librex 0.0.68 → 0.0.70

data/lib/rex/proto/ipmi/channel_auth_reply.rb

@@ -0,0 +1,88 @@
+
+module Rex
+module Proto
+module IPMI
+
+class Channel_Auth_Reply < BitStruct
+  unsigned :rmcp_version,                    8,     "RMCP Version"
+  unsigned :rmcp_padding,                    8,     "RMCP Padding"
+  unsigned :rmcp_sequence,                   8,     "RMCP Sequence"
+  unsigned :rmcp_mtype,                      1,     "RMCP Message Type"
+  unsigned :rmcp_class,                      7,     "RMCP Message Class"
+
+  unsigned :session_auth_type,               8,     "Session Auth Type"
+  unsigned :session_sequence,               32,     "Session Sequence Number"
+  unsigned :session_id,                     32,     "Session ID"
+  unsigned :message_length,                  8,     "Message Length"
+
+  unsigned :ipmi_tgt_address,                8,     "IPMI Target Address"
+  unsigned :ipmi_tgt_lun,                    8,     "IPMI Target LUN"
+  unsigned :ipmi_header_checksum,            8,     "IPMI Header Checksum"
+  unsigned :ipmi_src_address,                8,     "IPMI Source Address"
+  unsigned :ipmi_src_lun,                    8,     "IPMI Source LUN"
+  unsigned :ipmi_command,                    8,     "IPMI Command"
+  unsigned :ipmi_completion_code,            8,     "IPMI Completion Code"
+
+  unsigned :ipmi_channel,                    8,     "IPMI Channel"
+
+  unsigned :ipmi_compat_20,                  1,     "IPMI Version Compatibility: IPMI 2.0+"
+  unsigned :ipmi_compat_reserved1,           1,     "IPMI Version Compatibility: Reserved 1"
+  unsigned :ipmi_compat_oem_auth,            1,     "IPMI Version Compatibility: OEM Authentication"
+  unsigned :ipmi_compat_password,            1,     "IPMI Version Compatibility: Straight Password"
+  unsigned :ipmi_compat_reserved2,           1,     "IPMI Version Compatibility: Reserved 2"
+  unsigned :ipmi_compat_md5,                 1,     "IPMI Version Compatibility: MD5"
+  unsigned :ipmi_compat_md2,                 1,     "IPMI Version Compatibility: MD2"
+  unsigned :ipmi_compat_none,                1,     "IPMI Version Compatibility: None"
+
+  unsigned :ipmi_user_reserved1,             2,     "IPMI User Compatibility: Reserved 1"
+  unsigned :ipmi_user_kg,                    1,     "IPMI User Compatibility: KG Set to Default"
+  unsigned :ipmi_user_disable_message_auth,  1,     "IPMI User Compatibility: Disable Per-Message Authentication"
+  unsigned :ipmi_user_disable_user_auth,     1,     "IPMI User Compatibility: Disable User-Level Authentication"
+  unsigned :ipmi_user_non_null,              1,     "IPMI User Compatibility: Non-Null Usernames Enabled"
+  unsigned :ipmi_user_null,                  1,     "IPMI User Compatibility: Null Usernames Enabled"
+  unsigned :ipmi_user_anonymous,             1,     "IPMI User Compatibility: Anonymous Login Enabled"
+
+  unsigned :ipmi_conn_reserved1,             6,     "IPMI Connection Compatibility: Reserved 1"
+  unsigned :ipmi_conn_20,                    1,     "IPMI Connection Compatibility: 2.0"
+  unsigned :ipmi_conn_15,                    1,     "IPMI Connection Compatibility: 1.5"
+
+  unsigned :ipmi_oem_id,                    24,     "IPMI OEM ID", :endian => 'little'
+
+  rest :ipm_oem_data, "IPMI OEM Data + Checksum Byte"
+
+
+  def to_banner
+    info   = self
+    banner = "#{(info.ipmi_compat_20 == 1) ? "IPMI-2.0" : "IPMI-1.5"} "
+
+    pass_info = []
+    pass_info << "oem_auth" if info.ipmi_compat_oem_auth == 1
+    pass_info << "password" if info.ipmi_compat_password == 1
+    pass_info << "md5" if info.ipmi_compat_md5 == 1
+    pass_info << "md2" if info.ipmi_compat_md2 == 1
+    pass_info << "null" if info.ipmi_compat_none == 1
+
+    user_info = []
+    user_info << "kg_default" if (info.ipmi_compat_20 == 1 and info.ipmi_user_kg == 1)
+    user_info << "auth_msg" unless info.ipmi_user_disable_message_auth == 1
+    user_info << "auth_user" unless info.ipmi_user_disable_user_auth == 1
+    user_info << "non_null_user" if info.ipmi_user_non_null == 1
+    user_info << "null_user" if info.ipmi_user_null == 1
+    user_info << "anonymous_user" if info.ipmi_user_anonymous == 1
+
+    conn_info = []
+    conn_info << "1.5" if info.ipmi_conn_15 == 1
+    conn_info << "2.0" if info.ipmi_conn_20 == 1
+
+    if info.ipmi_oem_id != 0
+      banner << "OEMID:#{info.ipmi_oem_id} "
+    end
+
+    banner << "UserAuth(#{user_info.join(", ")}) PassAuth(#{pass_info.join(", ")}) Level(#{conn_info.join(", ")}) "
+    banner
+  end
+end
+
+end
+end
+end

