protected static int ReadInteger(RdpPacket packet)
{
if (packet.ReadByte() != 2)
{
throw new Exception("Data Error!");
}
int num2 = packet.ReadByte();
byte[] buffer = new byte[4];
switch (num2)
{
case 4:
packet.Read(buffer, 0, 4);
return(BitConverter.ToInt32(buffer, 0));
case 3:
packet.Read(buffer, 0, 3);
return(BitConverter.ToInt32(buffer, 0));
case 2:
packet.Read(buffer, 0, 2);
return(BitConverter.ToInt32(buffer, 0));
}
packet.Read(buffer, 0, 1);
return(BitConverter.ToInt32(buffer, 0));
}
private static void ProcesssResponse(RdpPacket packet, byte[] ServerPublicKey)
{
ASN1.ReadTag(packet, ASN1.SequenceTag(0), "TSRequest");
ASN1.ReadTag(packet, ASN1.ContextTag(0), "CTX_Version");
if (ASN1.ReadInteger(packet) < 2)
{
throw new Exception("TSRequest version not supported!");
}
ASN1.CloseTag(packet, "CTX_Version");
byte[] buffer = null;
int num2 = ASN1.ReadTag(packet, "Tag");
if (num2 == ASN1.ContextTag(1))
{
ASN1.ReadTag(packet, ASN1.SequenceTag(0), "NegTokens");
ASN1.ReadTag(packet, ASN1.SequenceTag(0), "NegTokens2");
ASN1.ReadTag(packet, ASN1.ContextTag(0), "CTX_OctetString");
RDPClient.m_ChallengeMsg = new byte[ASN1.ReadTag(packet, ASN1.OctetStringTag(), "OctetString")];
packet.Read(RDPClient.m_ChallengeMsg, 0, RDPClient.m_ChallengeMsg.Length);
ASN1.CloseTag(packet, "OctetString");
ASN1.CloseTag(packet, "CTX_OctetString");
ASN1.CloseTag(packet, "NegTokens2");
ASN1.CloseTag(packet, "NegTokens");
}
else if (num2 == ASN1.ContextTag(3))
{
buffer = new byte[ASN1.ReadTag(packet, ASN1.OctetStringTag(), "OctetString")];
packet.Read(buffer, 0, buffer.Length);
ASN1.CloseTag(packet, "OctetString");
}
ASN1.CloseTag(packet, "Tag");
ASN1.CloseTag(packet, "TSRequest");
if (buffer != null)
{
byte[] buffer2 = RDPClient.m_NTLMAuthenticate.DecryptMessage(buffer);
buffer2[0] = (byte)(buffer2[0] - 1);
if (!NTLM.CompareArray(buffer2, ServerPublicKey))
{
throw new Exception("Unable to verify the server's public key!");
}
buffer2[0] = (byte)(buffer2[0] + 1);
SendTSRequest(null, WriteTSCredentials(), null);
RDPClient.m_bAuthenticated = true;
}
else
{
ReadNegoToken(RDPClient.m_ChallengeMsg, ServerPublicKey);
}
}
private static void Send(RdpPacket packet)
{
packet.Position = 0L;
byte[] buffer = new byte[packet.Length];
packet.Read(buffer, 0, (int)packet.Length);
Network.Send(buffer);
}
public void copyToByteArray(RdpPacket packet)
{
byte[] buffer = new byte[packet.Length];
packet.Position = 0L;
packet.Read(buffer, 0, (int)packet.Length);
Write(buffer, 0, buffer.Length);
}
public byte[] Negotiate()
{
RdpPacket packet = new RdpPacket();
uint num = (((((((0xe2000000 | RDPClient.NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY) | RDPClient.NTLMSSP_NEGOTIATE_ALWAYS_SIGN) | RDPClient.NTLMSSP_NEGOTIATE_NTLM) | RDPClient.NTLMSSP_NEGOTIATE_SEAL) | RDPClient.NTLMSSP_NEGOTIATE_SIGN) | RDPClient.NTLMSSP_REQUEST_TARGET) | RDPClient.NTLMSSP_NEGOTIATE_OEM) | RDPClient.NTLMSSP_NEGOTIATE_UNICODE;
int position = (int)packet.Position;
packet.WriteString("NTLMSSP", false);
packet.WriteByte(0);
packet.WriteLittleEndian32(1);
packet.WriteLittleEndian32(num);
int num3 = ((int)packet.Position) - position;
num3 += 8;
num3 += 8;
if ((num & 0x2000000) != 0)
{
num3 += 8;
}
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32(0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian32(0);
if ((num & 0x2000000) != 0)
{
this.WriteVersion(packet);
}
packet.Position = 0L;
this.m_NegotiateMsg = new byte[packet.Length];
packet.Read(this.m_NegotiateMsg, 0, this.m_NegotiateMsg.Length);
return(this.m_NegotiateMsg);
}
internal static void send_to_channel(RdpPacket sec_data, int flags, int channel)
{
sec_data.Position = 0L;
byte[] buffer = new byte[sec_data.Length];
sec_data.Read(buffer, 0, buffer.Length);
if ((RDPClient.enc_count == 0x1000) && Secure.RDPEncrypted())
{
Secure.m_Encrypt_Key = Secure.update(Secure.m_Encrypt_Key, RDPClient._r);
byte[] destinationArray = new byte[Secure.m_KeyLength];
Array.Copy(Secure.m_Encrypt_Key, 0, destinationArray, 0, Secure.m_KeyLength);
RDPClient.m_RC4_Enc.engineInitEncrypt(destinationArray);
RDPClient.enc_count = 0;
}
if (Secure.RDPEncrypted())
{
byte[] buffer3 = Secure.sign(RDPClient.m_Sec_Sign_Key, 8, Secure.m_KeyLength, buffer, buffer.Length);
byte[] buffer4 = RDPClient.m_RC4_Enc.crypt(buffer);
sec_data = new RdpPacket();
sec_data.WriteLittleEndian32(flags);
sec_data.Write(buffer3, 0, buffer3.Length);
sec_data.Write(buffer4, 0, buffer4.Length);
}
else
{
flags &= -9;
sec_data = new RdpPacket();
if (flags != 0)
{
sec_data.WriteLittleEndian32(flags);
}
sec_data.Write(buffer, 0, buffer.Length);
}
SendMCS(sec_data, channel);
RDPClient.enc_count++;
}
internal static bool parse_authreq(RdpPacket data)
{
int count = 0;
data.Position += 6L;
count = data.getLittleEndian16();
if (count != 10)
{
throw new RDFatalException("Illegal length of license token!");
}
RDPClient.m_In_Token = new byte[count];
data.Read(RDPClient.m_In_Token, 0, count);
RDPClient.m_In_Sig = new byte[0x10];
data.Read(RDPClient.m_In_Sig, 0, 0x10);
return(data.Position == data.Length);
}
internal static void Write(RdpPacket data)
{
data.Position = 0L;
byte[] buffer = new byte[data.Length];
data.Read(buffer, 0, (int)data.Length);
Network.Send(buffer);
}
internal static void processRedirection(RdpPacket data, bool bStdRedirect)
{
if (!bStdRedirect)
{
data.getLittleEndian16();
}
data.getLittleEndian16();
data.getLittleEndian16();
RDPClient.sessionID = data.getLittleEndian32();
int num = data.getLittleEndian32();
if ((num & 1) != 0)
{
RDPClient.Host = data.ReadUnicodeString();
}
byte[] buffer = null;
if ((num & 2) != 0)
{
int count = data.getLittleEndian32();
buffer = new byte[count];
data.Read(buffer, 0, count);
}
if ((num & 4) != 0)
{
RDPClient.Username = data.ReadUnicodeString();
}
if ((num & 8) != 0)
{
RDPClient.Domain = data.ReadUnicodeString();
}
if ((num & 0x10) != 0)
{
RDPClient.Password = data.ReadUnicodeString();
}
if ((num & 0x200) != 0)
{
RDPClient.Host = data.ReadUnicodeString();
}
if ((num & 0x100) != 0)
{
RDPClient.Host = data.ReadUnicodeString();
}
if (!string.IsNullOrEmpty(RDPClient.Domain))
{
RDPClient.DomainAndUsername = RDPClient.Domain + @"\" + RDPClient.Username;
}
else
{
RDPClient.DomainAndUsername = RDPClient.Username;
}
if ((num & 0x80) == 0)
{
Network.Close();
Licence.Reset();
Network.Connect(RDPClient.Host, RDPClient.Port);
MCS.send_connection_request(buffer, false);
}
}
internal static void process_demand(RdpPacket data)
{
byte[] buffer = new byte[RDPClient.modulus_size];
byte[] bytes = ASCIIEncoding.GetBytes(RDPClient.hostname, true);
byte[] username = ASCIIEncoding.GetBytes(RDPClient.Username, true);
data.Read(RDPClient.m_Server_Random, 0, RDPClient.m_Server_Random.Length);
generate_keys(buffer, RDPClient.m_Server_Random, buffer);
send_request(buffer, buffer, username, bytes);
}
private static void logonInfoVersion2(RdpPacket data)
{
data.getLittleEndian16();
data.getLittleEndian32();
data.getLittleEndian32();
var cbDomain = data.getLittleEndian32();
data.Read(new byte[562], 0, 562); // Username + Padding
var Domain = new byte[52];
data.Read(Domain, 0, cbDomain);
RDPClient.Domain = System.Text.Encoding.Unicode.GetString(Domain).Replace("\0", "");
// Флаг авторизации
if (RDPClient.FullXP)
{
RDPClient.GoodAuth = true;
}
}
private static bool parsePublicKey(RdpPacket data)
{
int num = 0;
int num2 = 0;
num = data.getLittleEndian32();
if (num != 0x31415352)
{
int num3 = 0x31415352;
throw new RDFatalException("Bad magic header ! Need " + num3.ToString() + " but got " + num.ToString());
}
num2 = data.getLittleEndian32();
if (num2 != (RDPClient.modulus_size + 8))
{
RDPClient.modulus_size = num2 - 8;
}
data.Position += 8L;
m_Exponent = new byte[4];
data.Read(m_Exponent, 0, 4);
m_Modulus = new byte[RDPClient.modulus_size];
data.Read(m_Modulus, 0, RDPClient.modulus_size);
return(data.Position <= data.Length);
}
internal static void process_issue(RdpPacket data)
{
int count = 0;
RC4 rc = new RC4();
byte[] destinationArray = new byte[RDPClient.m_LicenceKey.Length];
Array.Copy(RDPClient.m_LicenceKey, 0, destinationArray, 0, RDPClient.m_LicenceKey.Length);
data.getLittleEndian16();
count = data.getLittleEndian16();
if ((data.Position + count) <= data.Length)
{
rc.engineInitDecrypt(destinationArray);
byte[] buffer = new byte[count];
data.Read(buffer, 0, count);
rc.crypt(buffer, 0, count, buffer, 0);
}
}
public static RdpPacket DecryptPacket(RdpPacket packet)
{
packet.Position += 8L;
byte[] buffer = new byte[packet.Length - packet.Position];
packet.Read(buffer, 0, buffer.Length);
if (RDPClient.dec_count == 0x1000)
{
m_Decrypt_Key = update(m_Decrypt_Key, RDPClient.m_Sec_Decrypt_Update_Key);
byte[] destinationArray = new byte[m_KeyLength];
Array.Copy(m_Decrypt_Key, 0, destinationArray, 0, m_KeyLength);
RDPClient.m_RC4_Dec.engineInitDecrypt(destinationArray);
RDPClient.dec_count = 0;
}
RDPClient.dec_count++;
byte[] buffer3 = RDPClient.m_RC4_Dec.crypt(buffer);
packet = new RdpPacket();
packet.Write(buffer3, 0, buffer3.Length);
packet.Position = 0L;
return(packet);
}
private static byte[] WriteTSCredentials()
{
RdpPacket packet = new RdpPacket();
ASN1.WriteTag(packet, ASN1.SequenceTag(0), "SEQ_TSCRED");
ASN1.WriteTag(packet, ASN1.ContextTag(0), "CTX_credType");
ASN1.WriteInteger(packet, 1);
ASN1.CloseTag(packet, "CTX_credType");
ASN1.WriteTag(packet, ASN1.ContextTag(1), "CTX_credentials");
ASN1.WriteTag(packet, ASN1.OctetStringTag(), "CTX_OctetString");
