/// <summary>
/// Server MCS Connect Response PDU with GCC Conference Create Response
/// Part 2.
///
/// serverCoreData
/// serverSecurityData
/// serverNetworkData
/// serverMessageChannelData
/// </summary>
private static void processMcsData(RdpPacket mcsData)
{
int num = 0;
int num2 = 0;
int num3 = 0;
mcsData.Position += 0x15L;
if ((mcsData.ReadByte() & 0x80) != 0)
{
mcsData.ReadByte();
}
while (mcsData.Position < mcsData.Length)
{
num = mcsData.ReadLittleEndian16();
num2 = mcsData.ReadLittleEndian16();
if (num2 <= 4)
{
return;
}
num3 = (int)((mcsData.Position + num2) - 4L);
switch ((SERVER)num)
{
case SERVER.SC_CORE:
processSrvCoreInfo(mcsData);
break;
case SERVER.SC_SECURITY:
Secure.processCryptInfo(mcsData);
break;
case SERVER.SC_NET:
processSrvNetInfo(mcsData);
break;
case SERVER.SC_MCS_MSGCHANNEL:
int channel = mcsData.ReadLittleEndian16();
Debug.WriteLine("Network Characteristics Detection channel: " + channel);
//Channels.RegisteredChannels.Add(new NetworkCharacteristicsDetection(channel));
break;
default:
throw new RDFatalException("MSC data incorrect tag " + num.ToString());
}
mcsData.Position = num3;
}
}
/// <summary>
/// Disconnect packet
/// </summary>
public static void Disconnect()
{
RdpPacket packet = new RdpPacket();
packet.WriteLittleEndian16((short)1);
packet.WriteLittleEndian16((short)0x3ea);
IsoLayer.SendPDU(packet, IsoLayer.PDUType2.PDUTYPE2_SHUTDOWN_REQUEST, Secure.RDPEncrypted() ? (int)(MCS.TS_SECURITY_HEADER.SEC_ENCRYPT) : 0);
packet = new RdpPacket();
packet.WriteByte((byte)(DPUM << 2));
packet.WriteByte(3);
IsoLayer.SendTPKT(packet);
}
private void send(RdpPacket data)
{
data.Position = 0L;
int length = (int)data.Length;
int count = Math.Min(length, 1600);
int num = length - count;
if (num == 0)
{
RdpPacket packet = new RdpPacket();
packet.WriteLittleEndian32((int)length);
packet.WriteLittleEndian32((int)(CHANNEL_FLAG.CHANNEL_FLAG_FIRST | CHANNEL_FLAG.CHANNEL_FLAG_LAST | CHANNEL_FLAG.CHANNEL_FLAG_SHOW_PROTOCOL));
packet.copyToByteArray(data);
IsoLayer.SendToCannel(packet, Secure.RDPEncrypted() ? (int)(MCS.TS_SECURITY_HEADER.SEC_ENCRYPT) : 0, this.ChannelID);
}
else
{
RdpPacket packet2 = new RdpPacket();
packet2.WriteLittleEndian32((int)length);
packet2.WriteLittleEndian32((int)(CHANNEL_FLAG.CHANNEL_FLAG_FIRST | CHANNEL_FLAG.CHANNEL_FLAG_SHOW_PROTOCOL));
byte[] buffer = new byte[count];
data.Read(buffer, 0, count);
packet2.Write(buffer, 0, count);
IsoLayer.SendToCannel(packet2, Secure.RDPEncrypted() ? (int)(MCS.TS_SECURITY_HEADER.SEC_ENCRYPT) : 0, this.ChannelID);
}
while (num > 0)
{
count = Math.Min(num, 1600);
num -= count;
RdpPacket packet3 = new RdpPacket();
packet3.WriteLittleEndian32((int)length);
if (num == 0)
{
packet3.WriteLittleEndian32((int)(CHANNEL_FLAG.CHANNEL_FLAG_LAST | CHANNEL_FLAG.CHANNEL_FLAG_SHOW_PROTOCOL));
}
else
{
packet3.WriteLittleEndian32((int)(CHANNEL_FLAG.CHANNEL_FLAG_SHOW_PROTOCOL));
}
byte[] buffer2 = new byte[count];
data.Read(buffer2, 0, count);
packet3.Write(buffer2, 0, count);
IsoLayer.SendToCannel(packet3, Secure.RDPEncrypted() ? (int)(MCS.TS_SECURITY_HEADER.SEC_ENCRYPT) : 0, this.ChannelID);
}
}
internal static void SlowSendInput(int time, int message_type, int device_flags, uint param1, uint param2)
{
if (Network.ConnectionAlive || (message_type == 0))
{
RdpPacket packet = new RdpPacket();
packet.WriteLittleEndian16((short)1);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32(time);
packet.WriteLittleEndian16((short)message_type);
packet.WriteLittleEndian16((short)device_flags);
packet.WriteLittleEndian16((ushort)param1);
packet.WriteLittleEndian16((ushort)param2);
SendPDU(packet, PDUType2.PDUTYPE2_INPUT, Secure.RDPEncrypted() ? (int)MCS.TS_SECURITY_HEADER.SEC_ENCRYPT : 0);
}
}
internal static void SendToCannel(RdpPacket secData, int flags, int channel)
{
secData.Position = 0L;
byte[] buffer = new byte[secData.Length];
secData.Read(buffer, 0, buffer.Length);
if ((Secure.enc_count == 0x1000) && Secure.RDPEncrypted())
{
Secure.m_Encrypt_Key = Secure.update(Secure.m_Encrypt_Key, Secure._r);
byte[] destinationArray = new byte[Secure.m_KeyLength];
Array.Copy(Secure.m_Encrypt_Key, 0, destinationArray, 0, Secure.m_KeyLength);
Secure.m_RC4_Enc.engineInitEncrypt(destinationArray);
Secure.enc_count = 0;
}
if (Secure.RDPEncrypted())
{
byte[] buffer1 = Secure.sign(Secure.m_Sec_Sign_Key, 8, Secure.m_KeyLength, buffer, buffer.Length);
byte[] buffer2 = Secure.m_RC4_Enc.crypt(buffer);
secData = new RdpPacket();
secData.WriteLittleEndian32(flags);
secData.Write(buffer1, 0, buffer1.Length);
secData.Write(buffer2, 0, buffer2.Length);
}
else
{
flags &= -9;
secData = new RdpPacket();
if (flags != 0)
{
secData.WriteLittleEndian32(flags);
}
secData.Write(buffer, 0, buffer.Length);
}
SendMCS(secData, channel);
Secure.enc_count++;
}
private static void sendSupressOutput(bool bAllowDisplayUpdates)
{
if (Options.suppress_output_supported)
{
RdpPacket packet = new RdpPacket();
packet.WriteByte(bAllowDisplayUpdates ? ((byte)1) : ((byte)0));
packet.WriteByte(0);
packet.WriteByte(0);
packet.WriteByte(0);
if (bAllowDisplayUpdates)
{
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((ushort)Options.width);
packet.WriteLittleEndian16((ushort)Options.height);
}
IsoLayer.SendPDU(packet, IsoLayer.PDUType2.PDUTYPE2_SUPPRESS_OUTPUT, Secure.RDPEncrypted() ? (int)(MCS.TS_SECURITY_HEADER.SEC_ENCRYPT) : 0);
}
}
// Data
internal static void RefreshRect(Rectangle[] Rectangles)
{
if (Network.ConnectionAlive)
{
RdpPacket packet = new RdpPacket();
packet.WriteByte((byte)Rectangles.Length);
packet.WriteByte(0);
packet.WriteByte(0);
packet.WriteByte(0);
foreach (Rectangle rectangle in Rectangles)
{
packet.WriteLittleEndian16((short)rectangle.Left);
packet.WriteLittleEndian16((short)rectangle.Top);
packet.WriteLittleEndian16((short)rectangle.Right);
packet.WriteLittleEndian16((short)rectangle.Bottom);
}
SendPDU(packet, PDUType2.PDUTYPE2_REFRESH_RECT, Secure.RDPEncrypted() ? (int)(MCS.TS_SECURITY_HEADER.SEC_ENCRYPT) : 0);
}
}
private static void sendConfirmActive()
{
int num = 390;
int num2 = 0;
if (Secure.RDPEncrypted())
{
num2 |= (int)(MCS.TS_SECURITY_HEADER.SEC_ENCRYPT);
}
RdpPacket data = new RdpPacket();
data.WriteLittleEndian16((short)((0x10 + num) + RDP_SOURCE.Length));
data.WriteLittleEndian16((short)0x13);
data.WriteLittleEndian16((short)(MCS.McsUserID + 0x3e9));
