internal static int parseCryptInfo(RdpPacket data) { int num2 = 0; int num3 = 0; int num4 = 0; int num5 = 0; int num6 = 0; int num7 = 0; num7 = data.getLittleEndian32(); if (data.getLittleEndian32() == 0) { if (!Network.SSLConnection) { throw new RDFatalException("Server does not support encrypted connections!"); } return(0); } int count = data.getLittleEndian32(); num2 = data.getLittleEndian32(); if (count != 0x20) { string[] strArray = new string[] { "Wrong size of random key size! Accepted ", count.ToString(), " but ", 0x20.ToString(), "!" }; throw new RDFatalException(string.Concat(strArray)); } m_Server_Random = new byte[count]; data.Read(m_Server_Random, 0, count); num6 = ((int)data.Position) + num2; if (num6 > data.Length) { throw new RDFatalException("Crypt Info too short!"); } if ((data.getLittleEndian32() & 1) != 0) { data.Position += 8L; while (data.Position < data.Length) { num3 = data.getLittleEndian16(); num4 = data.getLittleEndian16(); num5 = ((int)data.Position) + num4; switch (num3) { case 6: if (parsePublicKey(data)) { break; } return(0); } data.Position = num5; } return(num7); } int num9 = data.getLittleEndian32(); int num10 = 0; if (num9 < 2) { throw new RDFatalException("Illegal number of certificates " + num9.ToString()); } while (num9 > 2) { num10 = data.getLittleEndian32(); data.Position += num10; num9--; } byte[] buffer = new byte[data.getLittleEndian32()]; data.Read(buffer, 0, buffer.Length); X509Certificate certificate = new X509Certificate(buffer); m_Server_Public_Key = new byte[StaticSettings.SecureValue1]; Array.Copy(certificate.GetPublicKey(), 5, m_Server_Public_Key, 0, StaticSettings.SecureValue1); byte[] buffer2 = new byte[data.getLittleEndian32()]; data.Read(buffer2, 0, buffer2.Length); X509Certificate certificate2 = new X509Certificate(buffer2); m_Server_Public_Key = new byte[StaticSettings.SecureValue1]; Array.Copy(certificate2.GetPublicKey(), 5, m_Server_Public_Key, 0, StaticSettings.SecureValue1); RDPClient.readCert = true; return(num7); }
public void channel_process(RdpPacket data) { }
internal static void processServerCapabilities(RdpPacket data, int numCaps) { RDPClient.m_bServerSupportsCacheV2 = false; while (numCaps-- > 0) { int num = data.getLittleEndian16(); int num2 = data.getLittleEndian16(); switch (num) { case 1: { // RDP_CAPSET_GENERAL data.getLittleEndian16(); // osMajorType num2 -= 2; data.getLittleEndian16(); // osMinorType num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.ReadByte(); num2--; int num3 = data.ReadByte(); num2--; RDPClient.suppress_output_supported = num3 > 0; break; } case 2: // RDP_CAPSET_BITMAP data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; data.getLittleEndian16(); num2 -= 2; break; case 3: // RDP_CAPSET_ORDER break; case 4: // RDP_CAPSET_BMPCACHE break; case 5: // RDP_CAPSET_CONTROL break; case 8: // RDP_CAPSET_POINTER break; case 9: // RDP_CAPSET_SHARE break; case 10: // RDP_CAPSET_COLCACHE break; case 13: { // RDP_CAPSET_INPUT int num4 = data.getLittleEndian16(); num2 -= 2; RDPClient.use_fastpath_input = false; if ((num4 & 0x20) != 0) { RDPClient.use_fastpath_input = true; } if ((num4 & 8) != 0) { RDPClient.use_fastpath_input = true; } break; } case 14: // RDP_CAPSET_FONT break; case 0x12: // RDP_CAPSET_BMPCACHE_HOSTSUPPORT RDPClient.m_bServerSupportsCacheV2 = true; break; case 20: // RDP_CAPSET_VIRTUALCHANNEL break; case 0x19: // RDP_CAPSET_COMPDESK break; case 0x1a: // RDP_CAPSET_MULTIFRAGMENTUPDATE break; case 0x1b: // RDP_CAPSET_LARGE_POINTER break; case 0x1c: // RDP_CAPSET_SURFACE_COMMANDS break; case 0x1d: // RDP_CAPSET_BITMAP_CODECS break; default: // RDP_CAPSET unknown break; } data.Position += num2 - 4; } }
private static void logonInfoExtended(RdpPacket data) { // Флаг авторизации if (RDPClient.FullXP) { RDPClient.GoodAuth = true; } data.getLittleEndian16(); var num2 = (FieldsPresent)data.getLittleEndian32(); // Reconnect Cookie if (num2.HasFlag(FieldsPresent.LOGON_EX_AUTORECONNECTCOOKIE)) { if (data.getLittleEndian32() != 0x1c) { throw new Exception("Invalid length for AutoReconnectCookie!"); } data.getLittleEndian32(); RDPClient.LogonID = data.getLittleEndian32(); if (RDPClient.ReconnectCookie == null) { RDPClient.ReconnectCookie = new byte[0x10]; } data.Read(RDPClient.ReconnectCookie, 0, RDPClient.ReconnectCookie.Length); } // Error if (num2.HasFlag(FieldsPresent.LOGON_EX_LOGONERRORS)) { var ErrorType = (ErrorNotificationType)data.getLittleEndian32(); var ErrorData = (ErrorNotificationData)data.getLittleEndian32(); // Проверка ошибок if (ErrorType.HasFlag(ErrorNotificationType.LOGON_MSG_NO_PERMISSION) || ErrorType.HasFlag(ErrorNotificationType.LOGON_MSG_DISCONNECT_REFUSED) || ErrorType.HasFlag(ErrorNotificationType.LOGON_MSG_SESSION_TERMINATE) || ErrorData.HasFlag(ErrorNotificationData.LOGON_FAILED_BAD_PASSWORD) || ErrorData.HasFlag(ErrorNotificationData.LOGON_WARNING) || ErrorData.HasFlag(ErrorNotificationData.LOGON_FAILED_OTHER)) { // Флаг авторизации if (RDPClient.FullXP) { RDPClient.GoodAuth = false; } } // Проверка на смену пароля if (ErrorData.HasFlag(ErrorNotificationData.LOGON_FAILED_UPDATE_PASSWORD)) { // Флаг смены пароля RDPClient.NeedChangePassword = true; // Флаг авторизации if (RDPClient.FullXP) { RDPClient.GoodAuth = true; } } } }
internal static void mainloop() { RDPClient.m_bInitialised = false; RDPClient.m_bHalt = false; RDPClient.m_bExceptionReported = false; try { while (!RDPClient.m_bHalt) { int num; RdpPacket data = ISO.Secure_Receive(out num); switch (num) { case 0: case 6: break; case 1: try { ControlFlow.processDemandActive(data); } catch { } Network.ConnectionAlive = true; break; case 7: processData(data); break; case 10: ControlFlow.processRedirection(data, false); break; case 0xff: // 255 // FastPathUpdate break; default: throw new RDFatalException("Illegal type in main process :" + num.ToString()); } Thread.Sleep(1); } } catch (RDFatalException exception) { Network.Close(); if (!RDPClient.m_bExceptionReported) { RDPClient.m_bExceptionReported = true; RDPClient.OnError(exception); } } catch (EndOfTransmissionException) { Network.Close(); } catch (SocketAbortException) { } catch (ThreadAbortException) { } catch (Exception exception2) { if (!RDPClient.m_bExceptionReported) { RDPClient.m_bExceptionReported = true; RDPClient.OnError(exception2); } } finally { ISO.Disconnect(); RDPClient.OnClosed(); } }
protected static void WriteLength(RdpPacket packet, string Identifier) { RDPClient.m_Fixup.Add(Identifier, new Fixup(Identifier, packet.Position)); WriteByte(packet, 0xff); }
internal static RdpPacket sendMcsData(bool use_rdp5, int num_channels, int serverSelectedProtocol) { RdpPacket packet = new RdpPacket(); string clientName = RDPClient.ClientName; if (clientName.Length > 15) { clientName = clientName.Substring(0, 15); } int num = 2 * clientName.Length; int num2 = 0x9e; if (use_rdp5) { num2 += 0x60; } if (use_rdp5 && (num_channels > 0)) { num2 += (num_channels * 12) + 8; } if ((RDPClient.serverNegotiateFlags & NegotiationFlags.EXTENDED_CLIENT_DATA_SUPPORTED) != ((NegotiationFlags)0)) { num2 += 8; } packet.WriteBigEndian16((short)5); packet.WriteBigEndian16((short)20); packet.WriteByte(0x7c); packet.WriteBigEndian16((short)1); packet.WriteBigEndian16((short)(num2 | 0x8000)); packet.WriteBigEndian16((short)8); packet.WriteBigEndian16((short)0x10); packet.WriteByte(0); packet.WriteLittleEndian16((ushort)0xc001); packet.WriteByte(0); packet.WriteLittleEndian32(0x61637544); packet.WriteBigEndian16((short)((num2 - 14) | 0x8000)); packet.WriteLittleEndian16((ushort)0xc001); packet.WriteLittleEndian16(use_rdp5 ? ((short)0xd8) : ((short)0x88)); packet.WriteLittleEndian16(use_rdp5 ? ((short)4) : ((short)1)); packet.WriteLittleEndian16((short)8); packet.WriteLittleEndian16((short)RDPClient.width); packet.WriteLittleEndian16((short)RDPClient.height); packet.WriteLittleEndian16((ushort)0xca01); packet.WriteLittleEndian16((ushort)0xaa03); packet.WriteLittleEndian32(0x409); packet.WriteLittleEndian32(use_rdp5 ? 