def __init__(self, extendedInfoConditional):
CompositeType.__init__(self)
#code page
self.codePage = UInt32Le()
#support flag
self.flag = UInt32Le(InfoFlag.INFO_MOUSE | InfoFlag.INFO_UNICODE
| InfoFlag.INFO_LOGONNOTIFY
| InfoFlag.INFO_LOGONERRORS
| InfoFlag.INFO_DISABLECTRLALTDEL)
self.cbDomain = UInt16Le(lambda: sizeof(self.domain) - 2)
self.cbUserName = UInt16Le(lambda: sizeof(self.userName) - 2)
self.cbPassword = UInt16Le(lambda: sizeof(self.password) - 2)
self.cbAlternateShell = UInt16Le(
lambda: sizeof(self.alternateShell) - 2)
self.cbWorkingDir = UInt16Le(lambda: sizeof(self.workingDir) - 2)
#microsoft domain
self.domain = String(
readLen=CallableValue(lambda: self.cbDomain.value + 2),
unicode=True)
self.userName = String(
readLen=CallableValue(lambda: self.cbUserName.value + 2),
unicode=True)
self.password = String(
readLen=CallableValue(lambda: self.cbPassword.value + 2),
unicode=True)
#shell execute at start of session
self.alternateShell = String(
readLen=CallableValue(lambda: self.cbAlternateShell.value + 2),
unicode=True)
#working directory for session
self.workingDir = String(
readLen=CallableValue(lambda: self.cbWorkingDir.value + 2),
unicode=True)
self.extendedInfo = RDPExtendedInfo(
conditional=extendedInfoConditional)
def __init__(self):
CompositeType.__init__(self)
self.Signature = String("NTLMSSP\x00", readLen = CallableValue(8), constant = True)
self.MessageType = UInt32Le(0x00000003, constant = True)
self.LmChallengeResponseLen = UInt16Le()
self.LmChallengeResponseMaxLen = UInt16Le(lambda:self.LmChallengeResponseLen.value)
self.LmChallengeResponseBufferOffset = UInt32Le()
self.NtChallengeResponseLen = UInt16Le()
self.NtChallengeResponseMaxLen = UInt16Le(lambda:self.NtChallengeResponseLen.value)
self.NtChallengeResponseBufferOffset = UInt32Le()
self.DomainNameLen = UInt16Le()
self.DomainNameMaxLen = UInt16Le(lambda:self.DomainNameLen.value)
self.DomainNameBufferOffset = UInt32Le()
self.UserNameLen = UInt16Le()
self.UserNameMaxLen = UInt16Le(lambda:self.UserNameLen.value)
self.UserNameBufferOffset = UInt32Le()
self.WorkstationLen = UInt16Le()
self.WorkstationMaxLen = UInt16Le(lambda:self.WorkstationLen.value)
self.WorkstationBufferOffset = UInt32Le()
self.EncryptedRandomSessionLen = UInt16Le()
self.EncryptedRandomSessionMaxLen = UInt16Le(lambda:self.EncryptedRandomSessionLen.value)
self.EncryptedRandomSessionBufferOffset = UInt32Le()
self.NegotiateFlags = UInt32Le()
self.Version = Version(conditional = lambda:(self.NegotiateFlags.value & Negotiate.NTLMSSP_NEGOTIATE_VERSION))
self.MIC = String("\x00" * 16, readLen = CallableValue(16))
self.Payload = String()
def __init__(self, readLen):
CompositeType.__init__(self, readLen=readLen)
#magic is RSA1(0x31415352)
self.magic = UInt32Le(0x31415352, constant=True)
self.keylen = UInt32Le(lambda:
(sizeof(self.modulus) + sizeof(self.padding)))
self.bitlen = UInt32Le(lambda: ((self.keylen.value - 8) * 8))
self.datalen = UInt32Le(lambda: ((self.bitlen.value / 8) - 1))
self.pubExp = UInt32Le()
self.modulus = String(
readLen=CallableValue(lambda: (self.keylen.value - 8)))
self.padding = String("\x00" * 8, readLen=CallableValue(8))
def __init__(self):
CompositeType.__init__(self)
self.dwSigAlgId = UInt32Le(0x00000001, constant=True)
self.dwKeyAlgId = UInt32Le(0x00000001, constant=True)
self.wPublicKeyBlobType = UInt16Le(0x0006, constant=True)
self.wPublicKeyBlobLen = UInt16Le(lambda: sizeof(self.PublicKeyBlob))
self.PublicKeyBlob = RSAPublicKey(readLen=self.wPublicKeyBlobLen)
self.wSignatureBlobType = UInt16Le(0x0008, constant=True)
self.wSignatureBlobLen = UInt16Le(
lambda: (sizeof(self.SignatureBlob) + sizeof(self.padding)))
self.SignatureBlob = String(readLen=CallableValue(
lambda: (self.wSignatureBlobLen.value - sizeof(self.padding))))
self.padding = String(b"\x00" * 8, readLen=CallableValue(8))
def __init__(self, name="", options=0):
CompositeType.__init__(self)
#name of channel
self.name = String(name[0:8] + "\x00" * (8 - len(name)),
readLen=CallableValue(8))
#unknown
self.options = UInt32Le()
def readEncryptedPayload(self, s, saltedMacGeneration):
"""
@summary: decrypt basic RDP security payload
@param s: {Stream} encrypted stream
@param saltedMacGeneration: {bool} use salted mac generation
@return: {Stream} decrypted
"""
#if update is needed
if self._nbDecryptedPacket == 4096:
log.debug("update decrypt key")
self._currentDecrytKey = updateKey( self._initialDecrytKey, self._currentDecrytKey,
self.getGCCServerSettings().SC_SECURITY.encryptionMethod.value)
self._decryptRc4 = rc4.RC4Key(self._currentDecrytKey)
self._nbDecryptedPacket = 0
signature = String(readLen = CallableValue(8))
encryptedPayload = String()
s.readType((signature, encryptedPayload))
decrypted = rc4.crypt(self._decryptRc4, encryptedPayload.value)
#ckeck signature
if not saltedMacGeneration and macData(self._macKey, decrypted)[:8] != signature.value:
raise InvalidExpectedDataException("bad signature")
if saltedMacGeneration and macSaltedData(self._macKey, decrypted, self._nbDecryptedPacket)[:8] != signature.value:
raise InvalidExpectedDataException("bad signature")
#count
self._nbDecryptedPacket += 1
return Stream(decrypted)
def readConferenceCreateRequest(s):
"""
@summary: Read a response from client
GCC create request
@param s: Stream
@param client settings (Settings)
"""
per.readChoice(s)
per.readObjectIdentifier(s, t124_02_98_oid)
per.readLength(s)
per.readChoice(s)
per.readSelection(s)
per.readNumericString(s, 1)
per.readPadding(s, 1)
if per.readNumberOfSet(s) != 1:
raise InvalidExpectedDataException(
"Invalid number of set in readConferenceCreateRequest")
if per.readChoice(s) != 0xc0:
raise InvalidExpectedDataException(
"Invalid choice in readConferenceCreateRequest")
per.readOctetStream(s, h221_cs_key, 4)
length = per.readLength(s)
clientSettings = Settings(readLen=CallableValue(length))
s.readType(clientSettings)
return clientSettings
def __init__(self, readLen = None):
CompositeType.__init__(self, readLen = readLen)
self.serverRandom = String("\x00" * 32, readLen = CallableValue(32))
self.productInfo = ProductInformation()
self.keyExchangeList = LicenseBinaryBlob(BinaryBlobType.BB_KEY_EXCHG_ALG_BLOB)
self.serverCertificate = LicenseBinaryBlob(BinaryBlobType.BB_CERTIFICATE_BLOB)
self.scopeList = ScopeList()
def __init__(self, readLen=None):
CompositeType.__init__(self, readLen=readLen)
self.glyphCache = ArrayType(CacheEntry,
init=[CacheEntry() for _ in range(0, 10)],
readLen=CallableValue(10))
self.fragCache = UInt32Le()
#all fonts are sent with bitmap format (very expensive)
self.glyphSupportLevel = UInt16Le(GlyphSupport.GLYPH_SUPPORT_NONE)
self.pad2octets = UInt16Le()
def __init__(self):
CompositeType.__init__(self)
