public static void TestRedo(string path, long size) { int bytesPerCluster = 512; while (bytesPerCluster <= 65536) { string volumeLabel = "RedoTest_" + bytesPerCluster.ToString(); string fileName = "Test.txt"; byte[] fileData = System.Text.Encoding.ASCII.GetBytes("Redone"); CreateVolumeWithPendingFileCreation(path, size, bytesPerCluster, volumeLabel, fileName, fileData); VHDMountHelper.MountVHD(path); string driveName = MountHelper.WaitForDriveToMount(volumeLabel); if (driveName == null) { throw new Exception("Timeout waiting for volume to mount"); } bool isErrorFree = ChkdskHelper.Chkdsk(driveName); if (!isErrorFree) { throw new InvalidDataException("CHKDSK reported errors"); } byte[] bytesRead = File.ReadAllBytes(driveName + fileName); if (!ByteUtils.AreByteArraysEqual(fileData, bytesRead)) { throw new InvalidDataException("Test failed"); } VHDMountHelper.UnmountVHD(path); File.Delete(path); bytesPerCluster = bytesPerCluster * 2; } }
/// <summary> /// https://tools.ietf.org/html/rfc2743 /// </summary> public static SimpleProtectedNegotiationToken ReadToken(byte[] tokenBytes, int offset) { byte tag = ByteReader.ReadByte(tokenBytes, ref offset); if (tag == ApplicationTag) { // when an InitToken is sent, it is prepended by an Application Constructed Object specifier (0x60), // and the OID for SPNEGO (see value in OID table above). This is the generic GSSAPI header. int tokenLength = DerEncodingHelper.ReadLength(tokenBytes, ref offset); tag = ByteReader.ReadByte(tokenBytes, ref offset); if (tag == (byte)DerEncodingTag.ObjectIdentifier) { int objectIdentifierLength = DerEncodingHelper.ReadLength(tokenBytes, ref offset); byte[] objectIdentifier = ByteReader.ReadBytes(tokenBytes, ref offset, objectIdentifierLength); if (ByteUtils.AreByteArraysEqual(objectIdentifier, SPNEGOIdentifier)) { tag = ByteReader.ReadByte(tokenBytes, ref offset); if (tag == SimpleProtectedNegotiationTokenInit.NegTokenInitTag) { return(new SimpleProtectedNegotiationTokenInit(tokenBytes, offset)); } } } } else if (tag == SimpleProtectedNegotiationTokenResponse.NegTokenRespTag) { return(new SimpleProtectedNegotiationTokenResponse(tokenBytes, offset)); } return(null); }
/// <summary> /// LM v2 / NTLM v2 /// </summary> public User AuthenticateV2(string domainNameToAuth, string accountNameToAuth, byte[] serverChallenge, byte[] lmResponse, byte[] ntlmResponse) { for (int index = 0; index < this.Count; index++) { string accountName = this[index].AccountName; string password = this[index].Password; if (String.Equals(accountName, accountNameToAuth, StringComparison.InvariantCultureIgnoreCase)) { byte[] _LMv2ClientChallenge = ByteReader.ReadBytes(lmResponse, 16, 8); byte[] expectedLMv2Response = NTAuthentication.ComputeLMv2Response(serverChallenge, _LMv2ClientChallenge, password, accountName, domainNameToAuth); if (ByteUtils.AreByteArraysEqual(expectedLMv2Response, lmResponse)) { return(this[index]); } if (ntlmResponse.Length > 24) { NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(ntlmResponse, 16); byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded(); byte[] expectedNTLMv2Response = NTAuthentication.ComputeNTLMv2Response(serverChallenge, clientChallengeStructurePadded, password, accountName, domainNameToAuth); if (ByteUtils.AreByteArraysEqual(expectedNTLMv2Response, ntlmResponse)) { return(this[index]); } } } } return(null); }
