From 920e067527820318c59dd5152a0d26c632552a0e Mon Sep 17 00:00:00 2001 From: "Steinar H. Gunderson" Date: Sun, 6 Feb 2005 00:08:41 +0000 Subject: [PATCH] Process presented licenses, and generate RC4 keys. --- Makefile | 2 +- licence.c | 64 +++++++++++++++++++++++++++++++++++++++++++++ secure.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 licence.c diff --git a/Makefile b/Makefile index e49a400..c71c0a7 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ CFLAGS=-g -Wall LIBS=-lssl all: rdpsrv protodiff -OBJS=rdpsrv.o iso.o tcp.o util.o mcs.o secure.o channels.o rdp.o +OBJS=rdpsrv.o iso.o tcp.o util.o mcs.o secure.o channels.o rdp.o licence.o OBJS_PROTODIFF=protodiff.o tcp.o util.o rdpsrv: $(OBJS) diff --git a/licence.c b/licence.c new file mode 100644 index 0000000..f862ecd --- /dev/null +++ b/licence.c @@ -0,0 +1,64 @@ +/* + rdesktop: A Remote Desktop Protocol client. + RDP licensing negotiation + Copyright (C) Matthew Chapman 1999-2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "rdesktop.h" + +#include + +extern char g_username[16]; +extern char hostname[16]; + +static uint8 g_licence_key[16]; +static uint8 g_licence_sign_key[16]; + +BOOL g_licence_issued = False; + +/* Generate a session key and RC4 keys, given client and server randoms */ +void +licence_generate_keys(uint8 * client_key, uint8 * server_key, uint8 * client_rsa) +{ + uint8 session_key[48]; + uint8 temp_hash[48]; + + /* Generate session key - two rounds of sec_hash_48 */ + sec_hash_48(temp_hash, client_rsa, client_key, server_key, 65); + sec_hash_48(session_key, temp_hash, server_key, client_key, 65); + + /* Store first 16 bytes of session key, for generating signatures */ + memcpy(g_licence_sign_key, session_key, 16); + + /* Generate RC4 key */ + sec_hash_16(g_licence_key, &session_key[16], client_key, server_key); + + { + int i; + + printf("g_license_key:\n"); + for (i = 0; i < 16; ++i) + printf(" 0x%02x", g_licence_key[i]); + printf("\n"); + + printf("g_license_sign_key:\n"); + for (i = 0; i < 16; ++i) + printf(" 0x%02x", g_licence_sign_key[i]); + printf("\n"); + } +} + diff --git a/secure.c b/secure.c index 573b77d..a52a134 100644 --- a/secure.c +++ b/secure.c @@ -739,8 +739,74 @@ unsigned char demand_license[] = { 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x41, 0x00, 0x30, 0x00, 0x32, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0xf6, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00 + 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00 }; +unsigned char authreq_license[] = { + 0x02, 0x03, 0x26, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x0a, 0x00, 0x37, 0x58, 0x0f, 0xc6, + 0x59, 0xfb, 0x03, 0xb2, 0x2a, 0xb7, 0xfa, 0x65, 0xac, 0x02, 0x8d, 0x8b, 0xda, 0xf7, 0xc5, 0x20, + 0x1b, 0xe3, 0x65, 0x26, 0xc4, 0x6a +}; +unsigned char result_license[] = { + 0xff, 0x03, 0x10, 0x00, 0x08, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x6a, 0xbd, 0x00, 0x00 +}; + +#define EXPECT8(value) { in_uint8(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); } +#define EXPECT16(value) { in_uint16_le(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); } +#define EXPECT32(value) { in_uint32_le(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); } + +void +process_presented_license(STREAM s) +{ + unsigned char client_license_random[SEC_RANDOM_SIZE]; + unsigned char client_license_rsa_data[SEC_MODULUS_SIZE]; + + uint16 length, license_size; + uint32 unknown; + uint8 *license, hwid[LICENCE_HWID_SIZE], signature[LICENCE_SIGNATURE_SIZE]; + int i; + + EXPECT8(2); // version + in_uint16_le(s, length); + + EXPECT32(1); // unknown + EXPECT16(0); + EXPECT16(0x0201); + + in_uint8a(s, client_license_random, SEC_RANDOM_SIZE); + EXPECT16(0); + EXPECT16(SEC_MODULUS_SIZE + SEC_PADDING_SIZE); + in_uint8a(s, client_license_rsa_data, SEC_MODULUS_SIZE); + in_uint8s(s, SEC_PADDING_SIZE); + + EXPECT16(1); + in_uint16_le(s, license_size); + + license = (uint8 *)xmalloc(license_size); + in_uint8a(s, license, license_size); + + printf("Received license:\n"); + for (i = 0; i < license_size; ++i) + printf(" 0x%02x", license[i]); + printf("\n"); + + EXPECT16(1); + EXPECT16(LICENCE_HWID_SIZE); + in_uint8a(s, hwid, LICENCE_HWID_SIZE); + + printf("License hardware ID:\n"); + for (i = 0; i < LICENCE_HWID_SIZE; ++i) + printf(" 0x%02x", hwid[i]); + printf("\n"); + + in_uint8a(s, signature, LICENCE_SIGNATURE_SIZE); + + if (!s_check_end(s)) { + printf("Unknown data at the end of presented license!"); + } + + // now we can generate the keys we need + licence_generate_keys(client_license_random, demand_license + 4, client_license_rsa_data); +} /* Receive secure transport packet */ STREAM @@ -766,7 +832,14 @@ sec_recv(void) if (sec_flags & SEC_LICENCE_NEG) { - printf("SEC_LICENSE_NEG unknown\n"); + uint8 tag; + in_uint8(s, tag); + printf("SEC_LICENSE_NEG tag %x\n", tag); + + if (tag == LICENCE_TAG_PRESENT) { + process_presented_license(s); + } + //licence_process(s); continue; } -- 2.39.2