/* Process a licence demand packet */ static BOOL licence_process_demand(RDPCLIENT * This, STREAM s) { uint8 null_data[SEC_MODULUS_SIZE]; uint8 *server_random; uint8 signature[LICENCE_SIGNATURE_SIZE]; uint8 hwid[LICENCE_HWID_SIZE]; uint8 *licence_data; int licence_size; RC4_KEY crypt_key; /* Retrieve the server random from the incoming packet */ in_uint8p(s, server_random, SEC_RANDOM_SIZE); /* We currently use null client keys. This is a bit naughty but, hey, the security of licence negotiation isn't exactly paramount. */ memset(null_data, 0, sizeof(null_data)); licence_generate_keys(This, null_data, server_random, null_data); licence_size = load_licence(This, &licence_data); if (licence_size > 0) { /* Generate a signature for the HWID buffer */ licence_generate_hwid(This, hwid); sec_sign(signature, 16, This->licence.sign_key, 16, hwid, sizeof(hwid)); /* Now encrypt the HWID */ RC4_set_key(&crypt_key, 16, This->licence.key); RC4(&crypt_key, sizeof(hwid), hwid, hwid); if(!licence_present(This, null_data, null_data, licence_data, licence_size, hwid, signature)) return False; free(licence_data); return True; } return licence_send_request(This, null_data, null_data, This->licence_username, This->licence_hostname); }
/* Process a licence demand packet */ static void licence_process_demand(STREAM s) { uint8 null_data[SEC_MODULUS_SIZE]; uint8 *server_random; uint8 signature[LICENCE_SIGNATURE_SIZE]; uint8 hwid[LICENCE_HWID_SIZE]; uint8 *licence_data; int licence_size; void * crypt_key; /* Retrieve the server random from the incoming packet */ in_uint8p(s, server_random, SEC_RANDOM_SIZE); /* We currently use null client keys. This is a bit naughty but, hey, the security of licence negotiation isn't exactly paramount. */ memset(null_data, 0, sizeof(null_data)); licence_generate_keys(null_data, server_random, null_data); licence_size = load_licence(&licence_data); if (licence_size > 0) { /* Generate a signature for the HWID buffer */ licence_generate_hwid(hwid); sec_sign(signature, 16, g_licence_sign_key, 16, hwid, sizeof(hwid)); /* Now encrypt the HWID */ crypt_key = ssl_rc4_info_create(); ssl_rc4_set_key(crypt_key, (char *)g_licence_key, 16); ssl_rc4_crypt(crypt_key, (char *)hwid, (char *)hwid, sizeof(hwid)); ssl_rc4_info_delete(crypt_key); licence_present(null_data, null_data, licence_data, licence_size, hwid, signature); xfree(licence_data); return; } licence_send_request(null_data, null_data, g_username, g_hostname); }
/* Process a licence demand packet */ static void licence_process_demand(RDConnectionRef conn, RDStreamRef s) { uint8 null_data[SEC_MODULUS_SIZE]; uint8 *server_random; uint8 signature[LICENCE_SIGNATURE_SIZE]; uint8 hwid[LICENCE_HWID_SIZE]; uint8 *licence_data; int licence_size; RC4_KEY crypt_key; /* Retrieve the server random from the incoming packet */ in_uint8p(s, server_random, SEC_RANDOM_SIZE); /* We currently use null client keys. This is a bit naughty but, hey, the security of licence negotiation isn't exactly paramount. */ memset(null_data, 0, sizeof(null_data)); licence_generate_keys(conn, null_data, server_random, null_data); licence_size = load_licence(&licence_data); if (licence_size > 0) { /* Generate a signature for the HWID buffer */ licence_generate_hwid(conn, hwid); sec_sign(signature, 16, conn->licenseSignKey, 16, hwid, sizeof(hwid)); /* Now encrypt the HWID */ RC4_set_key(&crypt_key, 16, conn->licenseKey); RC4(&crypt_key, sizeof(hwid), hwid, hwid); licence_present(conn, null_data, null_data, licence_data, licence_size, hwid, signature); xfree(licence_data); return; } licence_send_request(conn, null_data, null_data, conn->username, conn->hostname); }
/* Process a Server License Request packet */ static void licence_process_request(rdpLicence * licence, STREAM s) { uint8 null_data[SEC_MODULUS_SIZE]; uint8 *server_random; uint32 dwVersion; uint32 cbCompanyName; uint32 cbProductId; uint16 wBlobType, wBlobLen; uint32 ScopeCount, i; uint8 signature[LICENCE_SIGNATURE_SIZE]; uint8 hwid[LICENCE_HWID_SIZE]; uint8 *licence_data; int licence_size; CryptoRc4 crypt_key; /* Retrieve the server random from the incoming packet */ in_uint8p(s, server_random, SEC_RANDOM_SIZE); /* ServerRandom */ /* ProductInfo: */ in_uint32_le(s, dwVersion); in_uint32_le(s, cbCompanyName); in_uint8s(s, cbCompanyName); /* pbCompanyName */ in_uint32_le(s, cbProductId); in_uint8s(s, cbProductId); /* pbProductId - "A02"? */ /* KeyExchangeList */ in_uint16_le(s, wBlobType); /* BB_KEY_EXCHG_ALG_BLOB (0x000D) */ in_uint16_le(s, wBlobLen); in_uint8s(s, wBlobLen); /* KEY_EXCHANGE_ALG_RSA 0x00000001 */ /* ServerCertificate */ in_uint16_le(s, wBlobType); /* BB_CERTIFICATE_BLOB (0x0003). */ in_uint16_le(s, wBlobLen); in_uint8s(s, wBlobLen); /* cert to use for licensing instead of the one from MCS Connect Response */ /* ScopeList */ in_uint32_le(s, ScopeCount); for (i=0; i<ScopeCount; i++) { in_uint16_le(s, wBlobType); in_uint16_le(s, wBlobLen); in_uint8s(s, wBlobLen); } /* We currently use null client keys. This is a bit naughty but, hey, the security of licence negotiation isn't exactly paramount. */ memset(null_data, 0, sizeof(null_data)); licence_generate_keys(licence, null_data, server_random, null_data); licence_size = load_licence(&licence_data); if (licence_size > 0) { /* Generate a signature for the HWID buffer */ licence_generate_hwid(licence, hwid); sec_sign(signature, 16, licence->licence_sign_key, 16, hwid, sizeof(hwid)); /* Now encrypt the HWID */ crypt_key = crypto_rc4_init(licence->licence_key, 16); crypto_rc4(crypt_key, sizeof(hwid), hwid, hwid); crypto_rc4_free(crypt_key); licence_present(licence, null_data, null_data, licence_data, licence_size, hwid, signature); xfree(licence_data); return; } licence_send_request(licence, null_data, null_data, licence->sec->rdp->settings->username, licence->sec->rdp->settings->hostname); }