public static bool TestCrc16Ccitt_1() { byte[] buffer = new byte[] { 0x06 }; byte[] checksum = new byte[] { 0x4E, 0x95 }; byte[] result = LittleEndianConverter.GetBytes(Crc16Ccitt.ComputeChecksum(buffer)); return(ByteUtils.AreByteArraysEqual(checksum, result)); }
// Based on #2 test vector from https://docs.microsoft.com/en-us/archive/blogs/openspecification/encryption-in-smb-3-0-a-protocol-perspective public void TestDecryption() { byte[] key = new byte[] { 0x8F, 0xE2, 0xB5, 0x7E, 0xC3, 0x4D, 0x2D, 0xB5, 0xB1, 0xA9, 0x72, 0x7F, 0x52, 0x6B, 0xBD, 0xB5 }; byte[] nonce = new byte[] { 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00 }; byte[] signature = new byte[] { 0xA6, 0x01, 0x55, 0x30, 0xA1, 0x8F, 0x6D, 0x9A, 0xFF, 0xE2, 0x2A, 0xFA, 0xE8, 0xE6, 0x64, 0x84 }; byte[] associatedData = new byte[] { 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00, 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00 }; byte[] encyrptedData = new byte[] { 0xDB, 0xF4, 0x64, 0x35, 0xC5, 0xF1, 0x41, 0x69, 0x29, 0x3C, 0xE0, 0x79, 0xE3, 0x44, 0x47, 0x9B, 0xF6, 0x70, 0x22, 0x7E, 0x49, 0x87, 0x3F, 0x45, 0x86, 0x72, 0xC3, 0x09, 0x8D, 0xAC, 0x46, 0x7D, 0xD5, 0x80, 0x9F, 0x36, 0x9D, 0x67, 0x40, 0x91, 0x66, 0x51, 0x57, 0x87, 0x14, 0x83, 0xE0, 0x1F, 0x7B, 0xEC, 0xD0, 0x20, 0x64, 0xEA, 0xC3, 0xE2, 0x35, 0xF9, 0x13, 0x66, 0x8B, 0xBC, 0x2F, 0x09, 0x79, 0x80, 0xD4, 0xB3, 0x78, 0xF1, 0x99, 0x3E, 0xFF, 0x6E, 0x60, 0xD1, 0x77, 0x30, 0x9E, 0x5B }; byte[] expectedData = new byte[] { 0xFE, 0x53, 0x4D, 0x42, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x21, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFE, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte[] data = AesCcm.DecryptAndAuthenticate(key, nonce, encyrptedData, associatedData, signature); Assert.True(ByteUtils.AreByteArraysEqual(expectedData, data)); }
public bool IsPasswordEmpty(AuthenticateMessage message) { // Special case for anonymous authentication, see [MS-NLMP] 3.3.1 - NTLM v1 Authentication if (message.LmChallengeResponse.Length == 1 || message.NtChallengeResponse.Length == 0) { return(true); } byte[] clientChallenge = ByteReader.ReadBytes(message.LmChallengeResponse, 0, 8); byte[] emptyPasswordNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(m_serverChallenge, clientChallenge, String.Empty); if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv1Response, message.NtChallengeResponse)) { return(true); } if (message.NtChallengeResponse.Length > 24) { NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(message.NtChallengeResponse, 16); byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded(); byte[] emptyPasswordNTLMv2Response = NTAuthentication.ComputeNTLMv2Response(m_serverChallenge, clientChallengeStructurePadded, String.Empty, message.UserName, message.DomainName); if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv2Response, message.NtChallengeResponse)) { return(true); } } return(false); }
public void LMv1ResponseTest() { byte[] challenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; byte[] response = NTLMCryptography.ComputeLMv1Response(challenge, "Password"); byte[] expected = { 0x98, 0xde, 0xf7, 0xb8, 0x7f, 0x88, 0xaa, 0x5d, 0xaf, 0xe2, 0xdf, 0x77, 0x96, 0x88, 0xa1, 0x72, 0xde, 0xf1, 0x1c, 0x7d, 0x5c, 0xcd, 0xef, 0x13 }; Assert.True(ByteUtils.AreByteArraysEqual(response, expected)); }
public void TestEncryption() { byte[] encryptionKey = new byte[] { 0x26, 0x1B, 0x72, 0x35, 0x05, 0x58, 0xF2, 0xE9, 0xDC, 0xF6, 0x13, 0x07, 0x03, 0x83, 0xED, 0xBF }; byte[] nonce = new byte[] { 0x66, 0xE6, 0x9A, 0x11, 0x18, 0x92, 0x58, 0x4F, 0xB5, 0xED, 0x52 }; ulong sessionID = 0x8e40014000011; byte[] message = new byte[] { 0xFE, 0x53, 0x4D, 0x42, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x40, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFE, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x31, 0x00, 0x70, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x01, 0x00, 0x00, 0x39, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00, 0x39, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x53, 0x6D, 0x62, 0x33, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x74, 0x65, 0x73, 0x74, 0x69, 0x6E, 0x67 }; byte[] expectedEncrypted = new byte[] { 0x25, 0xC8, 0xFE, 0xE1, 0x66, 0x05, 0xA4, 0x37, 0x83, 0x2D, 0x1C, 0xD5, 0x2D, 0xA9, 0xF4, 0x64, 0x53, 0x33, 0x48, 0x2A, 0x17, 0x5F, 0xE5, 0x38, 0x45, 0x63, 0xF4, 0x5F, 0xCD, 0xAF, 0xAE, 0xF3, 0x8B, 0xC6, 0x2B, 0xA4, 0xD5, 0xC6, 0x28, 0x97, 0x99, 0x66, 0x25, 0xA4, 0x4C, 0x29, 0xBE, 0x56, 0x58, 0xDE, 0x2E, 0x61, 0x17, 0x58, 0x57, 0x79, 0xE7, 0xB5, 0x9F, 0xFD, 0x97, 0x12, 0x78, 0xD0, 0x85, 0x80, 0xD7, 0xFA, 0x89, 0x9E, 0x41, 0x0E, 0x91, 0x0E, 0xAB, 0xF5, 0xAA, 0x1D, 0xB4, 0x30, 0x50, 0xB3, 0x3B, 0x49, 0x18, 0x26, 0x37, 0x75, 0x9A, 0xC1, 0x5D, 0x84, 0xBF, 0xCD, 0xF5, 0xB6, 0xB2, 0x38, 0x99, 0x3C, 0x0F, 0x4C, 0xF4, 0xD6, 0x01, 0x20, 0x23, 0xF6, 0xC6, 0x27, 0x29, 0x70, 0x75, 0xD8, 0x4B, 0x78, 0x03, 0x91, 0x2D, 0x0A, 0x96, 0x39, 0x63, 0x44, 0x53, 0x59, 0x5E, 0xF3, 0xE3, 0x3F, 0xFE, 0x4E, 0x7A, 0xC2, 0xAB }; byte[] expectedSignature = new byte[] { 0x81, 0xA2, 0x86, 0x53, 0x54, 0x15, 0x44, 0x5D, 0xAE, 0x39, 0x39, 0x21, 0xE4, 0x4F, 0xA4, 0x2E }; byte[] signature; byte[] encryptedMessage = SMB2Cryptography.EncryptMessage(encryptionKey, nonce, message, sessionID, out signature); Assert.True(ByteUtils.AreByteArraysEqual(expectedEncrypted, encryptedMessage)); // The associated data in this sample include non-zero nonce padding so we ignore signature validation }
public static bool TestCrc16Ccitt_2() { byte[] buffer = new byte[] { 0x0d, 0x0f, 0x50, 0x42, 0x4c, 0x5f, 0x44, 0x6c, 0x6f, 0x61, 0x64, 0x56, 0x45, 0x52, 0x31, 0x2e, 0x30 }; byte[] checksum = new byte[] { 0x37, 0x41 }; byte[] result = LittleEndianConverter.GetBytes(Crc16Ccitt.ComputeChecksum(buffer)); return(ByteUtils.AreByteArraysEqual(checksum, result)); }
public static void TestSimultaneousWriteAndRead(string path, long size) { RawDiskImage disk = RawDiskImage.Create(path, size); disk.ExclusiveLock(true); int totalSectors = (int)Math.Min(disk.TotalSectors, Int32.MaxValue); Parallel.For(0, totalSectors / 2, 1, 4, delegate(int sectorHint) { long sectorIndex = sectorHint * 2; byte[] pattern = GetTestPattern(sectorIndex, 2, RawDiskImage.DefaultBytesPerSector); disk.WriteSectors(sectorIndex, pattern); if (sectorIndex > 100) { long sectorIndexToVerify = sectorIndex - 100; byte[] expectedPattern = GetTestPattern(sectorIndexToVerify, 2, RawDiskImage.DefaultBytesPerSector); byte[] sectorBytes = disk.ReadSectors(sectorIndexToVerify, 2); if (!ByteUtils.AreByteArraysEqual(sectorBytes, expectedPattern)) { throw new InvalidDataException("Test failed"); } } }); disk.ReleaseLock(); }
// Based on #1 test vector from https://docs.microsoft.com/en-us/archive/blogs/openspecification/encryption-in-smb-3-0-a-protocol-perspective public void TestEncryption() { byte[] key = new byte[] { 0x26, 0x1B, 0x72, 0x35, 0x05, 0x58, 0xF2, 0xE9, 0xDC, 0xF6, 0x13, 0x07, 0x03, 0x83, 0xED, 0xBF }; byte[] nonce = new byte[] { 0x66, 0xE6, 0x9A, 0x11, 0x18, 0x92, 0x58, 0x4F, 0xB5, 0xED, 0x52 }; byte[] data = new byte[] { 0xFE, 0x53, 0x4D, 0x42, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x40, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFE, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x31, 0x00, 0x70, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x01, 0x00, 0x00, 0x39, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00, 0x39, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x53, 0x6D, 0x62, 0x33, 0x20, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x74, 0x65, 0x73, 0x74, 0x69, 0x6E, 0x67 }; byte[] associatedData = new byte[] { 0x66, 0xE6, 0x9A, 0x11, 0x18, 0x92, 0x58, 0x4F, 0xB5, 0xED, 0x52, 0x4A, 0x74, 0x4D, 0xA3, 0xEE, 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00 }; byte[] expectedEncrypted = new byte[] { 0x25, 0xC8, 0xFE, 0xE1, 0x66, 0x05, 0xA4, 0x37, 0x83, 0x2D, 0x1C, 0xD5, 0x2D, 0xA9, 0xF4, 0x64, 0x53, 0x33, 0x48, 0x2A, 0x17, 0x5F, 0xE5, 0x38, 0x45, 0x63, 0xF4, 0x5F, 0xCD, 0xAF, 0xAE, 0xF3, 0x8B, 0xC6, 0x2B, 0xA4, 0xD5, 0xC6, 0x28, 0x97, 0x99, 0x66, 0x25, 0xA4, 0x4C, 0x29, 0xBE, 0x56, 0x58, 0xDE, 0x2E, 0x61, 0x17, 0x58, 0x57, 0x79, 0xE7, 0xB5, 0x9F, 0xFD, 0x97, 0x12, 0x78, 0xD0, 0x85, 0x80, 0xD7, 0xFA, 0x89, 0x9E, 0x41, 0x0E, 0x91, 0x0E, 0xAB, 0xF5, 0xAA, 0x1D, 0xB4, 0x30, 0x50, 0xB3, 0x3B, 0x49, 0x18, 0x26, 0x37, 0x75, 0x9A, 0xC1, 0x5D, 0x84, 0xBF, 0xCD, 0xF5, 0xB6, 0xB2, 0x38, 0x99, 0x3C, 0x0F, 0x4C, 0xF4, 0xD6, 0x01, 0x20, 0x23, 0xF6, 0xC6, 0x27, 0x29, 0x70, 0x75, 0xD8, 0x4B, 0x78, 0x03, 0x91, 0x2D, 0x0A, 0x96, 0x39, 0x63, 0x44, 0x53, 0x59, 0x5E, 0xF3, 0xE3, 0x3F, 0xFE, 0x4E, 0x7A, 0xC2, 0xAB }; byte[] expectedSignature = new byte[] { 0x81, 0xA2, 0x86, 0x53, 0x54, 0x15, 0x44, 0x5D, 0xAE, 0x39, 0x39, 0x21, 0xE4, 0x4F, 0xA4, 0x2E }; byte[] calculatedSignature; byte[] encrypted = AesCcm.Encrypt(key, nonce, data, associatedData, 16, out calculatedSignature); Assert.True(ByteUtils.AreByteArraysEqual(expectedEncrypted, encrypted)); Assert.True(ByteUtils.AreByteArraysEqual(expectedSignature, calculatedSignature)); }
