feat(#50): Added switch to enable GDI extensions.

GoSecure · Apr 2, 2020 · e235a99 · e235a99
1 parent c133371
commit e235a99
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 13 deletions.
diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
@@ -29,6 +29,7 @@ For a detailed view of what has changed, refer to the {uri-repo}/commits/master[
 * Added `--disable-active-clipboard` switch to prevent clipboard request injection
 * Added `--no-downgrade` switch to prevent protocol downgrading where possible {uri-issue}189[#189]
 * Added `--no-files` switch to prevent extracting transferred files {uri-issue}195[#195]
+* Added `--gdi` switch to enable drawing orders ({uri-issue}50[#50])
 
 === Bug fixes
 

diff --git a/pyrdp/mitm/SlowPathMITM.py b/pyrdp/mitm/SlowPathMITM.py
@@ -59,23 +59,27 @@ def onConfirmActive(self, pdu: ConfirmActivePDU):
         :param pdu: the confirm active PDU
         """
 
-        # Disable virtual channel compression
-        if CapabilityType.CAPSTYPE_VIRTUALCHANNEL in pdu.parsedCapabilitySets:
-            pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_VIRTUALCHANNEL].flags = VirtualChannelCompressionFlag.VCCAPS_NO_COMPR
-
         if self.state.config.downgrade:
-            # Force RDP server to send bitmap events instead of order events.
-            pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_ORDER].orderFlags = OrderFlag.NEGOTIATEORDERSUPPORT | OrderFlag.ZEROBOUNDSDELTASSUPPORT
-            pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_ORDER].orderSupport = b"\x00" * 32
 
-            # Override the bitmap cache capability set with null values.
-            if CapabilityType.CAPSTYPE_BITMAPCACHE in pdu.parsedCapabilitySets:
-                pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_BITMAPCACHE] = Capability(CapabilityType.CAPSTYPE_BITMAPCACHE, b"\x00" * 36)
+            # Only disable GDI if not explicitly requested.
+            if not self.state.config.useGdi:
+                # Force RDP server to send bitmap events instead of order events.
+                pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_ORDER].orderFlags = OrderFlag.NEGOTIATEORDERSUPPORT | OrderFlag.ZEROBOUNDSDELTASSUPPORT
+                pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_ORDER].orderSupport = b"\x00" * 32
+
+                # Override the bitmap cache capability set with null values.
+                if CapabilityType.CAPSTYPE_BITMAPCACHE in pdu.parsedCapabilitySets:
+                    pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_BITMAPCACHE] = Capability(CapabilityType.CAPSTYPE_BITMAPCACHE, b"\x00" * 36)
 
             # Disable surface commands
             if CapabilityType.CAPSETTYPE_SURFACE_COMMANDS in pdu.parsedCapabilitySets:
                 pdu.parsedCapabilitySets[CapabilityType.CAPSETTYPE_SURFACE_COMMANDS].cmdFlags = 0
 
+        # Disable virtual channel compression
+        if CapabilityType.CAPSTYPE_VIRTUALCHANNEL in pdu.parsedCapabilitySets:
+            pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_VIRTUALCHANNEL].flags = VirtualChannelCompressionFlag.VCCAPS_NO_COMPR
+
+
     def onDemandActive(self, pdu: DemandActivePDU):
         """
         Disable virtual channel compression.

diff --git a/pyrdp/mitm/cli.py b/pyrdp/mitm/cli.py
@@ -150,6 +150,7 @@ def buildArgParser():
     parser.add_argument("--no-downgrade", help="Disables downgrading of unsupported extensions. This makes PyRDP harder to fingerprint but might impact the player's ability to replay captured traffic.", action="store_true")
     parser.add_argument("--no-files", help="Do not extract files transferred between the client and server.", action="store_true")
     parser.add_argument("--transparent", help="Spoof source IP for connections to the server (See README)", action="store_true")
+    parser.add_argument("--gdi", help="Enable drawing orders extensions (MS-RDPEGDI) support", action="store_true")
 
     return parser
 
@@ -201,6 +202,7 @@ def configure(cmdline=None) -> MITMConfig:
     config.transparent = args.transparent
     config.extractFiles = not args.no_files
     config.disableActiveClipboardStealing = args.disable_active_clipboard
+    config.enableGdi = args.gdi
 
     payload = None
     powershell = None

diff --git a/pyrdp/mitm/config.py b/pyrdp/mitm/config.py
@@ -75,6 +75,9 @@ def __init__(self):
         self.disableActiveClipboardStealing: bool = False
         """ If set to False, use PassiveClipboardStealer instead of ActiveClipboardStealer."""
 
+        self.useGdi: bool = False
+        """Whether to allow the client to use the GDI rendering pipeline extension."""
+
     @property
     def replayDir(self) -> Path:
         """

diff --git a/pyrdp/mitm/state.py b/pyrdp/mitm/state.py
@@ -13,7 +13,7 @@
 from pyrdp.parser import createFastPathParser
 from pyrdp.pdu import ClientChannelDefinition
 from pyrdp.security import RC4CrypterProxy, SecuritySettings
-from pyrdp.mitm.config import MITMConfig
+from pyrdp.mitm import MITMConfig
 
 
 class RDPMITMState:
@@ -97,6 +97,5 @@ def createFastPathLayer(self, mode: ParserMode) -> FastPathLayer:
         :param mode: the mode of the layer (client or server)
         """
 
-        parser = createFastPathParser(
-            self.useTLS, self.securitySettings.encryptionMethod, self.crypters[mode], mode)
+        parser = createFastPathParser(self.useTLS, self.securitySettings.encryptionMethod, self.crypters[mode], mode)
         return FastPathLayer(parser)