Rev 5715 | Rev 5722 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 5715 | Rev 5720 | ||
|---|---|---|---|
| Line 68... | Line 68... | ||
| 68 | ; Connect to the server |
68 | ; Connect to the server |
| 69 | mcall connect, [socketnum], sockaddr1, 18 |
69 | mcall connect, [socketnum], sockaddr1, 18 |
| 70 | cmp eax, -1 |
70 | cmp eax, -1 |
| 71 | je err_connect |
71 | je err_connect |
| Line 72... | Line 72... | ||
| 72 | 72 | ||
| 73 | ; Wait for handshake from server |
- | |
| 74 | ; TODO: implement timeout |
73 | ; Verify handshake from server |
| 75 | call wait_for_data |
74 | call wait_for_data |
| 76 | cmp dword[receive_buffer], "RFB " |
75 | cmp dword[receive_buffer], "RFB " |
| - | 76 | jne err_proto |
|
| - | 77 | add esi, 12 |
|
| - | 78 | ||
| - | 79 | ; Did we get an error message already? |
|
| - | 80 | cmp eax, 16 |
|
| - | 81 | jb @f |
|
| - | 82 | lodsd |
|
| - | 83 | test eax, eax |
|
| - | 84 | je err_handshake |
|
| Line 77... | Line 85... | ||
| 77 | jne err_proto |
85 | @@: |
| 78 | 86 | ||
| 79 | ; Reply to handshake |
87 | ; Reply to handshake |
| 80 | DEBUGF 1, "Sending handshake\n" |
- | |
| Line -... | Line 88... | ||
| - | 88 | DEBUGF 1, "Sending handshake\n" |
|
| - | 89 | mcall send, [socketnum], HandShake, 12, 0 |
|
| - | 90 | ||
| - | 91 | ; VNC 3.3 protocol: server decides security type |
|
| - | 92 | call wait_for_data |
|
| 81 | mcall send, [socketnum], HandShake, 12, 0 |
93 | lodsd |
| 82 | call wait_for_data |
94 | cmp eax, 0x00000000 |
| 83 | 95 | je err_handshake |
|
| 84 | cmp dword[receive_buffer], 0x01000000 ; no security |
96 | cmp eax, 0x01000000 ; no security |
| 85 | je initialize |
- | |
| 86 | cmp dword[receive_buffer], 0x02000000 ; VNC security |
97 | je initialize |
| Line 87... | Line 98... | ||
| 87 | je vnc_security |
98 | cmp eax, 0x02000000 ; VNC security |
| Line -... | Line 99... | ||
| - | 99 | je vnc_security |
|
| - | 100 | jmp err_proto |
|
| 88 | 101 | ||
| 89 | jmp err_security |
102 | vnc_security: |
| Line 90... | Line 103... | ||
| 90 | 103 | ||
| 91 | vnc_security: |
104 | push esi ; pointer to message |
| Line 108... | Line 121... | ||
| 108 | mcall -1 |
121 | mcall -1 |
| 109 | @@: |
122 | @@: |
| 110 | DEBUGF 1, "VNC authentication\n" |
123 | DEBUGF 1, "VNC authentication\n" |
| Line 111... | Line 124... | ||
| 111 | 124 | ||
| 112 | ; Bit reverse the password and create DES keys |
- | |
| 113 | 125 | ; Bit reverse the password and create DES keys |
|
| 114 | mov ebx, dword[password] |
126 | mov ebx, dword[password] |
| 115 | mov edx, ebx |
127 | mov edx, ebx |
| 116 | and ebx, 0xf0f0f0f0 |
128 | and ebx, 0xf0f0f0f0 |
| 117 | shr ebx, 4 |
129 | shr ebx, 4 |
| Line 155... | Line 167... | ||
| 155 | 167 | ||
| 156 | mov edi, keys |
168 | mov edi, keys |
| Line 157... | Line 169... | ||
| 157 | call DES_create_keys |
169 | call DES_create_keys |
| 158 | - | ||
| - | 170 | ||
| 159 | ; Encrypt message with DES |
171 | ; Encrypt message with DES |
| 160 | 172 | mov esi, [esp] |
|
| 161 | mov ebx, dword[receive_buffer+4] |
173 | mov ebx, dword[esi+0] |
| - | 174 | mov edx, dword[esi+4] |
|
| 162 | mov edx, dword[receive_buffer+8] |
175 | call encrypt_DES |
| 163 | call encrypt_DES |
176 | mov esi, [esp] |
| Line 164... | Line 177... | ||
| 164 | mov dword[receive_buffer+4], ebx |
177 | mov dword[esi+0], ebx |
| 165 | mov dword[receive_buffer+8], edx |
178 | mov dword[esi+4], edx |
| 166 | 179 | ||
| - | 180 | mov ebx, dword[esi+8] |
|
| 167 | mov ebx, dword[receive_buffer+12] |
181 | mov edx, dword[esi+12] |
| 168 | mov edx, dword[receive_buffer+16] |
182 | call encrypt_DES |
| Line 169... | Line 183... | ||
| 169 | call encrypt_DES |
183 | mov esi, [esp] |
| 170 | mov dword[receive_buffer+12], ebx |
- | |
| 171 | mov dword[receive_buffer+16], edx |
184 | mov dword[esi+8], ebx |
| 172 | 185 | mov dword[esi+12], edx |
|