ASN1.WriteTag(packet, ASN1.SequenceTag(0), "SEQ_Credentials");
ASN1.WriteTag(packet, ASN1.ContextTag(0), "CTX_domain");
ASN1.WriteTag(packet, ASN1.OctetStringTag(), "OctectString");
byte[] bytes = Encoding.Unicode.GetBytes(RDPClient.Domain);
packet.Write(bytes, 0, bytes.Length);
ASN1.CloseTag(packet, "OctectString");
ASN1.CloseTag(packet, "CTX_domain");
ASN1.WriteTag(packet, ASN1.ContextTag(1), "CTX_user");
ASN1.WriteTag(packet, ASN1.OctetStringTag(), "OctectString");
byte[] buffer = Encoding.Unicode.GetBytes(RDPClient.Username);
packet.Write(buffer, 0, buffer.Length);
ASN1.CloseTag(packet, "OctectString");
ASN1.CloseTag(packet, "CTX_user");
ASN1.WriteTag(packet, ASN1.ContextTag(2), "CTX_password");
ASN1.WriteTag(packet, ASN1.OctetStringTag(), "OctectString");
byte[] buffer3 = Encoding.Unicode.GetBytes(RDPClient.Password);
packet.Write(buffer3, 0, buffer3.Length);
ASN1.CloseTag(packet, "OctectString");
ASN1.CloseTag(packet, "CTX_password");
ASN1.CloseTag(packet, "SEQ_Credentials");
ASN1.CloseTag(packet, "CTX_OctetString");
ASN1.CloseTag(packet, "CTX_credentials");
ASN1.CloseTag(packet, "SEQ_TSCRED");
byte[] buffer4 = new byte[packet.Length];
packet.Position = 0L;
packet.Read(buffer4, 0, buffer4.Length);
return(RDPClient.m_NTLMAuthenticate.EncryptMessage(buffer4));
}
public byte[] ProcessChallenge(byte[] Challenge)
{
byte[] bytes;
RdpPacket packet = new RdpPacket();
this.m_ChallengeMsg = Challenge;
packet.Write(Challenge, 0, Challenge.Length);
packet.Position = 0L;
long position = packet.Position;
if (packet.ReadString(8) != "NTLMSSP\0")
{
throw new Exception("Invalid negotiation token!");
}
if (packet.getLittleEndian32() != 2)
{
throw new Exception("Expected challenge!");
}
int count = packet.getLittleEndian16();
packet.getLittleEndian16();
int num4 = packet.getLittleEndian32();
uint flags = (uint)packet.getLittleEndian32();
DumpFlags(flags);
byte[] buffer = new byte[8];
packet.Read(buffer, 0, 8);
byte[] buffer2 = new byte[8];
packet.Read(buffer2, 0, 8);
int num5 = packet.getLittleEndian16();
packet.getLittleEndian16();
int num6 = packet.getLittleEndian32();
if ((flags & 0x2000000) != 0)
{
byte[] buffer3 = new byte[8];
packet.Read(buffer3, 0, 8);
}
if ((flags & 0x20000000) == 0)
{
throw new Exception("Strong Encryption not supported by server");
}
byte[] buffer4 = null;
if (count > 0)
{
buffer4 = new byte[count];
packet.Position = position + num4;
packet.Read(buffer4, 0, count);
Encoding.Unicode.GetString(buffer4, 0, buffer4.Length);
}
AV_PAIRS av_pairs = new AV_PAIRS();
byte[] buffer5 = null;
if (num5 <= 0)
{
throw new Exception("No TargetInfo!");
}
packet.Position = position + num6;
buffer5 = new byte[num5];
packet.Read(buffer5, 0, num5);
packet = new RdpPacket();
packet.Write(buffer5, 0, buffer5.Length);
packet.Position = 0L;
av_pairs.Parse(packet);
byte[] data = nTOWFv2(this.m_sDomain, this.m_sUsername, this.m_sPassword);
m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ResponseKeyNT, data);
byte[] blob = new byte[8];
RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
provider.GetBytes(blob);
m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ClientChallenge, blob);
byte[] buffer8 = getLMv2Response(data, buffer, blob);
if (this.m_bNTLMv2)
{
Array.Clear(buffer8, 0, buffer8.Length);
}
bool bGenerateMIC = false;
if ((av_pairs.Timestamp.length <= 0) || !this.m_bNTLMv2)
{
bytes = BitConverter.GetBytes(DateTime.UtcNow.ToFileTimeUtc());
}
else
{
bytes = av_pairs.Timestamp.value;
bGenerateMIC = true;
av_pairs.ProcessForNTLMv2();
buffer5 = av_pairs.Serialise();
}
byte[] keyExchangeKey = null;
byte[] buffer11 = getNTLMv2Response(data, buffer, blob, bytes, buffer5, out keyExchangeKey);
m_Socket.AddBlob(PacketLogger.PacketType.NTLM_KeyExchangeKey, keyExchangeKey);
byte[] encryptedRandomSessionKey = null;
byte[] buffer13 = null;
buffer13 = new byte[0x10];
provider.GetBytes(buffer13);
m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ExportedSessionKey, buffer13);
encryptedRandomSessionKey = new byte[0x10];
RC4 rc = new RC4();
rc.engineInitEncrypt(keyExchangeKey);
encryptedRandomSessionKey = rc.crypt(buffer13);
if ((flags & 0x40000000) == 0)
{
encryptedRandomSessionKey = new byte[0];
buffer13 = keyExchangeKey;
}
this.InitSignKeys(buffer13);
return(this.Authenticate(buffer8, buffer11, this.m_sDomain, this.m_sUsername, this.m_sWorkstation, encryptedRandomSessionKey, buffer13, bGenerateMIC));
}
private static void logonInfoExtended(RdpPacket data)
{
// Флаг авторизации
if (RDPClient.FullXP)
{
RDPClient.GoodAuth = true;
}
data.getLittleEndian16();
var num2 = (FieldsPresent)data.getLittleEndian32();
// Reconnect Cookie
if (num2.HasFlag(FieldsPresent.LOGON_EX_AUTORECONNECTCOOKIE))
{
if (data.getLittleEndian32() != 0x1c)
{
throw new Exception("Invalid length for AutoReconnectCookie!");
}
data.getLittleEndian32();
RDPClient.LogonID = data.getLittleEndian32();
if (RDPClient.ReconnectCookie == null)
{
RDPClient.ReconnectCookie = new byte[0x10];
}
data.Read(RDPClient.ReconnectCookie, 0, RDPClient.ReconnectCookie.Length);
}
// Error
if (num2.HasFlag(FieldsPresent.LOGON_EX_LOGONERRORS))
{
var ErrorType = (ErrorNotificationType)data.getLittleEndian32();
var ErrorData = (ErrorNotificationData)data.getLittleEndian32();
// Проверка ошибок
if (ErrorType.HasFlag(ErrorNotificationType.LOGON_MSG_NO_PERMISSION) ||
ErrorType.HasFlag(ErrorNotificationType.LOGON_MSG_DISCONNECT_REFUSED) ||
ErrorType.HasFlag(ErrorNotificationType.LOGON_MSG_SESSION_TERMINATE) ||
ErrorData.HasFlag(ErrorNotificationData.LOGON_FAILED_BAD_PASSWORD) ||
ErrorData.HasFlag(ErrorNotificationData.LOGON_WARNING) ||
ErrorData.HasFlag(ErrorNotificationData.LOGON_FAILED_OTHER))
{
// Флаг авторизации
if (RDPClient.FullXP)
{
RDPClient.GoodAuth = false;
}
}
// Проверка на смену пароля
if (ErrorData.HasFlag(ErrorNotificationData.LOGON_FAILED_UPDATE_PASSWORD))
{
// Флаг смены пароля
RDPClient.NeedChangePassword = true;
// Флаг авторизации
if (RDPClient.FullXP)
{
RDPClient.GoodAuth = true;
}
}
}
}
private byte[] Authenticate(byte[] lmChallengeResponse, byte[] ntChallengeResponse, string sDomainName, string sUser, string sWorkstation, byte[] EncryptedRandomSessionKey, byte[] ExportedSessionKey, bool bGenerateMIC)
{
RdpPacket packet = new RdpPacket();
uint flags = ((((((0xe2800000 | RDPClient.NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY) | RDPClient.NTLMSSP_NEGOTIATE_ALWAYS_SIGN) | RDPClient.NTLMSSP_NEGOTIATE_NTLM) | RDPClient.NTLMSSP_NEGOTIATE_SEAL) | RDPClient.NTLMSSP_NEGOTIATE_SIGN) | RDPClient.NTLMSSP_REQUEST_TARGET) | RDPClient.NTLMSSP_NEGOTIATE_UNICODE;
DumpFlags(flags);
int position = (int)packet.Position;
packet.WriteString("NTLMSSP", false);
packet.WriteByte(0);
packet.WriteLittleEndian32(3);
int num3 = ((int)packet.Position) - position;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 4;
if ((flags & 0x2000000) != 0)
{
num3 += 8;
}
if (bGenerateMIC)
{
num3 += 0x10;
}
byte[] bytes = Encoding.Unicode.GetBytes(sDomainName);
byte[] buffer = Encoding.Unicode.GetBytes(sUser);
byte[] buffer3 = Encoding.Unicode.GetBytes(sWorkstation);
int num4 = num3;
int num5 = num4 + bytes.Length;
int num6 = num5 + buffer.Length;
int num7 = num6 + buffer3.Length;
int num8 = num7 + lmChallengeResponse.Length;
int num9 = num8 + ntChallengeResponse.Length;
packet.WriteLittleEndian16((ushort)lmChallengeResponse.Length);
packet.WriteLittleEndian16((ushort)lmChallengeResponse.Length);
packet.WriteLittleEndian32(num7);
num3 += lmChallengeResponse.Length;
packet.WriteLittleEndian16((ushort)ntChallengeResponse.Length);
packet.WriteLittleEndian16((ushort)ntChallengeResponse.Length);
packet.WriteLittleEndian32(num8);
num3 += ntChallengeResponse.Length;
packet.WriteLittleEndian16((ushort)bytes.Length);
packet.WriteLittleEndian16((ushort)bytes.Length);
packet.WriteLittleEndian32(num4);
num3 += bytes.Length;
packet.WriteLittleEndian16((ushort)buffer.Length);
packet.WriteLittleEndian16((ushort)buffer.Length);
packet.WriteLittleEndian32(num5);
num3 += buffer.Length;
packet.WriteLittleEndian16((ushort)buffer3.Length);
packet.WriteLittleEndian16((ushort)buffer3.Length);
packet.WriteLittleEndian32(num6);
num3 += buffer3.Length;
packet.WriteLittleEndian16((ushort)EncryptedRandomSessionKey.Length);
packet.WriteLittleEndian16((ushort)EncryptedRandomSessionKey.Length);
packet.WriteLittleEndian32(num9);
num3 += EncryptedRandomSessionKey.Length;
packet.WriteLittleEndian32(flags);
if ((flags & 0x2000000) != 0)
{
this.WriteVersion(packet);
}
long num10 = packet.Position;
if (bGenerateMIC)
{
packet.WritePadding(0x10);
}
packet.Write(bytes, 0, bytes.Length);
packet.Write(buffer, 0, buffer.Length);
packet.Write(buffer3, 0, buffer3.Length);
packet.Write(lmChallengeResponse, 0, lmChallengeResponse.Length);
packet.Write(ntChallengeResponse, 0, ntChallengeResponse.Length);
packet.Write(EncryptedRandomSessionKey, 0, EncryptedRandomSessionKey.Length);
if (bGenerateMIC)
{
packet.Position = 0L;
byte[] buffer4 = new byte[packet.Length];
packet.Read(buffer4, 0, buffer4.Length);
HMACT64 hmact = new HMACT64(ExportedSessionKey);
hmact.update(this.m_NegotiateMsg);
hmact.update(this.m_ChallengeMsg);
hmact.update(buffer4);
byte[] buffer5 = hmact.digest();
packet.Position = num10;
packet.Write(buffer5, 0, buffer5.Length);
}
packet.Position = 0L;
byte[] buffer6 = new byte[packet.Length];
packet.Read(buffer6, 0, buffer6.Length);
return(buffer6);
}
internal static int parseCryptInfo(RdpPacket data)
{
int num2 = 0;
