diff --git a/constants.h b/constants.h index 0614a77..4525db8 100644 --- a/constants.h +++ b/constants.h @@ -94,11 +94,23 @@ enum MCS_PDU_TYPE #define SEC_PADDING_SIZE 8 #define SEC_EXPONENT_SIZE 4 -#define SEC_CLIENT_RANDOM 0x0001 +/* TS_SECURITY_HEADER.flags */ +#define SEC_EXCHANGE_PKT 0x0001 +#define SEC_TRANSPORT_REQ 0x0002 +#define RDP_SEC_TRANSPORT_RSP 0x0004 #define SEC_ENCRYPT 0x0008 -#define SEC_LOGON_INFO 0x0040 -#define SEC_LICENCE_NEG 0x0080 -#define SEC_REDIRECT_ENCRYPT 0x0C00 +#define SEC_RESET_SEQNO 0x0010 +#define SEC_IGNORE_SEQNO 0x0020 +#define SEC_INFO_PKT 0x0040 +#define SEC_LICENSE_PKT 0x0080 +#define SEC_LICENSE_ENCRYPT_CS 0x0200 +#define SEC_LICENSE_ENCRYPT_SC 0x0200 +#define SEC_REDIRECTION_PKT 0x0400 +#define SEC_SECURE_CHECKSUM 0x0800 +#define SEC_AUTODETECT_REQ 0x1000 +#define SEC_AUTODETECT_RSP 0x2000 +#define SEC_HEARTBEAT 0x4000 +#define SEC_FLAGSHI_VALID 0x8000 #define SEC_TAG_SRV_INFO 0x0c01 #define SEC_TAG_SRV_CRYPT 0x0c02 diff --git a/licence.c b/licence.c index 3ee575d..9f7c5bc 100644 --- a/licence.c +++ b/licence.c @@ -63,7 +63,7 @@ static void licence_info(uint8 * client_random, uint8 * rsa_data, uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature) { - uint32 sec_flags = SEC_LICENCE_NEG; + uint32 sec_flags = SEC_LICENSE_PKT; uint16 length = 24 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE + licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE; @@ -103,7 +103,7 @@ licence_info(uint8 * client_random, uint8 * rsa_data, static void licence_send_new_licence_request(uint8 * client_random, uint8 * rsa_data, char *user, char *host) { - uint32 sec_flags = SEC_LICENCE_NEG; + uint32 sec_flags = SEC_LICENSE_PKT; uint16 userlen = strlen(user) + 1; uint16 hostlen = strlen(host) + 1; uint16 length = @@ -192,7 +192,7 @@ licence_process_request(STREAM s) static void licence_send_platform_challange_response(uint8 * token, uint8 * crypt_hwid, uint8 * signature) { - uint32 sec_flags = SEC_LICENCE_NEG; + uint32 sec_flags = SEC_LICENSE_PKT; uint16 length = 58; STREAM s; diff --git a/rdp.c b/rdp.c index 1f7d52a..32fc0f6 100644 --- a/rdp.c +++ b/rdp.c @@ -304,7 +304,7 @@ rdp_send_logon_info(uint32 flags, char *domain, char *user, int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll") + 2; int packetlen = 0; - uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; + uint32 sec_flags = g_encryption ? (SEC_INFO_PKT | SEC_ENCRYPT) : SEC_INFO_PKT; STREAM s; time_t t = time(NULL); time_t tzone; diff --git a/secure.c b/secure.c index c06f2f2..41406ec 100644 --- a/secure.c +++ b/secure.c @@ -374,7 +374,7 @@ static void sec_establish_key(void) { uint32 length = g_server_public_key_len + SEC_PADDING_SIZE; - uint32 flags = SEC_CLIENT_RANDOM; + uint32 flags = SEC_EXCHANGE_PKT; STREAM s; s = sec_init(flags, length + 4); @@ -806,7 +806,8 @@ sec_process_mcs_data(STREAM s) STREAM sec_recv(uint8 * rdpver) { - uint32 sec_flags; + uint16 sec_flags; + uint16 sec_flags_hi; uint16 channel; STREAM s; @@ -826,7 +827,9 @@ sec_recv(uint8 * rdpver) } if (g_encryption || (!g_licence_issued && !g_licence_error_result)) { - in_uint32_le(s, sec_flags); + /* TS_SECURITY_HEADER */ + in_uint16_le(s, sec_flags); + in_uint16_le(s, sec_flags_hi); if (g_encryption) { @@ -836,13 +839,13 @@ sec_recv(uint8 * rdpver) sec_decrypt(s->p, s->end - s->p); } - if (sec_flags & SEC_LICENCE_NEG) + if (sec_flags & SEC_LICENSE_PKT) { licence_process(s); continue; } - if (sec_flags & 0x0400) /* SEC_REDIRECT_ENCRYPT */ + if (sec_flags & SEC_REDIRECTION_PKT) { uint8 swapbyte; @@ -874,7 +877,7 @@ sec_recv(uint8 * rdpver) } else { - if ((sec_flags & 0xffff) == SEC_LICENCE_NEG) + if (sec_flags & SEC_LICENSE_PKT) { licence_process(s); continue;