I'm writing a program that should simultaneously send and receive special RAW UDP packets. Almost all fields (except MAC-addresses) are filled by myself. And besides that I'm using some fake IP options like: FE 04 01 00 (I've tried different), but the whole IP header is right. So here is an example packet
MACs: 30 85 a9 1f b8 d6 00 25 22 62 22 07 08 00
IP header: 48 00 00 3e 03 d0 00 00 40 11 bb b7 c0 a8 89 a1 c0 a8 89 01
IP options:
fd 04 01 00
fe 08 01 11 1d 15 0a 00
UDP header, payload: c3 50 c3 55 00 1e d7 ce 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 11 22 33 44 55 66 77
Issue
Precondition: windows firewall is disabled and no other firewall is running. On Windows 7 host program is launched with "Run as Administrator".
On Windows XP user is Administrator.
When packet is sent to remote host with Windows XP (LAN), or to the localhost on Windows 7 or Windows XP then it's successfully received(on the remote host or localhost). But if the packet is sent to the remote host with Windows 7 (LAN) then it's rejected by the remote host with ICMP message "Parameter problem". This only can be seen using (for example) Wireshark: sample wireshark capture file
Here's some source code on sending
ressrc = ResolveAddress(srcAddrStr, srcPort, addressFamily, socketType, protocol);
if (ressrc == NULL) {
// handling
}
resdest = ResolveAddress(dstAddrStr, dstPort, ressrc->ai_family, ressrc->ai_socktype, ressrc->ai_protocol);
if (resdest == NULL) {
// handling
}
sendSock = socket(ressrc->ai_family, socketType, ressrc->ai_protocol);
if (sendSock == INVALID_SOCKET) {
// handling
}
int optval = 1;
rc = setsockopt(sendSock, IPPROTO_IP, IP_HDRINCL, (char *)&optval, sizeof(optval));
if (rc == SOCKET_ERROR) {
// handling
}
// packetizing
WSABUF *wbuf = ...
rc = sendto(sendSock, wbuf[0].buf, wbuf[0].len, 0, resdest->ai_addr, resdest->ai_addrlen);
and receiving
ressrc = ResolveAddress(srcAddrStr, NULL, addressFamily, socketType, protocol);
if (ressrc == NULL) {
//handling
}
recvSock = socket(ressrc->ai_family, socketType, ressrc->ai_protocol);
if (recvSock == INVALID_SOCKET) {
//handling
}
rc = bind(recvSock, ressrc->ai_addr, ressrc->ai_addrlen);
if (rc == SOCKET_ERROR) {
//handling
}
while (1)
{
fromlen = sizeof(safrom);
rc = recvfrom(recvSock, buf, MAX_PACKET, 0, (SOCKADDR *)&safrom, &fromlen);
if (rc == SOCKET_ERROR) {
//handling
}
/*
* handling received packet
*/
}
I've tried:
comparing packets received on different hosts (no differences)
putting receiving socket in promiscuous mode using WSAIoctl and ioctlsocket functions
googling, but the only thing I've found about my issue is this topic
What can cause this problem? Should I turn something on/off? Or am I doing wrong something else?
Related
I've stumbled upon a strange problem.
I'm writing a small golang tool, which generates a CSR based on some user-provided input. I'm mostly successful at achieving my goal, but have a problem with ExtendedKeyUsage. Simply put it does not work.
