Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PyRDP hangs when downloading a file of 108 bytes on the client's shared drive #139

Closed
Pourliver opened this issue Jul 29, 2019 · 6 comments · Fixed by #422
Closed

PyRDP hangs when downloading a file of 108 bytes on the client's shared drive #139

Pourliver opened this issue Jul 29, 2019 · 6 comments · Fixed by #422
Labels
bug Something isn't working

Comments

@Pourliver
Copy link
Contributor

Weird enough, the player hangs when trying to download a file of 108 bytes. Tested with a Windows 10 client. I can add more detail if needed, but I don't really know what would help with this issue.

@Pourliver Pourliver added the bug Something isn't working label Jul 29, 2019
@Pourliver
Copy link
Contributor Author

The maximum "payload" size that the client can send is 2^14, so 16384. I scripted the creation of these files, and tried to download them all.

The only one that hanged was 108 bytes, and every other N * 2^14 + 108.

@Pourliver Pourliver changed the title The pyrdp-player hangs when downloading a file of 108 bytes on the client PyRDP hangs when downloading a file of 108 bytes on the client's shared drive Aug 14, 2019
@alxbl
Copy link
Collaborator

alxbl commented Aug 6, 2020

This is still reproducible. There's a lot of noise on the device redirection channel, so it's very hard to track what is happening to compare working transfers with non-working transfers. We'll need to add some debug code to help investigate this.

So far I compared two files (one working, one not) and I noticed that the transfer hangs on/after an IORequest from the client to MJ_READ the file descriptor. The working file doesn't have a single READ call, so I'm thinking this might be related, but will need to find time to dig deeper...

@alxbl
Copy link
Collaborator

alxbl commented Aug 18, 2020

NOTE: While we instrument this, we should address #222 since it's located in the same code area, and maybe shed some light on this.

@obilodeau
Copy link
Collaborator

2022-11-15_15-06

Managed to fix this at the same time of another issue.

obilodeau added a commit that referenced this issue Nov 15, 2022
Specifc file transfers would hang. A minimal reproducer was hard to create. It turns out that the issue was in the encapsulation of the TLSSecurityLayer. If a virtual channel packet at a specific length (0x80), it would confuse the next layer into thinking it was the Security Header's licensing bytes causing the payload to be skipped from its usual processing.

See the recv() method of the TLSSecurityLayer class in `pyrdp/layer/rdp/security.py`.

Turns out that the security layer is not required if we are using modern RDP access mechanisms (anything more recent than RC4) so we can just remove the layer when the MITM is setup.

This fix happens to fix #139 as well.
@Res260
Copy link
Collaborator

Res260 commented Nov 15, 2022

My brother in christ I'm so sad I cant have closure on this bug

@Res260
Copy link
Collaborator

Res260 commented Nov 15, 2022

Wait i didnt read properly i'm glad to have closure on this bug* 😂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants