From a9bc75e5f6fc673c5b9b331d61980426e2dcbf44 Mon Sep 17 00:00:00 2001 From: Christopher Shepherd Date: Sun, 24 May 2015 21:52:32 -0400 Subject: [PATCH] SMB_Treec_ANDX works properly, share connection now works --- README.md | 3 +- latest_tcpdump.txt | 183 +++++++++++++++++++++++---------------------- src/SMBDEMO.S | 103 +++++++++++++++++++++++-- src/smbdemo | Bin 38922 -> 39134 bytes 4 files changed, 194 insertions(+), 95 deletions(-) diff --git a/README.md b/README.md index 491b2c7..51dbaa5 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ CIFS / SMB2 navel gazing, in 65816 assembly. -5/24/2015 - Current status: Connects on port 445, completes Protocol Negotiation, successfully sends login (on Setup_ANDX message), obsolete LM (DES) style password. sends Tree_ANDX message. -.. Tree_ANDX gets ACCESS_DENIED because I need to save uid returned by Setup_ANDX reply. Also want to implement NTLMv1 hashing soon. But I'm done for today. +5/24/2015 - Current status: Connects on port 445, completes Protocol Negotiation, successfully sends login (on Setup_ANDX message), obsolete LM (DES) style password. sends successful Tree_ANDX message, thus connecting to a remote share. Build 'CMD.S' with Merlin32 and the included Library directory. diff --git a/latest_tcpdump.txt b/latest_tcpdump.txt index e28d44b..15e1591 100644 --- a/latest_tcpdump.txt +++ b/latest_tcpdump.txt @@ -1,35 +1,35 @@ 10.0.2.55 = Apple IIgs running Marinetti 10.0.2.1 = Raspberry Pi running A2SERVER, SMB credentials 'PI' / 'APPLE2' -20:52:32.366838 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.1 tell 10.0.2.55, length 46 +21:48:02.295804 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.1 tell 10.0.2.55, length 46 0x0000: 0001 0800 0604 0001 000e 3aa2 a2a2 0a00 ..........:..... 0x0010: 0237 0000 0000 0000 0a00 0201 0101 0101 .7.............. 0x0020: 0101 0101 0101 0101 0101 0101 0101 .............. -20:52:32.366980 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.2.1 is-at 8c:ae:4c:fe:6b:64, length 28 +21:48:02.295940 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.2.1 is-at 8c:ae:4c:fe:6b:64, length 28 0x0000: 0001 0800 0604 0002 8cae 4cfe 6b64 0a00 ..........L.kd.. 0x0010: 0201 000e 3aa2 a2a2 0a00 0237 ....:......7 -20:52:35.388651 IP (tos 0x0, ttl 60, id 433, offset 0, flags [none], proto TCP (6), length 40) - 10.0.2.55.1025 > 10.0.2.1.445: Flags [S], cksum 0x1b18 (correct), seq 203369142, win 16384, length 0 - 0x0000: 4500 0028 01b1 0000 3c06 64e8 0a00 0237 E..(....<.d....7 - 0x0010: 0a00 0201 0401 01bd 0c1f 2ab6 0000 0000 ..........*..... - 0x0020: 5002 4000 1b18 0000 0000 0000 0000 P.@........... +21:48:05.318403 IP (tos 0x0, ttl 60, id 434, offset 0, flags [none], proto TCP (6), length 40) + 10.0.2.55.1025 > 10.0.2.1.445: Flags [S], cksum 0x37ff (correct), seq 219876563, win 16384, length 0 + 0x0000: 4500 0028 01b2 0000 3c06 64e7 0a00 0237 E..(....<.d....7 + 0x0010: 0a00 0201 0401 01bd 0d1b 0cd3 0000 0000 ................ + 0x0020: 5002 4000 37ff 0000 0000 0000 0000 P.@.7......... -20:52:35.388985 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44) - 10.0.2.1.445 > 10.0.2.55.1025: Flags [S.], cksum 0x1856 (incorrect -> 0x22ff), seq 157212133, ack 203369143, win 14600, options [mss 1460], length 0 +21:48:05.318708 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44) + 10.0.2.1.445 > 10.0.2.55.1025: Flags [S.], cksum 0x1856 (incorrect -> 0x0585), seq 647756553, ack 219876564, win 14600, options [mss 1460], length 0 0x0000: 4500 002c 0000 4000 4006 2295 0a00 0201 E..,..@.@."..... - 0x0010: 0a00 0237 01bd 0401 095e dde5 0c1f 2ab7 ...7.....^....*. + 0x0010: 0a00 0237 01bd 0401 269b fb09 0d1b 0cd4 ...7....&....... 0x0020: 6012 3908 1856 0000 0204 05b4 `.9..V...... -20:52:35.412344 IP (tos 0x0, ttl 60, id 434, offset 0, flags [none], proto TCP (6), length 40) - 10.0.2.55.1025 > 10.0.2.1.445: Flags [.], cksum 0x33c4 (correct), seq 1, ack 1, win 16384, length 0 - 0x0000: 4500 0028 01b2 0000 3c06 64e7 0a00 0237 E..(....<.d....7 - 0x0010: 0a00 0201 0401 01bd 0c1f 2ab7 095e dde6 ..........*..^.. - 0x0020: 5010 4000 33c4 0000 0000 0000 0000 P.@.3......... +21:48:05.342031 IP (tos 0x0, ttl 60, id 435, offset 0, flags [none], proto TCP (6), length 40) + 10.0.2.55.1025 > 10.0.2.1.445: Flags [.], cksum 0x164a (correct), seq 1, ack 1, win 16384, length 0 + 0x0000: 4500 0028 01b3 0000 3c06 64e6 0a00 0237 E..(....<.d....7 + 0x0010: 0a00 0201 0401 01bd 0d1b 0cd4 269b fb0a ............&... + 0x0020: 5010 4000 164a 0000 0000 0000 0000 P.@..J........ -20:52:35.515110 IP (tos 0x0, ttl 60, id 435, offset 0, flags [none], proto TCP (6), length 91) - 10.0.2.55.1025 > 10.0.2.1.445: Flags [P.], cksum 0xa7ad (correct), seq 1:52, ack 1, win 16384, length 51 +21:48:05.445169 IP (tos 0x0, ttl 60, id 436, offset 0, flags [none], proto TCP (6), length 91) + 10.0.2.55.1025 > 10.0.2.1.445: Flags [P.], cksum 0x8a33 (correct), seq 1:52, ack 1, win 16384, length 51 SMB PACKET: SMBnegprot (REQUEST) SMB Command = 0x72 Error class = 0x0 @@ -45,21 +45,21 @@ smb_bcc=12 Dialect=NT LM 0.12 - 0x0000: 4500 005b 01b3 0000 3c06 64b3 0a00 0237 E..[....<.d....7 - 0x0010: 0a00 0201 0401 01bd 0c1f 2ab7 095e dde6 ..........*..^.. - 0x0020: 5018 4000 a7ad 0000 0000 002f ff53 4d42 P.@......../.SMB + 0x0000: 4500 005b 01b4 0000 3c06 64b2 0a00 0237 E..[....<.d....7 + 0x0010: 0a00 0201 0401 01bd 0d1b 0cd4 269b fb0a ............&... + 0x0020: 5018 4000 8a33 0000 0000 002f ff53 4d42 P.@..3...../.SMB 0x0030: 7200 0000 0008 0100 0000 0000 0000 0000 r............... 0x0040: 0000 0000 0000 adde 0000 0100 000c 0002 ................ 