A bit of code with asn1 marshalling of x509 fields:
var oidEmailAddress = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}
var OidExtensionKeyUsage = asn1.ObjectIdentifier{2, 5, 29, 15}
var OidExtensionExtendedKeyUsage = asn1.ObjectIdentifier{2, 5, 29, 37}
asn1KeyUsageDigSig, err := asn1.Marshal(asn1.BitString{
Bytes: []byte{byte(x509.KeyUsageDigitalSignature)},
BitLength: 8,
})
asn1KeyUsageDatEnc, err := asn1.Marshal(asn1.BitString{
Bytes: []byte{byte(x509.KeyUsageDataEncipherment)},
BitLength: 8,
})
asn1KeyUsageCAuth, err := asn1.Marshal(asn1.BitString{
Bytes: []byte{byte(x509.ExtKeyUsageClientAuth)},
BitLength: 8,
})
if err != nil {
Error.Fatalf("Can't serialize Extended Key Usage %s", err)
}
Then I create a template and successful at generating and saving a CSR, well almost:
template := x509.CertificateRequest{
RawSubject: asn1Subj,
EmailAddresses: []string{emailAddress},
SignatureAlgorithm: _sigAlg,
ExtraExtensions: []pkix.Extension{
{
Id: OidExtensionExtendedKeyUsage,
Value: asn1KeyUsageCAuth,
},
{
Id: OidExtensionKeyUsage,
Critical: true,
Value: asn1KeyUsageDatEnc,
},
{
Id: OidExtensionKeyUsage,
Critical: true,
Value: asn1KeyUsageDigSig,
},
},
}
csrBytes, _ := x509.CreateCertificateRequest(rand.Reader, &template, privateKey)
And here is an openssl req -in MY_OUTPUT.csr -text -noout
******
ASN1 OID: prime256v1
NIST CURVE: P-256
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
email:someone#somewhere.com
X509v3 Extended Key Usage:
....
X509v3 Key Usage: critical
Key Agreement
X509v3 Key Usage: critical
Encipher Only
Signature Algorithm: ecdsa-with-SHA256
******
My ExtendedKeyUsage is empty, while it should be ClientAuthentication. What am I doing wrong?
I'm expecting to see:
X509v3 Extended Key Usage: ClientAuthentication
I'm seeing empty field. I tried using different set of bytes from another oid, but still nothing. It is as if ExtendedKeyUsage field doesn't allow anything to be written (while it should)
If it is imported:
go ver: go1.19.3 darwin/amd64
I think the problem is when you print the data. The key/value is actually present in the data.
From the code:
var OidExtensionExtendedKeyUsage = asn1.ObjectIdentifier{2, 5, 29, 37}
asn1KeyUsageCAuth, err := asn1.Marshal(asn1.BitString{
Bytes: []byte{byte(x509.ExtKeyUsageClientAuth)},
BitLength: 8,
})
ExtraExtensions: []pkix.Extension{
{
Id: OidExtensionExtendedKeyUsage,
//Critical: true,
Value: asn1KeyUsageCAuth,
//Value: {2, 5, 29, 15},
},
OidExtensionExtendedKeyUsage is ASN.1 OID 2.5.29.37 and will be '55 1D 25' when encoded with a DER encoder
You can encode it online to see what binary it will produce (e.g. https://misc.daniel-marschall.de/asn.1/oid-converter/online.php)
asn1KeyUsageCAuth value is 2 (constant defined in x509.go) and will be '00 02' when encoded as ASN.1 BIT STRING with a DER encoder (first 00 is the number of padding bits (none), 02 is the value 2)
Now take the Base64 value of your Certificate Request and decode it with an ASN.1 DER Decoder (for example: https://asn1.io/asn1playground)
MIIBtzCCAV0CAQAwgZwxCzAJBgNVBAYTAkFVMQ8wDQYDVQQIEwZTeWRuZXkxDzAN
BgNVBAcTBlN5ZG5leTETMBEGA1UEChMKc210aENsaWVudDELMAkGA1UECxMCSVQx
JTAjBgNVBAMTHHNtdGgtQ2xpZW50LVk4cDg1bk1pSVNzMGlIZ0ExIjAgBgkqhkiG
9w0BCQEME3NtdGhjbGllbnRAc210aC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAAR4rIgUOxSyXdaML9F9e2gRjuMUK8Q0jiloTb2kAdmbz1RoCEdsZUUxKQcr
0Vud2aW3VIDph1ar4hkqWkM43hxqoF4wXAYJKoZIhvcNAQkOMU8wTTAeBgNVHREE
FzAVgRNzbXRoY2xpZW50QHNtdGguY29tMAsGA1UdJQQEAwIAAjAOBgNVHQ8BAf8E
BAMCAAgwDgYDVR0PAQH/BAQDAgABMAoGCCqGSM49BAMCA0gAMEUCIQDTBj+0Atjy
F1GY8AM2Mv7/X3tsEbmMVdszKw8l6rVsEQIgMiH8CO9nkP0aXdMgp9x4kVjJZK9X
rW3ROydT89D73OA=
Try the full power of OSS' ASN-1Step by downloading a free trial
OSS Nokalva TLV Print Utility Version 8.6.1
Copyright (C) 1997-2022 OSS Nokalva, Inc. All rights reserved.
30 8201B7(439)
30 82015D(349)
02 01 00
30 819C(156)
31 0B
30 09
06 03 550406
13 02 4155
31 0F
30 0D
06 03 550408
13 06 5379646E6579
31 0F
30 0D
06 03 550407
13 06 5379646E6579
31 13
30 11
06 03 55040A
13 0A 736D7468436C69656E74
31 0B
30 09
06 03 55040B
13 02 4954
31 25
30 23
06 03 550403
13 1C 736D74682D436C69656E742D59387038356E4D694953733069486741
31 22
30 20
06 09 2A864886F70D010901
0C 13 736D7468636C69656E7440736D74682E636F6D
30 59
30 13
06 07 2A8648CE3D0201
06 08 2A8648CE3D030107
03 42 000478AC88143B14B25DD68C2FD17D7B68118EE3142BC4348E29684DBDA401D9...
A0 5E
30 5C
06 09 2A864886F70D01090E
31 4F
30 4D
30 1E
06 03 551D11
04 17 30158113736D7468636C69656E7440736D74682E636F6D
30 0B -- HERE IT IS!
06 03 551D25
04 04 03020002
30 0E
06 03 551D0F
01 01 FF
04 04 03020008
30 0E
06 03 551D0F
01 01 FF
04 04 03020001
30 0A
06 08 2A8648CE3D040302
03 48 003045022100D3063FB402D8F2175198F0033632FEFF5F7B6C11B98C55DB332B0F25...
Results
To get more details, please provide/compile a schema for your data.
Scroll down the output above until you find HERE IT IS!
Your key/value is:
30 0B -- a SEQUENCE of 11 bytes
06 03 551D25 -- an item of 3 bytes (551D25 ... OidExtensionExtendedKeyUsage)
04 04 03020002 -- an item of 4 bytes (03 02 0002 ... an item of 2 bytes 0002 ... asn1KeyUsageCAuth)
I would have loved to decode the CSR againt the ASN.1 specification ... but I could not find it :(
I am getting ssl handshake exception after "Produced client Finished handshake message" Step in my java spring boot application (openjdk version "11.0.12").
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://server/api/": Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
Can someone help? I referred multiple articles in stackoverflow and tried all the steps. I am not sure if I missed any step?
I am writing a java spring boot application to test 2 way SSL connection. I have done the below steps
Followed the below article and then created the application using RestTemplate in the same way like https://www.aurigait.com/blog/how-to-implement-2-way-ssl-using-spring-boot/ (I didnt create self signed certificate instead, I use the one which was created for our project)
I have the JKS file of my client application. Added the server public certificate as trust source to the client JKS file. I added the root CA also as trust source.
Provided the below settings in the IntelliJ Run -> Edit Configurations -> VM Options
-Djavax.net.debug=all
-Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1 (Tried without this line also)
-Djavax.net.ssl.trustStore=C:\certificate\keystore.jks
-Djavax.net.ssl.trustStorePassword=pass
-Djavax.net.ssl.trustStore=C:\certificate\keystore.jks
-Djavax.net.ssl.trustStorePassword=pass
server added the client public certificate as well as trust source.
error:
)
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 10:30:01.190 UTC|Finished.java:398|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: AA 4E 76 43 21 C8 E4 D5 4A 5F B6 4F
}'}
)
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 10:30:01.190 UTC|SSLSocketOutputRecord.java:241|WRITE: TLS12 handshake, length = 24
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 10:30:01.206 UTC|SSLCipher.java:1743|Plaintext before ENCRYPTION (
0000: 14 00 00 0C AA 4E 68 43 84 C8 E4 D5 4A 5F B6 4F .....NhC....J_.O
)
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 10:30:01.206 UTC|SSLSocketOutputRecord.java:255|Raw write (
0000: 16 03 03 00 34 00 00 00 00 00 00 00 00 DE 91 8F ....(...........
0010: 18 3B DC D0 84 2C 39 35 B0 3C C3 7E 9E 1C BF 27 .;...,95.<.....'
0020: 10 23 E3 D0 D0 32 B8 D1 D2 5C C4 DA CC .#.......\...
)
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 10:30:01.206 UTC|SSLSocketInputRecord.java:488|Raw read (
0000: 15 03 03 00 02 .....
)
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 10:30:01.206 UTC|SSLSocketInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 10:30:01.206 UTC|SSLSocketInputRecord.java:488|Raw read (
0000: 02 28 .(
)
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 10:30:01.206 UTC|SSLSocketInputRecord.java:247|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 10:30:01.206 UTC|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ERROR|16|scheduling-1|2022-08-26 10:30:01.206 UTC|TransportContext.java:341|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
.
.
.
javax.net.ssl|ALL|16|scheduling-1|2022-08-26 09:42:15.234 UTC|SSLSessionImpl.java:784|Invalidated session: Session(1661506935062|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|ALL|16|scheduling-1|2022-08-26 09:42:15.234 UTC|SSLSessionImpl.java:784|Invalidated session: Session(1661506935124|TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 09:42:15.234 UTC|SSLSocketImpl.java:1656|close the underlying socket
javax.net.ssl|DEBUG|16|scheduling-1|2022-08-26 09:42:15.234 UTC|SSLSocketImpl.java:1675|close the SSL connection (initiative)
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://server/api/": Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
The root cause for this issue is the certificate (JKS) which I passed didn't have the certificate chain (Issuer details). So the SSL handshake failed after the "Produced client Finished handshake message". I took another JKS which has the entire chain and I added the server certificate as trust source. SSL handshake and the HTTPS call is working as expected.
I have a text contains a hexadecimal bytes as follows:
01 1b 42 61 6b 68 73 68 5f 48 6f 73 70 69 74 61 6c 5f 41 6c 2d 53 68 61 72 61 66 69 61 02 0f 33 30 30 31 37 34 37 36 39 35 31 30 30 30 33 03 10 30 32 2f 30 31 2f 31 37 5f 30 35 3a 31 32 5f 50 04 05 31 34 2e 30 30 05 01 30
, when I am encrypting it to BASE64 using the of_encode64() function in powerbuilder winsock user object, I got the below result:
MDExQjQyNjE2QjY4NzM2ODVGNDg2RjczNzA2OTc0NjE2QzVGNDE2QzJENTM2ODYx
NzI2MTY2Njk2MTAyMEYzMzMwMzAzMTM3MzQzNzM2MzkzNTMxMzAzMDMwMzMwMzEw
MzAzMjJGMzAzMTJGMzEzNzVGMzAzNTNBMzEzMjVGNTAwNDA1MzEzNDJFMzAzMDA1
MDEzMA==
, but when my friend encodes it using the Convert.ToBase64String() in Dot Net, he got a totally different result as below:
ARtCYWtoc2hfSG9zcGl0YWxfQWwtU2hhcmFmaWECDzMwMDE3NDc2OTUxMDAwMwMQMDIvMDEvMTdfMDU6MTJfUAQFMTQuMDAFATA=
, I played with all possible parameters: CRYPT_STRING_BASE64HEADER, CRYPT_STRING_BASE64REQUESTHEADER, CRYPT_STRING_BASE64X509CRLHEADER but not help!
The of_encode64() function code as below:
[local function declaration]
Function boolean CryptBinaryToString ( &
Blob pbBinary, &
ulong cbBinary, &
ulong dwFlags, &
Ref string pszString, &
Ref ulong pcchString &
) Library "crypt32.dll" Alias For "CryptBinaryToStringW"
[instance variables]
// Base64, with certificate beginning and ending headers
CONSTANT Ulong CRYPT_STRING_BASE64HEADER = 0
// Base64, without headers
CONSTANT Ulong CRYPT_STRING_BASE64 = 1
// Base64, with request beginning and ending headers
CONSTANT Ulong CRYPT_STRING_BASE64REQUESTHEADER = 3
// Base64, with X.509 CRL beginning and ending headers
CONSTANT Ulong CRYPT_STRING_BASE64X509CRLHEADER = 9
Encode a String to Base64:
// -----------------------------------------------------------------------------
// SCRIPT: n_winsock.of_Encode64
//
// PURPOSE: This function converts binary data to a Base64 encoded string.
//
// Note: Requires Windows XP or Server 2003
//
// ARGUMENTS: ablob_data - Blob containing data
//
// RETURN: String containing encoded data
//
// DATE PROG/ID DESCRIPTION OF CHANGE / REASON
// ---------- -------- -----------------------------------------------------
// 08/20/2010 RolandS Initial coding
// 09/27/2010 RolandS Changed to remove trailing CRLF characters
// 03/17/2012 RolandS Changed argument to read-only
// -----------------------------------------------------------------------------
String ls_encoded
ULong lul_len, lul_buflen
Boolean lb_rtn
lul_len = Len(ablob_data)
lul_buflen = lul_len * 3
//lul_buflen = lul_len * 2
ls_encoded = Space(lul_buflen)
lb_rtn = CryptBinaryToString(ablob_data, lul_len, &
CRYPT_STRING_BASE64, ls_encoded, lul_buflen)
If lb_rtn Then
ls_encoded = Left(ls_encoded, lul_buflen - 2)
Else
SetNull(ls_encoded)
End If
Return ls_encoded
I am calling it using this code: Where as_data is the Hexadecimal Bytes String above
Return of_Encode64(Blob(as_data, EncodingAnsi!))
The full code for Encode/decode a string in Base64 in PowerBuilder using the winsock user object in this below URL:
https://www.rgagnon.com/pbdetails/pb-0258.html
Thank you in advance. Keep Safe.
I have used K6 in websocket performance test. While the content from server is compressed, and I got "�0E�e�!�56���j0&��v!�{�:�9�^�" printed in console.
I used nodejs code to handle the same message from server. I got the right text.
So my question is how to decode compressed text in K6?
my K6 script is
socket.on('message', function (data) {
console.log(typeof (data));
console.log(data.length)
if (data.length < 200) {
// I got "�0E�e�!�56���j0&��v!�{�:�9�^�" in console
console.log(data);
}
// I tried to decode it got "incorrect header check"
let text = pako.inflate(data, { to: 'string' });
}
If I used the following JS script, I got the correct text to inflate it to plain text.
