forked from osmocom/wireshark
packet-dcerpc-netlogon: add expert info to dissect_secchan_verf()
It's good to see where the session key for decryption was learned. Change-Id: I2c18c6367eb60796744a3a4d4330244493c29688 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/36405 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
44c923737f
commit
e091ee5212
|
@ -439,6 +439,8 @@ static expert_field ei_netlogon_session_key = EI_INIT;
|
|||
typedef struct _netlogon_auth_vars {
|
||||
guint64 client_challenge;
|
||||
guint64 server_challenge;
|
||||
md4_pass nthash;
|
||||
int auth_fd_num;
|
||||
guint8 session_key[16];
|
||||
guint8 encryption_key[16];
|
||||
guint8 sequence[16];
|
||||
|
@ -6669,6 +6671,8 @@ netlogon_dissect_netrserverauthenticate023_reply(tvbuff_t *tvb, int offset,
|
|||
memset(session_key,0,16);
|
||||
}
|
||||
if(found) {
|
||||
vars->nthash = *used_md4;
|
||||
vars->auth_fd_num = pinfo->num;
|
||||
memcpy(&vars->session_key,session_key,16);
|
||||
debugprintf("Found the good session key !\n");
|
||||
expert_add_info_format(pinfo, proto_tree_get_parent(tree),
|
||||
|
@ -7973,6 +7977,18 @@ dissect_secchan_verf(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|||
{
|
||||
debugprintf("get seal key returned 0\n");
|
||||
}
|
||||
|
||||
if (vars->can_decrypt) {
|
||||
expert_add_info_format(pinfo, proto_tree_get_parent(subtree),
|
||||
&ei_netlogon_session_key,
|
||||
"Using session key learned in frame %d ("
|
||||
"%02x%02x%02x%02x"
|
||||
") from %s",
|
||||
vars->auth_fd_num,
|
||||
vars->session_key[0] & 0xFF, vars->session_key[1] & 0xFF,
|
||||
vars->session_key[2] & 0xFF, vars->session_key[3] & 0xFF,
|
||||
vars->nthash.key_origin);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue