WIN32 and .NET API for the project

Mar 21, 2008 at 2:23 PM
.Net API

System.Runtime.Remoting.SoapServices // Soap envelope interpretation
System.Security.Cryptography //decoding certificat and user password

COM Object
MSTSCLib //Connecting RDP and create the virtual channel for geting/setting the media stream setup :: c:\windows\system32\mstscax.dll

Mar 22, 2008 at 6:40 PM
You mentioned that the "HostConfirmAuthenticator" message which the host sends should be encrypted with the device cert and sent back as DeviceConfirmAuthenticator. HostConfirmAuthenticator is base64 encoded and when I decode I get a bunch of gibberish, e.g. "�J'�5R���_��W��". I can't decrypt it as initially at the CertExchange the host has only exchanged their cert, with their public key. So I imagine we need to encrypt the gibberish with the device cert, base64 encode, send it back with the device cert which will allow the host to verify. What sort of encryption I'm I using? Both certs only have a public key each, do I use the host's public key as the public key and the device's public as the private? Or are they even using public key crypto at this point?

Mar 23, 2008 at 12:32 AM
Tue at 10:50 AM
Server second Post

<?xml version="1.0" ?>
- <SOAP-ENV:Envelope xmlns:SOAP-ENV="" SOAP-ENV:encodingStyle="">
- <SOAP-ENV:Body>
- <m:Commit xmlns:m="urn:schemas-microsoft-com:service:mstrustagreement:1">
<HostID xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">uuid:2e11b415-8119-4cae-8f0e-b3d47f7acc24</HostID>
<Iteration xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui1">1</Iteration>
<HostValidateAuthenticator xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">lpuHSCSWGT652szy6f1+NRNjY1I=</HostValidateAuthenticator>

This is encrypted with the device certificate

Tue at 11:00 AM
Device Second Post

- <s:Envelope xmlns:s="" s:encodingStyle="">
- <s:Body>
- <u:CommitResponse xmlns:u="urn:schemas-microsoft-com:service:mstrustagreement:1">

this is encryted with the host certificate

Exactly the host send only his public key the device send only his public key .. for simulation is imperative to create a new certificate and trying to initiate the exchange. because is not possible to decrypt easly the validation without the private key.

Presently the projet only publish on UPNP a new extender device for vista. vista detect the new extender but no pairig occurt...
the next step is generate a new certificate this new certificate act as Device certificate. after thats the second post from server can be decrypted be your own certificate.

Mar 23, 2008 at 1:05 PM
Edited Mar 23, 2008 at 1:33 PM
Mar 23, 2008 at 1:12 PM
Edited Mar 23, 2008 at 1:47 PM
Here are the procs for the core key exchange procedure:

// Server Post #1
public void TrustAgreementService_Exchange(System.String HostID, System.String HostCertificate, System.Byte IterationsRequired, System.String HostConfirmAuthenticator, out System.String DeviceID, out System.String DeviceCertificate, out System.String DeviceConfirmAuthenticator)
Console.WriteLine("TrustAgreementService_Exchange(" + HostID.ToString() + HostCertificate.ToString() + IterationsRequired.ToString() + HostConfirmAuthenticator.ToString() + ")");

// Server Post #2, #4, #6
public void TrustAgreementService_Commit(System.String HostID, System.Byte Iteration, System.String HostValidateAuthenticator, out System.String DeviceValidateAuthenticator)
Console.WriteLine("TrustAgreementService_Commit(" + HostID.ToString() + Iteration.ToString() + HostValidateAuthenticator.ToString() + ")");

// Server Message #3, #5
public void TrustAgreementService_Validate(System.String HostID, System.Byte Iteration, System.String HostValidateNonce, out System.String DeviceValidateNonce)
Console.WriteLine("TrustAgreementService_Validate(" + HostID.ToString() + Iteration.ToString() + HostValidateNonce.ToString() + ")");

When I inititate the extender pair procedure through Media Center, the the following procedures are called in this order:

TrustAgreementService_Exchange(uuid:long number...)

I'm concerned by the first server post, the "HostConfirmAuthenticator" message and the subsquent "DeviceConfirmAuthenticator". You said the next "HostValidateAuthenticator" message in the next server message is encrypted with the device cert, that's fair enough as we've exchaned the device at that part. What is HostConfirmAuth and DeviceConfirmAuth? You said in the other thread, "the other message is for validate the encryption key the server send and client reply by the same message but encrypted with her own cert". Sorry if I'm asking again but what are the keys to use if DeviceConfirmAuth is indeed an encryption of the HostConfirmAuth with the device cert?

Would you mind clarifying what you meant by "the 2 first message is the key exchange host en device send a base64 certificat public key."?

Mar 23, 2008 at 3:33 PM
i think during the first post the server post HostCertificate ... the fisrt HostConfirmAuthenticator is only a garbage for validating the host certificate the device decode the garbage base 64 encrypte message with the host cretificate and send in base 64 in the DeviceConfirmAuthenticator

this field as only one utility validate the message iif the message has not been altered by other source.
Afther thats the server and device begin iteration chalenge for signature .. use to encrypt the user password. this is the same algorytme form windowx XP passwqord encryption.

anothe hypothese is the first HostConfirmAuthenticator is the first signature hash for beginig the password decryption at the iteration 1.

Mar 23, 2008 at 3:40 PM
monday i make some more test... is formel the first message is use to send the hoscertificate and the first for the device is to send the device certificate.
the best way is realy build his own certificate and make some try with the first pâiring message.
Mar 23, 2008 at 4:28 PM
Thanks for the reply. If the decoded garbage is encrypted with the host certificate what will be the private/public keys? I don't believe both certificates have a specific private key, meaning would the host cert's public key be used as the public key and the device's public key used as the private key for the RSA Public Key Crypto?

Mar 23, 2008 at 4:35 PM
Edited Mar 23, 2008 at 4:38 PM

Have you personally tried running the current SoftSled and getting MC to start the key pair procedure? If not I'll explain.

You firstly want to really set break points on the Extender.cs MSTA procs for the UpNp services so you can have an idea what is going on. Start the MCX SOAP broadcating by hitting the "Start" button and Media Centre should pop-up a notification about a new extender. You'll need to go to the Extender management page in MC (Settings->Extender) and copy the part aftcode key which is visible next to the extender, should be in the format ***-xxx. (wiki format problem, 4 masked digits followed by 3 clear digits and another masked digit) Select the extender to start the setup procedure and for the setup key enter 1234-xxx (the visible digits which you got previously) and you'll need to guess the last digit. Bigtail worked out rougly the best way to guess one, I've just been going from 0-9 till it accepts the key. The extender setup procedure will spin up and the _Exchange method in Extender.cs should fire first, then another and then MCX setup will bomb-out with an error about handling certificates.