tags:

views:

186

answers:

1
Q: 

Using CryptoAPI to generate ascii cipher text.

Specifically what i'm trying to do is Generate a PassStub field for a Remote Assistance ticket. The problem is that my results look like binary data but somehow Microsoft generates printable characters.

In [MS-RAI]: Remote Assistance Initiation Protocol Specification <16> Section 6: Microsoft says that the "PassStub" field "is encrypted using PROV_RSA_FULL predefined Cryptographic provider with MD5 hashing and CALG_RC4, the RC4 stream encryption algorithm."

There is a data flow diagram here: http://msdn.microsoft.com/en-us/library/cc240189(PROT.10).aspx#id16

The diagram shows the hashed password being encrypted with a "RA SessionID" which looks like this: u0RIQibSMntm0wAHQZ2mhatI63sjMjX15kh/vnciytOix8z6w+36B01OiJoB5uYe

When I call CryptEncrypt the result is binary data about the length of the SessionID. Microsoft somehow gets something that looks like this: "Po^1BiNrHBvHGP"

Here is the code i'm trying to use to do this:

HCRYPTPROV hCryptProv;
HCRYPTKEY hKey;
HCRYPTHASH hHash;
BOOL bret=0;

passwordlen = SysStringByteLen(L"password");
    char RASessionID[] = "u0RIQibSMntm0wAHQZ2mhatI63sjMjX15kh/vnciytOix8z6w+36B01OiJoB5uYe";

//----------------------------------------------------------------
// Acquire a cryptographic provider context handle.
if(!CryptAcquireContext(&hCryptProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0))
{
    return FALSE;
}
//----------------------------------------------------------------
// Create an empty hash object.
if(!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash))
{
    return FALSE;
}
if(!CryptHashData(hHash, (BYTE *)bpassword, passwordlen, 0))
{
    return FALSE;
}

//----------------------------------------------------------------
// Create a session key based on the hash of the password.
if(!CryptDeriveKey(hCryptProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hKey))
{
    return FALSE;
}

DWORD rasessionidlen = strlen(rasessionid);
char* proxystub = (char*)malloc(rasessionidlen*2);
strcpy(proxystub, rasessionid);
bret = CryptEncrypt(hKey, NULL, TRUE, 0, (BYTE*)proxystub, &rasessionidlen, rasessionidlen*2);
return bret;
+1  A: 

The "RA SessionID" looks like it is base64-encoded. My guess would be that the pass-stub is base64-encoded too - except that your example: "Po^1BiNrHBvHGP" is too short and contains a ^. Is that a real example?

You might also need to base64-decode the RA Session ID before feeding it to CryptEncrypt.

Rasmus Faber  2010-01-22 19:18:38
It does look base64 encoded, but the diagram in the link in the question mentions hex encoding aka base-16 encoding.
GregS  2010-01-23 02:00:29
I can only see the hex encoding in the Vista/Server 2008/Windows 7-diagram. That uses AES instead of RC4, so I don't think that is what he is trying to implement.
Rasmus Faber  2010-01-23 06:07:47
Yes the ^ is part of it, which is why this is interesting. If you create a remote assistance ticket file and look at it you'll see what i'm talking about.
Jon Clegg  2010-01-24 17:40:13

related questions

Direct3D over Remote Desktop
Looking for software to remotely control iTunes from PC
java.net versus java.nio
mysql import sql via cli from remote server
How can I automate running commands remotely over SSH?
Is an SSH tunnel through Citrix Client possible?
Best way to run remote commands on a Windows server from Java?
How do I make git-svn use a particular svn branch as the remote repository?
Check out from a remote SVN repository TO a remote location?
Remote print module in Java
How do I put a File (Excel) online (Apache Server) with Password Protection but with the Option for Users to alter the File and save the changes?
How do I setup remote debugging from scratch for an Asp.Net app
How do you remotely update Java applications?
Free (affordable) remote web based administration for Windows/IIS?
What is the best way to connect remotely to a mac
Agile development in a distributed team
debug an embedded system containing gdb remotely using some kind of gui.
Remote Linux server to remote linux server dir copy. How?
continuous integration web service
Remote debugging an NT application from XP with Visual Studio 6.0
Can you pair program remotely?
Remote debugging accross domains
How can I prevent a server from becoming locked after a Remote Desktop session
Geographically Distributed Development
How do I access a remote form in php?