0xa28 : 0x1a3); packet.WriteUnicodeString(clientName); packet.Position += 30 - num; packet.WriteLittleEndian32(4); packet.WriteLittleEndian32(0); packet.WriteLittleEndian32(12); packet.Position += 0x40L; packet.WriteLittleEndian16((ushort)0xca01); packet.WriteLittleEndian16(use_rdp5 ? ((short)1) : ((short)0)); if (use_rdp5) { packet.WriteLittleEndian32(0); packet.WriteLittleEndian16((short)((byte)RDPClient.server_bpp)); packet.WriteLittleEndian16((short)7); packet.WriteLittleEndian16((short)1); packet.Position += 0x40L; packet.WriteByte(0); packet.WriteByte(0); packet.WriteLittleEndian32(serverSelectedProtocol); packet.WriteLittleEndian16((ushort)0xc004); packet.WriteLittleEndian16((short)12); int num3 = 13; if (((RDPClient.flags & HostFlags.ConsoleSession) != ((HostFlags)0)) || (RDPClient.sessionID != 0)) { num3 |= 2; } packet.WriteLittleEndian32(num3); packet.WriteLittleEndian32(RDPClient.sessionID); } packet.WriteLittleEndian16((ushort)0xc002); packet.WriteLittleEndian16(use_rdp5 ? ((short)12) : ((short)8)); int num4 = 0; if (serverSelectedProtocol == 0) { num4 |= 3; } packet.WriteLittleEndian32(num4); if (use_rdp5) { packet.WriteLittleEndian32(0); } if (use_rdp5 && (num_channels > 0)) { packet.WriteLittleEndian16((ushort)0xc003); packet.WriteLittleEndian16((short)((num_channels * 12) + 8)); packet.WriteLittleEndian32(num_channels); foreach (IVirtualChannel channel in Channels.RegisteredChannels) { packet.WriteString(channel.ChannelName, false); packet.WriteByte(0); packet.WriteBigEndian32((uint)0xc0a00000); } } if ((RDPClient.serverNegotiateFlags & NegotiationFlags.EXTENDED_CLIENT_DATA_SUPPORTED) != ((NegotiationFlags)0)) { packet.WriteLittleEndian16((ushort)0xc006); packet.WriteLittleEndian16((short)8); packet.WriteLittleEndian32(0); } return(packet); }
public void Parse(RdpPacket packet) { NTLM.AV_ID av_id; byte[] buffer = null; do { av_id = (NTLM.AV_ID)packet.getLittleEndian16(); int count = packet.getLittleEndian16(); if (count > 0) { if (av_id != NTLM.AV_ID.MsvAvFlags) { buffer = new byte[count]; packet.Read(buffer, 0, count); } else { this.Flags = packet.getLittleEndian32(); } } switch (av_id) { case NTLM.AV_ID.MsvAvNbComputerName: this.NbComputerName.length = count; this.NbComputerName.value = buffer; this.sNbComputerName = Encoding.Unicode.GetString(this.NbComputerName.value, 0, this.NbComputerName.value.Length); break; case NTLM.AV_ID.MsvAvNbDomainName: this.NbDomainName.length = count; this.NbDomainName.value = buffer; this.sNbDomainName = Encoding.Unicode.GetString(this.NbDomainName.value, 0, this.NbDomainName.value.Length); break; case NTLM.AV_ID.MsvAvDnsComputerName: this.DnsComputerName.length = count; this.DnsComputerName.value = buffer; this.sDnsComputerName = Encoding.Unicode.GetString(this.DnsComputerName.value, 0, this.DnsComputerName.value.Length); break; case NTLM.AV_ID.MsvAvDnsDomainName: this.DnsDomainName.length = count; this.DnsDomainName.value = buffer; this.sDnsDomainName = Encoding.Unicode.GetString(this.DnsDomainName.value, 0, this.DnsDomainName.value.Length); break; case NTLM.AV_ID.MsvAvDnsTreeName: this.DnsTreeName.length = count; this.DnsTreeName.value = buffer; break; case NTLM.AV_ID.MsvAvTimestamp: this.Timestamp.length = count; this.Timestamp.value = buffer; break; case NTLM.AV_ID.MsvAvRestrictions: this.Restrictions.length = count; this.Restrictions.value = buffer; break; case NTLM.AV_ID.MsvAvTargetName: this.TargetName.length = count; this.TargetName.value = buffer; break; case NTLM.AV_ID.MsvChannelBindings: this.ChannelBindings.length = count; this.ChannelBindings.value = buffer; break; } }while (av_id != NTLM.AV_ID.MsvAvEOL); }
public byte[] Serialise() { RdpPacket packet = new RdpPacket(); if (this.NbDomainName.length > 0) { packet.WriteLittleEndian16((short)2); packet.WriteLittleEndian16((short)this.NbDomainName.length); packet.Write(this.NbDomainName.value, 0, this.NbDomainName.length); } if (this.NbComputerName.length > 0) { packet.WriteLittleEndian16((short)1); packet.WriteLittleEndian16((short)this.NbComputerName.length); packet.Write(this.NbComputerName.value, 0, this.NbComputerName.length); } if (this.DnsDomainName.length > 0) { packet.WriteLittleEndian16((short)4); packet.WriteLittleEndian16((short)this.DnsDomainName.length); packet.Write(this.DnsDomainName.value, 0, this.DnsDomainName.length); } if (this.DnsComputerName.length > 0) { packet.WriteLittleEndian16((short)3); packet.WriteLittleEndian16((short)this.DnsComputerName.length); packet.Write(this.DnsComputerName.value, 0, this.DnsComputerName.length); } if (this.DnsTreeName.length > 0) { packet.WriteLittleEndian16((short)5); packet.WriteLittleEndian16((short)this.DnsTreeName.length); packet.Write(this.DnsTreeName.value, 0, this.DnsTreeName.length); } if (this.Timestamp.length > 0) { packet.WriteLittleEndian16((short)7); packet.WriteLittleEndian16((short)this.Timestamp.length); packet.Write(this.Timestamp.value, 0, this.Timestamp.length); } if (this.Flags != 0) { packet.WriteLittleEndian16((short)6); packet.WriteLittleEndian16((short)4); packet.WriteLittleEndian32(this.Flags); } if (this.Restrictions.length > 0) { packet.WriteLittleEndian16((short)8); packet.WriteLittleEndian16((short)this.Restrictions.length); packet.Write(this.Restrictions.value, 0, this.Restrictions.length); } if (this.ChannelBindings.length > 0) { packet.WriteLittleEndian16((short)10); packet.WriteLittleEndian16((short)this.ChannelBindings.length); packet.Write(this.ChannelBindings.value, 0, this.ChannelBindings.length); } if (this.TargetName.value != null) { packet.WriteLittleEndian16((short)9); packet.WriteLittleEndian16((short)this.TargetName.length); packet.Write(this.TargetName.value, 0, this.TargetName.length); } packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WritePadding(8); byte[] buffer = new byte[packet.Length]; packet.Position = 0L; packet.Read(buffer, 0, buffer.Length); return(buffer); }
public byte[] ProcessChallenge(byte[] Challenge) { byte[] bytes; RdpPacket packet = new RdpPacket(); this.m_ChallengeMsg = Challenge; packet.Write(Challenge, 0, Challenge.Length); packet.Position = 0L; long position = packet.Position; if (packet.ReadString(8) != "NTLMSSP\0") { throw new Exception("Invalid negotiation token!"); } if (packet.getLittleEndian32() != 2) { throw new Exception("Expected challenge!"); } int count = packet.getLittleEndian16(); packet.getLittleEndian16(); int num4 = packet.getLittleEndian32(); uint flags = (uint)packet.getLittleEndian32(); DumpFlags(flags); byte[] buffer = new byte[8]; packet.Read(buffer, 0, 8); byte[] buffer2 = new byte[8]; packet.Read(buffer2, 0, 8); int num5 = packet.getLittleEndian16(); packet.getLittleEndian16(); int num6 = packet.getLittleEndian32(); if ((flags & 0x2000000) != 0) { byte[] buffer3 = new byte[8]; packet.Read(buffer3, 0, 8); } if ((flags & 0x20000000) == 0) { throw new Exception("Strong Encryption not supported by server"); } byte[] buffer4 = null; if (count > 0) { buffer4 = new byte[count]; packet.Position = position + num4; packet.Read(buffer4, 0, count); Encoding.Unicode.GetString(buffer4, 0, buffer4.Length); } AV_PAIRS av_pairs = new AV_PAIRS(); byte[] buffer5 = null; if (num5 <= 0) { throw new Exception("No TargetInfo!"); } packet.Position = position + num6; buffer5 = new byte[num5]; packet.Read(buffer5, 0, num5); packet = new RdpPacket(); packet.Write(buffer5, 0, buffer5.Length); packet.Position = 0L; av_pairs.Parse(packet); byte[] data = nTOWFv2(this.m_sDomain, this.m_sUsername, this.m_sPassword); m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ResponseKeyNT, data); byte[] blob = new byte[8]; RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider(); provider.GetBytes(blob); m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ClientChallenge, blob); byte[] buffer8 = getLMv2Response(data, buffer, blob); if (this.m_bNTLMv2) { Array.Clear(buffer8, 0, buffer8.Length); } bool bGenerateMIC = false; if ((av_pairs.Timestamp.length <= 0) || !this.m_bNTLMv2) { bytes = BitConverter.GetBytes(DateTime.UtcNow.ToFileTimeUtc()); } else { bytes = av_pairs.Timestamp.value; bGenerateMIC = true; av_pairs.ProcessForNTLMv2(); buffer5 = av_pairs.Serialise(); } byte[] keyExchangeKey = null; byte[] buffer11 = getNTLMv2Response(data, buffer, blob, bytes, buffer5, out keyExchangeKey); m_Socket.AddBlob(PacketLogger.PacketType.NTLM_KeyExchangeKey, keyExchangeKey); byte[] encryptedRandomSessionKey = null; byte[] buffer13 = null; buffer13 = new byte[0x10]; provider.GetBytes(buffer13); m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ExportedSessionKey, buffer13); encryptedRandomSessionKey = new byte[0x10]; RC4 rc = new RC4(); rc.engineInitEncrypt(keyExchangeKey); encryptedRandomSessionKey = rc.crypt(buffer13); if ((flags & 0x40000000) == 0) { encryptedRandomSessionKey = new byte[0]; buffer13 = keyExchangeKey; } this.InitSignKeys(buffer13); return(this.Authenticate(buffer8, buffer11, this.m_sDomain, this.m_sUsername, this.m_sWorkstation, encryptedRandomSessionKey, buffer13, bGenerateMIC)); }
private byte[] Authenticate(byte[] lmChallengeResponse, byte[] ntChallengeResponse, string sDomainName, string sUser, string sWorkstation, byte[] EncryptedRandomSessionKey, byte[] ExportedSessionKey, bool bGenerateMIC) { RdpPacket packet = new RdpPacket(); uint flags = ((((((0xe2800000 | RDPClient.NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY) | RDPClient.NTLMSSP_NEGOTIATE_ALWAYS_SIGN) | RDPClient.NTLMSSP_NEGOTIATE_NTLM) | RDPClient.NTLMSSP_NEGOTIATE_SEAL) | RDPClient.NTLMSSP_NEGOTIATE_SIGN) | RDPClient.NTLMSSP_REQUEST_TARGET) | RDPClient.NTLMSSP_NEGOTIATE_UNICODE; DumpFlags(flags); int position = (int)packet.Position; packet.WriteString("NTLMSSP", false); packet.WriteByte(0); packet.WriteLittleEndian32(3); int num3 = ((int)packet.Position) - position; num3 += 8; num3 += 8; num3 += 8; num3 += 8; num3 += 8; num3 += 8; num3 += 4; if ((flags & 0x2000000) != 0) { num3 += 8; } if (bGenerateMIC) { num3 += 0x10; } byte[] bytes = Encoding.Unicode.GetBytes(sDomainName); byte[] buffer = Encoding.Unicode.GetBytes(sUser); byte[] buffer3 = Encoding.Unicode.GetBytes(sWorkstation); int num4 = num3; int num5 = num4 + bytes.Length; int num6 = num5 + buffer.Length; int num7 = num6 + buffer3.Length; int num8 = num7 + lmChallengeResponse.Length; int num9 = num8 + ntChallengeResponse.Length; packet.WriteLittleEndian16((ushort)lmChallengeResponse.Length); packet.WriteLittleEndian16((ushort)lmChallengeResponse.Length); packet.WriteLittleEndian32(num7); num3 += lmChallengeResponse.Length; packet.WriteLittleEndian16((ushort)ntChallengeResponse.Length); packet.WriteLittleEndian16((ushort)ntChallengeResponse.Length); packet.WriteLittleEndian32(num8); num3 += ntChallengeResponse.Length; packet.WriteLittleEndian16((ushort)bytes.Length); packet.WriteLittleEndian16((ushort)bytes.Length); packet.WriteLittleEndian32(num4); num3 += bytes.Length; packet.WriteLittleEndian16((ushort)buffer.Length); packet.WriteLittleEndian16((ushort)buffer.Length); packet.WriteLittleEndian32(num5); num3 += buffer.Length; packet.WriteLittleEndian16((ushort)buffer3.Length); packet.WriteLittleEndian16((ushort)buffer3.Length); packet.WriteLittleEndian32(num6); num3 += buffer3.Length; packet.WriteLittleEndian16((ushort)EncryptedRandomSessionKey.Length); packet.WriteLittleEndian16((ushort)EncryptedRandomSessionKey.Length); packet.WriteLittleEndian32(num9); num3 += EncryptedRandomSessionKey.Length; packet.WriteLittleEndian32(flags); if ((flags & 0x2000000) != 0) { this.WriteVersion(packet); } long num10 = packet.Position; if (bGenerateMIC) { packet.WritePadding(0x10); } packet.Write(bytes, 0, bytes.Length); packet.Write(buffer, 0, buffer.Length); packet.Write(buffer3, 0, buffer3.Length); packet.Write(lmChallengeResponse, 0, lmChallengeResponse.Length); packet.Write(ntChallengeResponse, 0, ntChallengeResponse.Length); packet.Write(EncryptedRandomSessionKey, 0, EncryptedRandomSessionKey.Length); if (bGenerateMIC) { packet.Position = 0L; byte[] buffer4 = new byte[packet.Length]; packet.Read(buffer4, 0, buffer4.Length); HMACT64 hmact = new HMACT64(ExportedSessionKey); hmact.update(this.m_NegotiateMsg); hmact.update(this.m_ChallengeMsg); hmact.update(buffer4); byte[] buffer5 = hmact.digest(); packet.Position = num10; packet.Write(buffer5, 0, buffer5.Length); } packet.Position = 0L; byte[] buffer6 = new byte[packet.Length]; packet.Read(buffer6, 0, buffer6.Length); return(buffer6); }
internal static void SendInput(List <Rdp.InputInfo> InputToSend) { if (RDPClient.use_fastpath_input) { RdpPacket packet = new RdpPacket(); ushort num = 1; int count = InputToSend.Count; if (count < 0x10) { packet.WriteByte((byte)(count << 2)); } else { packet.WriteByte(0); num = (ushort)(num + 1); } foreach (Rdp.InputInfo info in InputToSend) { switch (info.Message_Type) { case Rdp.InputType.INPUT_EVENT_SCANCODE: num = (ushort)(num + 2); break; case Rdp.InputType.INPUT_EVENT_UNICODE: num = (ushort)(num + 3); break; case Rdp.InputType.INPUT_EVENT_MOUSE: num = (ushort)(num + 7); break; case Rdp.InputType.INPUT_EVENT_SYNC: num = (ushort)(num + 1); break; } } num = (ushort)(num + 1); if (num > 0x7f) { num = (ushort)(num + 1); } packet.WriteEncodedUnsigned16(num); if (count >= 0x10) { packet.WriteByte((byte)count); } foreach (Rdp.InputInfo info2 in InputToSend) { int num3 = 0; switch (info2.Message_Type) { case Rdp.InputType.INPUT_EVENT_SCANCODE: if ((info2.Device_Flags & 0x8000) != 0) { num3 |= 1; } if ((info2.Device_Flags & 0x100) != 0) { num3 |= 2; } packet.WriteByte((byte)num3); packet.WriteByte((byte)info2.Param1); break; case Rdp.InputType.INPUT_EVENT_UNICODE: if ((info2.Device_Flags & 0x8000) != 0) { num3 |= 1; } packet.WriteByte((byte)(0x80 | num3)); packet.WriteLittleEndian16((ushort)info2.Param1); break; case Rdp.InputType.INPUT_EVENT_MOUSE: packet.WriteByte(0x20); packet.WriteLittleEndian16((ushort)info2.Device_Flags); packet.WriteLittleEndian16((ushort)info2.Param1); packet.WriteLittleEndian16((ushort)info2.Param2); break; case Rdp.InputType.INPUT_EVENT_SYNC: packet.WriteByte(0x60); break; } } Write(packet); } else { foreach (Rdp.InputInfo info3 in InputToSend) { internal_sendInput(info3.Time, (int)info3.Message_Type, info3.Device_Flags, info3.Param1, info3.Param2); } } }
internal static void SendMCS_GlobalChannel(RdpPacket sec_data, int sec_flags) { send_to_channel(sec_data, sec_flags, MCS.MSC_GLOBAL_CHANNEL); }
private static RdpPacket getLoginInfo(string domain, string username, string password, string command, string directory, bool bAutoReconnect) { int num = 2 * "127.0.0.1".Length; int num2 = 2 * @"C:\WINNT\System32\mstscax.dll".Length; int num1 = _p; int num3 = 2 * domain.Length; int num4 = 2 * username.Length; int num5 = 2 * password.Length; int num6 = 2 * command.Length; int num7 = 2 * directory.Length; RdpPacket packet = new RdpPacket(); int num8 = 0x213b; packet.WriteLittleEndian32(0); packet.WriteLittleEndian32(num8); packet.WriteLittleEndian16((short)num3); packet.WriteLittleEndian16((short)num4); if ((num8 & 8) != 0) { packet.WriteLittleEndian16((short)num5); } else { packet.WriteLittleEndian16((short)0); } packet.WriteLittleEndian16((short)num6); packet.WriteLittleEndian16((short)num7); if (0 < num3) { packet.WriteUnicodeString(domain); } else { packet.WriteLittleEndian16((short)0); } packet.WriteUnicodeString(username); if ((num8 & 8) != 0) { packet.WriteUnicodeString(password); } else { packet.WriteLittleEndian16((short)0); } if (0 < num6) { packet.WriteUnicodeString(command); } else { packet.WriteLittleEndian16((short)0); } if (0 < num7) { packet.WriteUnicodeString(directory); } else { packet.WriteLittleEndian16((short)0); } packet.WriteLittleEndian16((short)2); packet.WriteLittleEndian16((short)(num + 