public void PasswordEncryptionKey_DataStoreNTHash_W2016_TestVector2()
{
// Win 2016 TP4+
byte[] blob = "1300000000000000E2FCB1CA163BAF47045BEC69E0B9747C100000002973C11ACE6228D4083ADAC2E3C98DB6C613A32C1A52016EA013CED970A1A2D4".HexToBinary();
byte[] binaryPek = "56d98148ec91d111905a00c04fc2d4cfd02cd74ef843d1010000000001000000000000006a35d3fc0e9949135463ab766cac7dbb0c0c0c0c0c0c0c0c0c0c0c0ca93445b678ce5fbe02de23c3c71ff800".HexToBinary();
var pek = new DataStoreSecretDecryptor(binaryPek, PekListVersion.W2016);
int rid = 500;
string result = pek.DecryptHash(blob, rid).ToHex(true);
string expected = "92937945B518814341DE3F726500D4FF";
Assert.AreEqual(expected, result);
}
public void PasswordEncryptionKey_DataStoreNTHash_W2016_TestVector1()
{
// Win 2016 TP4+
byte[] blob = "1300000000000000A548432796CC93BEB01E585C98F5A050100000006095B3BB2F5D39081F98B8FFAE5A8E43D66D763BD25613B44640B4E666DA5208".HexToBinary();
byte[] binaryPek = "56d98148ec91d111905a00c04fc2d4cfd02cd74ef843d1010000000001000000000000006a35d3fc0e9949135463ab766cac7dbb0c0c0c0c0c0c0c0c0c0c0c0ca93445b678ce5fbe02de23c3c71ff800".HexToBinary();
var pek = new DataStoreSecretDecryptor(binaryPek, PekListVersion.W2016);
int rid = 1103;
string result = pek.DecryptHash(blob, rid).ToHex(true);
string expected = "92937945B518814341DE3F726500D4FF";
Assert.AreEqual(expected, result);
}
public void PasswordEncryptionKey_DataStoreNTHash_W2k()
{
// Win 2000 - Win 2012 R2
byte[] blob = "1100000000000000133c2e574dfc2df435671649180617cfb3cc9ef487c99b1d6cda3fb410a021f5".HexToBinary();
byte[] binaryPek = "56d98148ec91d111905a00c04fc2d4cfb0b0f777efcece0100000000010000000000000004b7b3fd6df689af9d6837e840abdc8c".HexToBinary();
var pek = new DataStoreSecretDecryptor(binaryPek, PekListVersion.W2k);
int rid = 500;
string result = pek.DecryptHash(blob, rid).ToHex(true);
string expected = "92937945B518814341DE3F726500D4FF";
Assert.AreEqual(expected, result);
}
public void PasswordEncryptionKey_DataStoreNTHash_W2k_Decrypt()
{
// Win 2000 - Win 2012 R2
byte[] blob = "1100000000000000133c2e574dfc2df435671649180617cfb3cc9ef487c99b1d6cda3fb410a021f5".HexToBinary();
byte[] binaryPek = "56d98148ec91d111905a00c04fc2d4cfb0b0f777efcece0100000000010000000000000004b7b3fd6df689af9d6837e840abdc8c".HexToBinary();
var pek = new DataStoreSecretDecryptor(binaryPek, PekListVersion.W2k);
int rid = 500;
string result = pek.DecryptHash(blob, rid).ToHex(true);
string expected = "92937945B518814341DE3F726500D4FF";
Assert.AreEqual(expected, result);
}
public void PasswordEncryptionKey_DataStoreNTHash_W2016_TestVector2()
{
// Win 2016 TP4+
byte[] blob = "1300000000000000E2FCB1CA163BAF47045BEC69E0B9747C100000002973C11ACE6228D4083ADAC2E3C98DB6C613A32C1A52016EA013CED970A1A2D4".HexToBinary();
byte[] binaryPek = "56d98148ec91d111905a00c04fc2d4cfd02cd74ef843d1010000000001000000000000006a35d3fc0e9949135463ab766cac7dbb0c0c0c0c0c0c0c0c0c0c0c0ca93445b678ce5fbe02de23c3c71ff800".HexToBinary();
var pek = new DataStoreSecretDecryptor(binaryPek, PekListVersion.W2016);
int rid = 500;
string result = pek.DecryptHash(blob, rid).ToHex(true);
