Geek Answers Handbook

Authentication Process in ARD

I am working on a third-party client for Apple Remote Desktop. But I am stuck in the authentication process.

From the Remote Desktop Guide: Authenticating to Customers Apple Remote Desktop uses an authentication method based on the Diffie-Hellman keys agreement protocol that creates a shared 128-bit key. This shared key is used to encrypt the username and password using Advanced Encryption Standard (AES). The Diffie-Hellman agreement protocol used in ARD 2 is very similar to the Diffie-Hellman key agreement protocol used for personal file sharing, both of which use 512 bits to calculate the shared key. With Remote Desktop 2, keystrokes and mouse events are encrypted when running Mac OS X client computers. This information is encrypted using the Advanced Encryption Standard (AES) with a 128-bit shared key that was obtained during authentication.

Does anyone know where I can find more detailed technical information about the authentication object in ARD? For example, which AES mode is used and which initialization vector. Thanks

+4
source share
2 answers

I recently ran into this exact issue. I could not find any detailed information beyond the high-level review you mentioned, but I managed to figure out a technique based on my exploration of this C code from the open source gtk-vnc project. Basically, the steps are as follows:

  • Read the authentication material from the socket. Two-byte generator value, two-byte key length value, primary module (key length bytes) and public key with public access (KeyLength bytes).
  • Create your own Diffie-Hellman public key pair.
  • Fulfill the Diffie-Hellman key agreement using the generator (g), prime (p) and the public key. Conclusion will be a shared secret, known to both you and your partner.
  • Perform MD5 hash of shared secret. This 128-bit (16-byte) value will be used as the AES key.
  • Set the username and password to the 128-byte plaintext "credentials" structure: { username[64], password[64] } . Zero termination of each. Fill unused bytes with random characters to make encrypted output less predictable.
  • Encrypt plaintext credentials with an MD5 128-bit hash from step 4 using the 128-bit symmetric AES cipher in electronic code book (ECB) mode. Do not use the add-on for this block encryption.
  • Write the cipher text from step 6 to the stream. Write your DH public key to the stream.
  • Check to see if authentication passed as usual.

I do not have an implementation of Objective-C, but I have implemented this version of Java , which may be useful for reference.

+4
source

Not sure if anyone still needs this, but here is the Objective-C implementation of the ARD authentication process, which I combined a few months ago and released on Github a few days ago.

It is based on the implementation of Java (thanks!) Java, but uses the OpenSSL encryption features to hash MD5 and AES 128 encryption steps.

There is also a TinyVNC library that also implements ARD authentication, but instead uses the Crypto ++ library for encryption functions.

+1
source

More articles:


All Articles