Update and small bug fix in MachineKeySessionSecurityTokenHandlerPlugin

SHA1 -> HMACSHA1 for MachineKeySessionSecurityTokenHandlerPlugin
pwntester · Dec 23, 2024 · f67ebeb · f67ebeb
1 parent 7b7838b
commit f67ebeb
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 29 deletions.
diff --git a/ysoserial/Helpers/MachineKeyHelper.cs b/ysoserial/Helpers/MachineKeyHelper.cs
@@ -170,7 +170,7 @@ public static byte[] Unprotect(byte[] protectedData, string validationKey, strin
             }
 
             [MethodImpl(MethodImplOptions.NoOptimization)]
-            private static bool BuffersAreEqual(byte[] buffer1, int buffer1Offset, int buffer1Count, byte[] buffer2, int buffer2Offset, int buffer2Count)
+            public static bool BuffersAreEqual(byte[] buffer1, int buffer1Offset, int buffer1Count, byte[] buffer2, int buffer2Offset, int buffer2Count)
             {
                 bool success = (buffer1Count == buffer2Count); // can't possibly be successful if the buffers are of different lengths
                 for (int i = 0; i < buffer1Count; i++)
@@ -180,7 +180,7 @@ private static bool BuffersAreEqual(byte[] buffer1, int buffer1Offset, int buffe
                 return success;
             }
 
-            private static class SP800_108
+            public static class SP800_108
             {
                 public static byte[] DeriveKey(byte[] keyDerivationKey, string primaryPurpose, params string[] specificPurposes)
                 {
@@ -195,7 +195,7 @@ public static byte[] DeriveKey(byte[] keyDerivationKey, string primaryPurpose, p
                     }
                 }
 
-                private static byte[] DeriveKeyImpl(HMAC hmac, byte[] label, byte[] context, int keyLengthInBits)
+                public static byte[] DeriveKeyImpl(HMAC hmac, byte[] label, byte[] context, int keyLengthInBits)
                 {
                     checked
                     {
@@ -234,7 +234,7 @@ private static byte[] DeriveKeyImpl(HMAC hmac, byte[] label, byte[] context, int
                     }
                 }
 
-                private static void WriteUInt32ToByteArrayBigEndian(uint value, byte[] buffer, int offset)
+                public static void WriteUInt32ToByteArrayBigEndian(uint value, byte[] buffer, int offset)
                 {
                     buffer[offset + 0] = (byte)(value >> 24);
                     buffer[offset + 1] = (byte)(value >> 16);
@@ -244,7 +244,7 @@ private static void WriteUInt32ToByteArrayBigEndian(uint value, byte[] buffer, i
 
             }
 
-            private static void GetKeyDerivationParameters(out byte[] label, out byte[] context, string primaryPurpose, params string[] specificPurposes)
+            public static void GetKeyDerivationParameters(out byte[] label, out byte[] context, string primaryPurpose, params string[] specificPurposes)
             {
                 label = SecureUTF8Encoding.GetBytes(primaryPurpose);
 
@@ -259,7 +259,7 @@ private static void GetKeyDerivationParameters(out byte[] label, out byte[] cont
                 }
             }
 
-            private static byte[] HexToBinary(string data)
+            public static byte[] HexToBinary(string data)
             {
                 if (data == null || data.Length % 2 != 0)
                 {

diff --git a/ysoserial/Plugins/MachineKeySessionSecurityTokenHandlerPlugin.cs b/ysoserial/Plugins/MachineKeySessionSecurityTokenHandlerPlugin.cs
@@ -114,6 +114,10 @@ public object Run(string[] args)
                 System.Environment.Exit(-1);
             }
 
+            if (validationAlg.ToUpper().Equals("SHA1"))
+            {
+                validationAlg = "HMACSHA1"; // MachineKeySessionSecurityTokenHandler uses HMACSHA1 instead of SHA1
+            }
 
             byte[] serializedData = (byte[])new TextFormattingRunPropertiesGenerator().GenerateWithNoTest("BinaryFormatter", inputArgs);
             DeflateCookieTransform myDeflateCookieTransform = new DeflateCookieTransform();

diff --git a/ysoserial/packages.config b/ysoserial/packages.config
@@ -7,19 +7,19 @@
   <package id="FsPickler.Json" version="4.6" targetFramework="net452" />
   <package id="MessagePack" version="2.5.94" targetFramework="net472" />
   <package id="MessagePack.Annotations" version="2.5.94" targetFramework="net472" />
-  <package id="Microsoft.Bcl.AsyncInterfaces" version="6.0.0" targetFramework="net472" />
+  <package id="Microsoft.Bcl.AsyncInterfaces" version="9.0.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel" version="7.0.0" targetFramework="net452" />
-  <package id="Microsoft.NET.StringTools" version="17.4.0" targetFramework="net472" />
+  <package id="Microsoft.NET.StringTools" version="17.12.6" targetFramework="net472" />
   <package id="NDesk.Options" version="0.2.1" targetFramework="net472" />
   <package id="Newtonsoft.Json" version="12.0.3" targetFramework="net452" />
   <package id="SharpSerializer" version="3.0.1" targetFramework="net452" />
-  <package id="System.Buffers" version="4.5.1" targetFramework="net472" />
-  <package id="System.Collections.Immutable" version="6.0.0" targetFramework="net472" />
-  <package id="System.Memory" version="4.5.5" targetFramework="net472" />
-  <package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net472" />
+  <package id="System.Buffers" version="4.6.0" targetFramework="net472" />
+  <package id="System.Collections.Immutable" version="9.0.0" targetFramework="net472" />
+  <package id="System.Memory" version="4.6.0" targetFramework="net472" />
+  <package id="System.Numerics.Vectors" version="4.6.0" targetFramework="net472" />
   <package id="System.Reflection.Emit" version="4.7.0" targetFramework="net472" />
   <package id="System.Reflection.Emit.Lightweight" version="4.7.0" targetFramework="net472" />
-  <package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" targetFramework="net472" />
-  <package id="System.Threading.Tasks.Extensions" version="4.5.4" targetFramework="net472" />
+  <package id="System.Runtime.CompilerServices.Unsafe" version="6.1.0" targetFramework="net472" />
+  <package id="System.Threading.Tasks.Extensions" version="4.6.0" targetFramework="net472" />
   <package id="YamlDotNet" version="4.3.2" targetFramework="net452" />
 </packages>
diff --git a/ysoserial/ysoserial.csproj b/ysoserial/ysoserial.csproj
@@ -117,15 +117,15 @@
     <Reference Include="MessagePack.Annotations, Version=2.5.0.0, Culture=neutral, PublicKeyToken=b4a0369545f0a1be, processorArchitecture=MSIL">
       <HintPath>..\packages\MessagePack.Annotations.2.5.94\lib\netstandard2.0\MessagePack.Annotations.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.6.0.0\lib\net461\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
+    <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.9.0.0\lib\net462\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
     </Reference>
     <Reference Include="microsoft.identitymodel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.IdentityModel.7.0.0\lib\net35\microsoft.identitymodel.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.NET.StringTools, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.NET.StringTools.17.4.0\lib\net472\Microsoft.NET.StringTools.dll</HintPath>
+      <HintPath>..\packages\Microsoft.NET.StringTools.17.12.6\lib\net472\Microsoft.NET.StringTools.dll</HintPath>
     </Reference>
     <Reference Include="NDesk.Options, Version=0.2.1.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\packages\NDesk.Options.0.2.1\lib\NDesk.Options.dll</HintPath>
@@ -138,11 +138,11 @@
     </Reference>
     <Reference Include="PresentationFramework" />
     <Reference Include="System" />
-    <Reference Include="System.Buffers, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Buffers.4.5.1\lib\net461\System.Buffers.dll</HintPath>
+    <Reference Include="System.Buffers, Version=4.0.4.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Buffers.4.6.0\lib\net462\System.Buffers.dll</HintPath>
     </Reference>
-    <Reference Include="System.Collections.Immutable, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Collections.Immutable.6.0.0\lib\net461\System.Collections.Immutable.dll</HintPath>
+    <Reference Include="System.Collections.Immutable, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Collections.Immutable.9.0.0\lib\net462\System.Collections.Immutable.dll</HintPath>
     </Reference>
     <Reference Include="System.configuration" />
     <Reference Include="System.Core" />
@@ -158,21 +158,21 @@
     <Reference Include="System.IdentityModel.Services">
       <Private>False</Private>
     </Reference>
-    <Reference Include="System.Memory, Version=4.0.1.2, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Memory.4.5.5\lib\net461\System.Memory.dll</HintPath>
+    <Reference Include="System.Memory, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Memory.4.6.0\lib\net462\System.Memory.dll</HintPath>
     </Reference>
     <Reference Include="System.Numerics" />
-    <Reference Include="System.Numerics.Vectors, Version=4.1.4.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Numerics.Vectors.4.5.0\lib\net46\System.Numerics.Vectors.dll</HintPath>
+    <Reference Include="System.Numerics.Vectors, Version=4.1.5.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Numerics.Vectors.4.6.0\lib\net462\System.Numerics.Vectors.dll</HintPath>
     </Reference>
-    <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.6.0.0\lib\net461\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
+    <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=6.0.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.6.1.0\lib\net462\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
     </Reference>
     <Reference Include="System.Runtime.Remoting" />
     <Reference Include="System.Runtime.Serialization" />
     <Reference Include="System.Runtime.Serialization.Formatters.Soap" />
-    <Reference Include="System.Threading.Tasks.Extensions, Version=4.2.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Threading.Tasks.Extensions.4.5.4\lib\net461\System.Threading.Tasks.Extensions.dll</HintPath>
+    <Reference Include="System.Threading.Tasks.Extensions, Version=4.2.1.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Threading.Tasks.Extensions.4.6.0\lib\net462\System.Threading.Tasks.Extensions.dll</HintPath>
     </Reference>
     <Reference Include="System.Transactions" />
     <Reference Include="System.Web" />