string expected = "92937945B518814341DE3F726500D4FF";
Assert.AreEqual(expected, result);
}
public void PasswordEncryptionKey_DataStoreNTHash_W2016_TestVector1()
{
// Win 2016 TP4+
byte[] blob = "1300000000000000A548432796CC93BEB01E585C98F5A050100000006095B3BB2F5D39081F98B8FFAE5A8E43D66D763BD25613B44640B4E666DA5208".HexToBinary();
byte[] binaryPek = "56d98148ec91d111905a00c04fc2d4cfd02cd74ef843d1010000000001000000000000006a35d3fc0e9949135463ab766cac7dbb0c0c0c0c0c0c0c0c0c0c0c0ca93445b678ce5fbe02de23c3c71ff800".HexToBinary();
var pek = new DataStoreSecretDecryptor(binaryPek, PekListVersion.W2016);
int rid = 1103;
string result = pek.DecryptHash(blob, rid).ToHex(true);
string expected = "92937945B518814341DE3F726500D4FF";
Assert.AreEqual(expected, result);
}
public void PasswordEncryptionKey_DataStorePEK_W2016_IFM_Decrypt()
{
// The data come a Windows Server 2019 DC promoted using IFM
byte[] encryptedPEK = "03000000010000005B005859BD413C6ED575DDF5C16DEACD22844A2B1D58A03BB64A67C8EF04BDB961049CFB044B23CC541468B0F368F53D954A52C3A62DADB1B191C4E72CDEC5B76FB91846366A60FBD92CB5BD295A4F116651EFDA51FD11381FDBA97949A769B800000000000000000000000000000000".HexToBinary();
byte[] bootKey = "00f42e2e7b69ec3dee44da4ffe7e98f5".HexToBinary();
byte[] unicodePwd = "1300000000000000313709BF35CF3DEFDFDC37569DABD8F710000000CEFC2BECFB7DD8497773563E121634F8F5F59F803CEE509907E70ED1754351D6".HexToBinary();
int rid = 1000;
var pek = new DataStoreSecretDecryptor(encryptedPEK, bootKey);
string decryptedHash = pek.DecryptHash(unicodePwd, rid).ToHex(true);
string expected = "92937945B518814341DE3F726500D4FF";
Assert.AreEqual(expected, decryptedHash);
}
public void PasswordEncryptionKey_DataStoreNTHash_W2016_Encrypt()
{
// Win 2016
byte[] originalHash = "92937945B518814341DE3F726500D4FF".HexToBinary();
byte[] binaryPek = "56d98148ec91d111905a00c04fc2d4cfd02cd74ef843d1010000000001000000000000006a35d3fc0e9949135463ab766cac7dbb0c0c0c0c0c0c0c0c0c0c0c0ca93445b678ce5fbe02de23c3c71ff800".HexToBinary();
int rid = 500;
// Encrypt the hash and then decrypt it again
var pek = new DataStoreSecretDecryptor(binaryPek, PekListVersion.W2016);
byte[] encryptedHash = pek.EncryptHash(originalHash, rid);
byte[] decryptedHash = pek.DecryptHash(encryptedHash, rid);
// Now check if we really got the original value.
Assert.AreEqual(originalHash.ToHex(), decryptedHash.ToHex());
}
public void PasswordEncryptionKey_DataStoreNTHash_W2k_Encrypt()
{
// Win 2000 - Win 2012 R2
byte[] originalHash = "92937945B518814341DE3F726500D4FF".HexToBinary();
byte[] binaryPek = "56d98148ec91d111905a00c04fc2d4cfb0b0f777efcece0100000000010000000000000004b7b3fd6df689af9d6837e840abdc8c".HexToBinary();
int rid = 500;
// Encrypt the hash and then decrypt it again
var pek = new DataStoreSecretDecryptor(binaryPek, PekListVersion.W2k);
byte[] encryptedHash = pek.EncryptHash(originalHash, rid);
byte[] decryptedHash = pek.DecryptHash(encryptedHash, rid);
// Now check if we really got the original value.
Assert.AreEqual(originalHash.ToHex(), decryptedHash.ToHex());
}
