EverydayTech Platform - Developer Reference
Complete Source Code Documentation - All Applications
Loading...
Searching...
No Matches
amt-redir-duk.js
Go to the documentation of this file.
1/**
2* @description Intel AMT Redirection Transport Module - using Node
3* @author Ylian Saint-Hilaire
4* @version v0.0.1f
5*/
6
7// Construct a MeshServer object
8module.exports = function CreateAmtRedirect(module) {
9 var obj = {};
10 obj.m = module; // This is the inner module (Terminal or Desktop)
11 module.parent = obj;
12 obj.State = 0;
13 obj.net = require('net');
14 obj.tls = require('tls');
15 obj.socket = null;
16 obj.host = null;
17 obj.port = 0;
18 obj.user = null;
19 obj.pass = null;
20 obj.connectstate = 0;
21 obj.protocol = module.protocol; // 1 = SOL, 2 = KVM, 3 = IDER
22 obj.xtlsoptions = null;
23
24 obj.amtaccumulator = Buffer.alloc(0);
25 obj.amtsequence = 1;
26 obj.amtkeepalivetimer = null;
27 obj.authuri = '/RedirectionService';
28 obj.digestRealmMatch = null;
29
30 obj.onStateChanged = null;
31
32 // Private method
33 obj.Debug = function (msg) { console.log(msg); }
34 var urlvars = null;
35
36 obj.Start = function (host, port, user, pass, tls, tlsFingerprint, tlsoptions) {
37 obj.host = host;
38 obj.port = port;
39 obj.user = user;
40 obj.pass = pass;
41 obj.xtls = tls;
42 obj.xtlsoptions = tlsoptions;
43 obj.xtlsFingerprint = tlsFingerprint;
44 obj.connectstate = 0;
45
46 if (tls == true) {
47 obj.socket = obj.tls.connect({ host: host, port: port, rejectUnauthorized: false, checkServerIdentity: obj.onCheckServerIdentity }, obj.xxOnSocketConnected);
48 } else {
49 obj.socket = obj.net.createConnection({ host: host, port: port }, obj.xxOnSocketConnected);
50 }
51 obj.socket.on('data', obj.xxOnSocketData);
52 obj.socket.on('close', obj.xxOnSocketClosed);
53 obj.socket.on('error', obj.xxOnSocketClosed);
54 obj.xxStateChange(1);
55 }
56
57 // Get the certificate of Intel AMT
58 //obj.getPeerCertificate = function () { if (obj.xtls == true) { return obj.socket.getPeerCertificate(); } return null; }
59
60 obj.onCheckServerIdentity = function (cert) {
61 var f = cert[0].fingerprint.split(':').join('').toLowerCase();
62 if ((obj.xtlsFingerprint != null) && (obj.xtlsFingerprint != f)) {
63 console.log('Invalid TLS Cert, SHA384: ' + f);
64 process.exit(2);
65 return;
66 } else {
67 if (obj.xtlsFingerprint == null) {
68 obj.xtlsFingerprint = f;
69 console.log('TLS Cert SHA384: ' + f);
70 }
71 }
72 }
73
74 obj.xxOnSocketConnected = function () {
75 if (obj.socket == null) return;
76 /*
77 if (obj.xtls == true) {
78 obj.xtlsCertificate = obj.socket.getPeerCertificate();
79 if ((obj.xtlsFingerprint != 0) && (obj.xtlsCertificate.fingerprint.split(':').join('').toLowerCase() != obj.xtlsFingerprint)) { obj.Stop(); return; }
80 }
81 */
82
83 if (urlvars && urlvars['redirtrace']) { console.log('REDIR-CONNECTED'); }
84 //obj.Debug("Socket Connected");
85 obj.xxStateChange(2);
86 if (obj.protocol == 1) obj.xxSend(obj.RedirectStartSol); // TODO: Put these strings in higher level module to tighten code
87 else if (obj.protocol == 2) obj.xxSend(obj.RedirectStartKvm); // Don't need these is the feature if not compiled-in.
88 else if (obj.protocol == 3) obj.xxSend(obj.RedirectStartIder);
89 }
90
91 obj.xxOnSocketData = function (data) {
92 if (!data || obj.connectstate == -1) return;
93 if (urlvars && urlvars['redirtrace']) { console.log('REDIR-RECV(' + data.length + '): ' + data.toString('hex')); }
94 //obj.Debug("Recv(" + data.length + "): " + rstr2hex(data));
95 if ((obj.protocol == 2 || obj.protocol == 3) && obj.connectstate == 1) { return obj.m.ProcessData(data); } // KVM or IDER traffic, forward it directly.
96 obj.amtaccumulator = Buffer.concat([obj.amtaccumulator, data]);
97 //obj.Debug("Recv(" + obj.amtaccumulator.length + "): " + obj.amtaccumulator.toString('hex'));
98
99 while (obj.amtaccumulator.length > 0) {
100 var cmdsize = 0;
101 //console.log('CMD: ' + obj.amtaccumulator[0]);
102 switch (obj.amtaccumulator[0]) {
103 case 0x11: // StartRedirectionSessionReply (17)
104 if (obj.amtaccumulator.length < 4) return;
105 var statuscode = obj.amtaccumulator[1];
106 switch (statuscode) {
107 case 0: // STATUS_SUCCESS
108 if (obj.amtaccumulator.length < 13) return;
109 var oemlen = obj.amtaccumulator[12];
110 if (obj.amtaccumulator.length < 13 + oemlen) return;
111 obj.xxSend(String.fromCharCode(0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00)); // Query authentication support
112 cmdsize = (13 + oemlen);
113 break;
114 default:
115 obj.Stop();
116 break;
117 }
118 break;
119 case 0x14: // AuthenticateSessionReply (20)
120 if (obj.amtaccumulator.length < 9) return;
121 var authDataLen = obj.amtaccumulator.readInt32LE(5);
122 if (obj.amtaccumulator.length < 9 + authDataLen) return;
123 var status = obj.amtaccumulator[1];
124 var authType = obj.amtaccumulator[4];
125 var authData = [];
126 for (i = 0; i < authDataLen; i++) { authData.push(obj.amtaccumulator[9 + i]); }
127 var authDataBuf = obj.amtaccumulator.slice(9, 9 + authDataLen);
128 cmdsize = 9 + authDataLen;
129 if (authType == 0) {
130 // Query
131 if (authData.indexOf(4) >= 0) {
132 // Good Digest Auth (With cnonce and all)
133 obj.xxSend(String.fromCharCode(0x13, 0x00, 0x00, 0x00, 0x04) + IntToStrX(obj.user.length + obj.authuri.length + 8) + String.fromCharCode(obj.user.length) + obj.user + String.fromCharCode(0x00, 0x00) + String.fromCharCode(obj.authuri.length) + obj.authuri + String.fromCharCode(0x00, 0x00, 0x00, 0x00));
134 }
135 /*
136 else if (authData.indexOf(3) >= 0) {
137 // Bad Digest Auth (Not sure why this is supported, cnonce is not used!)
138 obj.xxSend(String.fromCharCode(0x13, 0x00, 0x00, 0x00, 0x03) + IntToStrX(obj.user.length + obj.authuri.length + 7) + String.fromCharCode(obj.user.length) + obj.user + String.fromCharCode(0x00, 0x00) + String.fromCharCode(obj.authuri.length) + obj.authuri + String.fromCharCode(0x00, 0x00, 0x00));
139 }
140 else if (authData.indexOf(1) >= 0) {
141 // Basic Auth (Probably a good idea to not support this unless this is an old version of Intel AMT)
142 obj.xxSend(String.fromCharCode(0x13, 0x00, 0x00, 0x00, 0x01) + IntToStrX(obj.user.length + obj.pass.length + 2) + String.fromCharCode(obj.user.length) + obj.user + String.fromCharCode(obj.pass.length) + obj.pass);
143 }
144 */
145 else obj.Stop();
146 }
147 else if ((authType == 3 || authType == 4) && status == 1) {
148 var curptr = 0;
149
150 // Realm
151 var realmlen = authDataBuf[curptr];
152 var realm = authDataBuf.slice(curptr + 1, curptr + 1 + realmlen).toString();
153 curptr += (realmlen + 1);
154
155 // Check the digest realm. If it does not match, close the connection.
