def onConnectInitial(self, pdu: MCSConnectInitialPDU):
"""
Parse client connection information, change some settings, disable some unimplemented features, and record
the client data.
:param pdu: the connect initial PDU
"""
gccParser = GCCParser()
rdpClientConnectionParser = ClientConnectionParser()
gccConferenceCreateRequestPDU: GCCConferenceCreateRequestPDU = gccParser.parse(
pdu.payload)
rdpClientDataPDU = rdpClientConnectionParser.parse(
gccConferenceCreateRequestPDU.payload)
# FIPS is not implemented, so remove this flag if it's set
rdpClientDataPDU.securityData.encryptionMethods &= ~EncryptionMethod.ENCRYPTION_FIPS
rdpClientDataPDU.securityData.extEncryptionMethods &= ~EncryptionMethod.ENCRYPTION_FIPS
if self.state.config.downgrade:
# This disables the support for the Graphics pipeline extension, which is a completely different way to
# transfer graphics from server to client. https://msdn.microsoft.com/en-us/library/dn366933.aspx
rdpClientDataPDU.coreData.earlyCapabilityFlags &= ~ClientCapabilityFlag.RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL
# Remove 24bpp and 32bpp support, fall back to 16bpp.
# 2018-12-14: This is only there because there is a bug in the pyrdp player where 24bpp
# decompression in rle.c causes random crashes. If this bug is fixed, we could remove this.
rdpClientDataPDU.coreData.supportedColorDepths &= ~SupportedColorDepth.RNS_UD_32BPP_SUPPORT
rdpClientDataPDU.coreData.supportedColorDepths &= ~SupportedColorDepth.RNS_UD_24BPP_SUPPORT
rdpClientDataPDU.coreData.highColorDepth &= ~HighColorDepth.HIGH_COLOR_24BPP
if rdpClientDataPDU.coreData.highColorDepth == 0:
# Means the requested color depth was 24bpp, fallback to 16bpp
rdpClientDataPDU.coreData.highColorDepth |= HighColorDepth.HIGH_COLOR_16BPP
rdpClientDataPDU.coreData.earlyCapabilityFlags &= ~ClientCapabilityFlag.RNS_UD_CS_WANT_32BPP_SESSION
self.recorder.record(rdpClientDataPDU, PlayerPDUType.CLIENT_DATA)
if rdpClientDataPDU.networkData:
self.state.channelDefinitions = rdpClientDataPDU.networkData.channelDefinitions
if "MS_T120" in map(
lambda channelDef: channelDef.name,
rdpClientDataPDU.networkData.channelDefinitions):
self.log.info(
"Bluekeep (CVE-2019-0708) scan or exploit attempt detected.",
{"bluekeep": True})
serverGCCPDU = GCCConferenceCreateRequestPDU(
"1", rdpClientConnectionParser.write(rdpClientDataPDU))
serverMCSPDU = MCSConnectInitialPDU(pdu.callingDomain,
pdu.calledDomain, pdu.upward,
pdu.targetParams, pdu.minParams,
pdu.maxParams,
gccParser.write(serverGCCPDU))
self.log.info(
"Client hostname %(clientName)s",
{"clientName": rdpClientDataPDU.coreData.clientName.strip("\x00")})
self.server.sendPDU(serverMCSPDU)
def sendConnectInitial(self,
payload=b"",
callingDomain=b"\x01",
calledDomain=b"\x01",
upward=True,
targetParams=MCSDomainParams.createTarget(34, 2),
minParams=MCSDomainParams.createMinimum(),
maxParams=MCSDomainParams.createMaximum()):
pdu = MCSConnectInitialPDU(callingDomain, calledDomain, upward,
targetParams, minParams, maxParams, payload)
self.sendPDU(pdu)
def parseConnectInitial(self, stream: BytesIO) -> MCSConnectInitialPDU:
"""
Parse a Connect Initial PDU
:param stream: stream containing the data
"""
_length = ber.readLength(stream)
callingDomain = ber.readOctetString(stream)
calledDomain = ber.readOctetString(stream)
upward = ber.readBoolean(stream)
targetParams = self.parseDomainParams(stream)
minParams = self.parseDomainParams(stream)
maxParams = self.parseDomainParams(stream)
payload = ber.readOctetString(stream)
return MCSConnectInitialPDU(callingDomain, calledDomain, upward, targetParams, minParams, maxParams, payload)
def send(self, data):
pdu = MCSConnectInitialPDU(self.callingDomain, self.calledDomain,
self.upward, self.targetParams,
self.minParams, self.maxParams, data)
self.mcs.sendPDU(pdu)