0x0050: 4e54 204c 4d20 302e 3132 00 NT.LM.0.12. -20:52:35.515348 IP (tos 0x0, ttl 64, id 42159, offset 0, flags [DF], proto TCP (6), length 40) - 10.0.2.1.445 > 10.0.2.55.1025: Flags [.], cksum 0x1852 (incorrect -> 0x3a89), seq 1, ack 52, win 14600, length 0 - 0x0000: 4500 0028 a4af 4000 4006 7de9 0a00 0201 E..(..@.@.}..... - 0x0010: 0a00 0237 01bd 0401 095e dde6 0c1f 2aea ...7.....^....*. +21:48:05.445411 IP (tos 0x0, ttl 64, id 29952, offset 0, flags [DF], proto TCP (6), length 40) + 10.0.2.1.445 > 10.0.2.55.1025: Flags [.], cksum 0x1852 (incorrect -> 0x1d0f), seq 1, ack 52, win 14600, length 0 + 0x0000: 4500 0028 7500 4000 4006 ad98 0a00 0201 E..(u.@.@....... + 0x0010: 0a00 0237 01bd 0401 269b fb0a 0d1b 0d07 ...7....&....... 0x0020: 5010 3908 1852 0000 P.9..R.. -20:52:35.520444 IP (tos 0x0, ttl 64, id 42160, offset 0, flags [DF], proto TCP (6), length 141) - 10.0.2.1.445 > 10.0.2.55.1025: Flags [P.], cksum 0x147e (correct), seq 1:102, ack 52, win 14600, length 101 +21:48:05.450385 IP (tos 0x0, ttl 64, id 29953, offset 0, flags [DF], proto TCP (6), length 141) + 10.0.2.1.445 > 10.0.2.55.1025: Flags [P.], cksum 0x05dd (correct), seq 1:102, ack 52, win 14600, length 101 SMB PACKET: SMBnegprot (REPLY) SMB Command = 0x72 Error class = 0x0 @@ -78,35 +78,35 @@ MaxMux=50 (0x32) NumVcs=1 (0x1) MaxBuffer=16644 (0x4104) RawSize=65536 (0x10000) -SessionKey=0x7B87 +SessionKey=0x7F5E Capabilities=0x80F3FD -ServerTime=Sun May 24 20:52:37 2015 +ServerTime=Sun May 24 21:48:06 2015 TimeZone=240 (0xf0) CryptKey=Data: (1 bytes) [000] 08 \0x08 smb_bcc=28 -[000] DE 72 D3 20 93 D9 DE 54 57 00 4F 00 52 00 4B 00 \0xder\0xd3 \0x93\0xd9\0xdeT W\0x00O\0x00R\0x00K\0x00 +[000] 19 2A FC F4 00 99 70 E1 57 00 4F 00 52 00 4B 00 \0x19*\0xfc\0xf4\0x00\0x99p\0xe1 W\0x00O\0x00R\0x00K\0x00 [010] 47 00 52 00 4F 00 55 00 50 00 00 00 G\0x00R\0x00O\0x00U\0x00 P\0x00\0x00\0x00 - 0x0000: 4500 008d a4b0 4000 4006 7d83 0a00 0201 E.....@.@.}..... - 0x0010: 0a00 0237 01bd 0401 095e dde6 0c1f 2aea ...7.....^....*. - 0x0020: 5018 3908 147e 0000 0000 0061 ff53 4d42 P.9..~.....a.SMB + 0x0000: 4500 008d 7501 4000 4006 ad32 0a00 0201 E...u.@.@..2.... + 0x0010: 0a00 0237 01bd 0401 269b fb0a 0d1b 0d07 ...7....&....... + 0x0020: 5018 3908 05dd 0000 0000 0061 ff53 4d42 P.9........a.SMB 0x0030: 7200 0000 0088 0340 0000 0000 0000 0000 r......@........ 0x0040: 0000 0000 0000 adde 0000 0100 1100 0003 ................ - 0x0050: 3200 0100 0441 0000 0000 0100 877b 0000 2....A.......{.. - 0x0060: fdf3 8000 478b 0b17 8596 d001 f000 081c ....G........... - 0x0070: 00de 72d3 2093 d9de 5457 004f 0052 004b ..r.....TW.O.R.K + 0x0050: 3200 0100 0441 0000 0000 0100 5e7f 0000 2....A......^... + 0x0060: fdf3 8000 b789 d6d7 8c96 d001 f000 081c ................ + 0x0070: 0019 2afc f400 9970 e157 004f 0052 004b ..*....p.W.O.R.K 0x0080: 0047 0052 004f 0055 0050 0000 00 .G.R.O.U.P... -20:52:35.573336 IP (tos 0x0, ttl 60, id 436, offset 0, flags [none], proto TCP (6), length 40) - 10.0.2.55.1025 > 10.0.2.1.445: Flags [.], cksum 0x332c (correct), seq 52, ack 102, win 16384, length 0 - 0x0000: 4500 0028 01b4 0000 3c06 64e5 0a00 0237 E..(....<.d....7 - 0x0010: 0a00 0201 0401 01bd 0c1f 2aea 095e de4b ..........*..^.K - 0x0020: 5010 4000 332c 0000 0000 0000 0000 P.@.3,........ +21:48:05.503428 IP (tos 0x0, ttl 60, id 437, offset 0, flags [none], proto TCP (6), length 40) + 10.0.2.55.1025 > 10.0.2.1.445: Flags [.], cksum 0x15b2 (correct), seq 52, ack 102, win 16384, length 0 + 0x0000: 4500 0028 01b5 0000 3c06 64e4 0a00 0237 E..(....<.d....7 + 0x0010: 0a00 0201 0401 01bd 0d1b 0d07 269b fb6f ............&..o + 0x0020: 5010 4000 15b2 0000 0000 0000 0000 P.@........... -20:52:35.813123 IP (tos 0x0, ttl 60, id 437, offset 0, flags [none], proto TCP (6), length 183) - 10.0.2.55.1025 > 10.0.2.1.445: Flags [P.], cksum 0xba94 (correct), seq 52:195, ack 102, win 16384, length 143 +21:48:05.743170 IP (tos 0x0, ttl 60, id 438, offset 0, flags [none], proto TCP (6), length 183) + 10.0.2.55.1025 > 10.0.2.1.445: Flags [P.], cksum 0xf1d1 (correct), seq 52:195, ack 102, win 16384, length 143 SMB PACKET: SMBsesssetupX (REQUEST) SMB Command = 0x73 Error class = 0x0 @@ -124,35 +124,35 @@ Off2=0 (0x0) MaxBuffer=16644 (0x4104) MaxMpx=50 (0x32) VcNumber=1 (0x1) -SessionKey=0x7B87 +SessionKey=0x7F5E CaseInsensitivePasswordLength=24 (0x18) CaseSensitivePasswordLength=0 (0x0) Res=0x0 Capabilities=0x80F3FD Pass1&Pass2&Account&Domain&OS&LanMan= smb_bcc=78 -[000] 3D 4A 44 9B 3F 99 4A 26 57 D1 60 91 92 B2 DF 7F =JD\0x9b?\0x99J& W\0xd1`\0x91\0x92\0xb2\0xdf\0x7f -[010] DE 82 B4 88 25 09 78 8E 00 00 00 00 00 00 00 00 \0xde\0x82\0xb4\0x88%\0x09x\0x8e \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 +[000] 03 A2 EF AF 3B 63 80 33 F2 40 F0 26 71 F0 32 04 \0x03\0xa2\0xef\0xaf;c\0x803 \0xf2@\0xf0&q\0xf02\0x04 +[010] CC BE F5 3D 4C DA 94 68 00 00 00 00 00 00 00 00 \0xcc\0xbe\0xf5=L\0xda\0x94h \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 [030] 50 49 00 57 4F 52 4B 47 52 4F 55 50 00 47 53 2F PI\0x00WORKG ROUP\0x00GS/ [040] 4F 53 00 41 70 70 6C 65 20 49 49 67 73 00 OS\0x00Apple IIgs\0x00 - 0x0000: 4500 00b7 01b5 0000 3c06 6455 0a00 0237 E.......<.dU...7 - 0x0010: 0a00 0201 0401 01bd 0c1f 2aea 095e de4b ..........*..^.K - 0x0020: 5018 4000 ba94 0000 0000 008b ff53 4d42 P.@..........SMB + 0x0000: 4500 00b7 01b6 0000 3c06 6454 0a00 0237 E.......<.dT...7 + 0x0010: 0a00 0201 0401 01bd 0d1b 0d07 269b fb6f ............&..o + 0x0020: 5018 4000 f1d1 0000 0000 008b ff53 4d42 P.@..........SMB 0x0030: 7300 0000 0008 0100 0000 0000 0000 0000 s............... 0x0040: 0000 0000 0000 adde 0000 0100 0dff 0000 ................ - 0x0050: 0004 4132 0001 0087 7b00 0018 0000 0000 ..A2....{....... - 0x0060: 0000 00fd f380 004e 003d 4a44 9b3f 994a .......N.=JD.?.J - 0x0070: 2657 d160 9192 b2df 7fde 82b4 8825 0978 &W.`.........%.x - 0x0080: 8e00 0000 0000 0000 0000 0000 0000 0000 ................ + 0x0050: 0004 4132 0001 005e 7f00 0018 0000 0000 ..A2...^........ + 0x0060: 0000 00fd f380 004e 0003 a2ef af3b 6380 .......N.....;c. + 0x0070: 33f2 40f0 2671 f032 04cc bef5 3d4c da94 3.@.&q.2....=L.. + 0x0080: 6800 0000 0000 0000 0000 0000 0000 0000 h............... 0x0090: 0000 0000 0000 0000 0050 4900 574f 524b .........PI.WORK 0x00a0: 4752 4f55 5000 4753 2f4f 5300 4170 706c GROUP.GS/OS.Appl 0x00b0: 6520 4949 6773 00 e.IIgs. -20:52:35.815182 IP (tos 0x0, ttl 64, id 42161, offset 0, flags [DF], proto TCP (6), length 112) - 10.0.2.1.445 > 10.0.2.55.1025: Flags [P.], cksum 0x22b6 (correct), seq 102:174, ack 195, win 15544, length 72 +21:48:05.745141 IP (tos 0x0, ttl 64, id 29954, offset 0, flags [DF], proto TCP (6), length 112) + 10.0.2.1.445 > 10.0.2.55.1025: Flags [P.], cksum 0x053c (correct), seq 102:174, ack 195, win 15544, length 72 SMB PACKET: SMBsesssetupX (REPLY) SMB Command = 0x73 Error class = 0x0 @@ -172,22 +172,22 @@ smb_bcc=27 [010] 00 57 4F 52 4B 47 52 4F 55 50 00 \0x00WORKGRO UP\0x00 - 0x0000: 4500 0070 a4b1 4000 4006 7d9f 0a00 0201 E..p..@.@.}..... - 0x0010: 0a00 0237 01bd 0401 095e de4b 0c1f 2b79 ...7.....^.K..+y - 0x0020: 5018 3cb8 22b6 0000 0000 0044 ff53 4d42 P.<."......D.SMB + 0x0000: 4500 0070 7502 4000 4006 ad4e 0a00 0201 E..pu.@.@..N.... + 0x0010: 0a00 0237 01bd 0401 269b fb6f 0d1b 0d96 ...7....&..o.... + 0x0020: 5018 3cb8 053c 0000 0000 0044 ff53 4d42 P.<..<.....D.SMB 0x0030: 7300 0000 0088 0340 0000 0000 0000 0000 s......@........ 0x0040: 0000 0000 0000 adde 6400 0100 03ff 0000 ........d....... 0x0050: 0001 001b 0055 6e69 7800 5361 6d62 6120 .....Unix.Samba. 0x0060: 332e 362e 3600 574f 524b 4752 4f55 5000 3.6.6.WORKGROUP. -20:52:35.865182 IP (tos 0x0, ttl 60, id 438, offset 0, flags [none], proto TCP (6), length 40) - 10.0.2.55.1025 > 10.0.2.1.445: Flags [.], cksum 0x3255 (correct), seq 195, ack 174, win 16384, length 0 - 0x0000: 4500 0028 01b6 0000 3c06 64e3 0a00 0237 E..(....<.d....7 - 0x0010: 0a00 0201 0401 01bd 0c1f 2b79 095e de93 ..........+y.^.. - 0x0020: 5010 4000 3255 0000 0000 0000 0000 P.@.2U........ +21:48:05.795344 IP (tos 0x0, ttl 60, id 439, offset 0, flags [none], proto TCP (6), length 40) + 10.0.2.55.1025 > 10.0.2.1.445: Flags [.], cksum 0x14db (correct), seq 195, ack 174, win 16384, length 0 + 0x0000: 4500 0028 01b7 0000 3c06 64e2 0a00 0237 E..(....<.d....7 + 0x0010: 0a00 0201 0401 01bd 0d1b 0d96 269b fbb7 ............&... + 0x0020: 5010 4000 14db 0000 0000 0000 0000 P.@........... -20:52:35.981770 IP (tos 0x0, ttl 60, id 439, offset 0, flags [none], proto TCP (6), length 115) - 10.0.2.55.1025 > 10.0.2.1.445: Flags [P.], cksum 0x0f64 (correct), seq 195:270, ack 174, win 16384, length 75 +21:48:05.911881 IP (tos 0x0, ttl 60, id 440, offset 0, flags [none], proto TCP (6), length 115) + 10.0.2.55.1025 > 10.0.2.1.445: Flags [P.], cksum 0x8de9 (correct), seq 195:270, ack 174, win 16384, length 75 SMB PACKET: SMBtconX (REQUEST) SMB Command = 0x75 Error class = 0x0 @@ -196,7 +196,7 @@ Flags1 = 0x8 Flags2 = 0x1 Tree ID = 0 (0x0) Proc ID = 57005 (0xdead) -UID = 0 (0x0) +UID = 100 (0x64) MID = 1 (0x1) Word Count = 4 (0x4) Com2=0xFF @@ -210,40 +210,47 @@ smb_buf[]= [010] 46 49 4C 45 53 00 3F 3F 3F 3F 3F 00 FILES\0x00?? ???\0x00 - 0x0000: 4500 0073 01b7 0000 3c06 6497 0a00 0237 E..s....<.d....7 - 0x0010: 0a00 0201 0401 01bd 0c1f 2b79 095e de93 ..........+y.^.. - 0x0020: 5018 4000 0f64 0000 0000 0047 ff53 4d42 P.@..d.....G.SMB + 0x0000: 4500 0073 01b8 0000 3c06 6496 0a00 0237 E..s....<.d....7 + 0x0010: 0a00 0201 0401 01bd 0d1b 0d96 269b fbb7 ............&... + 0x0020: 5018 4000 8de9 0000 0000 0047 ff53 4d42 P.@........G.SMB 0x0030: 7500 0000 0008 0100 0000 0000 0000 0000 u............... - 0x0040: 0000 0000 0000 adde 0000 0100 04ff 0000 ................ + 0x0040: 0000 0000 0000 adde 6400 0100 04ff 0000 ........d....... 0x0050: 0000 0001 001c 0000 5c5c 4c49 5649 4e47 ........\\LIVING 0x0060: 524f 4f4d 5c47 5346 494c 4553 003f 3f3f ROOM\GSFILES.??? 0x0070: 3f3f 00 ??. -20:52:35.982509 IP (tos 0x0, ttl 64, id 42162, offset 0, flags [DF], proto TCP (6), length 79) - 10.0.2.1.445 > 10.0.2.55.1025: Flags [P.], cksum 0x00a0 (correct), seq 174:213, ack 270, win 15544, length 39 +21:48:05.932366 IP (tos 0x0, ttl 64, id 29955, offset 0, flags [DF], proto TCP (6), length 93) + 10.0.2.1.445 > 10.0.2.55.1025: Flags [P.], cksum 0x6b3b (correct), seq 174:227, ack 270, win 15544, length 53 SMB PACKET: SMBtconX (REPLY) SMB Command = 0x75 -Error class = 0x22 -Error code = 49152 (0xc000) +Error class = 0x0 +Error code = 0 (0x0) Flags1 = 0x88 Flags2 = 0x3 -Tree ID = 0 (0x0) +Tree ID = 1 (0x1) Proc ID = 57005 (0xdead) -UID = 0 (0x0) +UID = 100 (0x64) MID = 1 (0x1) -Word Count = 0 (0x0) -NTError = STATUS_ACCESS_DENIED -smb_bcc=0 +Word Count = 3 (0x3) +Com2=0xFF +Off2=0 (0x0) +Data: (2 bytes) +[000] 01 00 \0x01\0x00 +smb_bcc=8 +ServiceType=A: +Data: (5 bytes) +[000] 4E 54 46 53 00 NTFS\0x00 - 0x0000: 4500 004f a4b2 4000 4006 7dbf 0a00 0201 E..O..@.@.}..... - 0x0010: 0a00 0237 01bd 0401 095e de93 0c1f 2bc4 ...7.....^....+. - 0x0020: 5018 3cb8 00a0 0000 0000 0023 ff53 4d42 P.<........#.SMB - 0x0030: 7522 0000 c088 0340 0000 0000 0000 0000 u".....@........ - 0x0040: 0000 0000 0000 adde 0000 0100 0000 00 ............... + 0x0000: 4500 005d 7503 4000 4006 ad60 0a00 0201 E..]u.@.@..`.... + 0x0010: 0a00 0237 01bd 0401 269b fbb7 0d1b 0de1 ...7....&....... + 0x0020: 5018 3cb8 6b3b 0000 0000 0031 ff53 4d42 P.<.k;.....1.SMB + 0x0030: 7500 0000 0088 0340 0000 0000 0000 0000 u......@........ + 0x0040: 0000 0000 0100 adde 6400 0100 03ff 0000 ........d....... + 0x0050: 0001 0008 0041 3a00 4e54 4653 00 .....A:.NTFS. -20:52:36.032426 IP (tos 0x0, ttl 60, id 440, offset 0, flags [none], proto TCP (6), length 40) - 10.0.2.55.1025 > 10.0.2.1.445: Flags [.], cksum 0x31e3 (correct), seq 270, ack 213, win 16384, length 0 - 0x0000: 4500 0028 01b8 0000 3c06 64e1 0a00 0237 E..(....<.d....7 - 0x0010: 0a00 0201 0401 01bd 0c1f 2bc4 095e deba ..........+..^.. - 0x0020: 5010 4000 31e3 0000 0000 0000 0000 P.@.1......... +21:48:05.982835 IP (tos 0x0, ttl 60, id 441, offset 0, flags [none], proto TCP (6), length 40) + 10.0.2.55.1025 > 10.0.2.1.445: Flags [.], cksum 0x145b (correct), seq 270, ack 227, win 16384, length 0 + 0x0000: 4500 0028 01b9 0000 3c06 64e0 0a00 0237 E..(....<.d....7 + 0x0010: 0a00 0201 0401 01bd 0d1b 0de1 269b fbec ............&... + 0x0020: 5010 4000 145b 0000 0000 0000 0000 P.@..[........ diff --git a/src/SMBDEMO.S b/src/SMBDEMO.S index 396c488..97c8d14 100644 --- a/src/SMBDEMO.S +++ b/src/SMBDEMO.S @@ -7,7 +7,7 @@ * Saturday, May 2, 2015 - Formatting fixes, refactoring, rewritten SMB Negotiation code * Saturday, May 9, 2015 - Receive and interpret NEG_PROT reply and start login * Sunday, May 24, 2015 - Some bugfixes, Tool128 and Tool129 requirement for hashing and DES, LM password hashing support -* Also introducing SMB_Tree_ANDX message +* Also introducing successful SMB_Tree_ANDX message. We connect to remote shares now. * * REFERENCES * smb.c / smb.h from libOGC @@ -719,7 +719,7 @@ sendloop4 PushWord #0000 jmp CTSClose3 noevent5 PushLong MySMBHandle - jsr SMB_Setup_Poll + jsr SMB_TreeX_Poll pla bcc sendloop4 @@ -1254,7 +1254,7 @@ dialect_done sta SMB_staging+SMB_header_size+3,x ; do write the trailing zero * SMB_Negotiate_Poll - Call me until I tell you to stop, to receive and complete SMB negotiation * Arguments: -* SMB session handle (two words, on stock) +* SMB session handle (two words, on stack) * Things I return on stack: * Negotiation status (word) * $0000 - Negotiation proceeding @@ -1674,7 +1674,7 @@ SMB_LM_Response * SMB_Setup_Poll - Call me until I tell you to stop, to receive and complete SMB setup * Arguments: -* SMB session handle (two words, on stock) +* SMB session handle (two words, on stack) * Things I return on stack: * Setup status (word) * $0000 - Setup proceeding @@ -1726,6 +1726,17 @@ SMB_Setup_Poll sf_trampoline jmp setup_failed sp_trampoline jmp setup_proceeding sft_far + lda SMB_input+SMB_offset_cmd + cmp #SMB_setup_ANDX + bne sp_trampoline ; punt if not setup_ANDX reply + + lda SMB_input+SMB_offset_eclass + cmp #0000 + bne sf_trampoline ; they returned an error, kbye + + lda SMB_input+SMB_offset_uid + ldy #SMB_sess_uid-SMB_sess_begin + sta [SMB_sessid],y ; save returned UID * TODO save far end's OS, Lan Manager, and Workgroup? @@ -1748,7 +1759,6 @@ setup_proceeding clc rts - * * SMB_TreeAndX - Connect to the remote share * Arguments: @@ -1834,6 +1844,89 @@ SMB_TreeAndX