Posted to tcl by mjanssen at Tue Oct 02 16:14:16 GMT 2007view pretty
# the following proc decodes NTLM messages to aid in debugging
proc ntlm_decode {buffer} {
dict set dec signature [string range $buffer 0 7]
binary scan [string range $buffer 8 11] iu type
dict set dec type $type
switch -- $type {
1 {
binary scan [string range $buffer 12 15] iu flags
}
2 {
binary scan [string range $buffer 20 23] iu flags
}
3 {
binary scan [string range $buffer 60 63] iu flags
}
}
foreach {value flag} {
0x1 {Negotiate Unicode}
0x2 {Negotiate OEM}
0x4 {Request Target}
0x8 {Unknown 0x8}
0x10 {Negotiate Sign}
0x20 {Negotiate Seal}
0x40 {Negotiate Datagram Style}
0x80 {Negotiate Lan Manager Key}
0x100 {Negotiate Netware}
0x200 {Negotiate NTLM}
0x400 {Unknown 0x400}
0x800 {Negotiate Anonymous}
0x1000 {Negotiate Domain Supplied}
0x2000 {Negotiate Workstation Supplied}
0x4000 {Negotiate Local Call}
0x8000 {Negotiate Always Sign}
0x10000 {Target Type Domain}
0x20000 {Target Type Server}
0x40000 {Target Type Share}
0x80000 {Negotiate NTLM2 Key}
0x100000 {Request Init Response}
0x200000 {Request Accept Response}
0x400000 {Request Non-NT Session Key}
0x800000 {Negotiate Target Info}
0x1000000 {Unknown 0x1000000}
0x2000000 {Unknown 0x2000000}
0x4000000 {Unknown 0x4000000}
0x8000000 {Unknown 0x8000000}
0x10000000 {Unknown 0x10000000}
0x20000000 {Negotiate 128}
0x40000000 {Negotiate Key Exchange}
0x80000000 {Negotiate 56}
} {
if {$flags & $value} {
dict lappend dec flags $flag
}
}
return $dec
}