public static void TestOverlappedWriteAndOverlappedRead(string path, long size) { RawDiskImage disk = RawDiskImage.Create(path, size); disk.ExclusiveLock(true); int totalSectors = (int)Math.Min(disk.TotalSectors, Int32.MaxValue); Parallel.For(0, totalSectors, 1, 4, delegate(int sectorIndex) { byte[] pattern = GetTestPattern(sectorIndex, RawDiskImage.DefaultBytesPerSector); disk.WriteSectors(sectorIndex, pattern); }); Parallel.For(0, totalSectors, 1, 4, delegate(int sectorIndex) { byte[] pattern = GetTestPattern(sectorIndex, RawDiskImage.DefaultBytesPerSector); byte[] sectorBytes = disk.ReadSector(sectorIndex); if (!ByteUtils.AreByteArraysEqual(pattern, sectorBytes)) { throw new InvalidDataException("Test failed"); } }); disk.ReleaseLock(); }
public static void TestWriteRead(string path, long size) { RawDiskImage disk = RawDiskImage.Create(path, size); disk.ExclusiveLock(); for (long sectorIndex = 0; sectorIndex < disk.TotalSectors; sectorIndex += PhysicalDisk.MaximumDirectTransferSizeLBA) { long leftToWrite = disk.TotalSectors - sectorIndex; int sectorsToWrite = (int)Math.Min(leftToWrite, PhysicalDisk.MaximumDirectTransferSizeLBA); byte[] pattern = GetTestPattern(sectorIndex, sectorsToWrite, RawDiskImage.DefaultBytesPerSector); disk.WriteSectors(sectorIndex, pattern); } for (long sectorIndex = 0; sectorIndex < disk.TotalSectors; sectorIndex += PhysicalDisk.MaximumDirectTransferSizeLBA) { long leftToRead = disk.TotalSectors - sectorIndex; int sectorsToRead = (int)Math.Min(leftToRead, PhysicalDisk.MaximumDirectTransferSizeLBA); byte[] pattern = GetTestPattern(sectorIndex, sectorsToRead, RawDiskImage.DefaultBytesPerSector); byte[] sectorBytes = disk.ReadSectors(sectorIndex, sectorsToRead); if (!ByteUtils.AreByteArraysEqual(pattern, sectorBytes)) { throw new InvalidDataException("Test failed"); } } disk.ReleaseLock(); }
public static bool NTLMv2ChallengeMessageTest() { byte[] expected = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x00, 0x00, 0x33, 0x82, 0x8a, 0xe2, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x24, 0x00, 0x44, 0x00, 0x00, 0x00, 0x06, 0x00, 0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte[] serverChallenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; ChallengeMessage message = new ChallengeMessage(); message.ServerChallenge = serverChallenge; message.Version = new NTLMVersion(6, 0, 6000, 15); message.NegotiateFlags = NegotiateFlags.UnicodeEncoding | NegotiateFlags.OEMEncoding | NegotiateFlags.Sign | NegotiateFlags.Seal | NegotiateFlags.NTLMSessionSecurity | NegotiateFlags.AlwaysSign | NegotiateFlags.TargetTypeServer | NegotiateFlags.ExtendedSessionSecurity | NegotiateFlags.TargetInfo | NegotiateFlags.Version | NegotiateFlags.Use128BitEncryption | NegotiateFlags.KeyExchange | NegotiateFlags.Use56BitEncryption; message.TargetName = "Server"; byte[] serverAVPair = AVPairUtils.GetAVPairSequence("Domain", "Server"); message.TargetInfo = serverAVPair; byte[] messageBytes = message.GetBytes(); bool success = ByteUtils.AreByteArraysEqual(expected, messageBytes); return(success); }
/// <summary> /// LM v1 / NTLM v1 Extended Session Security /// </summary> private static bool AuthenticateV1Extended(string password, byte[] serverChallenge, byte[] lmResponse, byte[] ntResponse) { byte[] clientChallenge = ByteReader.ReadBytes(lmResponse, 0, 8); byte[] expectedNTLMv1Response = NTLMCryptography.ComputeNTLMv1ExtendedSessionSecurityResponse(serverChallenge, clientChallenge, password); return(ByteUtils.AreByteArraysEqual(expectedNTLMv1Response, ntResponse)); }
public void TestDecryption() { byte[] decryptionKey = new byte[] { 0x8F, 0xE2, 0xB5, 0x7E, 0xC3, 0x4D, 0x2D, 0xB5, 0xB1, 0xA9, 0x72, 0x7F, 0x52, 0x6B, 0xBD, 0xB5 }; byte[] transformedPacket = new byte[] { 0xFD, 0x53, 0x4D, 0x42, 0xA6, 0x01, 0x55, 0x30, 0xA1, 0x8F, 0x6D, 0x9A, 0xFF, 0xE2, 0x2A, 0xFA, 0xE8, 0xE6, 0x64, 0x84, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00, 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00, 0xDB, 0xF4, 0x64, 0x35, 0xC5, 0xF1, 0x41, 0x69, 0x29, 0x3C, 0xE0, 0x79, 0xE3, 0x44, 0x47, 0x9B, 0xF6, 0x70, 0x22, 0x7E, 0x49, 0x87, 0x3F, 0x45, 0x86, 0x72, 0xC3, 0x09, 0x8D, 0xAC, 0x46, 0x7D, 0xD5, 0x80, 0x9F, 0x36, 0x9D, 0x67, 0x40, 0x91, 0x66, 0x51, 0x57, 0x87, 0x14, 0x83, 0xE0, 0x1F, 0x7B, 0xEC, 0xD0, 0x20, 0x64, 0xEA, 0xC3, 0xE2, 0x35, 0xF9, 0x13, 0x66, 0x8B, 0xBC, 0x2F, 0x09, 0x79, 0x80, 0xD4, 0xB3, 0x78, 0xF1, 0x99, 0x3E, 0xFF, 0x6E, 0x60, 0xD1, 0x77, 0x30, 0x9E, 0x5B }; byte[] expectedDecryptedMessage = new byte[] { 0xFE, 0x53, 0x4D, 0x42, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x21, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFE, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x14, 0x00, 0xE4, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; SMB2TransformHeader transformHeader = new SMB2TransformHeader(transformedPacket, 0); byte[] encryptedMessage = ByteReader.ReadBytes(transformedPacket, SMB2TransformHeader.Length, (int)transformHeader.OriginalMessageSize); byte[] decryptedMessage = SMB2Cryptography.DecryptMessage(decryptionKey, transformHeader, encryptedMessage); Assert.True(ByteUtils.AreByteArraysEqual(expectedDecryptedMessage, decryptedMessage)); }
public static bool ValidateCertificate(byte[] issuingCertificate, byte[] certificateToValidate) { RSAParameters rsaParameters = GetRSAParameters(issuingCertificate); byte[] certificateSignature = ByteReader.ReadBytes(certificateToValidate, certificateToValidate.Length - 256, 256); byte[] decodedSignature = RSAHelper.DecryptSignature(certificateSignature, rsaParameters); byte[] tbsCertificate = CertificateHelper.ExtractTbsCertificate(certificateToValidate); if (StartsWith(decodedSignature, SHA_256_PKCS_ID)) { byte[] expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_256_PKCS_ID.Length, 32); SHA256Managed sha256 = new SHA256Managed(); byte[] hash = sha256.ComputeHash(tbsCertificate); return(ByteUtils.AreByteArraysEqual(hash, expectedHash)); } else if (StartsWith(decodedSignature, SHA_160_PKCS_ID)) { byte[] expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_160_PKCS_ID.Length, 20); SHA1Managed sha1 = new SHA1Managed(); byte[] hash = sha1.ComputeHash(tbsCertificate); return(ByteUtils.AreByteArraysEqual(hash, expectedHash)); } else { throw new NotImplementedException("Unsupported Signature PKCS ID"); } }