| 173 | ; Blank out the password and key fields in RAM |
186 | |
| 174 | 187 | ; Blank out the password and key fields in RAM |
|
| Line 175... | Line 188... | ||
| 175 | mov edi, password |
188 | mov edi, password |
| - | 189 | mov ecx, 384/4 |
|
| - | 190 | xor eax, eax |
|
| Line -... | Line 191... | ||
| - | 191 | rep stosd |
|
| 176 | mov ecx, 384/4 |
192 | |
| 177 | xor eax, eax |
- | |
| 178 | rep stosd |
193 | ; Send the authentication response to server |
| 179 | 194 | pop edx |
|
| 180 | ; Send the authentication response to server |
195 | mcall send, [socketnum], , 16, 0 |
| 181 | - | ||
| Line 182... | Line 196... | ||
| 182 | mcall send, [socketnum], receive_buffer+4, 16, 0 |
196 | |
| 183 | 197 | securityresult: |
|
| 184 | call wait_for_data |
198 | ; Wait for SecurityResult from server |
| Line 305... | Line 319... | ||
| 305 | je encoding_raw |
319 | je encoding_raw |
| 306 | cmp eax, 1 |
320 | cmp eax, 1 |
| 307 | je encoding_CopyRect |
321 | je encoding_CopyRect |
| 308 | cmp eax, 2 |
322 | cmp eax, 2 |
| 309 | je encoding_RRE |
323 | je encoding_RRE |
| 310 | ; cmp eax, 5 |
- | |
| 311 | ; je encoding_hextile |
- | |
| 312 | ; cmp eax, 15 |
324 | cmp eax, 15 |
| 313 | ; je encoding_TRLE |
325 | je encoding_TRLE |
| 314 | ; cmp eax, 16 |
326 | cmp eax, 16 |
| 315 | ; je encoding_ZRLE |
327 | je encoding_ZRLE |
| Line 316... | Line 328... | ||
| 316 | 328 | ||
| 317 | DEBUGF 2, "unknown encoding: %u\n", eax |
329 | DEBUGF 2, "unknown encoding: %u\n", eax |
| Line 318... | Line 330... | ||
| 318 | jmp thread_loop |
330 | jmp thread_loop |
| Line 414... | Line 426... | ||
| 414 | jz err_disconnected |
426 | jz err_disconnected |
| 415 | add [datapointer], eax |
427 | add [datapointer], eax |
| 416 | ret |
428 | ret |
| Line 417... | Line 429... | ||
| 417 | 429 | ||
| - | 430 | .buffer_end_reached: |
|
| - | 431 | DEBUGF 1, "end of buffer reached, re-organizing\n" |
|
| 418 | .buffer_end_reached: |
432 | pop edi esi edx ecx ebx |
| 419 | ; Buffer is full, first needed data by program is pointed to by esi. |
433 | ; Buffer is full, first needed data by program is pointed to by esi. |
| 420 | ; Move all usefull data to begin of buffer |
434 | ; Move all usefull data to begin of buffer |
| 421 | cmp esi, receive_buffer |
435 | cmp esi, receive_buffer |
| 422 | je err_proto |
436 | je err_proto |
| Line 434... | Line 448... | ||
| 434 | mcall recv, [socketnum], receive_buffer, 4096, 0 ; MSG_DONTWAIT |
448 | mcall recv, [socketnum], receive_buffer, 4096, 0 ; MSG_DONTWAIT |
| 435 | cmp eax, -1 |
449 | cmp eax, -1 |
| 436 | je err_sock |
450 | je err_sock |
| 437 | test eax, eax |
451 | test eax, eax |
| 438 | jz err_disconnected |
452 | jz err_disconnected |
| - | 453 | mov esi, receive_buffer |
|
| 439 | ret |
454 | ret |
| Line 440... | Line 455... | ||
| 440 | 455 | ||
| 441 | 456 | ||
| Line 464... | Line 479... | ||
| 464 | mov [status], STATUS_PROTO_ERR |
479 | mov [status], STATUS_PROTO_ERR |
| 465 | inc [update_gui] |
480 | inc [update_gui] |
| 466 | mcall -1 |
481 | mcall -1 |
| 467 | ret |
482 | ret |
| Line 468... | Line 483... | ||
| 468 | 483 | ||
| 469 | err_security: |
484 | err_handshake: |
| - | 485 | mov [status], STATUS_SECURITY_ERR |
|
| - | 486 | ||
| - | 487 | lodsd ; Custom message from server? |
|
| - | 488 | test eax, eax |
|
| - | 489 | jz .no_msg |
|
| - | 490 | bswap eax |
|
| - | 491 | mov ecx, eax |
|
| - | 492 | cmp ecx, 512 |
|
| - | 493 | jb @f |
|
| - | 494 | mov ecx, 512 |
|
| - | 495 | @@: |
|
| - | 496 | mov edi, sz_err_security_c |
|
| - | 497 | rep movsb |
|
| - | 498 | mov byte[edi], 0 |
|
| - | 499 | mov [status], STATUS_SECURITY_ERR_C |
|
| - | 500 | .no_msg: |
|
| 470 | mov [status], STATUS_SECURITY_ERR |
501 | |
| 471 | inc [update_gui] |
502 | inc [update_gui] |
| 472 | mcall -1 |
503 | mcall -1 |
| Line 473... | Line 504... | ||
| 473 | ret |
504 | ret |