156 if (obj.digestRealmMatch && (obj.digestRealmMatch != realm)) { obj.Stop(); return; }
157
158 // Nonce
159 var noncelen = authDataBuf[curptr];
160 var nonce = authDataBuf.slice(curptr + 1, curptr + 1 + noncelen).toString();
161 curptr += (noncelen + 1);
162
163 // QOP
164 var qoplen = 0;
165 var qop = null;
166 var cnonce = obj.xxRandomValueHex(32);
167 var snc = '00000002';
168 var extra = '';
169 if (authType == 4) {
170 qoplen = authDataBuf[curptr];
171 qop = authDataBuf.slice(curptr + 1, curptr + 1 + qoplen).toString();
172 curptr += (qoplen + 1);
173 extra = snc + ':' + cnonce + ':' + qop + ':';
174 }
175 var digest = hex_md5(hex_md5(obj.user + ':' + realm + ':' + obj.pass) + ':' + nonce + ':' + extra + hex_md5('POST:' + obj.authuri));
176 var totallen = obj.user.length + realm.length + nonce.length + obj.authuri.length + cnonce.length + snc.length + digest.length + 7;
177 if (authType == 4) totallen += (qop.length + 1);
178 var buf = Buffer.concat([new Buffer([0x13, 0x00, 0x00, 0x00, authType]), new Buffer([totallen & 0xFF, (totallen >> 8) & 0xFF, 0x00, 0x00]), new Buffer([obj.user.length]), new Buffer(obj.user), new Buffer([realm.length]), new Buffer(realm), new Buffer([nonce.length]), new Buffer(nonce), new Buffer([obj.authuri.length]), new Buffer(obj.authuri), new Buffer([cnonce.length]), new Buffer(cnonce), new Buffer([snc.length]), new Buffer(snc), new Buffer([digest.length]), new Buffer(digest)]);
179 if (authType == 4) buf = Buffer.concat([buf, new Buffer([qop.length]), new Buffer(qop) ]);
180 obj.xxSend(buf);
181 }
182 else if (status == 0) { // Success
183 if (obj.protocol == 1) {
184 // Serial-over-LAN: Send Intel AMT serial settings...
185 var MaxTxBuffer = 10000;
186 var TxTimeout = 100;
187 var TxOverflowTimeout = 0;
188 var RxTimeout = 10000;
189 var RxFlushTimeout = 100;
190 var Heartbeat = 0;//5000;
191 obj.xxSend(String.fromCharCode(0x20, 0x00, 0x00, 0x00) + ToIntStr(obj.amtsequence++) + ToShortStr(MaxTxBuffer) + ToShortStr(TxTimeout) + ToShortStr(TxOverflowTimeout) + ToShortStr(RxTimeout) + ToShortStr(RxFlushTimeout) + ToShortStr(Heartbeat) + ToIntStr(0));
192 }
193 if (obj.protocol == 2) {
194 // Remote Desktop: Send traffic directly...
195 obj.xxSend(new Buffer([0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]));
196 }
197 if (obj.protocol == 3) {
198 // Remote IDER: Send traffic directly...
199 obj.connectstate = 1;
200 obj.xxStateChange(3);
201 }
202 } else obj.Stop();
203 break;
204 case 0x21: // Response to settings (33)
205 if (obj.amtaccumulator.length < 23) break;
206 cmdsize = 23;
207 obj.xxSend(String.fromCharCode(0x27, 0x00, 0x00, 0x00) + ToIntStr(obj.amtsequence++) + String.fromCharCode(0x00, 0x00, 0x1B, 0x00, 0x00, 0x00));
208 if (obj.protocol == 1) { obj.amtkeepalivetimer = setInterval(obj.xxSendAmtKeepAlive, 2000); }
209 obj.connectstate = 1;
210 obj.xxStateChange(3);
211 break;
212 case 0x29: // Serial Settings (41)
213 if (obj.amtaccumulator.length < 10) break;
214 cmdsize = 10;
215 break;
216 case 0x2A: // Incoming display data (42)
217 if (obj.amtaccumulator.length < 10) break;
218 var cs = (10 + ((obj.amtaccumulator[9] & 0xFF) << 8) + (obj.amtaccumulator[8] & 0xFF));
219 if (obj.amtaccumulator.length < cs) break;
220 obj.m.ProcessData(obj.amtaccumulator.slice(10, cs));
221 cmdsize = cs;
222 break;
223 case 0x2B: // Keep alive message (43)
224 if (obj.amtaccumulator.length < 8) break;
225 cmdsize = 8;
226 break;
227 case 0x41:
228 if (obj.amtaccumulator.length < 8) break;
229 obj.connectstate = 1;
230 obj.m.Start();
231 // KVM traffic, forward rest of accumulator directly.
