void license_write_new_license_request_packet(rdpLicense* license, wStream* s) { UINT32 PlatformId; UINT32 PreferredKeyExchangeAlg = KEY_EXCHANGE_ALG_RSA; PlatformId = CLIENT_OS_ID_WINNT_POST_52 | CLIENT_IMAGE_ID_MICROSOFT; Stream_Write_UINT32(s, PreferredKeyExchangeAlg); /* PreferredKeyExchangeAlg (4 bytes) */ Stream_Write_UINT32(s, PlatformId); /* PlatformId (4 bytes) */ Stream_Write(s, license->ClientRandom, 32); /* ClientRandom (32 bytes) */ license_write_encrypted_premaster_secret_blob(s, license->EncryptedPremasterSecret, license->ModulusLength); /* EncryptedPremasterSecret */ license_write_binary_blob(s, license->ClientUserName); /* ClientUserName */ license_write_binary_blob(s, license->ClientMachineName); /* ClientMachineName */ #ifdef WITH_DEBUG_LICENSE fprintf(stderr, "PreferredKeyExchangeAlg: 0x%08X\n", PreferredKeyExchangeAlg); fprintf(stderr, "\n"); fprintf(stderr, "ClientRandom:\n"); winpr_HexDump(license->ClientRandom, 32); fprintf(stderr, "\n"); fprintf(stderr, "EncryptedPremasterSecret\n"); winpr_HexDump(license->EncryptedPremasterSecret->data, license->EncryptedPremasterSecret->length); fprintf(stderr, "\n"); fprintf(stderr, "ClientUserName (%d): %s\n", license->ClientUserName->length, (char*) license->ClientUserName->data); fprintf(stderr, "\n"); fprintf(stderr, "ClientMachineName (%d): %s\n", license->ClientMachineName->length, (char*) license->ClientMachineName->data); fprintf(stderr, "\n"); #endif }
BOOL license_write_new_license_request_packet(rdpLicense* license, wStream* s) { UINT32 PlatformId; UINT32 PreferredKeyExchangeAlg = KEY_EXCHANGE_ALG_RSA; PlatformId = CLIENT_OS_ID_WINNT_POST_52 | CLIENT_IMAGE_ID_MICROSOFT; Stream_Write_UINT32(s, PreferredKeyExchangeAlg); /* PreferredKeyExchangeAlg (4 bytes) */ Stream_Write_UINT32(s, PlatformId); /* PlatformId (4 bytes) */ Stream_Write(s, license->ClientRandom, 32); /* ClientRandom (32 bytes) */ /* EncryptedPremasterSecret */ if (!license_write_encrypted_premaster_secret_blob(s, license->EncryptedPremasterSecret, license->ModulusLength) || /* ClientUserName */ !license_write_binary_blob(s, license->ClientUserName) || /* ClientMachineName */ !license_write_binary_blob(s, license->ClientMachineName)) { return FALSE; } #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "PreferredKeyExchangeAlg: 0x%08X", PreferredKeyExchangeAlg); WLog_DBG(TAG, "ClientRandom:"); winpr_HexDump(TAG, WLOG_DEBUG, license->ClientRandom, 32); WLog_DBG(TAG, "EncryptedPremasterSecret"); winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedPremasterSecret->data, license->EncryptedPremasterSecret->length); WLog_DBG(TAG, "ClientUserName (%d): %s", license->ClientUserName->length, (char*) license->ClientUserName->data); WLog_DBG(TAG, "ClientMachineName (%d): %s", license->ClientMachineName->length, (char*) license->ClientMachineName->data); #endif return TRUE; }
BOOL license_encrypt_premaster_secret(rdpLicense* license) { BYTE* EncryptedPremasterSecret; if (!license_get_server_rsa_public_key(license)) return FALSE; #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "Modulus (%d bits):", license->ModulusLength * 8); winpr_HexDump(TAG, WLOG_DEBUG, license->Modulus, license->ModulusLength); WLog_DBG(TAG, "Exponent:"); winpr_HexDump(TAG, WLOG_DEBUG, license->Exponent, 4); #endif EncryptedPremasterSecret = (BYTE*) calloc(1, license->ModulusLength); if (!EncryptedPremasterSecret) return FALSE; license->EncryptedPremasterSecret->type = BB_RANDOM_BLOB; license->EncryptedPremasterSecret->length = PREMASTER_SECRET_LENGTH; #ifndef LICENSE_NULL_PREMASTER_SECRET license->EncryptedPremasterSecret->length = crypto_rsa_public_encrypt(license->PremasterSecret, PREMASTER_SECRET_LENGTH, license->ModulusLength, license->Modulus, license->Exponent, EncryptedPremasterSecret); #endif license->EncryptedPremasterSecret->data = EncryptedPremasterSecret; return TRUE; }
BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s) { BYTE MacData[16]; UINT32 ConnectFlags = 0; DEBUG_LICENSE("Receiving Platform Challenge Packet"); if (Stream_GetRemainingLength(s) < 4) return FALSE; Stream_Read_UINT32(s, ConnectFlags); /* ConnectFlags, Reserved (4 bytes) */ /* EncryptedPlatformChallenge */ license->EncryptedPlatformChallenge->type = BB_ANY_BLOB; license_read_binary_blob(s, license->EncryptedPlatformChallenge); license->EncryptedPlatformChallenge->type = BB_ENCRYPTED_DATA_BLOB; if (Stream_GetRemainingLength(s) < 16) return FALSE; Stream_Read(s, MacData, 16); /* MACData (16 bytes) */ if (!license_decrypt_platform_challenge(license)) return FALSE; #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "ConnectFlags: 0x%08X", ConnectFlags); WLog_DBG(TAG, "EncryptedPlatformChallenge:"); winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedPlatformChallenge->data, license->EncryptedPlatformChallenge->length); WLog_DBG(TAG, "PlatformChallenge:"); winpr_HexDump(TAG, WLOG_DEBUG, license->PlatformChallenge->data, license->PlatformChallenge->length); WLog_DBG(TAG, "MacData:"); winpr_HexDump(TAG, WLOG_DEBUG, MacData, 16); #endif return TRUE; }
void license_decrypt_platform_challenge(rdpLicense* license) { CryptoRc4 rc4; license->platform_challenge->data = (BYTE*) malloc(license->encrypted_platform_challenge->length); license->platform_challenge->length = license->encrypted_platform_challenge->length; rc4 = crypto_rc4_init(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH); crypto_rc4(rc4, license->encrypted_platform_challenge->length, license->encrypted_platform_challenge->data, license->platform_challenge->data); #ifdef WITH_DEBUG_LICENSE printf("encrypted_platform challenge:\n"); winpr_HexDump(license->encrypted_platform_challenge->data, license->encrypted_platform_challenge->length); printf("platform challenge:\n"); winpr_HexDump(license->platform_challenge->data, license->platform_challenge->length); #endif crypto_rc4_free(rc4); }
void license_encrypt_premaster_secret(rdpLicense* license) { BYTE* EncryptedPremasterSecret; license_get_server_rsa_public_key(license); #ifdef WITH_DEBUG_LICENSE fprintf(stderr, "Modulus (%d bits):\n", license->ModulusLength * 8); winpr_HexDump(license->Modulus, license->ModulusLength); fprintf(stderr, "\n"); fprintf(stderr, "Exponent:\n"); winpr_HexDump(license->Exponent, 4); fprintf(stderr, "\n"); #endif EncryptedPremasterSecret = (BYTE*) malloc(license->ModulusLength); ZeroMemory(EncryptedPremasterSecret, license->ModulusLength); license->EncryptedPremasterSecret->type = BB_RANDOM_BLOB; license->EncryptedPremasterSecret->length = PREMASTER_SECRET_LENGTH; #ifndef LICENSE_NULL_PREMASTER_SECRET license->EncryptedPremasterSecret->length = crypto_rsa_public_encrypt(license->PremasterSecret, PREMASTER_SECRET_LENGTH, license->ModulusLength, license->Modulus, license->Exponent, EncryptedPremasterSecret); #endif license->EncryptedPremasterSecret->data = EncryptedPremasterSecret; }
BOOL license_send_platform_challenge_response_packet(rdpLicense* license) { wStream* s; int length; BYTE* buffer; WINPR_RC4_CTX* rc4; BYTE mac_data[16]; BOOL status; DEBUG_LICENSE("Sending Platform Challenge Response Packet"); s = license_send_stream_init(license); license->EncryptedPlatformChallenge->type = BB_DATA_BLOB; length = license->PlatformChallenge->length + HWID_LENGTH; buffer = (BYTE*) malloc(length); if (!buffer) return FALSE; CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length); CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH); status = security_mac_data(license->MacSaltKey, buffer, length, mac_data); free(buffer); if (!status) return FALSE; rc4 = winpr_RC4_New(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH); if (!rc4) return FALSE; buffer = (BYTE*) malloc(HWID_LENGTH); if (!buffer) return FALSE; status = winpr_RC4_Update(rc4, HWID_LENGTH, license->HardwareId, buffer); winpr_RC4_Free(rc4); if (!status) { free(buffer); return FALSE; } license->EncryptedHardwareId->type = BB_DATA_BLOB; license->EncryptedHardwareId->data = buffer; license->EncryptedHardwareId->length = HWID_LENGTH; #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "LicensingEncryptionKey:"); winpr_HexDump(TAG, WLOG_DEBUG, license->LicensingEncryptionKey, 16); WLog_DBG(TAG, "HardwareId:"); winpr_HexDump(TAG, WLOG_DEBUG, license->HardwareId, HWID_LENGTH); WLog_DBG(TAG, "EncryptedHardwareId:"); winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedHardwareId->data, HWID_LENGTH); #endif return license_write_platform_challenge_response_packet(license, s, mac_data) && license_send(license, s, PLATFORM_CHALLENGE_RESPONSE); }
void ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash) { WINPR_SAM* sam; WINPR_SAM_ENTRY* entry; sam = SamOpen(1); if (sam == NULL) return; entry = SamLookupUserW(sam, (LPWSTR) context->identity.User, context->identity.UserLength * 2, (LPWSTR) context->identity.Domain, context->identity.DomainLength * 2); if (entry != NULL) { #ifdef WITH_DEBUG_NTLM fprintf(stderr, "NTLM Hash:\n"); winpr_HexDump(entry->NtHash, 16); #endif NTOWFv2FromHashW(entry->NtHash, (LPWSTR) context->identity.User, context->identity.UserLength * 2, (LPWSTR) context->identity.Domain, context->identity.DomainLength * 2, (BYTE*) hash); SamFreeEntry(sam, entry); SamClose(sam); return; } entry = SamLookupUserW(sam, (LPWSTR) context->identity.User, context->identity.UserLength * 2, NULL, 0); if (entry != NULL) { #ifdef WITH_DEBUG_NTLM fprintf(stderr, "NTLM Hash:\n"); winpr_HexDump(entry->NtHash, 16); #endif NTOWFv2FromHashW(entry->NtHash, (LPWSTR) context->identity.User, context->identity.UserLength * 2, (LPWSTR) context->identity.Domain, context->identity.DomainLength * 2, (BYTE*) hash); SamFreeEntry(sam, entry); SamClose(sam); return; } else { fprintf(stderr, "Error: Could not find user in SAM database\n"); } SamClose(sam); }
int ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash) { WINPR_SAM* sam; WINPR_SAM_ENTRY* entry; SSPI_CREDENTIALS* credentials = context->credentials; sam = SamOpen(context->SamFile, TRUE); if (!sam) return -1; entry = SamLookupUserW(sam, (LPWSTR) credentials->identity.User, credentials->identity.UserLength * 2, (LPWSTR) credentials->identity.Domain, credentials->identity.DomainLength * 2); if (entry) { #ifdef WITH_DEBUG_NTLM WLog_DBG(TAG, "NTLM Hash:"); winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16); #endif NTOWFv2FromHashW(entry->NtHash, (LPWSTR) credentials->identity.User, credentials->identity.UserLength * 2, (LPWSTR) credentials->identity.Domain, credentials->identity.DomainLength * 2, (BYTE*) hash); SamFreeEntry(sam, entry); SamClose(sam); return 1; } entry = SamLookupUserW(sam, (LPWSTR) credentials->identity.User, credentials->identity.UserLength * 2, NULL, 0); if (entry) { #ifdef WITH_DEBUG_NTLM WLog_DBG(TAG, "NTLM Hash:"); winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16); #endif NTOWFv2FromHashW(entry->NtHash, (LPWSTR) credentials->identity.User, credentials->identity.UserLength * 2, (LPWSTR) credentials->identity.Domain, credentials->identity.DomainLength * 2, (BYTE*) hash); SamFreeEntry(sam, entry); SamClose(sam); return 1; } else { SamClose(sam); WLog_ERR(TAG, "Error: Could not find user in SAM database"); return 0; } SamClose(sam); return 1; }
void license_send_platform_challenge_response_packet(rdpLicense* license) { wStream* s; int length; BYTE* buffer; CryptoRc4 rc4; BYTE mac_data[16]; DEBUG_LICENSE("Sending Platform Challenge Response Packet"); s = license_send_stream_init(license); license->EncryptedPlatformChallenge->type = BB_DATA_BLOB; length = license->PlatformChallenge->length + HWID_LENGTH; buffer = (BYTE*) malloc(length); CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length); CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH); security_mac_data(license->MacSaltKey, buffer, length, mac_data); free(buffer); buffer = (BYTE*) malloc(HWID_LENGTH); rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH); if (!rc4) { fprintf(stderr, "%s: unable to allocate a rc4\n", __FUNCTION__); return; } crypto_rc4(rc4, HWID_LENGTH, license->HardwareId, buffer); crypto_rc4_free(rc4); license->EncryptedHardwareId->type = BB_DATA_BLOB; license->EncryptedHardwareId->data = buffer; license->EncryptedHardwareId->length = HWID_LENGTH; #ifdef WITH_DEBUG_LICENSE fprintf(stderr, "LicensingEncryptionKey:\n"); winpr_HexDump(license->LicensingEncryptionKey, 16); fprintf(stderr, "\n"); fprintf(stderr, "HardwareId:\n"); winpr_HexDump(license->HardwareId, HWID_LENGTH); fprintf(stderr, "\n"); fprintf(stderr, "EncryptedHardwareId:\n"); winpr_HexDump(license->EncryptedHardwareId->data, HWID_LENGTH); fprintf(stderr, "\n"); #endif license_write_platform_challenge_response_packet(license, s, mac_data); license_send(license, s, PLATFORM_CHALLENGE_RESPONSE); }
BOOL TsProxyCreateChannelReadResponse(rdpTsg* tsg, RPC_PDU* pdu) { BYTE* buffer; UINT32 length; UINT32 offset; rdpRpc* rpc = tsg->rpc; if (!pdu) return FALSE; length = Stream_Length(pdu->s); buffer = Stream_Buffer(pdu->s); if (!(pdu->Flags & RPC_PDU_FLAG_STUB)) buffer = &buffer[24]; offset = 0; /* ChannelContext (20 bytes) */ CopyMemory(&tsg->ChannelContext.ContextType, &buffer[offset], 4); /* ContextType (4 bytes) */ CopyMemory(tsg->ChannelContext.ContextUuid, &buffer[offset + 4], 16); /* ContextUuid (16 bytes) */ #ifdef WITH_DEBUG_TSG fprintf(stderr, "ChannelContext:\n"); winpr_HexDump((void*) &tsg->ChannelContext, 20); fprintf(stderr, "\n"); #endif rpc_client_receive_pool_return(rpc, pdu); return TRUE; }
void cliprdr_packet_send(cliprdrPlugin* cliprdr, wStream* s) { int pos; UINT32 dataLen; UINT32 status = 0; pos = Stream_GetPosition(s); dataLen = pos - 8; Stream_SetPosition(s, 4); Stream_Write_UINT32(s, dataLen); Stream_SetPosition(s, pos); #ifdef WITH_DEBUG_CLIPRDR WLog_DBG(TAG, "Cliprdr Sending (%d bytes)", dataLen + 8); winpr_HexDump(TAG, WLOG_DEBUG, Stream_Buffer(s), dataLen + 8); #endif if (!cliprdr) { status = CHANNEL_RC_BAD_INIT_HANDLE; } else { status = cliprdr->channelEntryPoints.pVirtualChannelWrite(cliprdr->OpenHandle, Stream_Buffer(s), (UINT32) Stream_GetPosition(s), s); } if (status != CHANNEL_RC_OK) { Stream_Free(s, TRUE); WLog_ERR(TAG, "cliprdr_packet_send: VirtualChannelWrite failed %d", status); } }
RPC_PDU* rpc_recv_dequeue_pdu(rdpRpc* rpc) { RPC_PDU* pdu; DWORD dwMilliseconds; DWORD result; dwMilliseconds = rpc->client->SynchronousReceive ? SYNCHRONOUS_TIMEOUT * 4 : 0; result = WaitForSingleObject(Queue_Event(rpc->client->ReceiveQueue), dwMilliseconds); if (result == WAIT_TIMEOUT) { WLog_ERR(TAG, "timed out waiting for receive event"); return NULL; } if (result != WAIT_OBJECT_0) return NULL; pdu = (RPC_PDU*)Queue_Dequeue(rpc->client->ReceiveQueue); #ifdef WITH_DEBUG_TSG if (pdu) { WLog_DBG(TAG, "Receiving PDU (length: %d, CallId: %d)", pdu->s->length, pdu->CallId); winpr_HexDump(TAG, WLOG_DEBUG, Stream_Buffer(pdu->s), Stream_Length(pdu->s)); } else { WLog_DBG(TAG, "Receiving a NULL PDU"); } #endif return pdu; }
BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, wStream* s) { int i; UINT32 certLength; UINT32 numCertBlobs; BOOL ret; DEBUG_CERTIFICATE("Server X.509 Certificate Chain"); if (Stream_GetRemainingLength(s) < 4) return FALSE; Stream_Read_UINT32(s, numCertBlobs); /* numCertBlobs */ certificate->x509_cert_chain = certificate_new_x509_certificate_chain(numCertBlobs); if (!certificate->x509_cert_chain) return FALSE; for (i = 0; i < (int) numCertBlobs; i++) { if (Stream_GetRemainingLength(s) < 4) return FALSE; Stream_Read_UINT32(s, certLength); if (Stream_GetRemainingLength(s) < certLength) return FALSE; DEBUG_CERTIFICATE("\nX.509 Certificate #%d, length:%d", i + 1, certLength); certificate->x509_cert_chain->array[i].data = (BYTE*) malloc(certLength); if (!certificate->x509_cert_chain->array[i].data) return FALSE; Stream_Read(s, certificate->x509_cert_chain->array[i].data, certLength); certificate->x509_cert_chain->array[i].length = certLength; if (numCertBlobs - i == 2) { rdpCertInfo cert_info; DEBUG_CERTIFICATE("License Server Certificate"); ret = certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &cert_info); DEBUG_LICENSE("modulus length:%d", (int) cert_info.ModulusLength); if (cert_info.Modulus) free(cert_info.Modulus); if (!ret) { fprintf(stderr, "failed to read License Server, content follows:\n"); winpr_HexDump(certificate->x509_cert_chain->array[i].data, certificate->x509_cert_chain->array[i].length); return FALSE; } } else if (numCertBlobs - i == 1) { DEBUG_CERTIFICATE("Terminal Server Certificate"); if (!certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &certificate->cert_info)) return FALSE; DEBUG_CERTIFICATE("modulus length:%d", (int) certificate->cert_info.ModulusLength); } } return TRUE; }
static int test_rdp_channel_data(freerdp* instance, int chan_id, BYTE* data, int data_size) { printf("chan_id %d data_size %d\n", chan_id, data_size); winpr_HexDump(data, data_size); data_received = 1; return 0; }
RPC_PDU* rpc_recv_dequeue_pdu(rdpRpc* rpc) { RPC_PDU* pdu; DWORD dwMilliseconds; pdu = NULL; dwMilliseconds = rpc->client->SynchronousReceive ? INFINITE : 0; if (WaitForSingleObject(Queue_Event(rpc->client->ReceiveQueue), dwMilliseconds) == WAIT_OBJECT_0) { pdu = (RPC_PDU*) Queue_Dequeue(rpc->client->ReceiveQueue); #ifdef WITH_DEBUG_TSG if (pdu) { fprintf(stderr, "Receiving PDU (length: %d, CallId: %d)\n", pdu->s->length, pdu->CallId); winpr_HexDump(Stream_Buffer(pdu->s), Stream_Length(pdu->s)); fprintf(stderr, "\n"); } #endif return pdu; } return pdu; }
/** * Function description * * @return 0 on success, otherwise a Win32 error code */ UINT cliprdr_packet_send(cliprdrPlugin* cliprdr, wStream* s) { UINT32 pos; UINT32 dataLen; UINT status = CHANNEL_RC_OK; pos = Stream_GetPosition(s); dataLen = pos - 8; Stream_SetPosition(s, 4); Stream_Write_UINT32(s, dataLen); Stream_SetPosition(s, pos); #ifdef WITH_DEBUG_CLIPRDR WLog_DBG(TAG, "Cliprdr Sending (%d bytes)", dataLen + 8); winpr_HexDump(TAG, WLOG_DEBUG, Stream_Buffer(s), dataLen + 8); #endif if (!cliprdr) { status = CHANNEL_RC_BAD_INIT_HANDLE; } else { status = cliprdr->channelEntryPoints.pVirtualChannelWrite(cliprdr->OpenHandle, Stream_Buffer(s), (UINT32) Stream_GetPosition(s), s); } if (status != CHANNEL_RC_OK) WLog_ERR(TAG, "VirtualChannelWrite failed with %s [%08X]", WTSErrorToString(status), status); return status; }
BOOL license_send(rdpLicense* license, STREAM* s, BYTE type) { int length; BYTE flags; UINT16 wMsgSize; UINT16 sec_flags; DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]); length = stream_get_length(s); stream_set_pos(s, 0); sec_flags = SEC_LICENSE_PKT; wMsgSize = length - LICENSE_PACKET_HEADER_MAX_LENGTH + 4; /** * Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when * running in server mode! This flag seems to be incorrectly documented. */ flags = PREAMBLE_VERSION_3_0; rdp_write_header(license->rdp, s, length, MCS_GLOBAL_CHANNEL_ID); rdp_write_security_header(s, sec_flags); license_write_preamble(s, type, flags, wMsgSize); #ifdef WITH_DEBUG_LICENSE printf("Sending %s Packet, length %d\n", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize); winpr_HexDump(s->p - 4, wMsgSize); #endif stream_set_pos(s, length); if (transport_write(license->rdp->transport, s) < 0) return FALSE; return TRUE; }
BOOL license_send(rdpLicense* license, wStream* s, BYTE type) { int length; BYTE flags; UINT16 wMsgSize; rdpRdp* rdp = license->rdp; DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]); length = Stream_GetPosition(s); wMsgSize = length - license->PacketHeaderLength; Stream_SetPosition(s, license->PacketHeaderLength); flags = PREAMBLE_VERSION_3_0; /** * Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when * running in server mode! This flag seems to be incorrectly documented. */ if (!rdp->settings->ServerMode) flags |= EXTENDED_ERROR_MSG_SUPPORTED; license_write_preamble(s, type, flags, wMsgSize); #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "Sending %s Packet, length %d", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize); winpr_HexDump(TAG, WLOG_DEBUG, Stream_Pointer(s) - LICENSE_PREAMBLE_LENGTH, wMsgSize); #endif Stream_SetPosition(s, length); rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID); rdp->sec_flags = 0; return TRUE; }
int transport_write(rdpTransport* transport, STREAM* s) { int status = -1; int length; length = stream_get_length(s); stream_set_pos(s, 0); #ifdef WITH_DEBUG_TRANSPORT if (length > 0) { printf("Local > Remote\n"); winpr_HexDump(s->data, length); } #endif while (length > 0) { if (transport->layer == TRANSPORT_LAYER_TLS) status = tls_write(transport->TlsOut, stream_get_tail(s), length); else if (transport->layer == TRANSPORT_LAYER_TCP) status = tcp_write(transport->TcpOut, stream_get_tail(s), length); else if (transport->layer == TRANSPORT_LAYER_TSG) status = tsg_write(transport->tsg, stream_get_tail(s), length); if (status < 0) break; /* error occurred */ if (status == 0) { /* when sending is blocked in nonblocking mode, the receiving buffer should be checked */ if (!transport->blocking) { /* and in case we do have buffered some data, we set the event so next loop will get it */ if (transport_read_nonblocking(transport) > 0) SetEvent(transport->ReceiveEvent); } if (transport->layer == TRANSPORT_LAYER_TLS) tls_wait_write(transport->TlsOut); else if (transport->layer == TRANSPORT_LAYER_TCP) tcp_wait_write(transport->TcpOut); else USleep(transport->SleepInterval); } length -= status; stream_seek(s, status); } if (status < 0) { /* A write error indicates that the peer has dropped the connection */ transport->layer = TRANSPORT_LAYER_CLOSED; } return status; }
void license_generate_keys(rdpLicense* license) { security_master_secret(license->PremasterSecret, license->ClientRandom, license->ServerRandom, license->MasterSecret); /* MasterSecret */ security_session_key_blob(license->MasterSecret, license->ClientRandom, license->ServerRandom, license->SessionKeyBlob); /* SessionKeyBlob */ security_mac_salt_key(license->SessionKeyBlob, license->ClientRandom, license->ServerRandom, license->MacSaltKey); /* MacSaltKey */ security_licensing_encryption_key(license->SessionKeyBlob, license->ClientRandom, license->ServerRandom, license->LicensingEncryptionKey); /* LicensingEncryptionKey */ #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "ClientRandom:"); winpr_HexDump(TAG, WLOG_DEBUG, license->ClientRandom, CLIENT_RANDOM_LENGTH); WLog_DBG(TAG, "ServerRandom:"); winpr_HexDump(TAG, WLOG_DEBUG, license->ServerRandom, SERVER_RANDOM_LENGTH); WLog_DBG(TAG, "PremasterSecret:"); winpr_HexDump(TAG, WLOG_DEBUG, license->PremasterSecret, PREMASTER_SECRET_LENGTH); WLog_DBG(TAG, "MasterSecret:"); winpr_HexDump(TAG, WLOG_DEBUG, license->MasterSecret, MASTER_SECRET_LENGTH); WLog_DBG(TAG, "SessionKeyBlob:"); winpr_HexDump(TAG, WLOG_DEBUG, license->SessionKeyBlob, SESSION_KEY_BLOB_LENGTH); WLog_DBG(TAG, "MacSaltKey:"); winpr_HexDump(TAG, WLOG_DEBUG, license->MacSaltKey, MAC_SALT_KEY_LENGTH); WLog_DBG(TAG, "LicensingEncryptionKey:"); winpr_HexDump(TAG, WLOG_DEBUG, license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH); #endif }
void xf_process_rail_appid_resp_event(xfContext* xfc, rdpChannels* channels, wMessage* event) { RAIL_GET_APPID_RESP_ORDER* appid_resp = (RAIL_GET_APPID_RESP_ORDER*) event->wParam; DEBUG_WARN("Server Application ID Response PDU: windowId=0x%X " "applicationId=(length=%d dump)\n", appid_resp->windowId, 512); winpr_HexDump(TAG, WLOG_ERROR, (BYTE*) &appid_resp->applicationId, 512); }
void license_encrypt_premaster_secret(rdpLicense* license) { BYTE* encrypted_premaster_secret; #if 0 int key_length; BYTE* modulus; BYTE* exponent; rdpCertificate *certificate; if (license->server_certificate->length) certificate = license->certificate; else certificate = license->rdp->settings->server_cert; exponent = certificate->cert_info.exponent; modulus = certificate->cert_info.modulus.data; key_length = certificate->cert_info.modulus.length; #ifdef WITH_DEBUG_LICENSE printf("modulus (%d bits):\n", key_length * 8); winpr_HexDump(modulus, key_length); printf("exponent:\n"); winpr_HexDump(exponent, 4); #endif encrypted_premaster_secret = (BYTE*) malloc(MODULUS_MAX_SIZE); memset(encrypted_premaster_secret, 0, MODULUS_MAX_SIZE); crypto_rsa_public_encrypt(license->premaster_secret, PREMASTER_SECRET_LENGTH, key_length, modulus, exponent, encrypted_premaster_secret); license->encrypted_premaster_secret->type = BB_RANDOM_BLOB; license->encrypted_premaster_secret->length = PREMASTER_SECRET_LENGTH; license->encrypted_premaster_secret->data = encrypted_premaster_secret; #else encrypted_premaster_secret = (BYTE*) malloc(MODULUS_MAX_SIZE); memset(encrypted_premaster_secret, 0, MODULUS_MAX_SIZE); license->encrypted_premaster_secret->type = BB_RANDOM_BLOB; license->encrypted_premaster_secret->length = PREMASTER_SECRET_LENGTH; license->encrypted_premaster_secret->data = encrypted_premaster_secret; #endif }
int bulk_compress_validate(rdpBulk* bulk, BYTE* pSrcData, UINT32 SrcSize, BYTE** ppDstData, UINT32* pDstSize, UINT32* pFlags) { int status; BYTE* _pSrcData = NULL; BYTE* _pDstData = NULL; UINT32 _SrcSize = 0; UINT32 _DstSize = 0; UINT32 _Flags = 0; _pSrcData = *ppDstData; _SrcSize = *pDstSize; _Flags = *pFlags | bulk->CompressionLevel; status = bulk_decompress(bulk, _pSrcData, _SrcSize, &_pDstData, &_DstSize, _Flags); if (status < 0) { printf("compression/decompression failure\n"); return status; } if (_DstSize != SrcSize) { printf("compression/decompression size mismatch: Actual: %d, Expected: %d\n", _DstSize, SrcSize); return -1; } if (memcmp(_pDstData, pSrcData, SrcSize) != 0) { printf("compression/decompression input/output mismatch! flags: 0x%04X\n", _Flags); #if 1 printf("Actual:\n"); winpr_HexDump(_pDstData, SrcSize); printf("Expected:\n"); winpr_HexDump(pSrcData, SrcSize); #endif return -1; } return status; }
BOOL TsProxyCreateChannelWriteRequest(rdpTsg* tsg, PTUNNEL_CONTEXT_HANDLE_NOSERIALIZE tunnelContext) { int status; UINT32 count; BYTE* buffer; UINT32 length; CONTEXT_HANDLE* handle; rdpRpc* rpc = tsg->rpc; count = _wcslen(tsg->Hostname) + 1; #ifdef WITH_DEBUG_TSG DEBUG_WARN( "ResourceName:\n"); winpr_HexDump((BYTE*) tsg->Hostname, (count - 1) * 2); DEBUG_WARN( "\n"); #endif length = 60 + (count * 2); buffer = (BYTE*) malloc(length); if (!buffer) return FALSE; /* TunnelContext */ handle = (CONTEXT_HANDLE*) tunnelContext; CopyMemory(&buffer[0], &handle->ContextType, 4); /* ContextType */ CopyMemory(&buffer[4], handle->ContextUuid, 16); /* ContextUuid */ /* TSENDPOINTINFO */ *((UINT32*) &buffer[20]) = 0x00020000; /* ResourceNamePtr */ *((UINT32*) &buffer[24]) = 0x00000001; /* NumResourceNames */ *((UINT32*) &buffer[28]) = 0x00000000; /* AlternateResourceNamesPtr */ *((UINT16*) &buffer[32]) = 0x0000; /* NumAlternateResourceNames */ *((UINT16*) &buffer[34]) = 0x0000; /* Pad (2 bytes) */ /* Port (4 bytes) */ *((UINT16*) &buffer[36]) = 0x0003; /* ProtocolId (RDP = 3) */ *((UINT16*) &buffer[38]) = tsg->Port; /* PortNumber (0xD3D = 3389) */ *((UINT32*) &buffer[40]) = 0x00000001; /* NumResourceNames */ *((UINT32*) &buffer[44]) = 0x00020004; /* ResourceNamePtr */ *((UINT32*) &buffer[48]) = count; /* MaxCount */ *((UINT32*) &buffer[52]) = 0; /* Offset */ *((UINT32*) &buffer[56]) = count; /* ActualCount */ CopyMemory(&buffer[60], tsg->Hostname, count * 2); /* Array */ status = rpc_write(rpc, buffer, length, TsProxyCreateChannelOpnum); if (status <= 0) return FALSE; free(buffer); return TRUE; }