2)); packet.WriteUnicodeString("127.0.0.1"); packet.WriteLittleEndian16((short)(num2 + 2)); packet.WriteUnicodeString(@"C:\WINNT\System32\mstscax.dll"); TimeZoneInfo info = TimeZoneInfo.Local; packet.WriteLittleEndian32((int)info.BaseUtcOffset.TotalMinutes); packet.WriteUnicodeString(info.StandardName); packet.Position += 0x3e - (2 * info.StandardName.Length); if (info.SupportsDaylightSavingTime) { packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((ushort)10); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)30); packet.WriteLittleEndian16((short)2); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian32(0); } else { packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian32(0); } packet.WriteUnicodeString(info.DaylightName); packet.Position += 0x3e - (2 * info.DaylightName.Length); if (info.SupportsDaylightSavingTime) { packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((ushort)3); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0x1b); packet.WriteLittleEndian16((short)1); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian32((int)(info.BaseUtcOffset.TotalMinutes + 1.0)); } else { packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian16((short)0); packet.WriteLittleEndian32(0); } packet.WriteLittleEndianU32(0); PerformanceFlags flags = (PerformanceFlags)0; if (!RDPClient.IsHostFlagSet(HostFlags.DesktopBackground)) { flags |= PerformanceFlags.PERF_DISABLE_WALLPAPER; } if (RDPClient.IsHostFlagSet(HostFlags.FontSmoothing)) { flags |= PerformanceFlags.PERF_ENABLE_FONT_SMOOTHING; } if (RDPClient.IsHostFlagSet(HostFlags.DesktopComposition)) { flags |= PerformanceFlags.PERF_ENABLE_DESKTOP_COMPOSITION; } if (!RDPClient.IsHostFlagSet(HostFlags.ShowWindowContents)) { flags |= PerformanceFlags.PERF_DISABLE_FULLWINDOWDRAG; } if (!RDPClient.IsHostFlagSet(HostFlags.MenuAnimation)) { flags |= PerformanceFlags.PERF_DISABLE_MENUANIMATIONS; } if (!RDPClient.IsHostFlagSet(HostFlags.VisualStyles)) { flags |= PerformanceFlags.PERF_DISABLE_THEMING; } packet.WriteLittleEndian32((int)flags); if (bAutoReconnect) { packet.WriteLittleEndian32(0x1c); packet.WriteLittleEndian32(0x1c); packet.WriteLittleEndian32(1); packet.WriteLittleEndian32(RDPClient.LogonID); HMACT64 hmact = new HMACT64(RDPClient.ReconnectCookie); hmact.update(Secure.GetClentRandom()); byte[] buffer = hmact.digest(); packet.Write(buffer, 0, buffer.Length); return(packet); } packet.WriteLittleEndian32(0); return(packet); }
protected static void UpdateLength(RdpPacket packet, string Identifier) { Fixup fixup = RDPClient.m_Fixup[Identifier]; RDPClient.m_Fixup.Remove(Identifier); long position = packet.Position; if (fixup.Length != -1) { long num2 = packet.Position - fixup.Offset; if (num2 != fixup.Length) { throw new Exception("DER Tag length invalid"); } } else { long num3 = packet.Position - (fixup.Offset + 1L); byte[] bytes = BitConverter.GetBytes(num3); packet.Position = fixup.Offset; if (num3 > 0xffffffL) { packet.WriteByte(0x84); packet.InsertByte(bytes[3]); position += 1L; packet.InsertByte(bytes[2]); position += 1L; packet.InsertByte(bytes[1]); position += 1L; packet.InsertByte(bytes[0]); position += 1L; } else if (num3 > 0xffffL) { packet.WriteByte(0x83); packet.InsertByte(bytes[2]); position += 1L; packet.InsertByte(bytes[1]); position += 1L; packet.InsertByte(bytes[0]); position += 1L; } else if (num3 > 0xffL) { packet.WriteByte(130); packet.InsertByte(bytes[1]); position += 1L; packet.InsertByte(bytes[0]); position += 1L; } else if (num3 > 0x7fL) { packet.WriteByte(0x81); packet.InsertByte(bytes[0]); position += 1L; } else { packet.WriteByte(bytes[0]); } packet.Position = position; } }
public void append(RdpPacket value) { byte[] buffer = new byte[value.Length - value.Position]; value.Read(buffer, 0, buffer.Length); Write(buffer, 0, buffer.Length); }
protected static void WriteByte(RdpPacket packet, int value) { packet.WriteByte((byte)value); }
