Re: [cifs-protocol] backup protocol
Thanks Matthieu! Someone from my team will get in touch with you shortly. Thanks and regards, Sebastian Sebastian Canevari Escalation Engineer, US-CSSĀ DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 Las Colinas - LC2 Tel: +1 469 775 7849 e-mail: seba...@microsoft.com -Original Message- From: Matthieu Patou [mailto:m...@samba.org] Sent: Tuesday, September 21, 2010 8:56 PM To: cifs-proto...@samba.org; Interoperability Documentation Help Cc: Darryl Welch Subject: backup protocol Hello dochelp, I would like to have some confirmation on backup protocol, here is the dump as the samba server will receive it from a windows client to unwrap a secret. ./bin/ndrdump backupkey bkrp_BackupKey_debug in ~/workspace/samba/tcpdump/bkrp/bkrp_in pull returned NT_STATUS_OK WARNING! 52 unread bytes [] 8A E3 13 71 02 F4 36 71 02 40 28 00 30 7C DE 3D ...q..6q .@(.0|.= [0010] 5D 16 D1 11 AB 8F 00 80 5F 14 DB 40 01 00 00 00 ]... _...@ [0020] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .].. +.H` [0030] 02 00 00 00 bkrp_BackupKey_debug: struct bkrp_BackupKey in: struct bkrp_BackupKey guidActionAgent : * guidActionAgent : 47270c64-2fc7-499b-ac5b-0e37cdce899a data_in : * data_in: struct bkrp_client_side_wrapped version : 0x0002 (2) encrypted_secret_len : 0x0100 (256) access_check_len : 0x0058 (88) guid : a1dc8bbd-743f-473e-8d00-0a4742df76bd encrypted_secret: ARRAY(256) [0] : 0x30 (48) [1] : 0xe5 (229) [2] : 0x9a (154) [3] : 0x15 (21) [4] : 0x1b (27) [5] : 0x59 (89) [6] : 0xb8 (184) [7] : 0x1e (30) [8] : 0xb6 (182) [9] : 0xb8 (184) [10] : 0x2a (42) [11] : 0xd0 (208) [12] : 0x9f (159) [13] : 0x30 (48) [14] : 0xaa (170) [15] : 0xb3 (179) [16] : 0x12 (18) [17] : 0x9a (154) [18] : 0x98 (152) [19] : 0x55 (85) [20] : 0x63 (99) [21] : 0xd2 (210) [22] : 0x11 (17) [23] : 0xe4 (228) [24] : 0x41 (65) [25] : 0x00 (0) [26] : 0xdb (219) [27] : 0x37 (55) [28] : 0x9c (156) [29] : 0xd9 (217) [30] : 0x86 (134) [31] : 0x63 (99) [32] : 0xa1 (161) [33] : 0x30 (48) [34] : 0x1d (29) [35] : 0x8c (140) [36] : 0xf4 (244) [37] : 0x25 (37) [38] : 0x00 (0) [39] : 0x16 (22) [40] : 0xe2 (226) [41] : 0xc1 (193) [42] : 0xb0 (176) [43] : 0x36 (54) [44] : 0x89 (137) [45] : 0x10 (16) [46] : 0x83 (131) [47] : 0x56 (86) [48] : 0xad (173) [49] : 0x8f (143) [50] : 0x0b (11) [51] : 0x11 (17)
Re: [cifs-protocol] backup protocol
Hi Sebastian, I made more investigation this night and after realizing that the guid of the certificate was stored in reverse order in different fields like serialNumber field in the certificate I tried to give a try and reverse the bytes of the blob before trying to decrypt it. And it turns out that I managed to uncrypt the blob when doing so (please see the file secret.cr.decrypted that really looks like an encrypted_secret version 2 struct). I also attached the permuted version of the blob. Can you check and told me if the documentation should state that the encrypted_struct should be reverted. I also think that the documentation should in the behavior notes states that the serialNumber contains the guid of the certificate but in reverse byte order. Regards. Matthieu. On 22/09/2010 20:34, Sebastian Canevari wrote: Thanks Matthieu! Someone from my team will get in touch with you shortly. Thanks and regards, Sebastian Sebastian Canevari Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 Las Colinas - LC2 Tel: +1 469 775 7849 e-mail: seba...@microsoft.com -Original Message- From: Matthieu Patou [mailto:m...@samba.org] Sent: Tuesday, September 21, 2010 8:56 PM To: cifs-proto...@samba.org; Interoperability Documentation Help Cc: Darryl Welch Subject: backup protocol Hello dochelp, I would like to have some confirmation on backup protocol, here is the dump as the samba server will receive it from a windows client to unwrap a secret. ./bin/ndrdump backupkey bkrp_BackupKey_debug in ~/workspace/samba/tcpdump/bkrp/bkrp_in pull returned NT_STATUS_OK WARNING! 52 unread bytes [] 8A E3 13 71 02 F4 36 71 02 40 28 00 30 7C DE 3D ...q..6q .@(.0|.= [0010] 5D 16 D1 11 AB 8F 00 80 5F 14 DB 40 01 00 00 00 ]... _...@ [0020] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .].. +.H` [0030] 02 00 00 00 bkrp_BackupKey_debug: struct bkrp_BackupKey in: struct bkrp_BackupKey guidActionAgent : * guidActionAgent : 47270c64-2fc7-499b-ac5b-0e37cdce899a data_in : * data_in: struct bkrp_client_side_wrapped version : 0x0002 (2) encrypted_secret_len : 0x0100 (256) access_check_len : 0x0058 (88) guid : a1dc8bbd-743f-473e-8d00-0a4742df76bd encrypted_secret: ARRAY(256) [0] : 0x30 (48) [1] : 0xe5 (229) [2] : 0x9a (154) [3] : 0x15 (21) [4] : 0x1b (27) [5] : 0x59 (89) [6] : 0xb8 (184) [7] : 0x1e (30) [8] : 0xb6 (182) [9] : 0xb8 (184) [10] : 0x2a (42) [11] : 0xd0 (208) [12] : 0x9f (159) [13] : 0x30 (48) [14] : 0xaa (170) [15] : 0xb3 (179) [16] : 0x12 (18) [17] : 0x9a (154) [18] : 0x98 (152) [19] : 0x55 (85) [20] : 0x63 (99) [21] : 0xd2 (210) [22] : 0x11 (17) [23] : 0xe4 (228) [24] : 0x41 (65) [25] : 0x00 (0) [26] : 0xdb (219) [27] : 0x37 (55) [28] : 0x9c (156) [29] : 0xd9 (217) [30] : 0x86 (134) [31] : 0x63 (99) [32] : 0xa1 (161) [33] : 0x30 (48) [34] : 0x1d (29) [35] : 0x8c (140) [36] : 0xf4 (244) [37]
Re: [cifs-protocol] backup protocol
Matthieu, This is good information that narrows the scope of the problem. I will check it and get back to you shortly. Thanks! Hongwei -Original Message- From: Matthieu Patou [mailto:m...@samba.org] Sent: Wednesday, September 22, 2010 1:26 PM To: Sebastian Canevari Cc: cifs-proto...@samba.org; Interoperability Documentation Help; Darryl Welch; Hongwei Sun Subject: Re: backup protocol Hi Sebastian, I made more investigation this night and after realizing that the guid of the certificate was stored in reverse order in different fields like serialNumber field in the certificate I tried to give a try and reverse the bytes of the blob before trying to decrypt it. And it turns out that I managed to uncrypt the blob when doing so (please see the file secret.cr.decrypted that really looks like an encrypted_secret version 2 struct). I also attached the permuted version of the blob. Can you check and told me if the documentation should state that the encrypted_struct should be reverted. I also think that the documentation should in the behavior notes states that the serialNumber contains the guid of the certificate but in reverse byte order. Regards. Matthieu. On 22/09/2010 20:34, Sebastian Canevari wrote: Thanks Matthieu! Someone from my team will get in touch with you shortly. Thanks and regards, Sebastian Sebastian Canevari Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 Las Colinas - LC2 Tel: +1 469 775 7849 e-mail: seba...@microsoft.com -Original Message- From: Matthieu Patou [mailto:m...@samba.org] Sent: Tuesday, September 21, 2010 8:56 PM To: cifs-proto...