self.Signature = String("NTLMSSP\x00", readLen = CallableValue(8), constant = True)
self.MessageType = UInt32Le(0x00000002, constant = True)
self.TargetNameLen = UInt16Le()
self.TargetNameMaxLen = UInt16Le(lambda:self.TargetNameLen.value)
self.TargetNameBufferOffset = UInt32Le()
self.NegotiateFlags = UInt32Le()
self.ServerChallenge = String(readLen = CallableValue(8))
self.Reserved = String("\x00" * 8, readLen = CallableValue(8))
self.TargetInfoLen = UInt16Le()
self.TargetInfoMaxLen = UInt16Le(lambda:self.TargetInfoLen.value)
self.TargetInfoBufferOffset = UInt32Le()
self.Version = Version(conditional = lambda:(self.NegotiateFlags.value & Negotiate.NTLMSSP_NEGOTIATE_VERSION))
self.Payload = String()
def __init__(self, readLen = None):
CompositeType.__init__(self, readLen = readLen)
#RSA and must be only RSA
self.preferredKeyExchangeAlg = UInt32Le(0x00000001, constant = True)
#pure microsoft client ;-)
#http://msdn.microsoft.com/en-us/library/1040af38-c733-4fb3-acd1-8db8cc979eda#id10
self.platformId = UInt32Le(0x04000000 | 0x00010000)
self.clientRandom = String("\x00" * 32, readLen = CallableValue(32))
self.encryptedPreMasterSecret = LicenseBinaryBlob(BinaryBlobType.BB_RANDOM_BLOB)
self.ClientUserName = LicenseBinaryBlob(BinaryBlobType.BB_CLIENT_USER_NAME_BLOB)
self.ClientMachineName = LicenseBinaryBlob(BinaryBlobType.BB_CLIENT_MACHINE_NAME_BLOB)
def __init__(self, readLen=None):
CompositeType.__init__(self, readLen=readLen)
self.terminalDescriptor = String("\x00" * 16,
readLen=CallableValue(16))
self.pad4octetsA = UInt32Le(0)
self.desktopSaveXGranularity = UInt16Le(1)
self.desktopSaveYGranularity = UInt16Le(20)
self.pad2octetsA = UInt16Le(0)
self.maximumOrderLevel = UInt16Le(1)
self.numberFonts = UInt16Le()
self.orderFlags = UInt16Le(OrderFlag.NEGOTIATEORDERSUPPORT)
self.orderSupport = ArrayType(UInt8,
init=[UInt8(0) for _ in range(0, 32)],
readLen=CallableValue(32))
self.textFlags = UInt16Le()
self.orderSupportExFlags = UInt16Le()
self.pad4octetsB = UInt32Le()
self.desktopSaveSize = UInt32Le(480 * 480)
self.pad2octetsC = UInt16Le()
self.pad2octetsD = UInt16Le()
self.textANSICodePage = UInt16Le(0)
self.pad2octetsE = UInt16Le()
def __init__(self, readLen=None):
CompositeType.__init__(self, readLen=readLen)
self.inputFlags = UInt16Le()
self.pad2octetsA = UInt16Le()
#same value as gcc.ClientCoreSettings.kbdLayout
self.keyboardLayout = UInt32Le()
#same value as gcc.ClientCoreSettings.keyboardType
self.keyboardType = UInt32Le()
#same value as gcc.ClientCoreSettings.keyboardSubType
self.keyboardSubType = UInt32Le()
#same value as gcc.ClientCoreSettings.keyboardFnKeys
self.keyboardFunctionKey = UInt32Le()
#same value as gcc.ClientCoreSettingrrs.imeFileName
self.imeFileName = String("\x00" * 64, readLen=CallableValue(64))
def __init__(self, readLen=None):
CompositeType.__init__(self, readLen=readLen)
self.rdpVersion = UInt32Le(Version.RDP_VERSION_5_PLUS)
self.desktopWidth = UInt16Le(1280)
self.desktopHeight = UInt16Le(800)
self.colorDepth = UInt16Le(ColorDepth.RNS_UD_COLOR_8BPP)
self.sasSequence = UInt16Le(Sequence.RNS_UD_SAS_DEL)
self.kbdLayout = UInt32Le(KeyboardLayout.US)
self.clientBuild = UInt32Le(3790)
self.clientName = String("rdpy" + "\x00" * 11,
readLen=CallableValue(32),
unicode=True)
self.keyboardType = UInt32Le(KeyboardType.IBM_101_102_KEYS)
self.keyboardSubType = UInt32Le(0)