private static bool processData(RdpPacket data) { int num3; int num = 0; data.Position += 6L; data.getLittleEndian16(); num = data.ReadByte(); data.ReadByte(); data.getLittleEndian16(); switch (num) { case 0x26: // 38 // RDP_DATA_PDU_SAVE_SESSION_INFO processLogonInfo(data); goto Label_015E; case 0x2f: // 47 // RDP_DATA_PDU_SET_ERROR_INFO num3 = data.getLittleEndian32(); switch (num3) { case 0: case 12: goto Label_015E; case 1: throw new RDFatalException("The disconnection was initiated by an administrative tool on the server in another session."); case 2: throw new RDFatalException("The disconnection was due to a forced logoff initiated by an administrative tool on the server in another session."); case 3: throw new RDFatalException("The idle session limit timer on the server has elapsed."); case 4: throw new RDFatalException("The active session limit timer on the server has elapsed."); case 5: throw new RDFatalException("Another user connected to the server, forcing the disconnection of the current connection."); case 7: throw new RDFatalException("The server denied the connection."); case 9: throw new RDFatalException("The user cannot connect to the server due to insufficient access privileges."); case 11: throw new RDFatalException("The disconnection was initiated by an administrative tool on the server running in the user's session."); case 0x102: throw new RDFatalException("There are no Client Access Licenses available for the target remote computer, please contact your network administrator."); } break; case 2: // processUpdate return(false); case 0x1b: // 27 return(false); default: goto Label_015E; } throw new RDFatalException("Error code: " + num3.ToString("X8") + ", please contact Support with this error code"); Label_015E: return(false); }
protected static void WriteTag(RdpPacket packet, int Tag, string Identifier) { WriteByte(packet, Tag); WriteLength(packet, Identifier); }
internal static void send_connection_request(byte[] loadBalanceToken, bool bAutoReconnect) { int num; RDPClient.dec_count = 0; RDPClient.enc_count = 0; Network.ConnectionStage = RDPClient.eConnectionStage.Negotiating; if (RDPClient.enableNLA) { sendConnectNegotiation(3, loadBalanceToken); num = receiveConnectNegotiation(); if (num == 0x10000000) { Network.Close(); Network.Connect(RDPClient.Host, RDPClient.Port); sendConnectNegotiation(0, loadBalanceToken); num = receiveConnectNegotiation(); if (num != 0) { throw new RDFatalException("Security negotiation failed!"); } } else { if (((num & 1) != 0) || ((num & 2) != 0)) { Network.ConnectionStage = RDPClient.eConnectionStage.Securing; Network.ConnectSSL(); } if ((num & 2) != 0) { Network.ConnectionStage = RDPClient.eConnectionStage.Authenticating; CredSSP.Negotiate(Network.GetSSLPublicKey()); } } } else { sendConnectNegotiation(0, loadBalanceToken); num = receiveConnectNegotiation(); if (num != 0) { throw new RDFatalException("Security negotiation failed!"); } } Network.ConnectionStage = RDPClient.eConnectionStage.Establishing; IsoLayer.SendTPKT(sendConnectInitial(sendMcsData(true, Channels.RegisteredChannels.Count, num))); receiveConnectResponse(); send_ErectDomainRequest(); send_AttachUserRequest(); RDPClient.McsUserID = receive_AttachUserConfirm(); send_ChannelJoinRequest(RDPClient.McsUserID + MCS_USERCHANNEL_BASE); receive_ChannelJoinConfirm(); send_ChannelJoinRequest(MSC_GLOBAL_CHANNEL); receive_ChannelJoinConfirm(); foreach (IVirtualChannel channel in Channels.RegisteredChannels) { send_ChannelJoinRequest(channel.ChannelID); receive_ChannelJoinConfirm(); } int num2 = 0x40; if (Secure.RDPEncrypted()) { Network.ConnectionStage = RDPClient.eConnectionStage.SecureAndLogin; RdpPacket packet = Secure.establishKey(); packet.Position = 0L; IsoLayer.SendMCS(packet, MSC_GLOBAL_CHANNEL); num2 |= SEC_ENCRYPT; } else { Network.ConnectionStage = RDPClient.eConnectionStage.Login; } IsoLayer.SendMCS_GlobalChannel(getLoginInfo(RDPClient.Domain, RDPClient.Username, RDPClient.Password, "", "", bAutoReconnect), num2); }