From 15f5fc0c712baa844d2e887cc5499e082f2fc122 Mon Sep 17 00:00:00 2001 From: speyrefitte Date: Wed, 23 Oct 2013 18:46:58 +0200 Subject: [PATCH] gcc calibration --- rdpy/main.py | 6 ++-- rdpy/protocol/network/type.py | 22 ++++++++++++ rdpy/protocol/rdp/gcc.py | 63 +++++++++++++++++++++++++++-------- rdpy/protocol/rdp/mcs.py | 3 +- rdpy/protocol/rdp/per.py | 10 +++--- rdpy/protocol/rdp/tpdu.py | 8 +++-- 6 files changed, 86 insertions(+), 26 deletions(-) diff --git a/rdpy/main.py b/rdpy/main.py index 1c22f64..f02e20e 100644 --- a/rdpy/main.py +++ b/rdpy/main.py @@ -31,7 +31,7 @@ if __name__ == '__main__': #w.show() from twisted.internet import reactor #reactor.connectTCP("127.0.0.1", 5901, factory.RfbFactory(protocol)) - reactor.connectTCP("192.168.1.90", 3389, factory.RfbFactory(tpkt.TPKT(tpdu.TPDU(mcs.MCS())))) - #reactor.connectTCP("192.168.56.1", 3389, factory.RfbFactory(tpkt.TPKT(tpdu.TPDU(mcs.MCS())))) + #reactor.connectTCP("192.168.1.90", 3389, factory.RfbFactory(tpkt.TPKT(tpdu.TPDU(mcs.MCS())))) + reactor.connectTCP("192.168.135.73", 3389, factory.RfbFactory(tpkt.TPKT(tpdu.TPDU(mcs.MCS())))) reactor.run() - sys.exit(app.exec_()) \ No newline at end of file + #sys.exit(app.exec_()) \ No newline at end of file diff --git a/rdpy/protocol/network/type.py b/rdpy/protocol/network/type.py index 42f25dc..aa5cd2f 100644 --- a/rdpy/protocol/network/type.py +++ b/rdpy/protocol/network/type.py @@ -392,6 +392,28 @@ class String(Type): ''' return len(self._value) +class UniString(String): + ''' + string with unicode representation + ''' + def write(self, s): + ''' + separate each char with null char + and end with double null char + @param s: Stream + ''' + for c in self._value: + s.writeType(UInt8(ord(c))) + s.writeType(UInt8(0)) + s.writeType(UInt16Le(0)) + + def __sizeof__(self): + ''' + return len of uni string + @return: 2*len + 2 + ''' + return len(self._value) * 2 + 2 + class Stream(StringIO): ''' diff --git a/rdpy/protocol/rdp/gcc.py b/rdpy/protocol/rdp/gcc.py index 720dd59..aa13e2d 100644 --- a/rdpy/protocol/rdp/gcc.py +++ b/rdpy/protocol/rdp/gcc.py @@ -4,9 +4,12 @@ @contact: http://msdn.microsoft.com/en-us/library/cc240510.aspx ''' from rdpy.utils.const import ConstAttributes -from rdpy.protocol.network.type import UInt8, UInt32Le, UInt16Le, String, Stream, CompositeType, sizeof +from rdpy.protocol.network.type import * import per +t124_02_98_oid = ( 0, 0, 20, 124, 0, 1 ) +h221_cs_key = "Duca"; +h221_sc_key = "McDn"; @ConstAttributes class ServerToClientMessage(object): @@ -97,6 +100,21 @@ class Version(object): RDP_VERSION_4 = UInt32Le(0x00080001) RDP_VERSION_5_PLUS = UInt32Le(0x00080004) +@ConstAttributes +class Sequence(object): + RNS_UD_SAS_DEL = UInt16Le(0xAA03) + +@ConstAttributes +class Encryption(object): + ''' + encryption method supported + @deprecated: because rdpy use ssl but need to send to server... + ''' + ENCRYPTION_FLAG_40BIT = UInt32Le(0x00000001) + ENCRYPTION_FLAG_128BIT = UInt32Le(0x00000002) + ENCRYPTION_FLAG_56BIT = UInt32Le(0x00000008) + FIPS_ENCRYPTION_FLAG = UInt32Le(0x00000010) + class ClientCoreSettings(CompositeType): ''' @@ -107,21 +125,21 @@ class ClientCoreSettings(CompositeType): self.rdpVersion = Version.RDP_VERSION_5_PLUS self.desktopWidth = UInt16Le(800) self.desktopHeight = UInt16Le(600) - self.padding1 = (UInt16Le(), UInt16Le()) + self.colorDepth = ColorDepth.RNS_UD_COLOR_8BPP + self.sasSequence = Sequence.RNS_UD_SAS_DEL self.kbdLayout = UInt32Le(0x409) self.clientBuild = UInt32Le(2100) - self.clientName = String("\x00"*64) - self.padding2 = UInt16Le() + self.clientName = UniString("rdpy" + "\x00"*11) self.keyboardType = UInt32Le(4) self.keyboardSubType = UInt32Le(0) self.keyboardFnKeys = UInt32Le(12) self.padding3 = String("\x00"*64) - self.postBeta2ColorDepth = ColorDepth.RNS_UD_COLOR_24BPP - self.clientProductId = UInt16Le() + self.postBeta2ColorDepth = ColorDepth.RNS_UD_COLOR_8BPP + self.clientProductId = UInt16Le(1) self.serialNumber = UInt32Le() self.highColorDepth = HighColor.HIGH_COLOR_24BPP - self.supportedColorDepths = Support.RNS_UD_32BPP_SUPPORT - self.earlyCapabilityFlags = UInt16Le() + self.supportedColorDepths = Support.RNS_UD_24BPP_SUPPORT | Support.RNS_UD_15BPP_SUPPORT + self.earlyCapabilityFlags = CapabilityFlags.RNS_UD_CS_SUPPORT_ERRINFO_PDU self.clientDigProductId = String("\x00"*64) self.connectionType = UInt8() self.pad1octet = UInt8() @@ -134,6 +152,16 @@ class ServerCoreSettings(CompositeType): def __init__(self): CompositeType.__init__(self) self.rdpVersion = Version.RDP_VERSION_5_PLUS + +class ClientSecuritySettings(CompositeType): + ''' + client security setting + @deprecated: because we use ssl + ''' + def __init__(self): + CompositeType.__init__(self) + self.encryptionMethods = Encryption.ENCRYPTION_FLAG_128BIT | Encryption.ENCRYPTION_FLAG_40BIT | Encryption.ENCRYPTION_FLAG_56BIT | Encryption.FIPS_ENCRYPTION_FLAG + self.extEncryptionMethods = UInt32Le() class Channel(object): ''' @@ -158,10 +186,7 @@ class ClientSettings(object): self.core = ClientCoreSettings() #list of Channel read network gcc packet self.networkChannels = [] - -t124_02_98_oid = ( 0, 0, 20, 124, 0, 1 ) -h221_cs_key = "Duca"; -h221_sc_key = "McDn"; + self.security = ClientSecuritySettings() def writeConferenceCreateRequest(settings): ''' @@ -186,7 +211,9 @@ def writeClientDataBlocks(settings): and return gcc valid structure @param settings: ClientSettings ''' - return (writeClientCoreData(settings.core), writeClientNetworkData(settings.networkChannels)) + return (writeClientCoreData(settings.core), + writeClientNetworkData(settings.networkChannels), + writeClientSecurityData(settings.security)) def writeClientCoreData(core): ''' @@ -196,6 +223,14 @@ def writeClientCoreData(core): ''' return (ClientToServerMessage.CS_CORE, UInt16Le(sizeof(core) + 4), core) +def writeClientSecurityData(security): + ''' + write security header block and security structure + @param security: ClientSecuritySettings + @return: gcc client security data + ''' + return (ClientToServerMessage.CS_SECURITY, UInt16Le(sizeof(security) + 4), security) + def writeClientNetworkData(channels): ''' write network packet whith channels infos @@ -207,7 +242,7 @@ def writeClientNetworkData(channels): result = [] result.append(UInt32Le(len(channels))) for channel in channels: - result.append((String(channel.name[0:8]), UInt32Le(channel.options))) + result.append((String(channel.name[0:8] + "\x00" * (8 - len(channel.name))), UInt32Le(channel.options))) resultPacket = tuple(result) return (ClientToServerMessage.CS_NET, UInt16Le(sizeof(resultPacket) + 4), resultPacket) diff --git a/rdpy/protocol/rdp/mcs.py b/rdpy/protocol/rdp/mcs.py index 0e93b62..a259ea2 100644 --- a/rdpy/protocol/rdp/mcs.py +++ b/rdpy/protocol/rdp/mcs.py @@ -61,7 +61,8 @@ class MCS(LayerAutomata): ccReqStream.writeType(ccReq) tmp = (ber.writeOctetstring("\x01"), ber.writeOctetstring("\x01"), ber.writeBoolean(True), - self.writeDomainParams(34, 2, 0, 0xffff),self.writeDomainParams(1, 1, 1, 0x420), + self.writeDomainParams(34, 2, 0, 0xffff), + self.writeDomainParams(1, 1, 1, 0x420), self.writeDomainParams(0xffff, 0xfc17, 0xffff, 0xffff), ber.writeOctetstring(ccReqStream.getvalue())) self._transport.send((ber.writeApplicationTag(Message.MCS_TYPE_CONNECT_INITIAL, sizeof(tmp)), tmp)) diff --git a/rdpy/protocol/rdp/per.py b/rdpy/protocol/rdp/per.py index 77aee58..a36ad97 100644 --- a/rdpy/protocol/rdp/per.py +++ b/rdpy/protocol/rdp/per.py @@ -139,7 +139,7 @@ def writeInteger(value): else: return (writeLength(4), UInt32Be(value)) -def readInteger16(s, minimum): +def readInteger16(s, minimum = 0): ''' read UInt16Be from stream s and add minimum @param s: Stream @@ -150,7 +150,7 @@ def readInteger16(s, minimum): s.readType(result) return result.value + minimum -def writeInteger16(value, minimum): +def writeInteger16(value, minimum = 0): ''' write UInt16Be minus minimum @param value: value to write @@ -190,9 +190,9 @@ def writeObjectIdentifier(oid): ''' create tuble of 6 UInt8 with oid values @param oid: tuple of 6 int - @return: (UInt8, UInt8, UInt8, UInt8, UInt8, UInt8) + @return: (UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8) ''' - return (UInt8(oid[0] << 4 | oid[1] & 0x0f), UInt8(oid[2]), UInt8(oid[3]), UInt8(oid[4]), UInt8(oid[5])) + return (UInt8(5), UInt8(oid[0] << 4 | oid[1] & 0x0f), UInt8(oid[2]), UInt8(oid[3]), UInt8(oid[4]), UInt8(oid[5])) def writeNumericString(nStr, minValue): ''' @@ -239,7 +239,7 @@ def writePadding(length): ''' return String("\x00"*length) -def readOctetStream(s, octetStream, minValue): +def readOctetStream(s, octetStream, minValue = 0): ''' read string as octet stream and compare with octetStream @param octetStream: compare stream diff --git a/rdpy/protocol/rdp/tpdu.py b/rdpy/protocol/rdp/tpdu.py index d744cf6..b107166 100644 --- a/rdpy/protocol/rdp/tpdu.py +++ b/rdpy/protocol/rdp/tpdu.py @@ -53,7 +53,7 @@ class Negotiation(CompositeType): ''' def __init__(self, protocol = Protocols.PROTOCOL_SSL): CompositeType.__init__(self) - self.padding = UInt8() + self.flag = UInt8(0) #always 8 self.len = UInt16Le(0x0008) self.protocol = protocol @@ -96,7 +96,7 @@ class TPDU(LayerAutomata): if data.dataLen() == 8: self.readNeg(data) else: - raise NegotiationFailure("server doesn't support SSL negotiation on RDP") + raise NegotiationFailure("server doesn't support SSL") self.setNextState(self.recvData) #connection is done send to presentation @@ -104,6 +104,8 @@ class TPDU(LayerAutomata): def recvData(self, data): print "TPDU data" + from rdpy.protocol.network.type import hexDump + hexDump(data.getvalue()) def sendConnectionRequest(self): ''' @@ -138,7 +140,7 @@ class TPDU(LayerAutomata): ''' read negotiation failure packet ''' - pass + print "Negotiation failure" def readNegResp(self, data): '''