protected override void Decode(byte[] message) { base.Decode(message); if (BitConverterLE.ToUInt16(message, 56) != message.Length) { string text = Locale.GetText("Invalid Type3 message length."); throw new ArgumentException(text, "message"); } _password = null; int count = BitConverterLE.ToUInt16(message, 28); int index = 64; _domain = Encoding.Unicode.GetString(message, index, count); int count2 = BitConverterLE.ToUInt16(message, 44); int index2 = BitConverterLE.ToUInt16(message, 48); _host = Encoding.Unicode.GetString(message, index2, count2); int count3 = BitConverterLE.ToUInt16(message, 36); int index3 = BitConverterLE.ToUInt16(message, 40); _username = Encoding.Unicode.GetString(message, index3, count3); _lm = new byte[24]; int srcOffset = BitConverterLE.ToUInt16(message, 16); Buffer.BlockCopy(message, srcOffset, _lm, 0, 24); _nt = new byte[24]; int srcOffset2 = BitConverterLE.ToUInt16(message, 24); Buffer.BlockCopy(message, srcOffset2, _nt, 0, 24); if (message.Length >= 64) { base.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60); } }
protected override void Decode(byte[] message) { base.Decode(message); if ((int)BitConverterLE.ToUInt16(message, 56) != message.Length) { throw new ArgumentException(Locale.GetText("Invalid Type3 message length."), nameof(message)); } this._password = (string)null; int uint16_1 = (int)BitConverterLE.ToUInt16(message, 28); int index = 64; this._domain = Encoding.Unicode.GetString(message, index, uint16_1); int uint16_2 = (int)BitConverterLE.ToUInt16(message, 44); int uint16_3 = (int)BitConverterLE.ToUInt16(message, 48); this._host = Encoding.Unicode.GetString(message, uint16_3, uint16_2); int uint16_4 = (int)BitConverterLE.ToUInt16(message, 36); int uint16_5 = (int)BitConverterLE.ToUInt16(message, 40); this._username = Encoding.Unicode.GetString(message, uint16_5, uint16_4); this._lm = new byte[24]; int uint16_6 = (int)BitConverterLE.ToUInt16(message, 16); Buffer.BlockCopy((Array)message, uint16_6, (Array)this._lm, 0, 24); this._nt = new byte[24]; int uint16_7 = (int)BitConverterLE.ToUInt16(message, 24); Buffer.BlockCopy((Array)message, uint16_7, (Array)this._nt, 0, 24); if (message.Length < 64) { return; } this.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60); }
// methods protected override void Decode(byte[] message) { base.Decode(message); short targetNameSize = BitConverterLE.ToInt16(message, 12); int targetNameOffset = BitConverterLE.ToInt32(message, 16); Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 20); Buffer.BlockCopy(message, 24, _nonce, 0, 8); if (Version == NtlmVersion.Version1) { return; } Buffer.BlockCopy(message, 32, _context, 0, 8); short targetInfoSize = BitConverterLE.ToInt16(message, 40); int targetInfoOffset = BitConverterLE.ToInt32(message, 44); if (Version == NtlmVersion.Version3) { Buffer.BlockCopy(OSVersion, 0, message, 48, OSVersion.Length); } Encoding enc = (Flags & NtlmFlags.NegotiateUnicode) != 0 ? Encoding.Unicode : Encoding.UTF8; if (targetNameSize > 0) { TargetName = enc.GetString(message, targetNameOffset, targetNameSize); } _target.Decode(message, targetInfoOffset, targetInfoSize); }
// methods protected override void Decode(byte[] message) { base.Decode(message); Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 20); Buffer.BlockCopy(message, 24, _nonce, 0, 8); var tname_len = BitConverterLE.ToUInt16(message, 12); var tname_off = BitConverterLE.ToUInt16(message, 16); if (tname_len > 0) { if ((Flags & NtlmFlags.NegotiateOem) != 0) { _targetName = Encoding.ASCII.GetString(message, tname_off, tname_len); } else { _targetName = Encoding.Unicode.GetString(message, tname_off, tname_len); } } // The Target Info block is optional. if (message.Length >= 48) { var tinfo_len = BitConverterLE.ToUInt16(message, 40); var tinfo_off = BitConverterLE.ToUInt16(message, 44); if (tinfo_len > 0) { _targetInfo = new byte [tinfo_len]; Buffer.BlockCopy(message, tinfo_off, _targetInfo, 0, tinfo_len); } } }
internal int ProcessFirstBlock() { if (this.fs == null) { return(1); } this.fs.Position = 0L; this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length); this.blockNo = 1; if (this.blockLength < 0x40) { return(2); } if (BitConverterLE.ToUInt16(this.fileblock, 0) != 0x5a4d) { return(3); } this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60); if (this.peOffset > this.fileblock.Length) { throw new NotSupportedException(string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length)); } if (this.peOffset > this.fs.Length) { return(4); } if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 0x4550) { return(5); } this.dirSecurityOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x98); this.dirSecuritySize = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x9c); this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12); return(0); }
// methods protected override void Decode(byte[] message) { base.Decode(message); Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 20); Buffer.BlockCopy(message, 24, _nonce, 0, 8); }
private bool Decode(byte[] pvk, string password) { if (BitConverterLE.ToUInt32(pvk, 0) != 2964713758u) { return(false); } if (BitConverterLE.ToUInt32(pvk, 4) != 0u) { return(false); } this.keyType = BitConverterLE.ToInt32(pvk, 8); this.encrypted = (BitConverterLE.ToUInt32(pvk, 12) == 1u); int num = BitConverterLE.ToInt32(pvk, 16); int num2 = BitConverterLE.ToInt32(pvk, 20); byte[] array = new byte[num2]; Buffer.BlockCopy(pvk, 24 + num, array, 0, num2); if (num > 0) { if (password == null) { return(false); } byte[] array2 = new byte[num]; Buffer.BlockCopy(pvk, 24, array2, 0, num); byte[] array3 = this.DeriveKey(array2, password); RC4 rc = RC4.Create(); ICryptoTransform cryptoTransform = rc.CreateDecryptor(array3, null); cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8); try { this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array); this.weak = false; } catch (CryptographicException) { this.weak = true; Buffer.BlockCopy(pvk, 24 + num, array, 0, num2); Array.Clear(array3, 5, 11); RC4 rc2 = RC4.Create(); cryptoTransform = rc2.CreateDecryptor(array3, null); cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8); this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array); } Array.Clear(array3, 0, array3.Length); } else { this.weak = true; this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(array); Array.Clear(array, 0, array.Length); } Array.Clear(pvk, 0, pvk.Length); return(this.rsa != null); }
protected bool CheckHeader(byte[] message) { for (int i = 0; i < MessageBase.header.Length; i++) { if (message[i] != MessageBase.header[i]) { return(false); } } return((ulong)BitConverterLE.ToUInt32(message, 8) == (ulong)((long)this._type)); }
protected bool CheckHeader(byte[] message) { for (int index = 0; index < MessageBase.header.Length; ++index) { if ((int)message[index] != (int)MessageBase.header[index]) { return(false); } } return((long)BitConverterLE.ToUInt32(message, 8) == (long)this._type); }
protected override void Decode(byte[] message) { base.Decode(message); this.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12); int uint16_1 = (int)BitConverterLE.ToUInt16(message, 16); int uint16_2 = (int)BitConverterLE.ToUInt16(message, 20); this._domain = Encoding.ASCII.GetString(message, uint16_2, uint16_1); int uint16_3 = (int)BitConverterLE.ToUInt16(message, 24); this._host = Encoding.ASCII.GetString(message, 32, uint16_3); }
protected override void Decode(byte[] message) { base.Decode(message); base.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12); int count = BitConverterLE.ToUInt16(message, 16); int index = BitConverterLE.ToUInt16(message, 20); _domain = Encoding.ASCII.GetString(message, index, count); int count2 = BitConverterLE.ToUInt16(message, 24); _host = Encoding.ASCII.GetString(message, 32, count2); }
// methods protected override void Decode(byte[] message) { base.Decode(message); if (BitConverterLE.ToUInt16(message, 56) != message.Length) { string msg = Locale.GetText("Invalid Type3 message length."); throw new ArgumentException(msg, "message"); } _password = null; if (message.Length >= 64) { Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60); } else { Flags = (NtlmFlags)0x8201; } int lm_len = BitConverterLE.ToUInt16(message, 12); int lm_off = BitConverterLE.ToUInt16(message, 16); _lm = new byte [lm_len]; Buffer.BlockCopy(message, lm_off, _lm, 0, lm_len); int nt_len = BitConverterLE.ToUInt16(message, 20); int nt_off = BitConverterLE.ToUInt16(message, 24); _nt = new byte [nt_len]; Buffer.BlockCopy(message, nt_off, _nt, 0, nt_len); int dom_len = BitConverterLE.ToUInt16(message, 28); int dom_off = BitConverterLE.ToUInt16(message, 32); _domain = DecodeString(message, dom_off, dom_len); int user_len = BitConverterLE.ToUInt16(message, 36); int user_off = BitConverterLE.ToUInt16(message, 40); _username = DecodeString(message, user_off, user_len); int host_len = BitConverterLE.ToUInt16(message, 44); int host_off = BitConverterLE.ToUInt16(message, 48); _host = DecodeString(message, host_off, host_len); // Session key. We don't use it yet. // int skey_len = BitConverterLE.ToUInt16 (message, 52); // int skey_off = BitConverterLE.ToUInt16 (message, 56); }
private bool Decode(byte[] pvk, string password) { if (BitConverterLE.ToUInt32(pvk, 0) != 2964713758U || BitConverterLE.ToUInt32(pvk, 4) != 0U) { return(false); } this.keyType = BitConverterLE.ToInt32(pvk, 8); this.encrypted = BitConverterLE.ToUInt32(pvk, 12) == 1U; int int32_1 = BitConverterLE.ToInt32(pvk, 16); int int32_2 = BitConverterLE.ToInt32(pvk, 20); byte[] numArray = new byte[int32_2]; Buffer.BlockCopy((Array)pvk, 24 + int32_1, (Array)numArray, 0, int32_2); if (int32_1 > 0) { if (password == null) { return(false); } byte[] salt = new byte[int32_1]; Buffer.BlockCopy((Array)pvk, 24, (Array)salt, 0, int32_1); byte[] rgbKey = this.DeriveKey(salt, password); RC4.Create().CreateDecryptor(rgbKey, (byte[])null).TransformBlock(numArray, 8, numArray.Length - 8, numArray, 8); try { this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray); this.weak = false; } catch (CryptographicException) { this.weak = true; Buffer.BlockCopy((Array)pvk, 24 + int32_1, (Array)numArray, 0, int32_2); Array.Clear((Array)rgbKey, 5, 11); RC4.Create().CreateDecryptor(rgbKey, (byte[])null).TransformBlock(numArray, 8, numArray.Length - 8, numArray, 8); this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray); } Array.Clear((Array)rgbKey, 0, rgbKey.Length); } else { this.weak = true; this.rsa = CryptoConvert.FromCapiPrivateKeyBlob(numArray); Array.Clear((Array)numArray, 0, numArray.Length); } Array.Clear((Array)pvk, 0, pvk.Length); return(this.rsa != null); }
// methods protected override void Decode(byte[] message) { base.Decode(message); // FIXME: This Version condition is introduced to make // nunit tests pass, and hence not based on the NTLM // analysis docs. Find out the reason why it is needed. if (Version == NtlmVersion.Version1 && BitConverterLE.ToUInt16(message, 56) != message.Length) { string msg = Locale.GetText("Invalid Type3 message length."); throw new ArgumentException(msg, "message"); } _password = null; int dom_len = BitConverterLE.ToUInt16(message, 28); int dom_off = BitConverterLE.ToUInt16(message, 32); _domain = Encoding.Unicode.GetString(message, dom_off, dom_len); int host_len = BitConverterLE.ToUInt16(message, 44); int host_off = BitConverterLE.ToUInt16(message, 48); _host = Encoding.Unicode.GetString(message, host_off, host_len); int user_len = BitConverterLE.ToUInt16(message, 36); int user_off = BitConverterLE.ToUInt16(message, 40); _username = Encoding.Unicode.GetString(message, user_off, user_len); _lm = new byte [24]; int lm_off = BitConverterLE.ToUInt16(message, 16); Buffer.BlockCopy(message, lm_off, _lm, 0, 24); _nt = new byte [24]; int nt_off = BitConverterLE.ToUInt16(message, 24); Buffer.BlockCopy(message, nt_off, _nt, 0, 24); if (message.Length >= 64) { Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60); } }
// methods protected override void Decode(byte[] message) { base.Decode(message); if (BitConverterLE.ToUInt16(message, 56) != message.Length) { string msg = Locale.GetText("Invalid Type3 message length."); throw new ArgumentException(msg, "message"); } _password = null; int dom_len = BitConverterLE.ToUInt16(message, 28); int dom_off = 64; _domain = Encoding.Unicode.GetString(message, dom_off, dom_len); int host_len = BitConverterLE.ToUInt16(message, 44); int host_off = BitConverterLE.ToUInt16(message, 48); _host = Encoding.Unicode.GetString(message, host_off, host_len); int user_len = BitConverterLE.ToUInt16(message, 36); int user_off = BitConverterLE.ToUInt16(message, 40); _username = Encoding.Unicode.GetString(message, user_off, user_len); _lm = new byte [24]; int lm_off = BitConverterLE.ToUInt16(message, 16); Buffer.BlockCopy(message, lm_off, _lm, 0, 24); _nt = new byte [24]; int nt_off = BitConverterLE.ToUInt16(message, 24); Buffer.BlockCopy(message, nt_off, _nt, 0, 24); if (message.Length >= 64) { Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60); } }
// methods protected override void Decode(byte[] message) { base.Decode(message); Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12); int dom_len = BitConverterLE.ToUInt16(message, 16); int dom_off = BitConverterLE.ToUInt16(message, 20); #if XAMARIN_WEBTESTS _domain = Encoding.UTF8.GetString(message, dom_off, dom_len); #else _domain = Encoding.ASCII.GetString(message, dom_off, dom_len); #endif int host_len = BitConverterLE.ToUInt16(message, 24); #if XAMARIN_WEBTESTS _host = Encoding.UTF8.GetString(message, 32, host_len); #else _host = Encoding.ASCII.GetString(message, 32, host_len); #endif }
internal bool ReadFirstBlock() { if (this.fs == null) { return(false); } this.fs.Position = 0L; this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length); this.blockNo = 1; if (this.blockLength < 64) { return(false); } if (BitConverterLE.ToUInt16(this.fileblock, 0) != 23117) { return(false); } this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60); if (this.peOffset > this.fileblock.Length) { string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length); throw new NotSupportedException(message); } if ((long)this.peOffset > this.fs.Length) { return(false); } if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 17744u) { return(false); } this.dirSecurityOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 152); this.dirSecuritySize = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 156); this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12); return(true); }
internal int ProcessFirstBlock() { if (fs == null) { return(1); } fs.Position = 0L; blockLength = fs.Read(fileblock, 0, fileblock.Length); blockNo = 1; if (blockLength < 64) { return(2); } if (BitConverterLE.ToUInt16(fileblock, 0) != 23117) { return(3); } peOffset = BitConverterLE.ToInt32(fileblock, 60); if (peOffset > fileblock.Length) { string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), fileblock.Length); throw new NotSupportedException(message); } if (peOffset > fs.Length) { return(4); } if (BitConverterLE.ToUInt32(fileblock, peOffset) != 17744) { return(5); } dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152); dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156); coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12); return(0); }
internal int ProcessFirstBlock() { if (fs == null) { return(1); } fs.Position = 0; // read first block - it will include (100% sure) // the MZ header and (99.9% sure) the PE header blockLength = fs.Read(fileblock, 0, fileblock.Length); blockNo = 1; if (blockLength < 64) { return(2); // invalid PE file } // 1. Validate the MZ header informations // 1.1. Check for magic MZ at start of header if (BitConverterLE.ToUInt16(fileblock, 0) != 0x5A4D) { return(3); } // 1.2. Find the offset of the PE header peOffset = BitConverterLE.ToInt32(fileblock, 60); if (peOffset > fileblock.Length) { // just in case (0.1%) this can actually happen // FIXME This does not mean the file is invalid, // just that this code cannot handle it. // FIXME Read the entire file into memory. // See earlier comments. string msg = String.Format(Locale.GetText( "Header size too big (> {0} bytes)."), fileblock.Length); throw new NotSupportedException(msg); } // FIXME This verifies that PE starts within the file, // but not that it fits. if (peOffset > fs.Length) { return(4); } // 2. Read between DOS header and first part of PE header // 2.1. Check for magic PE at start of header // PE - NT header ('P' 'E' 0x00 0x00) if (BitConverterLE.ToUInt32(fileblock, peOffset) != 0x4550) { return(5); } // PE signature is followed by 20 byte file header, and // then 2 byte magic 0x10B for PE32 or 0x20B for PE32+, // or 0x107 for the obscure ROM case. // FIXME The code historically ignored this magic value // entirely, so we only treat 0x20B differently to maintain // this dubious behavior. // FIXME The code also lacks range checks in a number of places, // and will access arrays out of bounds for valid files. ushort magic = BitConverterLE.ToUInt16(fileblock, peOffset + 24); const int IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20B; pe64 = magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC; // FIXME This fails to validate NumberOfRvasAndSizes. // 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size) // These offsets are from the documentation, but add 24 for // PE signature and file header. if (pe64) { dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 168); dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 168 + 4); } else { dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152); dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156); } // FIXME Remove this code and the dependency on it. coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12); return(0); }