public void NTLMv1ResponseTest() { byte[] challenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; byte[] response = NTLMCryptography.ComputeNTLMv1Response(challenge, "Password"); byte[] expected = { 0x67, 0xc4, 0x30, 0x11, 0xf3, 0x02, 0x98, 0xa2, 0xad, 0x35, 0xec, 0xe6, 0x4f, 0x16, 0x33, 0x1c, 0x44, 0xbd, 0xbe, 0xd9, 0x27, 0x84, 0x1f, 0x94 }; Assert.True(ByteUtils.AreByteArraysEqual(response, expected)); }
/// <summary> /// Get Windows Volume Guid of MBR disk /// </summary> /// <param name="partitionStartOffset">In bytes</param> /// <returns></returns> public static Guid?GetWindowsVolumeGuid(uint mbrDiskSignature, ulong partitionStartOffset) { byte[] identifier = new byte[12]; LittleEndianWriter.WriteUInt32(identifier, 0, mbrDiskSignature); LittleEndianWriter.WriteUInt64(identifier, 4, partitionStartOffset); RegistryKey mountedDevices = Registry.LocalMachine.OpenSubKey(@"SYSTEM\MountedDevices"); foreach (string valueName in mountedDevices.GetValueNames()) { object valueObject = mountedDevices.GetValue(valueName); byte[] value = valueObject as byte[]; if (value != null && value.Length == 12) { if (ByteUtils.AreByteArraysEqual(value, identifier)) { if (valueName.StartsWith(@"\??\Volume")) { string guidString = valueName.Substring(10); return(new Guid(guidString)); } } } } return(null); }
public static bool VerifyImageSignature(byte[] imageBytes, byte[] softwareID, byte[] hardwareID) { if (softwareID.Length != 8) { throw new ArgumentException("SoftwareID should be 8 bytes long"); } if (hardwareID.Length != 8) { throw new ArgumentException("HardwareID should be 8 bytes long"); } byte[] expectedHash = DecryptFileSignature(imageBytes); byte[] imageHeader = ByteReader.ReadBytes(imageBytes, 0, ApplicationExecutableHeader.Length); byte[] codeBytes = ApplicationExecutableHelper.ExtractCode(imageBytes); HashAlgorithm hashAlgorithm; if (expectedHash.Length == 20) { hashAlgorithm = SHA1.Create(); } else if (expectedHash.Length == 32) { hashAlgorithm = SHA256.Create(); } else { throw new Exception("Unknown hash algorithm"); } byte[] message = hashAlgorithm.ComputeHash(ByteUtils.Concatenate(imageHeader, codeBytes)); byte[] hash = HMAC(softwareID, hardwareID, message, hashAlgorithm); return(ByteUtils.AreByteArraysEqual(expectedHash, hash)); }
public static bool Test2() { byte[] key = new byte[] { 0x61, 0x8A, 0x63, 0xD2, 0xFB }; byte[] text = new byte[] { 0xDC, 0xEE, 0x4C, 0xF9, 0x2C }; byte[] expectedCipher = new byte[] { 0xF1, 0x38, 0x29, 0xC9, 0xDE }; byte[] cipher = RC4.Encrypt(key, text); return(ByteUtils.AreByteArraysEqual(cipher, expectedCipher)); }