self.keyboardFnKeys = UInt32Le(12)
self.imeFileName = String("\x00" * 64,
readLen=CallableValue(64),
optional=True)
self.postBeta2ColorDepth = UInt16Le(ColorDepth.RNS_UD_COLOR_8BPP,
optional=True)
self.clientProductId = UInt16Le(1, optional=True)
self.serialNumber = UInt32Le(0, optional=True)
self.highColorDepth = UInt16Le(HighColor.HIGH_COLOR_24BPP,
optional=True)
self.supportedColorDepths = UInt16Le(
Support.RNS_UD_15BPP_SUPPORT | Support.RNS_UD_16BPP_SUPPORT
| Support.RNS_UD_24BPP_SUPPORT | Support.RNS_UD_32BPP_SUPPORT,
optional=True)
self.earlyCapabilityFlags = UInt16Le(
CapabilityFlags.RNS_UD_CS_SUPPORT_ERRINFO_PDU, optional=True)
self.clientDigProductId = String("\x00" * 64,
readLen=CallableValue(64),
optional=True)
self.connectionType = UInt8(optional=True)
self.pad1octet = UInt8(optional=True)
self.serverSelectedProtocol = UInt32Le(optional=True)
def __init__(self):
CompositeType.__init__(self)
self.Signature = String("NTLMSSP\x00", readLen = CallableValue(8), constant = True)
self.MessageType = UInt32Le(0x00000001, constant = True)
self.NegotiateFlags = UInt32Le()
self.DomainNameLen = UInt16Le()
self.DomainNameMaxLen = UInt16Le(lambda:self.DomainNameLen.value)
self.DomainNameBufferOffset = UInt32Le()
self.WorkstationLen = UInt16Le()
self.WorkstationMaxLen = UInt16Le(lambda:self.WorkstationLen.value)
self.WorkstationBufferOffset = UInt32Le()
self.Version = Version(conditional = lambda:(self.NegotiateFlags.value & Negotiate.NTLMSSP_NEGOTIATE_VERSION))
self.Payload = String()
def readConferenceCreateResponse(s):
"""
@summary: Read response from server
and return server settings read from this response
@param s: Stream
@return: ServerSettings
"""
per.readChoice(s)
per.readObjectIdentifier(s, t124_02_98_oid)
per.readLength(s)
per.readChoice(s)
per.readInteger16(s, 1001)
per.readInteger(s)
per.readEnumerates(s)
per.readNumberOfSet(s)
per.readChoice(s)
if not per.readOctetStream(s, h221_sc_key, 4):
raise InvalidExpectedDataException("cannot read h221_sc_key")
length = per.readLength(s)
serverSettings = Settings(readLen=CallableValue(length))
s.readType(serverSettings)
return serverSettings
def __init__(self):
CompositeType.__init__(self)
self.length = UInt32Le(lambda:(sizeof(self) - 4))
self.encryptedClientRandom = String(readLen = CallableValue(lambda:(self.length.value - 8)))
self.padding = String("\x00" * 8, readLen = CallableValue(8))
def __init__(self, readLen=None):
CompositeType.__init__(self, readLen=readLen)
self.connectFlags = UInt32Le()
self.encryptedPlatformChallenge = LicenseBinaryBlob(
BinaryBlobType.BB_ANY_BLOB)
self.MACData = String(readLen=CallableValue(16))
def __init__(self, readLen=None):
CompositeType.__init__(self, readLen=readLen)
self.encryptedPlatformChallengeResponse = LicenseBinaryBlob(
BinaryBlobType.BB_DATA_BLOB)
self.encryptedHWID = LicenseBinaryBlob(BinaryBlobType.BB_DATA_BLOB)
self.MACData = String(readLen=CallableValue(16))
def __init__(self):
CompositeType.__init__(self)
self.NumCertBlobs = UInt32Le()
self.CertBlobArray = ArrayType(CertBlob, readLen=self.NumCertBlobs)
self.padding = String(
readLen=CallableValue(lambda: (8 + 4 * self.NumCertBlobs.value)))
def __init__(self):
CompositeType.__init__(self)
self.Version = UInt32Le(0x00000001, constant=True)
self.Checksum = String(readLen=CallableValue(8))
self.SeqNum = UInt32Le()
