def test_decryption_smb_311(self):
session_key = array.array(
'B', unhexlify("419FDDF34C1E001909D362AE7FB6AF79"))
pre_auth_integrity_hash = array.array(
'B',
unhexlify(
"B23F3CBFD69487D9832B79B1594A367CDD950909B774C3A4C412B4FCEA9EDDDBA7DB256BA2EA30E9"
"77F11F9B113247578E0E915C6D2A513B8F2FCA5707DC8770"))
session_id = 0x100000000025
ciphers = [crypto.SMB2_AES_128_GCM]
conn = bogus_311_connection(session_key, pre_auth_integrity_hash,
ciphers)
exp_decryption_key = unhexlify("748C50868C90F302962A5C35F5F9A8BF")
self.assertEqual(conn.encryption_context().keys.decryption,
exp_decryption_key)
transform_message = array.array(
'B',
unhexlify(
"FD534D42ACBE1CB7ED343ADF1725EF144D90D4B0E06831DD2E8EB7B4000000000000000050000000"
"00000100250000000010000026BBBF949983A6C1C796559D0F2C510CB651D1F7B6AC8DED32A2A0B8"
"F2D793A815C6F6B848D69767A215841A42D400AE6DDB5F0B44173A014973321FDD7950DA6179159B"
"82E03C9E18A050FF0EA1C967"))
nb = netbios.Netbios()
th = crypto.TransformHeader(nb)
th.encryption_context = conn.encryption_context()
th.parse(transform_message)
exp_smb_message = array.array(
'B',
unhexlify(
"FE534D4240000100000000000900010001000000000000000500000000000000FFFE000001000000"
"25000000001000000000000000000000000000000000000011000000170000000000000000000000"
))
self.assertEqual(nb[0].buf, exp_smb_message)
def test_decryption_smb_300(self):
session_key = array.array(
'B', unhexlify("B4546771B515F766A86735532DD6C4F0"))
session_id = 0x8e40014000011
conn = bogus_300_connection(session_key)
exp_decryption_key = unhexlify("8FE2B57EC34D2DB5B1A9727F526BBDB5")
self.assertEqual(conn.encryption_context().keys.decryption,
exp_decryption_key)
transform_message = array.array(
'B',
unhexlify(
"FD534D42A6015530A18F6D9AFFE22AFAE8E66484860000000000000011000014"
"00E4080050000000000001001100001400E40800DBF46435C5F14169293CE079"
"E344479BF670227E49873F458672C3098DAC467DD5809F369D67409166515787"
"1483E01F7BECD02064EAC3E235F913668BBC2F097980D4B378F1993EFF6E60D1"
"77309E5B"))
nb = netbios.Netbios()
th = crypto.TransformHeader(nb)
th.encryption_context = conn.encryption_context()
th.parse(transform_message)
exp_smb_message = array.array(
'B',
unhexlify(
"FE534D4240000100000000000900210009000000000000000400000000000000"
"FFFE0000010000001100001400E4080000000000000000000000000000000000"
"11000000170000000000000000000000"))
self.assertEqual(nb[0].buf, exp_smb_message)
def test_encryption_smb_311(self):
session_key = array.array(
'B', unhexlify("419FDDF34C1E001909D362AE7FB6AF79"))
pre_auth_integrity_hash = array.array(
'B',
unhexlify(
"B23F3CBFD69487D9832B79B1594A367CDD950909B774C3A4C412B4FCEA9EDDDBA7DB256BA2EA30E9"
"77F11F9B113247578E0E915C6D2A513B8F2FCA5707DC8770"))
session_id = 0x100000000025
ciphers = [crypto.SMB2_AES_128_GCM]
conn = bogus_311_connection(session_key, pre_auth_integrity_hash,
ciphers)
exp_encryption_key = unhexlify("A2F5E80E5D59103034F32E52F698E5EC")
self.assertEqual(conn.encryption_context().keys.encryption,
exp_encryption_key)
# construct the request
nb = netbios.Netbios()
th = crypto.TransformHeader(nb)
th.nonce = array.array('B', unhexlify("C7D6822D269CAF48904C664C"))
th.session_id = session_id
th.encryption_context = conn.encryption_context()
smb_packet = smb2.Smb2(nb, conn)
smb_packet.credit_charge = 1
smb_packet.credit_request = 1
smb_packet.channel_sequence = 0
smb_packet.flags = smb2.SMB2_FLAGS_SIGNED
smb_packet.message_id = 5
smb_packet.tree_id = 1
smb_packet.signature = b"\0" * 16
smb_packet.session_id = session_id
write_req = smb2.WriteRequest(smb_packet)
write_req.file_id = (0x400000006, 0x400000001)
write_req.buffer = b"Smb3 encryption testing"
write_req.write_channel_info_offset = 0x70
exp_serialized = array.array(
'B',
unhexlify(
"FE534D4240000100000000000900010008000000000000000500000000000000FFFE000001000000"
"25000000001000000000000000000000000000000000000031007000170000000000000000000000"
"0600000004000000010000000400000000000000000000007000000000000000536D623320656E63"
"72797074696F6E2074657374696E67"))
serialized = smb_packet.serialize()
self.assertEqual(serialized, exp_serialized)
transformed_serial = th.serialize()
exp_encrypted = array.array(
'B',
unhexlify(
"6ECDD2A7AFC7B47763057A041B8FD4DAFFE990B70C9E09D36C084E02D14EF247F8BDE38ACF6256F8"
"B1D3B56F77FBDEB312FEA5E92CBCC1ED8FB2EBBFAA75E49A4A394BB44576545567C24D4C014D47C9"
"FBDFDAFD2C4F9B72F8D256452620A299F48E29E53D6B61D1C13A19E91AF013F00D17E3ABC2FC3D36"
"C8C1B6B93973253852DBD442E46EE8"))
self.assertEqual(th.ciphertext, exp_encrypted)
exp_transformed = array.array(
'B',
unhexlify(
"FD534D42BD73D97D2BC9001BCAFAC0FDFF5FEEBCC7D6822D269CAF48904C664C0000000087000000"
"0000010025000000001000006ECDD2A7AFC7B47763057A041B8FD4DAFFE990B70C9E09D36C084E02"
"D14EF247F8BDE38ACF6256F8B1D3B56F77FBDEB312FEA5E92CBCC1ED8FB2EBBFAA75E49A4A394BB4"
"4576545567C24D4C014D47C9FBDFDAFD2C4F9B72F8D256452620A299F48E29E53D6B61D1C13A19E9"
"1AF013F00D17E3ABC2FC3D36C8C1B6B93973253852DBD442E46EE8"))
self.assertEqual(transformed_serial, exp_transformed)
def test_encryption_smb_300(self):
session_key = array.array(
'B', unhexlify("B4546771B515F766A86735532DD6C4F0"))
session_id = 0x8e40014000011
conn = bogus_300_connection(session_key)
exp_encryption_key = unhexlify("261B72350558F2E9DCF613070383EDBF")
self.assertEqual(conn.encryption_context().keys.encryption,
exp_encryption_key)
# construct the request
nb = netbios.Netbios()
th = crypto.TransformHeader(nb)
th.nonce = array.array('B',
unhexlify("66E69A111892584FB5ED524A744DA3EE"))
th.session_id = session_id
th.encryption_context = conn.encryption_context()
smb_packet = smb2.Smb2(nb, conn)
smb_packet.credit_charge = 1
smb_packet.credit_request = 64
smb_packet.channel_sequence = 0
smb_packet.flags = smb2.SMB2_FLAGS_SIGNED
smb_packet.message_id = 4
smb_packet.tree_id = 1
smb_packet.signature = b"\0" * 16
smb_packet.session_id = session_id
write_req = smb2.WriteRequest(smb_packet)
write_req.file_id = (0x200003900000115, 0x23900000001)
write_req.buffer = b"Smb3 encryption testing"
write_req.write_channel_info_offset = 0x70
exp_serialized = array.array(
'B',
unhexlify(
"FE534D4240000100000000000900400008000000000000000400000000000000"
"FFFE0000010000001100001400E4080000000000000000000000000000000000"
"3100700017000000000000000000000015010000390000020100000039020000"
"00000000000000007000000000000000536D623320656E6372797074696F6E20"
"74657374696E67"))
serialized = smb_packet.serialize()
self.assertEqual(serialized, exp_serialized)
transformed_serial = th.serialize()
exp_encrypted = array.array(
'B',
unhexlify(
"25C8FEE16605A437832D1CD52DA9F4645333482A175FE5384563F45FCDAFAEF3"
"8BC62BA4D5C62897996625A44C29BE5658DE2E6117585779E7B59FFD971278D0"
"8580D7FA899E410E910EABF5AA1DB43050B33B49182637759AC15D84BFCDF5B6"
"B238993C0F4CF4D6012023F6C627297075D84B7803912D0A9639634453595EF3"
"E33FFE4E7AC2AB"))
self.assertEqual(th.ciphertext, exp_encrypted)
exp_transformed = array.array(
'B',
unhexlify(
"FD534D4281A286535415445DAE393921E44FA42E66E69A111892584FB5ED524A"
"744DA3EE87000000000001001100001400E4080025C8FEE16605A437832D1CD5"
"2DA9F4645333482A175FE5384563F45FCDAFAEF38BC62BA4D5C62897996625A4"
"4C29BE5658DE2E6117585779E7B59FFD971278D08580D7FA899E410E910EABF5"
"AA1DB43050B33B49182637759AC15D84BFCDF5B6B238993C0F4CF4D6012023F6"
"C627297075D84B7803912D0A9639634453595EF3E33FFE4E7AC2AB"))
self.assertEqual(transformed_serial, exp_transformed)