Posted to tcl by mjanssen at Tue Oct 02 16:14:16 GMT 2007view pretty
# the following proc decodes NTLM messages to aid in debugging proc ntlm_decode {buffer} { dict set dec signature [string range $buffer 0 7] binary scan [string range $buffer 8 11] iu type dict set dec type $type switch -- $type { 1 { binary scan [string range $buffer 12 15] iu flags } 2 { binary scan [string range $buffer 20 23] iu flags } 3 { binary scan [string range $buffer 60 63] iu flags } } foreach {value flag} { 0x1 {Negotiate Unicode} 0x2 {Negotiate OEM} 0x4 {Request Target} 0x8 {Unknown 0x8} 0x10 {Negotiate Sign} 0x20 {Negotiate Seal} 0x40 {Negotiate Datagram Style} 0x80 {Negotiate Lan Manager Key} 0x100 {Negotiate Netware} 0x200 {Negotiate NTLM} 0x400 {Unknown 0x400} 0x800 {Negotiate Anonymous} 0x1000 {Negotiate Domain Supplied} 0x2000 {Negotiate Workstation Supplied} 0x4000 {Negotiate Local Call} 0x8000 {Negotiate Always Sign} 0x10000 {Target Type Domain} 0x20000 {Target Type Server} 0x40000 {Target Type Share} 0x80000 {Negotiate NTLM2 Key} 0x100000 {Request Init Response} 0x200000 {Request Accept Response} 0x400000 {Request Non-NT Session Key} 0x800000 {Negotiate Target Info} 0x1000000 {Unknown 0x1000000} 0x2000000 {Unknown 0x2000000} 0x4000000 {Unknown 0x4000000} 0x8000000 {Unknown 0x8000000} 0x10000000 {Unknown 0x10000000} 0x20000000 {Negotiate 128} 0x40000000 {Negotiate Key Exchange} 0x80000000 {Negotiate 56} } { if {$flags & $value} { dict lappend dec flags $flag } } return $dec }