int num3 = 0;
int num4 = 0;
int num5 = 0;
int num6 = 0;
int num7 = 0;
num7 = data.getLittleEndian32();
if (data.getLittleEndian32() == 0)
{
if (!Network.SSLConnection)
{
throw new RDFatalException("Server does not support encrypted connections!");
}
return(0);
}
int count = data.getLittleEndian32();
num2 = data.getLittleEndian32();
if (count != 0x20)
{
string[] strArray = new string[] { "Wrong size of random key size! Accepted ", count.ToString(), " but ", 0x20.ToString(), "!" };
throw new RDFatalException(string.Concat(strArray));
}
m_Server_Random = new byte[count];
data.Read(m_Server_Random, 0, count);
num6 = ((int)data.Position) + num2;
if (num6 > data.Length)
{
throw new RDFatalException("Crypt Info too short!");
}
if ((data.getLittleEndian32() & 1) != 0)
{
data.Position += 8L;
while (data.Position < data.Length)
{
num3 = data.getLittleEndian16();
num4 = data.getLittleEndian16();
num5 = ((int)data.Position) + num4;
switch (num3)
{
case 6:
if (parsePublicKey(data))
{
break;
}
return(0);
}
data.Position = num5;
}
return(num7);
}
int num9 = data.getLittleEndian32();
int num10 = 0;
if (num9 < 2)
{
throw new RDFatalException("Illegal number of certificates " + num9.ToString());
}
while (num9 > 2)
{
num10 = data.getLittleEndian32();
data.Position += num10;
num9--;
}
byte[] buffer = new byte[data.getLittleEndian32()];
data.Read(buffer, 0, buffer.Length);
X509Certificate certificate = new X509Certificate(buffer);
m_Server_Public_Key = new byte[StaticSettings.SecureValue1];
Array.Copy(certificate.GetPublicKey(), 5, m_Server_Public_Key, 0, StaticSettings.SecureValue1);
byte[] buffer2 = new byte[data.getLittleEndian32()];
data.Read(buffer2, 0, buffer2.Length);
X509Certificate certificate2 = new X509Certificate(buffer2);
m_Server_Public_Key = new byte[StaticSettings.SecureValue1];
Array.Copy(certificate2.GetPublicKey(), 5, m_Server_Public_Key, 0, StaticSettings.SecureValue1);
RDPClient.readCert = true;
return(num7);
}
public void Parse(RdpPacket packet)
{
NTLM.AV_ID av_id;
byte[] buffer = null;
do
{
av_id = (NTLM.AV_ID)packet.getLittleEndian16();
int count = packet.getLittleEndian16();
if (count > 0)
{
if (av_id != NTLM.AV_ID.MsvAvFlags)
{
buffer = new byte[count];
packet.Read(buffer, 0, count);
}
else
{
this.Flags = packet.getLittleEndian32();
}
}
switch (av_id)
{
case NTLM.AV_ID.MsvAvNbComputerName:
this.NbComputerName.length = count;
this.NbComputerName.value = buffer;
this.sNbComputerName = Encoding.Unicode.GetString(this.NbComputerName.value, 0, this.NbComputerName.value.Length);
break;
case NTLM.AV_ID.MsvAvNbDomainName:
this.NbDomainName.length = count;
this.NbDomainName.value = buffer;
this.sNbDomainName = Encoding.Unicode.GetString(this.NbDomainName.value, 0, this.NbDomainName.value.Length);
break;
case NTLM.AV_ID.MsvAvDnsComputerName:
this.DnsComputerName.length = count;
this.DnsComputerName.value = buffer;
this.sDnsComputerName = Encoding.Unicode.GetString(this.DnsComputerName.value, 0, this.DnsComputerName.value.Length);
break;
case NTLM.AV_ID.MsvAvDnsDomainName:
this.DnsDomainName.length = count;
this.DnsDomainName.value = buffer;
this.sDnsDomainName = Encoding.Unicode.GetString(this.DnsDomainName.value, 0, this.DnsDomainName.value.Length);
break;
case NTLM.AV_ID.MsvAvDnsTreeName:
this.DnsTreeName.length = count;
this.DnsTreeName.value = buffer;
break;
case NTLM.AV_ID.MsvAvTimestamp:
this.Timestamp.length = count;
this.Timestamp.value = buffer;
break;
case NTLM.AV_ID.MsvAvRestrictions:
this.Restrictions.length = count;
this.Restrictions.value = buffer;
break;
case NTLM.AV_ID.MsvAvTargetName:
this.TargetName.length = count;
this.TargetName.value = buffer;
break;
case NTLM.AV_ID.MsvChannelBindings:
this.ChannelBindings.length = count;
this.ChannelBindings.value = buffer;
break;
}
}while (av_id != NTLM.AV_ID.MsvAvEOL);
}
public byte[] Serialise()
{
RdpPacket packet = new RdpPacket();
if (this.NbDomainName.length > 0)
{
packet.WriteLittleEndian16((short)2);
packet.WriteLittleEndian16((short)this.NbDomainName.length);
packet.Write(this.NbDomainName.value, 0, this.NbDomainName.length);
}
if (this.NbComputerName.length > 0)
{
packet.WriteLittleEndian16((short)1);
packet.WriteLittleEndian16((short)this.NbComputerName.length);
packet.Write(this.NbComputerName.value, 0, this.NbComputerName.length);
}
if (this.DnsDomainName.length > 0)
{
packet.WriteLittleEndian16((short)4);
packet.WriteLittleEndian16((short)this.DnsDomainName.length);
packet.Write(this.DnsDomainName.value, 0, this.DnsDomainName.length);
}
if (this.DnsComputerName.length > 0)
{
packet.WriteLittleEndian16((short)3);
packet.WriteLittleEndian16((short)this.DnsComputerName.length);
packet.Write(this.DnsComputerName.value, 0, this.DnsComputerName.length);
}
if (this.DnsTreeName.length > 0)
{
packet.WriteLittleEndian16((short)5);
packet.WriteLittleEndian16((short)this.DnsTreeName.length);
packet.Write(this.DnsTreeName.value, 0, this.DnsTreeName.length);
}
if (this.Timestamp.length > 0)
{
packet.WriteLittleEndian16((short)7);
packet.WriteLittleEndian16((short)this.Timestamp.length);
packet.Write(this.Timestamp.value, 0, this.Timestamp.length);
}
if (this.Flags != 0)
{
packet.WriteLittleEndian16((short)6);
packet.WriteLittleEndian16((short)4);
packet.WriteLittleEndian32(this.Flags);
}
if (this.Restrictions.length > 0)
{
packet.WriteLittleEndian16((short)8);
packet.WriteLittleEndian16((short)this.Restrictions.length);
packet.Write(this.Restrictions.value, 0, this.Restrictions.length);
}
if (this.ChannelBindings.length > 0)
{
packet.WriteLittleEndian16((short)10);
packet.WriteLittleEndian16((short)this.ChannelBindings.length);
packet.Write(this.ChannelBindings.value, 0, this.ChannelBindings.length);
}
if (this.TargetName.value != null)
{
packet.WriteLittleEndian16((short)9);
packet.WriteLittleEndian16((short)this.TargetName.length);
packet.Write(this.TargetName.value, 0, this.TargetName.length);
}
packet.WriteLittleEndian16((short)0);
packet.WriteLittleEndian16((short)0);
packet.WritePadding(8);
byte[] buffer = new byte[packet.Length];
packet.Position = 0L;
packet.Read(buffer, 0, buffer.Length);
return(buffer);
}
public void append(RdpPacket value)
{
byte[] buffer = new byte[value.Length - value.Position];
value.Read(buffer, 0, buffer.Length);
Write(buffer, 0, buffer.Length);
}
