Posted to tcl by mjanssen at Tue Oct 02 16:14:16 GMT 2007view raw

  1. # the following proc decodes NTLM messages to aid in debugging
  2.  
  3. proc ntlm_decode {buffer} {
  4. dict set dec signature [string range $buffer 0 7]
  5. binary scan [string range $buffer 8 11] iu type
  6. dict set dec type $type
  7. switch -- $type {
  8. 1 {
  9. binary scan [string range $buffer 12 15] iu flags
  10. }
  11. 2 {
  12. binary scan [string range $buffer 20 23] iu flags
  13. }
  14. 3 {
  15. binary scan [string range $buffer 60 63] iu flags
  16. }
  17. }
  18. foreach {value flag} {
  19. 0x1 {Negotiate Unicode}
  20. 0x2 {Negotiate OEM}
  21. 0x4 {Request Target}
  22. 0x8 {Unknown 0x8}
  23. 0x10 {Negotiate Sign}
  24. 0x20 {Negotiate Seal}
  25. 0x40 {Negotiate Datagram Style}
  26. 0x80 {Negotiate Lan Manager Key}
  27. 0x100 {Negotiate Netware}
  28. 0x200 {Negotiate NTLM}
  29. 0x400 {Unknown 0x400}
  30. 0x800 {Negotiate Anonymous}
  31. 0x1000 {Negotiate Domain Supplied}
  32. 0x2000 {Negotiate Workstation Supplied}
  33. 0x4000 {Negotiate Local Call}
  34. 0x8000 {Negotiate Always Sign}
  35. 0x10000 {Target Type Domain}
  36. 0x20000 {Target Type Server}
  37. 0x40000 {Target Type Share}
  38. 0x80000 {Negotiate NTLM2 Key}
  39. 0x100000 {Request Init Response}
  40. 0x200000 {Request Accept Response}
  41. 0x400000 {Request Non-NT Session Key}
  42. 0x800000 {Negotiate Target Info}
  43. 0x1000000 {Unknown 0x1000000}
  44. 0x2000000 {Unknown 0x2000000}
  45. 0x4000000 {Unknown 0x4000000}
  46. 0x8000000 {Unknown 0x8000000}
  47. 0x10000000 {Unknown 0x10000000}
  48. 0x20000000 {Negotiate 128}
  49. 0x40000000 {Negotiate Key Exchange}
  50. 0x80000000 {Negotiate 56}
  51.  
  52. } {
  53.  
  54. if {$flags & $value} {
  55. dict lappend dec flags $flag
  56. }
  57. }
  58.  
  59. return $dec
  60. }