plx ; return address clc rts +* SMB_TreeX_Poll - Call me until I tell you to stop, to receive and complete SMB Tree_ANDX +* Arguments: +* SMB session handle (two words, on stack) +* Things I return on stack: +* Setup status (word) +* $0000 - Setup proceeding +* $0001 - Setup finished +* $0002 - Setup failed +* Carry flag set means you can stop calling me +SMB_TreeX_Poll + plx ; our return address + PullLong SMB_sessid ; your smb sessid + phx + + _TCPIPPoll + + PushWord #0000 ; space for result + ldy #SMB_sess_ipid-SMB_sess_begin + lda [SMB_sessid],y + pha ; push Marinetti IPID for this SMB_sessid + PushLong #statbuf + _TCPIPStatusTCP ; see if marinetti has anything for us + pla + cmp #terrNOCONNECTION + beq tf_trampoline + cmp #terrBADIPID + beq tf_trampoline + lda statbuf+8 ; get recvq size, low word + cmp #0000 ; yeah i know. for clarity. + beq tp_trampoline ; poll us again later, marinetti got nothing + + PushWord #0000 ; space for result + ldy #SMB_sess_ipid-SMB_sess_begin + lda [SMB_sessid],y + pha ; push Marinetti IPID for this SMB_sessid + PushWord #0000 ; bufftype: static pre-allocated buffer + PushLong #SMB_input ; where it's all goin + PushLong #SMB_max_net_read_size + PushLong #readbuf + _TCPIPReadTCP + + pla + cmp #terrNOCONNECTION + beq tf_trampoline + cmp #terrBADIPID + beq tf_trampoline + + jsr _SMB_Check ; do basic check to make sure we received SMB data + bcs tp_trampoline ; if not, wait for them to send again i guess + + bra tft_far +tf_trampoline jmp treex_failed +tp_trampoline jmp treex_proceeding +tft_far + lda SMB_input+SMB_offset_cmd + cmp #SMB_treec_ANDX + bne tp_trampoline ; punt if not setup_ANDX reply + + lda SMB_input+SMB_offset_eclass + cmp #0000 + bne tf_trampoline ; they returned an error, kbye + +* TODO save remote servicetype or filesystem type? + +treex_finished plx ; our return address + PushWord #0001 ; finished! + phx + sec + rts + +treex_failed plx ; our return address + PushWord #0002 ; failure + phx + sec + rts + +treex_proceeding + plx ; our return address + PushWord #0000 ; in progress + phx + clc + rts + * * SMB_OpenFile - Open a file on the remote share * Arguments: diff --git a/src/smbdemo b/src/smbdemo index 6dd76b2bbb0c7135ea31ba3b5b90b100bcf358ec..fb4d20fd1529a8f6e217e26f1bf757d453a136ec 100644 GIT binary patch delta 638 zcmeC$z;tgT6W6^N3}E0tbt0EJlmFC>&fV-xO_L@Iuv;*3P2SAK(b>lMZ}OBr9mWfj z5BB9S?wPFD{|P9fIH8tl#+1nmCdf0DO__Xfg1ArFlo=AKBCR4{7#O~+<^_@~v-yAm z9ty}38?j0BX7Wj7Ix=`z0m18D9X^E%n^h)eF{>e$ts`~a`n0lUpN@PFfu6oo09M=qm?70mFw0Q7Hon*?_;WD#3smw zO^_X%V1oxXQ9W#e`q%_n;ewOdr`%!m*!*M)52L-9poWQOKyX-G+LYM~R;=5y|M=M} z51zgK#>dR2W*rn)Tvgl9vF-GOuN++RCZ2J{dyhWnW)+f9&@iyDb#(FY-mEn3IHTE- tNxXbt89$twqy?hxPErCvPe|Rdc%Qc>LZ&uMIzx>Mk_}~E7z?rx(r`97``wvDELf42(rKhCksvy z(MFbHgi9f*XM+n)4wxbmimbi?E`_9C51XJqHbGXn;N+cC?l4+!o;H<-(MVKK!^ATn zxTd*d!n8Td*Kgf(;@s7HuitU9Na{I9