ws.on('message', function (data) {
console.log('-------- begin -------');
// I got <Buffer 1f 8b 08 00 00 00 00 00 00 00 2d 8b 4b 0a 80 20 14 45 f7 72 c7 21 f9 1b e4 6e 34 1f 14 12 49 5e 47 d1 de 33 68 7a 3e 37 f6 8c 80 c4 b5 b7 4c 4c 68 3d in console
console.log(data);
console.log('-------- end -------');
let text = pako.inflate(data, {
to: 'string'
});
// msg is " msg: {"id":"btcusdt","subbed":"market.btcusdt.depth.step0","ts":1525243319443,"status":"ok"} "
console.log('msg: ' + text);
})
As I mentioned in the GitHub issue, it seems like pako's browserify version may have some issues when you specify { to: 'string' } in the options. Instead you should be able to do something like this:
let binText = pako.inflate(data);
let strText = String.fromCharCode.apply(null, binText);
console.log(strText);
I'm attempting to send a scsi ReadCapacity16 (0x9E) to a volume on Windows using D. The CDBs are to spec and my ReadCapacity16 works on Linux and scsi Inquiries work on Windows. Only the not-inquiry calls on Windows fail to work with an "incorrect function" from the windows kernel.
Since only inquiries work, is there a trick to sending not-inquiries through the Windows kernel? Any tips on getting this to work? I've researched a couple weeks and haven't solved this.
This is an example of the CDB:
\\.\physicaldrive0
CDB buffer contents:
9e 10 00 00 00 00 00 00 - 00 00 00 00 00 20 00 00
sgio.exceptions.IoctlFailException#sgio\exceptions.d(13): ioctl error code is 1. Incorrect function.
Here is where the CDB is copied to a buffer for the DeviceIoControl call, and this is the same code path which successfully sends the Inquiry commands (but fails for readcap). Code in github pasted below:
void sgio_execute(ubyte[] cdb_buf, ubyte[] dataout_buf, ubyte[] datain_buf, ubyte[] sense_buf)
version (Windows)
{
const uint SENSE_LENGTH = 196;
ubyte[512] iobuffer = 0;
DWORD amountTransferred = -1;
SCSI_PASS_THROUGH_DIRECT scsiPassThrough = {0};
scsiPassThrough.Cdb[] = 0;
uint size = cast(uint)((cdb_buf.length <= scsiPassThrough.Cdb.length ?
cdb_buf.length : scsiPassThrough.Cdb.length));
scsiPassThrough.Cdb[0..size] = cdb_buf[0..size];
scsiPassThrough.Length = SCSI_PASS_THROUGH_DIRECT.sizeof;
scsiPassThrough.ScsiStatus = 0x00;
scsiPassThrough.TimeOutValue = 0x40;
scsiPassThrough.CdbLength = cast(ubyte)(size);
scsiPassThrough.SenseInfoOffset = SCSI_PASS_THROUGH_DIRECT.sizeof;
scsiPassThrough.SenseInfoLength = SENSE_LENGTH;
scsiPassThrough.DataIn = SCSI_IOCTL_DATA_IN;
scsiPassThrough.DataBuffer = datain_buf.ptr;
scsiPassThrough.DataTransferLength = bigEndianToNative!ushort(cast(ubyte[2]) cdb_buf[3..5]);
int status = DeviceIoControl( m_device,
IOCTL_SCSI_PASS_THROUGH_DIRECT,
&scsiPassThrough,
iobuffer.length, //scsiPassThrough.sizeof,
&iobuffer,
iobuffer.length,
&amountTransferred,
null);
if (status == 0)
{
int errorCode = GetLastError();
// build error message ...
throw new IoctlFailException(exceptionMessage);
}
}
}
Reading the Windows SCSI_PASS_THROUGH_DIRECT structure documentation very closely I noticed this:
DataTransferLength: Indicates the size in bytes of the data buffer.
Many devices transfer chunks of data of predefined length. The value
in DataTransferLength must be an integral multiple of this predefined,
minimum length that is specified by the device. If an underrun occurs,
the miniport driver must update this member to the number of bytes
actually transferred.
I changed the code to use 512 bytes for DataTransferLength, by increasing the size of datain_buffer, and the code now works just fine.