Prequel Source

Currently published:

• mcrypt_key_dx.c and oSSL_key_dx.c
  Two test programs used to help extract the Server Passphrase and Server Secret from a Windows 2008r2 Server system.
• pq_cgi.c
  A sample CGI program that can generate PeerDist Content Information on the fly.
• pdDump.c
  A tool to dump PeerDist Content Information in a readable form.

Server Passphrase and Server Secret Extraction: mcrypt_key_dx.c and oSSL_key_dx.c

Windows servers that support PeerDist protocol (via HTTP or SMB2) sign the Segment Hash of Data (HoD) field using a Server Secret to produce the Segment Secret for a segment of data. The Server Secret is the SHA-256 hash of the Server Passphrase.

Did that make sense? No, of course not.

Don't worry, it's all documented with greater clarity in [MS-PCCRC], except that we introduce the term “Server Passphrase” to name what [MS-PCCRC] obliquely describes as “an arbitrary length binary string stored on the server”.

Windows servers allow you to export both the Server Passphrase and the Server Secret (which is simply the SHA-256 hash of the Server Passphrase) using the Netsh exportkey command for BranchCache™, as follows:

> netsh branchcache exportkey [ outputfile= ] FilePath [ passphrase= ] PassPhrase

The outputfile that is created will contain both the Server Secret and the Server Passphrase, but the file will be AES encrypted using the user-supplied PassPhrase. The decryption process has not yet been documented by Microsoft, but it's all available here.

The testing programs provided below will decrypt the outputfile. The comments and code explain in detail how the decryption is done.

Sample HTTP CGI program: pq_cgi.c

Also requires:

• ubi_sLinkList.[ch] - Simple linked list implementation.
• util.[ch] - Small selection of utility functions and macros.

The pq_cgi.c program is a sort of shim that can be used to create PeerDist Content Information from existing content. Simply add the pq_cgi executable to your cgi-bin directory and then add the pathname of the actual content to the URI of pq_cgi.

For example:

PQ_CGI URI:

http://testserver/cgi-bin/pq_cgi

Content URI:

http://testserver/stuff/thingies/content.odt

Content Information URI:

http://testserver/cgi-bin/pq_cgi/stuff/thingies/content.odt

Generating Content Information with pq_cgi requires either compiling the program with NO_CHECK_PEERDIST defined, or using a web client that lists “peerdist” as an accepted encoding.

• You can use the stibtest program from the STiB project. The stibtest get subcommand supports PeerDist requests.
• You can use a web browser that lists “peerdist” as an accepted encoding when sending requests. Currently, the only known web browsers that support PeerDist are recent versions of MS Internet Explorer.
• If you compile pq_cgi with NO_CHECK_PEERDIST defined, then pq_cgi will send PeerDist Content Information instead of actual content whether or not PeerDist encoding was requested.

PeerDist Content Information Dump: pdDump.c

The pdDump program reads Content Information from <stdin> and produces a human-readable dump (on <stdout>).