232 if (obj.amtaccumulator.length > 8) { obj.m.ProcessData(obj.amtaccumulator.substring(8)); }
233 cmdsize = obj.amtaccumulator.length;
234 break;
235 default:
236 console.log('Unknown Intel AMT command: ' + obj.amtaccumulator[0] + ' acclen=' + obj.amtaccumulator.length);
237 obj.Stop();
238 return;
239 }
240 if (cmdsize == 0) return;
241 obj.amtaccumulator = obj.amtaccumulator.slice(cmdsize);
242 }
243 }
244
245 obj.xxSend = function (x) {
246 if (urlvars && urlvars['redirtrace']) { console.log('REDIR-SEND(' + x.length + '): ' + rstr2hex(x)); }
247 //obj.Debug('Send(' + x.length + '): ' + Buffer.from(x, 'binary').toString('hex'));
248 if (typeof x == 'string') { obj.socket.write(Buffer.from(x, 'binary')); } else { obj.socket.write(x); }
249 }
250
251 // Send Serial-over-LAN ASCII characters
252 obj.Send = function (x) {
253 if (obj.socket == null || obj.connectstate != 1) return;
254 if (obj.protocol == 1) { obj.xxSend(String.fromCharCode(0x28, 0x00, 0x00, 0x00) + ToIntStr(obj.amtsequence++) + ToShortStr(x.length) + x); } else { obj.xxSend(x); }
255 }
256
257 obj.xxSendAmtKeepAlive = function () {
258 if (obj.socket == null) return;
259 obj.xxSend(String.fromCharCode(0x2B, 0x00, 0x00, 0x00) + ToIntStr(obj.amtsequence++));
260 }
261
262 // Uses OpenSSL random to generate a hex string
263 obj.xxRandomValueHex = function (len) {
264 var t = [], l = Math.floor(len / 2);
265 for (var i = 0; i < l; i++) { t.push(obj.tls.generateRandomInteger('0', '255')); }
266 return new Buffer(t).toString('hex');
267 }
268
269 obj.xxOnSocketClosed = function () {
270 obj.socket = null;
271 if (urlvars && urlvars['redirtrace']) { console.log('REDIR-CLOSED'); }
272 //obj.Debug('Socket Closed');
273 obj.Stop();
274 }
275
276 obj.xxStateChange = function(newstate) {
277 if (obj.State == newstate) return;
278 obj.State = newstate;
279 obj.m.xxStateChange(obj.State);
280 if (obj.onStateChanged != null) obj.onStateChanged(obj, obj.State);
281 }
282
283 obj.Stop = function () {
284 if (urlvars && urlvars['redirtrace']) { console.log('REDIR-CLOSED'); }
285 //obj.Debug('Socket Stopped');
286 obj.xxStateChange(0);
287 obj.connectstate = -1;
288 obj.amtaccumulator = Buffer.alloc(0);
289 if (obj.socket != null) { obj.socket.destroy(); obj.socket = null; }
290 if (obj.amtkeepalivetimer != null) { clearInterval(obj.amtkeepalivetimer); obj.amtkeepalivetimer = null; }
291 }
292
293 obj.RedirectStartSol = new Buffer([0x10, 0x00, 0x00, 0x00, 0x53, 0x4F, 0x4C, 0x20]);
294 obj.RedirectStartKvm = new Buffer([0x10, 0x01, 0x00, 0x00, 0x4b, 0x56, 0x4d, 0x52]);
295 obj.RedirectStartIder = new Buffer([0x10, 0x00, 0x00, 0x00, 0x49, 0x44, 0x45, 0x52]);
296
297 return obj;
298}
299
300function ToIntStr(v) { return String.fromCharCode((v & 0xFF), ((v >> 8) & 0xFF), ((v >> 16) & 0xFF), ((v >> 24) & 0xFF)); }
301function ToShortStr(v) { return String.fromCharCode((v & 0xFF), ((v >> 8) & 0xFF)); }
302
303function ShortToStr(v) { return String.fromCharCode((v >> 8) & 0xFF, v & 0xFF); }
304function ShortToStrX(v) { return String.fromCharCode(v & 0xFF, (v >> 8) & 0xFF); }
305function IntToStr(v) { return String.fromCharCode((v >> 24) & 0xFF, (v >> 16) & 0xFF, (v >> 8) & 0xFF, v & 0xFF); }
306function IntToStrX(v) { return String.fromCharCode(v & 0xFF, (v >> 8) & 0xFF, (v >> 16) & 0xFF, (v >> 24) & 0xFF); }
307
308var md5hasher = require('MD5Stream').create();
309function hex_md5(a) { return md5hasher.syncHash(a).toString('hex').toLowerCase(); }