Wireshark-dev: [Wireshark-dev] krb5 dcerpc decryption
From: "Stefan (metze) Metzmacher" <metze@xxxxxxxxx>
Date: Sat, 25 Jul 2009 10:47:34 +0200
Hi Ronnie,

could you please apply this patch
http://gitweb.samba.org/?p=metze/wireshark/wip.git;a=commitdiff;h=d4e3184d5faca653ef053b3469ad3f8ec7605b7e

With that patch decryption of aes encrypted traffic works as long as no
header signing is used.

I tried some hacks to decrypt it when header signing is on
and use a hacked mit krb5 1.6 version loaded with LD_LIBRARY_PATH

See
http://gitweb.samba.org/?p=metze/wireshark/wip.git;a=shortlog;h=refs/heads/ws-metze-gssapi-20090725

I think we should have aes specific decryption code in wireshark like we
have for arcfour in packet-spnego.c.

With this hacks I can decrypt every packet of the attached captures.

BTW: with what commandline do I have to generate pidl dissectors?
     I want to add it for the DFS-R (FrsTransport) Interface.

metze

Attachment: w2k8sp2-216-becomes-w2k8sp2-l3-dc-dfs-r-tests-01-crypt-ldap.pcap
Description: application/cap

Attachment: w2k8sp2-216-becomes-w2k8sp2-l3-dc-dfs-r-tests-01-crypto-part.pcap
Description: application/cap

Attachment: w2k8sp2-216-becomes-w2k8sp2-l3-dc-dfs-r-tests-01-drsuapi-part.pcap
Description: application/cap

Attachment: w2k8sp2-215.keytab
Description: Binary data

Attachment: signature.asc
Description: OpenPGP digital signature