vinzenz/hyperhive
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

screen: fix Apple-DH response byte order

Browse source 
rfb_apple_dh_client_msg has encrypted_credentials at offset 0 and
public_key as a flexible array at offset 128. We were sending them
in the wrong order (pub_key first), so neatvnc decrypted the wrong
bytes as credentials and sent the wrong bytes as the DH public key,
causing a mismatched shared secret and SecurityResult=1.

Fixes #92
This commit is contained in:
iris 2026-05-20 20:52:17 +02:00 committed by Mara
parent 3c6c257506
commit e7d7aef1aa
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hive-ag3nt/assets/screen.html
View file

@ -423,10 +423,12 @@ canvas { display: block; cursor: default; }
const creds = new Uint8Array(128); // empty username + empty password const creds = new Uint8Array(128); // empty username + empty password
const encCreds = await aes128ecb(aesKey, creds); const encCreds = await aes128ecb(aesKey, creds);
// Send: client_pub + encrypted_creds // Send: encrypted_creds + client_pub
// neatvnc struct rfb_apple_dh_client_msg has encrypted_credentials
// at offset 0 and public_key at offset 128 (flexible array after).
const response = new Uint8Array(ks + 128); const response = new Uint8Array(ks + 128);
response.set(clientPubBytes, 0); response.set(encCreds, 0);
response.set(encCreds, ks); response.set(clientPubBytes, 128);
send(response); send(response);
dbg('→ Apple-DH response sent (' + response.length + ' bytes)', 'ok'); dbg('→ Apple-DH response sent (' + response.length + ' bytes)', 'ok');