def __init__(self, action=None, readLen=None): """ @param action: Action macro @param readLen: Max length to read """ CompositeType.__init__(self, readLen=readLen) self.action = UInt16Le( action, constant=True) if not action is None else UInt16Le() self.grantId = UInt16Le() self.controlId = UInt32Le()
def __init__(self, readLen=None): CompositeType.__init__(self, readLen=readLen) self.lenUsername = UInt16Le(lambda: sizeof(self.username)) self.username = String(readLen=self.lenUsername) self.lenPassword = UInt16Le(lambda: sizeof(self.password)) self.password = String(readLen=self.lenPassword) self.lenDomain = UInt16Le(lambda: sizeof(self.domain)) self.domain = String(readLen=self.lenDomain) self.lenHostname = UInt16Le(lambda: sizeof(self.hostname)) self.hostname = String(readLen=self.lenHostname)
def __init__(self, totalLength, pduType, userId): """ @summary: Set pduType as constant @param totalLength: total length of PDU packet """ CompositeType.__init__(self) #share control header self.totalLength = UInt16Le(totalLength) self.pduType = UInt16Le(pduType) self.PDUSource = UInt16Le(userId)
def __init__(self, readLen=None): CompositeType.__init__(self, readLen=readLen) self.rdpVersion = UInt32Le(Version.RDP_VERSION_5_PLUS) self.desktopWidth = UInt16Le(1280) self.desktopHeight = UInt16Le(800) self.colorDepth = UInt16Le(ColorDepth.RNS_UD_COLOR_8BPP) self.sasSequence = UInt16Le(Sequence.RNS_UD_SAS_DEL) self.kbdLayout = UInt32Le(KeyboardLayout.US) self.clientBuild = UInt32Le(3790) self.clientName = String("rdpy" + "\x00" * 11, readLen=UInt8(32), unicode=True) self.keyboardType = UInt32Le(KeyboardType.IBM_101_102_KEYS) self.keyboardSubType = UInt32Le(0) self.keyboardFnKeys = UInt32Le(12) self.imeFileName = String("\x00" * 64, readLen=UInt8(64)) self.postBeta2ColorDepth = UInt16Le(ColorDepth.RNS_UD_COLOR_8BPP) self.clientProductId = UInt16Le(1) self.serialNumber = UInt32Le(0) self.highColorDepth = UInt16Le(HighColor.HIGH_COLOR_24BPP) self.supportedColorDepths = UInt16Le(Support.RNS_UD_15BPP_SUPPORT | Support.RNS_UD_16BPP_SUPPORT | Support.RNS_UD_24BPP_SUPPORT | Support.RNS_UD_32BPP_SUPPORT) self.earlyCapabilityFlags = UInt16Le( CapabilityFlags.RNS_UD_CS_SUPPORT_ERRINFO_PDU) self.clientDigProductId = String("\x00" * 64, readLen=UInt8(64)) self.connectionType = UInt8() self.pad1octet = UInt8() self.serverSelectedProtocol = UInt32Le()
def __init__(self, conditional): CompositeType.__init__(self, conditional = conditional) self.clientAddressFamily = UInt16Le(AfInet.AF_INET) self.cbClientAddress = UInt16Le(lambda:sizeof(self.clientAddress)) self.clientAddress = String(readLen = self.cbClientAddress, unicode = True) self.cbClientDir = UInt16Le(lambda:sizeof(self.clientDir)) self.clientDir = String(readLen = self.cbClientDir, unicode = True) #TODO make tiomezone self.clientTimeZone = String("\x00" * 172) self.clientSessionId = UInt32Le() self.performanceFlags = UInt32Le()
def sendFlagged(self, flag, data): """ @summary: explicit send flag method for particular packet (info packet or license packet) If encryption is enable apply it @param flag: {integer} security flag @param data: {Type | Tuple} """ if flag & SecurityFlag.SEC_ENCRYPT: data = self.writeEncryptedPayload(data, flag & SecurityFlag.SEC_SECURE_CHECKSUM) self._transport.send((UInt16Le(flag), UInt16Le(), data))
def __init__(self, totalLength, pduType, userId): """ @summary: Set pduType as constant @param totalLength: total length of PDU packet """ CompositeType.__init__(self) #share control header self.totalLength = UInt16Le(totalLength) self.pduType = UInt16Le(pduType) #for xp sp3 and deactiveallpdu PDUSource may not be present self.PDUSource = UInt16Le(userId, optional=True)
def __init__(self): CompositeType.__init__(self) self.dwSigAlgId = UInt32Le(0x00000001, constant=True) self.dwKeyAlgId = UInt32Le(0x00000001, constant=True) self.wPublicKeyBlobType = UInt16Le(0x0006, constant=True) self.wPublicKeyBlobLen = UInt16Le(lambda: sizeof(self.PublicKeyBlob)) self.PublicKeyBlob = RSAPublicKey(readLen=self.wPublicKeyBlobLen) self.wSignatureBlobType = UInt16Le(0x0008, constant=True) self.wSignatureBlobLen = UInt16Le(lambda: (sizeof(self.SignatureBlob) - 8)) self.SignatureBlob = String(readLen=self.wSignatureBlobLen) self.padding = String(b"\x00" * 8, readLen=UInt8(8))
def __init__(self, readLen = None): CompositeType.__init__(self, readLen = readLen) self.inputFlags = UInt16Le() self.pad2octetsA = UInt16Le() #same value as gcc.ClientCoreSettings.kbdLayout self.keyboardLayout = UInt32Le() #same value as gcc.ClientCoreSettings.keyboardType self.keyboardType = UInt32Le() #same value as gcc.ClientCoreSettings.keyboardSubType self.keyboardSubType = UInt32Le() #same value as gcc.ClientCoreSettings.keyboardFnKeys self.keyboardFunctionKey = UInt32Le() #same value as gcc.ClientCoreSettingrrs.imeFileName self.imeFileName = String("\x00" * 64, readLen = UInt8(64))
def recvConnectInitial(self, data): """ @summary: Receive MCS connect initial from client Send Connect Response Wait Erect Domain Request @param data: {Stream} """ ber.readApplicationTag(data, UInt8(Message.MCS_TYPE_CONNECT_INITIAL)) ber.readOctetString(data) ber.readOctetString(data) if not ber.readBoolean(data): raise InvalidExpectedDataException( "invalid expected BER boolean tag") self.readDomainParams(data) self.readDomainParams(data) self.readDomainParams(data) self._clientSettings = gcc.readConferenceCreateRequest( Stream(ber.readOctetString(data))) if not self._clientSettings.CS_NET is None: i = 1 for channelDef in self._clientSettings.CS_NET.channelDefArray._array: self._serverSettings.SC_NET.channelIdArray._array.append( UInt16Le(i + Channel.MCS_GLOBAL_CHANNEL)) #if channel can be handle by serve add it for serverChannelDef, layer in self._virtualChannels: if channelDef.name == serverChannelDef.name: self._channels[i + Channel.MCS_GLOBAL_CHANNEL] = layer i += 1 self.sendConnectResponse() self.setNextState(self.recvErectDomainRequest)
def __init__(self, readLen=None): """ @param readLen: Max size of packet """ CompositeType.__init__(self, readLen=readLen) self.numberRectangles = UInt16Le(lambda: len(self.rectangles._array)) self.rectangles = ArrayType(BitmapData, readLen=self.numberRectangles)
def __init__(self, updateData=None): CompositeType.__init__(self) self.updateHeader = UInt8( lambda: updateData.__class__._FASTPATH_UPDATE_TYPE_) self.compressionFlags = UInt8(conditional=lambda: ( (self.updateHeader.value >> 4 ) & FastPathOutputCompression.FASTPATH_OUTPUT_COMPRESSION_USED)) self.size = UInt16Le(lambda: sizeof(self.updateData)) def UpdateDataFactory(): """ @summary: Create correct object in accordance to self.updateHeader field """ for c in [FastPathBitmapUpdateDataPDU]: if (self.updateHeader.value & 0xf) == c._FASTPATH_UPDATE_TYPE_: return c() log.debug("unknown Fast Path PDU update data type : %s" % hex(self.updateHeader.value & 0xf)) return String() if updateData is None: updateData = FactoryType(UpdateDataFactory) elif not "_FASTPATH_UPDATE_TYPE_" in updateData.__class__.__dict__: raise InvalidExpectedDataException( "Try to send an invalid fast path data update PDU") self.updateData = updateData
def __init__(self, updateData=None, readLen=None): """ @param updateType: UpdateType macro @param updateData: Update data PDU in accordance with updateType (BitmapUpdateDataPDU) @param readLen: Max length to read """ CompositeType.__init__(self, readLen=readLen) self.updateType = UInt16Le(lambda: updateData.__class__._UPDATE_TYPE_) def UpdateDataFactory(): """ @summary: Create object in accordance self.updateType value """ for c in [BitmapUpdateDataPDU]: if self.updateType.value == c._UPDATE_TYPE_: return c() log.debug("unknown PDU update data type : %s" % hex(self.updateType.value)) return String() if updateData is None: updateData = FactoryType( UpdateDataFactory, conditional=lambda: (self.updateType.value != UpdateType.UPDATETYPE_SYNCHRONIZE)) elif not "_UPDATE_TYPE_" in updateData.__class__.__dict__: raise InvalidExpectedDataException( "Try to send an invalid data update PDU") self.updateData = updateData
