add support for ultra-ms-logon-2 authentication

[rgl]

this will add support for the ultra-ms-logon-2 authentication used in ultravnc, but right now its really a plea for your help! :-)

the code is still pretty much in PoC mode (but works) until we figure out why the Go DES implementation does not generate the same cipher-text as the code in ultravnc/tightvnc.

to make it work I had to take a detour and use the actual code from vnc... BUT I'm scratching my head on why the normal DES implementation (from Go) does not work. Do you known why?

The code that should have worked is commented:

func encrypt(cipherTextLength int, plainText []byte, key []byte) ([]byte, error) {
	out, err := exec.Command(
		"./ultra-ms-logon-2-encrypt",
		hex.EncodeToString(key),
		strconv.Itoa(cipherTextLength),
		string(plainText)).Output()
	if err != nil {
		return nil, err
	}
	return hex.DecodeString(strings.TrimSpace(string(out)))

	// XXX so the following code should have worked... but the vnc des
	//     implementation does not seem to be standard... so I had to
	//	   create an external application that uses the same C code as
	//     TightVNC/UltraVNC and that works... any idea why?
	// // create zero-padded slice.
	// cipherText := make([]byte, cipherTextLength)
	// copy(cipherText, plainText)

	// block, err := des.NewCipher(key)
	// if err != nil {
	// 	return nil, err
	// }

	// mode := cipher.NewCBCEncrypter(block, key)
	// mode.CryptBlocks(cipherText, cipherText)

	// return cipherText, nil
}

once this is cleared up I think we have enough to write this down on @rfbproto and implement it in vnc2video and noVNC.

can you also have a look at https://github.com/novnc/noVNC/issues/1197? There, I'm also trying to document the ultra-ms-logon-2 authentication and implement it in noVNC.

[amitbet]

Is the ultra vnc the only implementation for this auth method? If you can find a second implementation, maybe in a different language, it may be easier to follow. Abot the des alg, there are some parameters that initialize the enc, like IV, salt, etc. Which can explain the differences, to get the same output everything has to be setup exactly the same..

On Wed, Feb 6, 2019, 21:57 Rui Lopes <[email protected] wrote:

this will add support for the ultra-ms-logon-2 authentication used in ultravnc, but right now its really a plea for your help! :-)

the code is still pretty much in PoC mode (but works) until we figure out why the Go DES implementation does not generate the same cipher-text as the code in ultravnc/tightvnc.

to make it work I had to take a detour and use the actual code from vnc... BUT I'm scratching my head on why the normal DES implementation (from Go) does not work. Do you known why?

The code that should have worked https://github.com/rgl/vnc2video/commit/06bfc06929d47aee1cabcc497f2053784fff072c#diff-55103b8d471ccd5af796f97a27033629R150 is commented:

func encrypt(cipherTextLength int, plainText []byte, key []byte) ([]byte, error) { out, err := exec.Command( "./ultra-ms-logon-2-encrypt", hex.EncodeToString(key), strconv.Itoa(cipherTextLength), string(plainText)).Output() if err != nil { return nil, err } return hex.DecodeString(strings.TrimSpace(string(out)))

// XXX so the following code should have worked... but the vnc des // implementation does not seem to be standard... so I had to // create an external application that uses the same C code as // TightVNC/UltraVNC and that works... any idea why? // // create zero-padded slice. // cipherText := make([]byte, cipherTextLength) // copy(cipherText, plainText)

// block, err := des.NewCipher(key) // if err != nil { // return nil, err // }

// mode := cipher.NewCBCEncrypter(block, key) // mode.CryptBlocks(cipherText, cipherText)

// return cipherText, nil }

once this is cleared up I think we have enough to write this down on @rfbproto https://github.com/rfbproto and implement it in vnc2video and noVNC.

can you also have a look at novnc/noVNC#1197 https://github.com/novnc/noVNC/issues/1197? There, I'm also trying to document the ultra-ms-logon-2 authentication and implement it in noVNC.

You can view, comment on, or merge this pull request online at:

https://github.com/amitbet/vnc2video/pull/1 Commit Summary

• add support for ultra-ms-logon-2 authentication WIP https://github.com/novnc/noVNC/issues/1197

File Changes

• D example/client/debug https://github.com/amitbet/vnc2video/pull/1/files#diff-0 (0)
• M example/client/main.go https://github.com/amitbet/vnc2video/pull/1/files#diff-1 (5)
• A example/client/ultra-ms-logon-2-encrypt/Makefile https://github.com/amitbet/vnc2video/pull/1/files#diff-2 (27)
• A example/client/ultra-ms-logon-2-encrypt/README.md https://github.com/amitbet/vnc2video/pull/1/files#diff-3 (24)
• A example/client/ultra-ms-logon-2-encrypt/d3des.c https://github.com/amitbet/vnc2video/pull/1/files#diff-4 (434)
• A example/client/ultra-ms-logon-2-encrypt/d3des.h https://github.com/amitbet/vnc2video/pull/1/files#diff-5 (59)
• A example/client/ultra-ms-logon-2-encrypt/main.c https://github.com/amitbet/vnc2video/pull/1/files#diff-6 (52)
• M security.go https://github.com/amitbet/vnc2video/pull/1/files#diff-7 (13)
• A security_ultra_ms_auto_logon_2.go https://github.com/amitbet/vnc2video/pull/1/files#diff-8 (175)

Patch Links:

• https://github.com/amitbet/vnc2video/pull/1.patch
• https://github.com/amitbet/vnc2video/pull/1.diff

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/amitbet/vnc2video/pull/1, or mute the thread https://github.com/notifications/unsubscribe-auth/AC7XAD4XufaANqh0_H4s8fxQcbq1z9i9ks5vKzOLgaJpZM4al_eN .