadLittleEndian32() != 2)
            {
                throw new Exception("Expected challenge!");
            }

            int count = packet.ReadLittleEndian16();

            packet.ReadLittleEndian16();
            int  num4  = packet.ReadLittleEndian32();
            uint flags = (uint)packet.ReadLittleEndian32();

            DumpFlags(flags);
            byte[] buffer = new byte[8];
            packet.Read(buffer, 0, 8);
            DumpHex(buffer, buffer.Length, "Server Challenge");
            byte[] buffer2 = new byte[8];
            packet.Read(buffer2, 0, 8);
            int num5 = packet.ReadLittleEndian16();

            packet.ReadLittleEndian16();
            int num6 = packet.ReadLittleEndian32();

            if ((flags & 0x2000000) != 0)
            {
                byte[] buffer3 = new byte[8];
                packet.Read(buffer3, 0, 8);
            }

            if ((flags & 0x20000000) == 0)
            {
                throw new Exception("Strong Encryption not supported by server");
            }

            byte[] buffer4 = null;

            if (count > 0)
            {
                buffer4         = new byte[count];
                packet.Position = position + num4;
                packet.Read(buffer4, 0, count);
                Encoding.Unicode.GetString(buffer4, 0, buffer4.Length);
            }

            AV_PAIRS av_pairs = new AV_PAIRS();

            byte[] buffer5 = null;

            if (num5 <= 0)
            {
                throw new Exception("No TargetInfo!");
            }

            packet.Position = position + num6;
            buffer5         = new byte[num5];
            packet.Read(buffer5, 0, num5);
            packet = new RdpPacket();
            packet.Write(buffer5, 0, buffer5.Length);
            packet.Position = 0L;
            av_pairs.Parse(packet);

            buffer5 = av_pairs.Serialise();

            byte[] data = nTOWFv2(this.m_sDomain, this.m_sUsername, this.m_sPassword);

            if (Network.Logger != null)
            {
                if (Network.Logger.Reading)
                {
                    data = this.m_Socket.GetBlob(PacketLogger.PacketType.NTLM_ResponseKeyNT);
                }
                else
                {
                    this.m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ResponseKeyNT, data);
                }
            }

            byte[] blob = new byte[8];
            RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();

            provider.GetBytes(blob);

            if (Network.Logger != null)
            {
                if (Network.Logger.Reading)
                {
                    blob = this.m_Socket.GetBlob(PacketLogger.PacketType.NTLM_ClientChallenge);
                }
                else
                {
                    this.m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ClientChallenge, blob);
                }
            }

            DumpHex(blob, blob.Length, "Client Challenge");
            byte[] buffer8 = getLMv2Response(data, buffer, blob);
            DumpHex(buffer8, buffer8.Length, "LM Response");

            if (this.m_bNTLMv2)
            {
                Array.Clear(buffer8, 0, buffer8.Length);
            }

            bool bGenerateMIC = false;

            if ((av_pairs.Timestamp.length <= 0) || !this.m_bNTLMv2)
            {
                bytes = BitConverter.GetBytes(DateTime.UtcNow.ToFileTimeUtc());
            }
            else
            {
                bytes        = av_pairs.Timestamp.value;
                bGenerateMIC = true;
                av_pairs.ProcessForNTLMv2();
                buffer5 = av_pairs.Serialise();
            }

            DumpHex(buffer5, buffer5.Length, "targetinfo");
            byte[] keyExchangeKey = null;
            byte[] buffer11       = getNTLMv2Response(data, buffer, blob, bytes, buffer5, out keyExchangeKey);
            DumpHex(buffer11, buffer11.Length, "NTLMv2 Response");

            if (Network.Logger != null)
            {
                if (Network.Logger.Reading)
                {
                    keyExchangeKey = this.m_Socket.GetBlob(PacketLogger.PacketType.NTLM_KeyExchangeKey);
                }
                else
                {
                    this.m_Socket.AddBlob(PacketLogger.PacketType.NTLM_KeyExchangeKey, keyExchangeKey);
                }
            }

            byte[] encryptedRandomSessionKey = null;
            byte[] buffer13 = null;
            buffer13 = new byte[0x10];
            provider.GetBytes(buffer13);

            if (Network.Logger != null)
            {
                if (Network.Logger.Reading)
                {
                    buffer13 = this.m_Socket.GetBlob(PacketLogger.PacketType.NTLM_ExportedSessionKey);
                }
                else
                {
                    this.m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ExportedSessionKey, buffer13);
                }
            }

            encryptedRandomSessionKey = new byte[0x10];
            RC4 rc = new RC4();

            rc.engineInitEncrypt(keyExchangeKey);
            encryptedRandomSessionKey = rc.crypt(buffer13);

            if ((flags & 0x40000000) == 0)
            {
                encryptedRandomSessionKey = new byte[0];
                buffer13 = keyExchangeKey;
            }

            this.InitSignKeys(buffer13);

            return(this.Authenticate(buffer8, buffer11, this.m_sDomain, this.m_sUsername, this.m_sWorkstation, encryptedRandomSessionKey, buffer13, bGenerateMIC));
        }