[cifs-protocol] [EXTERNAL] [MS-OAPXBC] Incorrect session key instructions

David Mulder dmulder at samba.org
Thu Jan 25 17:40:53 UTC 2024


On 1/25/24 10:32 AM, Sreekanth Nadendla wrote:
> Hello David, I was under the impression that the decoded part being 
> still encrypted will have varying size (actually depends on the key 
> size of the RSA algorithm) and actual problem lies with data supplied 
> or decrypting process. Please stand by while I look into potential 
> ways of tracing server-side logic. I'll contact you as soon as I have 
> something.
>
> Alternatively, if there is a way for you to send me the powershell 
> code you are using to see how our server is sending the CEK, I can run 
> it at my end and look at the byte sequences, step through assuming 
> it's not a complicated setup.

That's easy enough. Just follow this blog post:

https://aadinternals.com/post/prt/#creating-your-own-prt

You just need the AADInternals powershell module.


The author of the module is a MS employee: Dr. Nestori Syynimaa. So he 
might be able to assist you.

I have not been able to reproduce the error from Windows, however. 
Something about the request is different enough that the server is 
responding correctly on a Windows machine.

-- 
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240125/1d54c168/attachment.htm>


More information about the cifs-protocol mailing list