Wireshark · Ethereal-dev: [Ethereal-dev] Patch: NTLMSSP verifier must come after stub decryption

Ethereal-dev: [Ethereal-dev] Patch: NTLMSSP verifier must come after stub decryption

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Devin Heitmueller <devin_heitmueller@xxxxxxxxx>

Date: Sat, 21 Aug 2004 20:58:50 -0700 (PDT)

Hello,

I started to do some work again on NTLMSSP decryption,
and found that none of my original reference captures
work anymore.  Only the stub of the first packet is
decrypted successfully.  The verifier for the first
packet, as well as the stub and verifier for all
subsequent packets fail decryption.

As it turns out, dissection of the verifier was moved
before dissection of the stub in the DCE/RPC
dissector.  This breaks decryption since the state of
the RC4 stream is dependent on the stub being
decrypted before the verifier.

Attached is a patch that restores the previous
behavior.  With the patch, the stub is decrypted, and
then the verifier.

Comments welcome (in particular from Tim Potter, who
made the change I'm proposing be rolled back).

Thanks,

Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc.

Attachment: packet-dcerpc.c.diff.gz
Description: packet-dcerpc.c.diff.gz

Follow-Ups:
- [Ethereal-dev] Re: Patch: NTLMSSP verifier must come after stub decryption
  - From: Tim Potter

Prev by Date: Re: [Ethereal-dev] patch: DAAP dissector
Next by Date: Re: [Ethereal-dev] Interface not displayed in Capture->Start combobox
Previous by thread: Re: [Ethereal-dev] Interface not displayed in Capture->Start combobox
Next by thread: [Ethereal-dev] Re: Patch: NTLMSSP verifier must come after stub decryption
Index(es):
- Date
- Thread