def __init__(self): CompositeType.__init__(self) self.shareId = UInt32Le() self.originatorId = UInt16Le(0x03EA, constant=True) self.lengthSourceDescriptor = UInt16Le( lambda: sizeof(self.sourceDescriptor)) self.lengthCombinedCapabilities = UInt16Le( lambda: (sizeof(self.numberCapabilities) + sizeof(self.pad2Octets) + sizeof(self.capabilitySets))) self.sourceDescriptor = String("rdpy", readLen=self.lengthSourceDescriptor) self.numberCapabilities = UInt16Le( lambda: len(self.capabilitySets._array)) self.pad2Octets = UInt16Le() self.capabilitySets = ArrayType(caps.Capability, readLen=self.numberCapabilities)
def __init__(self): CompositeType.__init__(self) self.shareId = UInt32Le() self.lengthSourceDescriptor = UInt16Le( lambda: sizeof(self.sourceDescriptor)) self.sourceDescriptor = String("rdpy", readLen=self.lengthSourceDescriptor)
def __init__(self, conditional): CompositeType.__init__(self, conditional=conditional) self.ProductMajorVersion = UInt8(MajorVersion.WINDOWS_MAJOR_VERSION_6) self.ProductMinorVersion = UInt8(MinorVersion.WINDOWS_MINOR_VERSION_0) self.ProductBuild = UInt16Le(6002) self.Reserved = UInt24Le() self.NTLMRevisionCurrent = UInt8(NTLMRevision.NTLMSSP_REVISION_W2K3)
def __init__(self, message=None): CompositeType.__init__(self) #preambule self.bMsgtype = UInt8( lambda: self.licensingMessage.__class__._MESSAGE_TYPE_) self.flag = UInt8(Preambule.PREAMBLE_VERSION_3_0) self.wMsgSize = UInt16Le(lambda: sizeof(self)) def LicensingMessageFactory(): """ @summary: factory for message nego Use in read mode """ for c in [ LicensingErrorMessage, ServerLicenseRequest, ClientNewLicenseRequest, ServerPlatformChallenge, ClientPLatformChallengeResponse ]: if self.bMsgtype.value == c._MESSAGE_TYPE_: return c(readLen=self.wMsgSize - 4) log.debug("unknown license message : %s" % self.bMsgtype.value) return String() if message is None: message = FactoryType(LicensingMessageFactory) elif not "_MESSAGE_TYPE_" in message.__class__.__dict__: raise InvalidExpectedDataException( "Try to send an invalid license message") self.licensingMessage = message
def __init__(self, event=None): CompositeType.__init__(self) self.type = UInt16Le(lambda: event.__class__._TYPE_) self.timestamp = UInt32Le() self.length = UInt32Le(lambda: (sizeof(self) - 10)) def EventFactory(): """ @summary: Closure for event factory """ for c in [ UpdateEvent, ScreenEvent, InfoEvent, CloseEvent, KeyEventScancode, KeyEventUnicode ]: if self.type.value == c._TYPE_: return c(readLen=self.length) log.debug("unknown event type : %s" % hex(self.type.value)) #read entire packet return String(readLen=self.length) if event is None: event = FactoryType(EventFactory) elif not "_TYPE_" in event.__class__.__dict__: raise error.InvalidExpectedDataException( "Try to send an invalid event block") self.event = event
def __init__(self, readLen = None): CompositeType.__init__(self, readLen = readLen) self.osMajorType = UInt16Le() self.osMinorType = UInt16Le() self.protocolVersion = UInt16Le(0x0200, constant = True) self.pad2octetsA = UInt16Le() self.generalCompressionTypes = UInt16Le(0, constant = True) self.extraFlags = UInt16Le() self.updateCapabilityFlag = UInt16Le(0, constant = True) self.remoteUnshareFlag = UInt16Le(0, constant = True) self.generalCompressionLevel = UInt16Le(0, constant = True) self.refreshRectSupport = UInt8() self.suppressOutputSupport = UInt8()
def __init__(self, bodySize=0, scanWidth=0, uncompressedSize=0, conditional=lambda: True): """ @param bodySize: size of image body @param scanWidth: width of image @param uncompressedSize: size of uncompressed image """ CompositeType.__init__(self, conditional=conditional) self.cbCompFirstRowSize = UInt16Le(0x0000, constant=True) #compressed data size self.cbCompMainBodySize = UInt16Le() self.cbScanWidth = UInt16Le() #uncompressed data size self.cbUncompressedSize = UInt16Le()
def __init__(self, optional = False): CompositeType.__init__(self, optional = optional) self.code = UInt8() self.flag = UInt8(0) #always 8 self.len = UInt16Le(0x0008, constant = True) self.selectedProtocol = UInt32Le(conditional = lambda: (self.code.value != NegociationType.TYPE_RDP_NEG_FAILURE)) self.failureCode = UInt32Le(conditional = lambda: (self.code.value == NegociationType.TYPE_RDP_NEG_FAILURE))
def __init__(self): CompositeType.__init__(self) self.Signature = String("NTLMSSP\x00", readLen = CallableValue(8), constant = True) self.MessageType = UInt32Le(0x00000001, constant = True) self.NegotiateFlags = UInt32Le() self.DomainNameLen = UInt16Le() self.DomainNameMaxLen = UInt16Le(lambda:self.DomainNameLen.value) self.DomainNameBufferOffset = UInt32Le() self.WorkstationLen = UInt16Le() self.WorkstationMaxLen = UInt16Le(lambda:self.WorkstationLen.value) self.WorkstationBufferOffset = UInt32Le() self.Version = Version(conditional = lambda:(self.NegotiateFlags.value & Negotiate.NTLMSSP_NEGOTIATE_VERSION)) self.Payload = String()
def recvLicenceInfo(self, s): """ @summary: Read license info packet and check if is a valid client info Wait Demand Active PDU @param s: Stream """ #packet preambule securityFlag = UInt16Le() securityFlagHi = UInt16Le() s.readType((securityFlag, securityFlagHi)) if not (securityFlag.value & SecurityFlag.SEC_LICENSE_PKT): raise InvalidExpectedDataException("waiting license packet") if self._licenceManager.recv(s): self.setNextState() #end of connection step of self._presentation.connect()
def __init__(self): #in old version this packet is empty i don't know #and not specified CompositeType.__init__(self, optional=True) self.shareId = UInt32Le() self.lengthSourceDescriptor = UInt16Le( lambda: sizeof(self.sourceDescriptor)) self.sourceDescriptor = String("rdpy", readLen=self.lengthSourceDescriptor)
def recv(self, data): """ @summary: if basic RDP security layer is activate decrypt else pass to upper layer @param data : {Stream} input Stream """ if not self._enableEncryption: self._presentation.recv(data) return securityFlag = UInt16Le() securityFlagHi = UInt16Le() data.readType((securityFlag, securityFlagHi)) if securityFlag.value & SecurityFlag.SEC_ENCRYPT: data = self.readEncryptedPayload(data, securityFlag.value & SecurityFlag.SEC_SECURE_CHECKSUM) self._presentation.recv(data)
def __init__(self, destLeft=0, destTop=0, destRight=0, destBottom=0, width=0, height=0, bitsPerPixel=0, bitmapDataStream=""): """ @param destLeft: destination left coordinate @param destTop: destination top coordinate @param destRight: destination right coordinate @param destBottom: destination bottom coordinate @param width: width of image @param height: height of image @param bitsPerPixel: color depth @param bitmapDataStream: data """ CompositeType.__init__(self) self.destLeft = UInt16Le(destLeft) self.destTop = UInt16Le(destTop) self.destRight = UInt16Le(destRight) self.destBottom = UInt16Le(destBottom) self.width = UInt16Le(width) self.height = UInt16Le(height) self.bitsPerPixel = UInt16Le(bitsPerPixel) self.flags = UInt16Le() self.bitmapLength = UInt16Le(lambda: (sizeof(self.bitmapComprHdr) + sizeof(self.bitmapDataStream))) self.bitmapComprHdr = BitmapCompressedDataHeader( bodySize=lambda: sizeof(self.bitmapDataStream), scanWidth=lambda: self.width.value, uncompressedSize=lambda: (self.width.value * self.height.value * self.bitsPerPixel.value), conditional=lambda: ( (self.flags.value & BitmapFlag.BITMAP_COMPRESSION) and not ( self.flags.value & BitmapFlag.NO_BITMAP_COMPRESSION_HDR))) self.bitmapDataStream = String( bitmapDataStream, readLen=UInt16Le(lambda: (self.bitmapLength.value if ( not self.flags.value & BitmapFlag.BITMAP_COMPRESSION or self. flags.value & BitmapFlag.NO_BITMAP_COMPRESSION_HDR ) else self.bitmapComprHdr.cbCompMainBodySize.value)))
def __init__(self, extendedInfoConditional): CompositeType.__init__(self) #code page self.codePage = UInt32Le() #support flag self.flag = UInt32Le(InfoFlag.INFO_MOUSE | InfoFlag.INFO_UNICODE | InfoFlag.INFO_LOGONNOTIFY | InfoFlag.INFO_LOGONERRORS | InfoFlag.INFO_DISABLECTRLALTDEL | InfoFlag.INFO_ENABLEWINDOWSKEY) self.cbDomain = UInt16Le(lambda:sizeof(self.domain) - 2) self.cbUserName = UInt16Le(lambda:sizeof(self.userName) - 2) self.cbPassword = UInt16Le(lambda:sizeof(self.password) - 2) self.cbAlternateShell = UInt16Le(lambda:sizeof(self.alternateShell) - 2) self.cbWorkingDir = UInt16Le(lambda:sizeof(self.workingDir) - 2) #microsoft domain self.domain = String(readLen = CallableValue(lambda:self.cbDomain.value + 2), unicode = True) self.userName = String(readLen = CallableValue(lambda:self.cbUserName.value + 2), unicode = True) self.password = String(readLen = CallableValue(lambda:self.cbPassword.value + 2), unicode = True) #shell execute at start of session self.alternateShell = String(readLen = CallableValue(lambda:self.cbAlternateShell.value + 2), unicode = True) #working directory for session self.workingDir = String(readLen = CallableValue(lambda:self.cbWorkingDir.value + 2), unicode = True) self.extendedInfo = RDPExtendedInfo(conditional = extendedInfoConditional)
def __init__(self): CompositeType.__init__(self) self.Signature = String("NTLMSSP\x00", readLen = CallableValue(8), constant = True) self.MessageType = UInt32Le(0x00000002, constant = True) self.TargetNameLen = UInt16Le() self.TargetNameMaxLen = UInt16Le(lambda:self.TargetNameLen.value) self.TargetNameBufferOffset = UInt32Le() self.NegotiateFlags = UInt32Le() self.ServerChallenge = String(readLen = CallableValue(8)) self.Reserved = String("\x00" * 8, readLen = CallableValue(8)) self.TargetInfoLen = UInt16Le() self.TargetInfoMaxLen = UInt16Le(lambda:self.TargetInfoLen.value) self.TargetInfoBufferOffset = UInt32Le() self.Version = Version(conditional = lambda:(self.NegotiateFlags.value & Negotiate.NTLMSSP_NEGOTIATE_VERSION)) self.Payload = String()
def __init__(self, readLen): CompositeType.__init__(self, readLen=readLen) #magic is RSA1(0x31415352) self.magic = UInt32Le(0x31415352, constant=True) self.keylen = UInt32Le(lambda: (sizeof(self.modulus) + sizeof(self.padding))) self.bitlen = UInt32Le(lambda: ((self.keylen.value - 8) * 8)) self.datalen = UInt32Le(lambda: ((self.bitlen.value / 8) - 1)) self.pubExp = UInt32Le() self.modulus = String( readLen=UInt16Le(lambda: (self.keylen.value - 8))) self.padding = String("\x00" * 8, readLen=UInt8(8))
def __init__(self, capability = None): CompositeType.__init__(self) self.capabilitySetType = UInt16Le(lambda:capability.__class__._TYPE_) self.lengthCapability = UInt16Le(lambda:sizeof(self)) def CapabilityFactory(): """ Closure for capability factory """ for c in [GeneralCapability, BitmapCapability, OrderCapability, BitmapCacheCapability, PointerCapability, InputCapability, BrushCapability, GlyphCapability, OffscreenBitmapCacheCapability, VirtualChannelCapability, SoundCapability, ControlCapability, WindowActivationCapability, FontCapability, ColorCacheCapability, ShareCapability, MultiFragmentUpdate]: if self.capabilitySetType.value == c._TYPE_ and (self.lengthCapability.value - 4) > 0: return c(readLen = self.lengthCapability - 4) log.debug("unknown Capability type : %s"%hex(self.capabilitySetType.value)) #read entire packet return String(readLen = self.lengthCapability - 4) if capability is None: capability = FactoryType(CapabilityFactory) elif not "_TYPE_" in capability.__class__.__dict__: raise InvalidExpectedDataException("Try to send an invalid capability block") self.capability = capability