public static bool Test1() { byte[] key = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; byte[] text = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte[] expectedCipher = new byte[] { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 }; byte[] cipher = RC4.Encrypt(key, text); return(ByteUtils.AreByteArraysEqual(cipher, expectedCipher)); }
public void Test2() { byte[] key = new byte[] { 0x61, 0x8A, 0x63, 0xD2, 0xFB }; byte[] text = new byte[] { 0xDC, 0xEE, 0x4C, 0xF9, 0x2C }; byte[] expectedCipher = new byte[] { 0xF1, 0x38, 0x29, 0xC9, 0xDE }; byte[] cipher = RC4.Encrypt(key, text); Assert.IsTrue(ByteUtils.AreByteArraysEqual(cipher, expectedCipher)); }
public static bool LMv1HashTest() { byte[] hash = NTLMCryptography.LMOWFv1("Password"); byte[] expected = new byte[] { 0xe5, 0x2c, 0xac, 0x67, 0x41, 0x9a, 0x9a, 0x22, 0x4a, 0x3b, 0x10, 0x8f, 0x3f, 0xa6, 0xcb, 0x6d }; bool success = ByteUtils.AreByteArraysEqual(hash, expected); return(success); }
public static bool NTv2HashTest() { byte[] hash = NTLMCryptography.NTOWFv2("Password", "User", "Domain"); byte[] expected = new byte[] { 0x0c, 0x86, 0x8a, 0x40, 0x3b, 0xfd, 0x7a, 0x93, 0xa3, 0x00, 0x1e, 0xf2, 0x2e, 0xf0, 0x2e, 0x3f }; bool success = ByteUtils.AreByteArraysEqual(hash, expected); return(success); }
public void LMv2ResponseTest() { byte[] serverChallenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; byte[] clientChallenge = new byte[] { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; byte[] response = NTLMCryptography.ComputeLMv2Response(serverChallenge, clientChallenge, "Password", "User", "Domain"); byte[] expected = new byte[] { 0x86, 0xc3, 0x50, 0x97, 0xac, 0x9c, 0xec, 0x10, 0x25, 0x54, 0x76, 0x4a, 0x57, 0xcc, 0xcc, 0x19, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; Assert.True(ByteUtils.AreByteArraysEqual(response, expected)); }
public static bool NTv1HashTest() { byte[] hash = NTLMCryptography.NTOWFv1("Password"); byte[] expected = new byte[] { 0xa4, 0xf4, 0x9c, 0x40, 0x65, 0x10, 0xbd, 0xca, 0xb6, 0x82, 0x4e, 0xe7, 0xc3, 0x0f, 0xd8, 0x52 }; bool success = ByteUtils.AreByteArraysEqual(hash, expected); return(success); }
public void Test1() { byte[] key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; byte[] text = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte[] expectedCipher = { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 }; byte[] cipher = RC4.Encrypt(key, text); Assert.True(ByteUtils.AreByteArraysEqual(cipher, expectedCipher)); }
public static bool StartsWith(byte[] array1, byte[] array2) { if (array1.Length >= array2.Length) { byte[] start = ByteReader.ReadBytes(array1, 0, array2.Length); return(ByteUtils.AreByteArraysEqual(start, array2)); } return(false); }
public void Test2() { byte[] buffer = { 0x20, 0x46, 0x47, 0x45, 0x4e, 0x44, 0x4a, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x41, 0x41, 0x00 }; int offset = 0; string name = NetBiosUtils.DecodeName(buffer, ref offset); byte[] encodedName = NetBiosUtils.EncodeName(name, string.Empty); Assert.True(ByteUtils.AreByteArraysEqual(buffer, encodedName)); }