add support for ultra-ms-logon-2 authentication #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Is the ultra vnc the only implementation for this auth method? If you can
find a second implementation, maybe in a different language, it may be
easier to follow. Abot the des alg, there are some parameters that
initialize the enc, like IV, salt, etc. Which can explain the differences,
to get the same output everything has to be setup exactly the same..
…On Wed, Feb 6, 2019, 21:57 Rui Lopes ***@***.*** wrote:
this will add support for the ultra-ms-logon-2 authentication used in
ultravnc, but right now its really a plea for your help! :-)
the code is still pretty much in PoC mode (but works) until we figure out
why the Go DES implementation does not generate the same cipher-text as the
code in ultravnc/tightvnc.
to make it work I had to take a detour and use the actual code from vnc...
BUT I'm scratching my head on why the normal DES implementation (from Go)
does not work. Do you known why?
The code that should have worked
<rgl@06bfc06#diff-55103b8d471ccd5af796f97a27033629R150>
is commented:
func encrypt(cipherTextLength int, plainText []byte, key []byte) ([]byte, error) {
out, err := exec.Command(
"./ultra-ms-logon-2-encrypt",
hex.EncodeToString(key),
strconv.Itoa(cipherTextLength),
string(plainText)).Output()
if err != nil {
return nil, err
}
return hex.DecodeString(strings.TrimSpace(string(out)))
// XXX so the following code should have worked... but the vnc des
// implementation does not seem to be standard... so I had to
// create an external application that uses the same C code as
// TightVNC/UltraVNC and that works... any idea why?
// // create zero-padded slice.
// cipherText := make([]byte, cipherTextLength)
// copy(cipherText, plainText)
// block, err := des.NewCipher(key)
// if err != nil {
// return nil, err
// }
// mode := cipher.NewCBCEncrypter(block, key)
// mode.CryptBlocks(cipherText, cipherText)
// return cipherText, nil
}
once this is cleared up I think we have enough to write this down on
@rfbproto <https://github.com/rfbproto> and implement it in vnc2video and
noVNC.
can you also have a look at novnc/noVNC#1197
<novnc/noVNC#1197>? There, I'm also trying to
document the ultra-ms-logon-2 authentication and implement it in noVNC.
------------------------------
You can view, comment on, or merge this pull request online at:
#1
Commit Summary
- add support for ultra-ms-logon-2 authentication WIP
novnc/noVNC#1197
File Changes
- *D* example/client/debug
<https://github.com/amitbet/vnc2video/pull/1/files#diff-0> (0)
- *M* example/client/main.go
<https://github.com/amitbet/vnc2video/pull/1/files#diff-1> (5)
- *A* example/client/ultra-ms-logon-2-encrypt/Makefile
<https://github.com/amitbet/vnc2video/pull/1/files#diff-2> (27)
- *A* example/client/ultra-ms-logon-2-encrypt/README.md
<https://github.com/amitbet/vnc2video/pull/1/files#diff-3> (24)
- *A* example/client/ultra-ms-logon-2-encrypt/d3des.c
<https://github.com/amitbet/vnc2video/pull/1/files#diff-4> (434)
- *A* example/client/ultra-ms-logon-2-encrypt/d3des.h
<https://github.com/amitbet/vnc2video/pull/1/files#diff-5> (59)
- *A* example/client/ultra-ms-logon-2-encrypt/main.c
<https://github.com/amitbet/vnc2video/pull/1/files#diff-6> (52)
- *M* security.go
<https://github.com/amitbet/vnc2video/pull/1/files#diff-7> (13)
- *A* security_ultra_ms_auto_logon_2.go
<https://github.com/amitbet/vnc2video/pull/1/files#diff-8> (175)
Patch Links:
- https://github.com/amitbet/vnc2video/pull/1.patch
- https://github.com/amitbet/vnc2video/pull/1.diff
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AC7XAD4XufaANqh0_H4s8fxQcbq1z9i9ks5vKzOLgaJpZM4al_eN>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
this will add support for the ultra-ms-logon-2 authentication used in ultravnc, but right now its really a plea for your help! :-)
the code is still pretty much in PoC mode (but works) until we figure out why the Go DES implementation does not generate the same cipher-text as the code in ultravnc/tightvnc.
to make it work I had to take a detour and use the actual code from vnc... BUT I'm scratching my head on why the normal DES implementation (from Go) does not work. Do you known why?
The code that should have worked is commented:
once this is cleared up I think we have enough to write this down on @rfbproto and implement it in vnc2video and noVNC.
can you also have a look at novnc/noVNC#1197? There, I'm also trying to document the ultra-ms-logon-2 authentication and implement it in noVNC.