feat(#50): Added switch to enable GDI extensions.

GoSecure · Mar 25, 2020 · db7ff10 · db7ff10
1 parent 3660443
commit db7ff10
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 13 deletions.
diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
@@ -22,6 +22,7 @@ For a detailed view of what has changed, refer to the {uri-repo}/commits/master[
 * Documentation updates and fixes ({uri-issue}165[#165], {uri-issue}166[#166], {uri-issue}172[#172])
 * Added `--disable-active-clipboard` switch to prevent clipboard request injection
 * Added `--no-downgrade` switch to prevent protocol downgrading where possible {uri-issue}189[#189]
+* Added `--gdi` switch to enable drawing orders ({uri-issue}50[#50])
 
 === Bug fixes
 

diff --git a/bin/pyrdp-mitm.py b/bin/pyrdp-mitm.py
@@ -50,6 +50,7 @@ def main():
     parser.add_argument("--crawler-ignore-file", help="File to be used by the crawler to chose what folders to avoid when scraping the client shared drives.", default=None)
     parser.add_argument("--no-replay", help="Disable replay recording", action="store_true")
     parser.add_argument("--no-downgrade", help="Disables downgrading of unsupported extensions. This makes PyRDP harder to fingerprint but might impact the player's ability to replay captured traffic.", action="store_true")
+    parser.add_argument("--gdi", help="Enable drawing orders extensions (MS-RDPEGDI) support", action="store_true")
 
     args = parser.parse_args()
     outDir = Path(args.output)
@@ -79,6 +80,7 @@ def main():
     config.recordReplays = not args.no_replay
     config.downgrade = not args.no_downgrade
     config.disableActiveClipboardStealing = args.disable_active_clipboard
+    config.enableGdi = args.gdi
 
 
     payload = None

diff --git a/pyrdp/mitm/SlowPathMITM.py b/pyrdp/mitm/SlowPathMITM.py
@@ -59,23 +59,27 @@ def onConfirmActive(self, pdu: ConfirmActivePDU):
         :param pdu: the confirm active PDU
         """
 
-        # Disable virtual channel compression
-        if CapabilityType.CAPSTYPE_VIRTUALCHANNEL in pdu.parsedCapabilitySets:
-            pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_VIRTUALCHANNEL].flags = VirtualChannelCompressionFlag.VCCAPS_NO_COMPR
-
         if self.state.config.downgrade:
-            # Force RDP server to send bitmap events instead of order events.
-            pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_ORDER].orderFlags = OrderFlag.NEGOTIATEORDERSUPPORT | OrderFlag.ZEROBOUNDSDELTASSUPPORT
-            pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_ORDER].orderSupport = b"\x00" * 32
 
-            # Override the bitmap cache capability set with null values.
-            if CapabilityType.CAPSTYPE_BITMAPCACHE in pdu.parsedCapabilitySets:
-                pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_BITMAPCACHE] = Capability(CapabilityType.CAPSTYPE_BITMAPCACHE, b"\x00" * 36)
+            # Only disable GDI if not explicitly requested.
+            if not self.state.config.useGdi:
+                # Force RDP server to send bitmap events instead of order events.
+                pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_ORDER].orderFlags = OrderFlag.NEGOTIATEORDERSUPPORT | OrderFlag.ZEROBOUNDSDELTASSUPPORT
+                pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_ORDER].orderSupport = b"\x00" * 32
+
+                # Override the bitmap cache capability set with null values.
+                if CapabilityType.CAPSTYPE_BITMAPCACHE in pdu.parsedCapabilitySets:
+                    pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_BITMAPCACHE] = Capability(CapabilityType.CAPSTYPE_BITMAPCACHE, b"\x00" * 36)
 
             # Disable surface commands
             if CapabilityType.CAPSETTYPE_SURFACE_COMMANDS in pdu.parsedCapabilitySets:
                 pdu.parsedCapabilitySets[CapabilityType.CAPSETTYPE_SURFACE_COMMANDS].cmdFlags = 0
 
+        # Disable virtual channel compression
+        if CapabilityType.CAPSTYPE_VIRTUALCHANNEL in pdu.parsedCapabilitySets:
+            pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_VIRTUALCHANNEL].flags = VirtualChannelCompressionFlag.VCCAPS_NO_COMPR
+
+
     def onDemandActive(self, pdu: DemandActivePDU):
         """
         Disable virtual channel compression.

diff --git a/pyrdp/mitm/config.py b/pyrdp/mitm/config.py
@@ -41,6 +41,9 @@ def __init__(self):
         self.outDir: Path = None
         """The output directory"""
 
+        self.useGdi: bool = False
+        """Whether to allow the client to use the GDI rendering pipeline extension."""
+
         self.recordReplays: bool = True
         """Whether replays should be recorded or not"""
 

diff --git a/pyrdp/mitm/state.py b/pyrdp/mitm/state.py
@@ -13,7 +13,7 @@
 from pyrdp.parser import createFastPathParser
 from pyrdp.pdu import ClientChannelDefinition
 from pyrdp.security import RC4CrypterProxy, SecuritySettings
-from pyrdp.mitm.config import MITMConfig
+from pyrdp.mitm import MITMConfig
 
 
 class RDPMITMState:
@@ -97,6 +97,5 @@ def createFastPathLayer(self, mode: ParserMode) -> FastPathLayer:
         :param mode: the mode of the layer (client or server)
         """
 
-        parser = createFastPathParser(
-            self.useTLS, self.securitySettings.encryptionMethod, self.crypters[mode], mode)
+        parser = createFastPathParser(self.useTLS, self.securitySettings.encryptionMethod, self.crypters[mode], mode)
         return FastPathLayer(parser)