@samba.org; Interoperability Documentation Help Cc: Darryl Welch Subject: backup protocol Hello dochelp, I would like to have some confirmation on backup protocol, here is the dump as the samba server will receive it from a windows client to unwrap a secret. ./bin/ndrdump backupkey bkrp_BackupKey_debug in ~/workspace/samba/tcpdump/bkrp/bkrp_in pull returned NT_STATUS_OK WARNING! 52 unread bytes [] 8A E3 13 71 02 F4 36 71 02 40 28 00 30 7C DE 3D ...q..6q .@(.0|.= [0010] 5D 16 D1 11 AB 8F 00 80 5F 14 DB 40 01 00 00 00 ]... _...@ [0020] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .].. +.H` [0030] 02 00 00 00 bkrp_BackupKey_debug: struct bkrp_BackupKey in: struct bkrp_BackupKey guidActionAgent : * guidActionAgent : 47270c64-2fc7-499b-ac5b-0e37cdce899a data_in : * data_in: struct bkrp_client_side_wrapped version : 0x0002 (2) encrypted_secret_len : 0x0100 (256) access_check_len : 0x0058 (88) guid : a1dc8bbd-743f-473e-8d00-0a4742df76bd encrypted_secret: ARRAY(256) [0] : 0x30 (48) [1] : 0xe5 (229) [2] : 0x9a (154) [3] : 0x15 (21) [4] : 0x1b (27) [5] : 0x59 (89) [6] : 0xb8 (184) [7] : 0x1e (30) [8] : 0xb6 (182) [9] : 0xb8 (184) [10] : 0x2a (42) [11] : 0xd0 (208) [12] : 0x9f (159) [13] : 0x30 (48) [14] : 0xaa (170) [15] : 0xb3 (179) [16] : 0x12 (18) [17] : 0x9a (154) [18] : 0x98 (152) [19] : 0x55 (85) [20] : 0x63 (99) [21] : 0xd2 (210) [22] : 0x11 (17) [23] : 0xe4 (228) [24] : 0x41 (65) [25] : 0x00 (0) [26] : 0xdb (219) [27] : 0x37 (55) [28] : 0x9c (156) [29] : 0xd9 (217)
[cifs-protocol] backup protocol
Hello dochelp, I would like to have some confirmation on backup protocol, here is the dump as the samba server will receive it from a windows client to unwrap a secret. ./bin/ndrdump backupkey bkrp_BackupKey_debug in ~/workspace/samba/tcpdump/bkrp/bkrp_in pull returned NT_STATUS_OK WARNING! 52 unread bytes [] 8A E3 13 71 02 F4 36 71 02 40 28 00 30 7C DE 3D ...q..6q .@(.0|.= [0010] 5D 16 D1 11 AB 8F 00 80 5F 14 DB 40 01 00 00 00 ]... _...@ [0020] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .].. +.H` [0030] 02 00 00 00 bkrp_BackupKey_debug: struct bkrp_BackupKey in: struct bkrp_BackupKey guidActionAgent : * guidActionAgent : 47270c64-2fc7-499b-ac5b-0e37cdce899a data_in : * data_in: struct bkrp_client_side_wrapped version : 0x0002 (2) encrypted_secret_len : 0x0100 (256) access_check_len : 0x0058 (88) guid : a1dc8bbd-743f-473e-8d00-0a4742df76bd encrypted_secret: ARRAY(256) [0] : 0x30 (48) [1] : 0xe5 (229) [2] : 0x9a (154) [3] : 0x15 (21) [4] : 0x1b (27) [5] : 0x59 (89) [6] : 0xb8 (184) [7] : 0x1e (30) [8] : 0xb6 (182) [9] : 0xb8 (184) [10] : 0x2a (42) [11] : 0xd0 (208) [12] : 0x9f (159) [13] : 0x30 (48) [14] : 0xaa (170) [15] : 0xb3 (179) [16] : 0x12 (18) [17] : 0x9a (154) [18] : 0x98 (152) [19] : 0x55 (85) [20] : 0x63 (99) [21] : 0xd2 (210) [22] : 0x11 (17) [23] : 0xe4 (228) [24] : 0x41 (65) [25] : 0x00 (0) [26] : 0xdb (219) [27] : 0x37 (55) [28] : 0x9c (156) [29] : 0xd9 (217) [30] : 0x86 (134) [31] : 0x63 (99) [32] : 0xa1 (161) [33] : 0x30 (48) [34] : 0x1d (29) [35] : 0x8c (140) [36] : 0xf4 (244) [37] : 0x25 (37) [38] : 0x00 (0) [39] : 0x16 (22) [40] : 0xe2 (226) [41] : 0xc1 (193) [42] : 0xb0 (176) [43] : 0x36 (54) [44] : 0x89 (137) [45] : 0x10 (16) [46] : 0x83 (131) [47] : 0x56 (86) [48] : 0xad (173) [49] : 0x8f (143) [50] : 0x0b (11) [51] : 0x11 (17) [52] : 0x60 (96) [53] : 0x20 (32) [54] : 0xc4 (196) [55] : 0x07 (7) [56] : 0x81 (129) [57] : 0x77 (119) [58] : 0xc1 (193) [59] : 0xd4 (212) [60] : 0x95 (149)