void license_send_platform_challenge_response_packet(rdpLicense* license) { STREAM* s; int length; BYTE* buffer; CryptoRc4 rc4; BYTE mac_data[16]; s = license_send_stream_init(license); DEBUG_LICENSE("Sending Platform Challenge Response Packet"); license->encrypted_platform_challenge->type = BB_DATA_BLOB; length = license->platform_challenge->length + HWID_LENGTH; buffer = (BYTE*) malloc(length); memcpy(buffer, license->platform_challenge->data, license->platform_challenge->length); memcpy(&buffer[license->platform_challenge->length], license->hwid, HWID_LENGTH); security_mac_data(license->mac_salt_key, buffer, length, mac_data); free(buffer); buffer = (BYTE*) malloc(HWID_LENGTH); rc4 = crypto_rc4_init(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH); crypto_rc4(rc4, HWID_LENGTH, license->hwid, buffer); crypto_rc4_free(rc4); #ifdef WITH_DEBUG_LICENSE printf("Licensing Encryption Key:\n"); winpr_HexDump(license->licensing_encryption_key, 16); printf("HardwareID:\n"); winpr_HexDump(license->hwid, 20); printf("Encrypted HardwareID:\n"); winpr_HexDump(buffer, 20); #endif license->encrypted_hwid->type = BB_DATA_BLOB; license->encrypted_hwid->data = buffer; license->encrypted_hwid->length = HWID_LENGTH; license_write_platform_challenge_response_packet(license, s, mac_data); license_send(license, s, PLATFORM_CHALLENGE_RESPONSE); }
SECURITY_STATUS schannel_openssl_client_process_tokens(SCHANNEL_OPENSSL* context, PSecBufferDesc pInput, PSecBufferDesc pOutput) { int status; int ssl_error; PSecBuffer pBuffer; if (!context->connected) { if (pInput) { if (pInput->cBuffers < 1) return SEC_E_INVALID_TOKEN; pBuffer = &pInput->pBuffers[0]; if (pBuffer->BufferType != SECBUFFER_TOKEN) return SEC_E_INVALID_TOKEN; status = BIO_write(context->bioRead, pBuffer->pvBuffer, pBuffer->cbBuffer); } status = SSL_connect(context->ssl); if (status < 0) { ssl_error = SSL_get_error(context->ssl, status); printf("SSL_connect error: %s\n", openssl_get_ssl_error_string(ssl_error)); } status = BIO_read(context->bioWrite, context->ReadBuffer, SCHANNEL_CB_MAX_TOKEN); if (status >= 0) { winpr_HexDump(context->ReadBuffer, status); } if (pOutput->cBuffers < 1) return SEC_E_INVALID_TOKEN; pBuffer = &pOutput->pBuffers[0]; if (pBuffer->BufferType != SECBUFFER_TOKEN) return SEC_E_INVALID_TOKEN; if (pBuffer->cbBuffer < status) return SEC_E_INSUFFICIENT_MEMORY; CopyMemory(pBuffer->pvBuffer, context->ReadBuffer, status); pBuffer->cbBuffer = status; return SEC_I_CONTINUE_NEEDED; } return SEC_E_OK; }
void nla_buffer_print(rdpNla* nla) { if (nla->negoToken.cbBuffer > 0) { WLog_DBG(TAG, "NLA.negoToken (length = %d):", (int) nla->negoToken.cbBuffer); winpr_HexDump(TAG, WLOG_DEBUG, nla->negoToken.pvBuffer, nla->negoToken.cbBuffer); } if (nla->pubKeyAuth.cbBuffer > 0) { WLog_DBG(TAG, "NLA.pubKeyAuth (length = %d):", (int) nla->pubKeyAuth.cbBuffer); winpr_HexDump(TAG, WLOG_DEBUG, nla->pubKeyAuth.pvBuffer, nla->pubKeyAuth.cbBuffer); } if (nla->authInfo.cbBuffer > 0) { WLog_DBG(TAG, "NLA.authInfo (length = %d):", (int) nla->authInfo.cbBuffer); winpr_HexDump(TAG, WLOG_DEBUG, nla->authInfo.pvBuffer, nla->authInfo.cbBuffer); } }
void xf_process_rail_appid_resp_event(xfContext* xfc, rdpChannels* channels, wMessage* event) { RAIL_GET_APPID_RESP_ORDER* appid_resp = (RAIL_GET_APPID_RESP_ORDER*) event->wParam; fprintf(stderr, "Server Application ID Response PDU: windowId=0x%X " "applicationId=(length=%d dump)\n", appid_resp->windowId, appid_resp->applicationId.length); winpr_HexDump(appid_resp->applicationId.string, appid_resp->applicationId.length); }
void credssp_buffer_print(rdpCredssp* credssp) { if (credssp->negoToken.cbBuffer > 0) { fprintf(stderr, "CredSSP.negoToken (length = %d):\n", (int) credssp->negoToken.cbBuffer); winpr_HexDump(credssp->negoToken.pvBuffer, credssp->negoToken.cbBuffer); } if (credssp->pubKeyAuth.cbBuffer > 0) { fprintf(stderr, "CredSSP.pubKeyAuth (length = %d):\n", (int) credssp->pubKeyAuth.cbBuffer); winpr_HexDump(credssp->pubKeyAuth.pvBuffer, credssp->pubKeyAuth.cbBuffer); } if (credssp->authInfo.cbBuffer > 0) { fprintf(stderr, "CredSSP.authInfo (length = %d):\n", (int) credssp->authInfo.cbBuffer); winpr_HexDump(credssp->authInfo.pvBuffer, credssp->authInfo.cbBuffer); } }