data.WriteLittleEndian32(rdp_shareid);
data.WriteLittleEndian16((short)0x3ea);
data.WriteLittleEndian16((short)RDP_SOURCE.Length);
data.WriteLittleEndian16((short)num);
data.Write(RDP_SOURCE, 0, RDP_SOURCE.Length);
data.WriteLittleEndian16((short)13);
data.Position += 2L;
sendGeneralCaps(data);
sendBitmapCaps(data);
sendOrderCaps(data);
sendBitmapcacheCaps(data);
sendColorcacheCaps(data);
sendActivateCaps(data);
sendControlCaps(data);
sendPointerCaps(data);
sendShareCaps(data);
sendInputCaps(data);
sendSoundCaps(data);
sendFontCaps(data);
sendGlyphCacheCaps(data);
IsoLayer.SendToGlobalChannel(data, num2);
}
/// <summary>
/// Client Info PDU
/// </summary>
private static RdpPacket getLoginInfo(string domain, string username, string password, string command, string directory, bool bAutoReconnect)
{
int num1 = 2 * "127.0.0.1".Length;
int num2 = 2 * @"C:\WINNT\System32\mstscax.dll".Length;
int num3 = 2 * domain.Length;
int num4 = 2 * username.Length;
int num5 = 2 * password.Length;
int num6 = 2 * command.Length;
int num7 = 2 * directory.Length;
//int num8 = 0x213b;
int num8 = (int)(
ClientInfoFlags.INFO_AUTOLOGON |
ClientInfoFlags.INFO_DISABLECTRLALTDEL |
ClientInfoFlags.INFO_LOGONERRORS |
ClientInfoFlags.INFO_LOGONNOTIFY |
ClientInfoFlags.INFO_ENABLEWINDOWSKEY |
ClientInfoFlags.INFO_MOUSE |
ClientInfoFlags.INFO_NOAUDIOPLAYBACK |
ClientInfoFlags.INFO_UNICODE);
RdpPacket packet = new RdpPacket();
packet.WriteLittleEndian32(0);
packet.WriteLittleEndian32(num8);
packet.WriteLittleEndian16((short)num3);
packet.WriteLittleEndian16((short)num4);
if ((num8 & 8) != 0)
{
packet.WriteLittleEndian16((short)num5);
}
else
{
packet.WriteLittleEndian16((short)0);
}
packet.WriteLittleEndian16((short)num6);
packet.WriteLittleEndian16((short)num7);
if (0 < num3)
{
packet.WriteUnicodeString(domain);
}
else
{
packet.WriteLittleEndian16((short)0);
}
packet.WriteUnicodeString(username);
if ((num8 & 8) != 0)
{
packet.WriteUnicodeString(password);
}
else
{
packet.WriteLittleEndian16((short)0);
}
if (0 < num6)
{
packet.WriteUnicodeString(command);
}
else
{
packet.WriteLittleEndian16((short)0);
}
if (0 < num7)
{
packet.WriteUnicodeString(directory);
}
else
{
packet.WriteLittleEndian16((short)0);
}
packet.WriteLittleEndian16((short)2);
packet.WriteLittleEndian16((short)(num1 + 2));
packet.WriteUnicodeString("127.0.0.1");
packet.WriteLittleEndian16((short)(num2 + 2));
packet.WriteUnicodeString(@"C:\WINNT\System32\mstscax.dll");
TimeZoneInfo info = TimeZoneInfo.Local;
packet.WriteLittleEndian32((int)info.BaseUtcOffset.TotalMinutes);
packet.WriteUnicodeString(info.StandardName);
packet.Position += 0x3e - (2 * info.StandardName.Length);
if (info.SupportsDaylightSavingTime)
{
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((ushort)10);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)30);
packet.WriteLittleEndian16((short)2);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32(0);
}
else
{
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32(0);
}
packet.WriteUnicodeString(info.DaylightName);
packet.Position += 0x3e - (2 * info.DaylightName.Length);
if (info.SupportsDaylightSavingTime)
{
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((ushort)3);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0x1b);
packet.WriteLittleEndian16((short)1);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32((int)(info.BaseUtcOffset.TotalMinutes + 1.0));
}
else
{
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32(0);
}
packet.WriteLittleEndianU32(0);
PerformanceFlags flags = (PerformanceFlags)0;
if (!Options.IsHostFlagSet(HostFlags.DesktopBackground))
{
flags |= PerformanceFlags.PERF_DISABLE_WALLPAPER;
}
if (Options.IsHostFlagSet(HostFlags.FontSmoothing))
{
flags |= PerformanceFlags.PERF_ENABLE_FONT_SMOOTHING;
}
if (Options.IsHostFlagSet(HostFlags.DesktopComposition))
{
flags |= PerformanceFlags.PERF_ENABLE_DESKTOP_COMPOSITION;
}
if (!Options.IsHostFlagSet(HostFlags.ShowWindowContents))
{
flags |= PerformanceFlags.PERF_DISABLE_FULLWINDOWDRAG;
}
if (!Options.IsHostFlagSet(HostFlags.MenuAnimation))
{
flags |= PerformanceFlags.PERF_DISABLE_MENUANIMATIONS;
}
if (!Options.IsHostFlagSet(HostFlags.VisualStyles))
{
flags |= PerformanceFlags.PERF_DISABLE_THEMING;
}
packet.WriteLittleEndian32((int)flags);
if (bAutoReconnect)
{
packet.WriteLittleEndian32(0x1c);
packet.WriteLittleEndian32(0x1c);
packet.WriteLittleEndian32(1);
packet.WriteLittleEndian32(Options.LogonID);
HMACT64 hmact = new HMACT64(Options.ReconnectCookie);
hmact.update(Secure.GetClentRandom());
byte[] buffer = hmact.digest();
packet.Write(buffer, 0, buffer.Length);
return(packet);
}
packet.WriteLittleEndian32(0);
return(packet);
}
/// <summary>
/// Negotiation Start
/// </summary>
/// <param name="loadBalanceToken">null</param>
/// <param name="bAutoReconnect">false</param>
internal static void sendСonnectionRequest(byte[] loadBalanceToken, bool bAutoReconnect)
{
int num;
Secure.dec_count = 0;
Secure.enc_count = 0;
Network.ConnectionStage = Network.eConnectionStage.Negotiating;
if (Options.enableNLA)
{
// Client X.224 Connection Request PDU
sendConnectNegotiation(
NegotiationProtocol.PROTOCOL_RDP |
NegotiationProtocol.PROTOCOL_SSL |
NegotiationProtocol.PROTOCOL_HYBRID,
loadBalanceToken);
// Server X.224 Connection Confirm PDU
num = receiveConnectNegotiation();
if (num == Main.SecureValue3) // SSL подключение запрещено настройками сервера
{
Network.Close();
Network.Connect(Options.Host, Options.Port);
// Client X.224 Connection Request PDU
sendConnectNegotiation(NegotiationProtocol.PROTOCOL_RDP, loadBalanceToken);
// Server X.224 Connection Confirm PDU
num = receiveConnectNegotiation();
if (num != 0)
{
throw new RDFatalException("Security negotiation failed!");
}
}
else // SSL подключение разрешено
{
if (((num & 1) != 0) || ((num & 2) != 0))
{
Network.ConnectionStage = Network.eConnectionStage.Securing;
Network.ConnectSSL();
}
if ((num & 2) != 0)
{
Network.ConnectionStage = Network.eConnectionStage.Authenticating;
CredSSP.Negotiate(Network.GetSSLPublicKey());
}
}
}
else
{
// Client X.224 Connection Request PDU
sendConnectNegotiation(NegotiationProtocol.PROTOCOL_RDP, loadBalanceToken);
// Server X.224 Connection Confirm PDU
num = receiveConnectNegotiation();
if (num != 0)
{
throw new RDFatalException("Security negotiation failed!");
}
}
Network.ConnectionStage = Network.eConnectionStage.Establishing;
// Client MCS Connect Initial PDU
IsoLayer.SendTPKT(sendConnectInitial(sendMcsData(true, Channels.RegisteredChannels.Count, num)));
// Server MCS Connect Response PDU with GCC Conference Create Response
receiveConnectResponse();
// Client MCS Erect Domain Request PDU
send_ErectDomainRequest();
// Client MCS Attach User Request PDU
send_AttachUserRequest();
// Server MCS Attach User Confirm PDU
McsUserID = receive_AttachUserConfirm();
// Open User channel
send_ChannelJoinRequest(McsUserID + MCS_USERCHANNEL_BASE); // Client MCS Channel Join Request PDU
receive_ChannelJoinConfirm(); // Server MCS Channel Join Confirm PDU
// Open Global channel
send_ChannelJoinRequest(MSC_GLOBAL_CHANNEL);
receive_ChannelJoinConfirm();
// Open over channels
foreach (var channel in Channels.RegisteredChannels)
{
if (serverSupportedChannels.Contains(channel.ChannelID))
{
send_ChannelJoinRequest(channel.ChannelID);
receive_ChannelJoinConfirm();
Debug.WriteLine("Client open over channel: " + channel.ChannelID.ToString());
}
}
int num2 = 0x40;
if (Secure.RDPEncrypted())
{
Network.ConnectionStage = Network.eConnectionStage.SecureAndLogin;
RdpPacket packet = Secure.establishKey();
packet.Position = 0L;
IsoLayer.SendMCS(packet, MSC_GLOBAL_CHANNEL);
num2 |= 8;
}
else
{
Network.ConnectionStage = Network.eConnectionStage.Login;
}
// Client Info PDU
IsoLayer.SendToGlobalChannel(getLoginInfo(Options.Domain, Options.Username, Options.Password, "", "", bAutoReconnect), num2);
}
private static void sendPersistKeyList()
{
int num = 0;
int num2 = 0;
int num3 = 0;
int num4 = 0;
int num5 = 0;
int num6 = 0;
int num7 = 0;
int num8 = 0;
int num9 = 0;
int num10 = 0;
Cache.TotalBitmapCache(out num, out num2, out num3, out num4, out num5);
int offset = 0;
while ((((num6 < num) || (num7 < num2)) || ((num8 < num3) || (num9 < num4))) || (num10 < num5))
{
int num12 = 0;
int num13 = 0;
int num14 = 0;
int num15 = 0;
int num16 = 0;
bool bMoreKeys = false;
List <ulong> list = Cache.GetBitmapCache(offset, 0xff, out num12, out num13, out num14, out num15, out num16, out bMoreKeys);
RdpPacket packet = new RdpPacket();
packet.WriteLittleEndian16((ushort)num12);
packet.WriteLittleEndian16((ushort)num13);
packet.WriteLittleEndian16((ushort)num14);
packet.WriteLittleEndian16((ushort)num15);
packet.WriteLittleEndian16((ushort)num16);
packet.WriteLittleEndian16((ushort)num);
packet.WriteLittleEndian16((ushort)num2);
packet.WriteLittleEndian16((ushort)num3);
packet.WriteLittleEndian16((ushort)num4);
packet.WriteLittleEndian16((ushort)num5);
byte num17 = 0;
if (offset == 0)
{
num17 = (byte)(num17 | 1);
}
if (!bMoreKeys)
{
num17 = (byte)(num17 | 2);
}
packet.WriteByte(num17);
packet.WriteByte(0);
packet.WriteLittleEndian16((short)0);
foreach (ulong num18 in list)
{
packet.Write(BitConverter.GetBytes(num18), 0, 8);
}
IsoLayer.SendPDU(packet, IsoLayer.PDUType2.PDUTYPE2_BITMAPCACHE_PERSISTENT_LIST, Secure.RDPEncrypted() ? (int)(MCS.TS_SECURITY_HEADER.SEC_ENCRYPT) : 0);
offset += list.Count;
num6 += num12;
num7 += num13;
num8 += num14;
num9 += num15;
num10 += num16;
}
}