data/lib/rex/proto/ipmi/open_session_reply.rb

@@ -0,0 +1,35 @@
+
+module Rex
+module Proto
+module IPMI
+
+class Open_Session_Reply < BitStruct
+  unsigned :rmcp_version,  8,  "RMCP Version"
+  unsigned :rmcp_padding,  8,  "RMCP Padding"
+  unsigned :rmcp_sequence, 8,  "RMCP Sequence"
+  unsigned :rmcp_mtype,    1,  "RMCP Message Type"
+  unsigned :rmcp_class,    7,  "RMCP Message Class"
+
+  unsigned :session_auth_type, 8,  "Authentication Type"
+
+  unsigned :session_payload_encrypted,     1,  "Session Payload Encrypted"
+  unsigned :session_payload_authenticated, 1,  "Session Payload Authenticated"
+  unsigned :session_payload_type,          6,  "Session Payload Type", :endian => 'little'
+
+  unsigned :session_id,       32,  "Session ID"
+  unsigned :session_sequence, 32,  "Session Sequence Number"
+  unsigned :message_length,   16,  "Message Length", :endian => "little"
+
+  unsigned :ignored1,        8, "Ignored"
+  unsigned :error_code,      8, "RMCP Error Code"
+  unsigned :ignored2,       16, "Ignored"
+  char :console_session_id, 32, "Console Session ID"
+  char :bmc_session_id,     32, "BMC Session ID"
+
+  rest :stuff, "The Rest of the Stuff"
+end
+
+end
+end
+end
+

data/lib/rex/proto/ipmi/rakp2.rb

@@ -0,0 +1,35 @@
+
+module Rex
+module Proto
+module IPMI
+
+class RAKP2 < BitStruct
+  unsigned :rmcp_version,      8,     "RMCP Version"
+  unsigned :rmcp_padding,      8,     "RMCP Padding"
+  unsigned :rmcp_sequence,     8,     "RMCP Sequence"
+  unsigned :rmcp_mtype,    1,     "RMCP Message Type"
+  unsigned :rmcp_class,    7,     "RMCP Message Class"
+
+  unsigned :session_auth_type,  8,     "Authentication Type"
+
+  unsigned :session_payload_encrypted,  1,     "Session Payload Encrypted"
+  unsigned :session_payload_authenticated,  1,     "Session Payload Authenticated"
+  unsigned :session_payload_type,  6,     "Session Payload Type", :endian => 'little'
+
+  unsigned :session_id,  32,     "Session ID"
+  unsigned :session_sequence,  32,     "Session Sequence Number"
+  unsigned :message_length,  16,     "Message Length", :endian => "little"
+
+  unsigned :ignored1, 8, "Ignored"
+  unsigned :error_code, 8, "RMCP Error Code"
+  unsigned :ignored2, 16, "Ignored"
+  char :console_session_id, 32, "Console Session ID"
+  char :bmc_random_id,  128,     "BMC Random ID"
+  char :bmc_guid,  128,     "RAKP2 Hash 2 (nulls)"
+  char :hmac_sha1,  160,     "HMAC_SHA1 Output"
+  rest :stuff, "The rest of the stuff"
+end
+
+end
+end
+end

data/lib/rex/proto/ipmi/utils.rb

@@ -0,0 +1,125 @@
+# -*- coding: binary -*-
+
+module Rex
+module Proto
+module IPMI
+class Utils
+
+  def self.checksum(data)
+    sum = 0
+    data.unpack("C*").each {|c| sum += c }
+    sum = ~sum + 1
+    sum & 0xff
+  end
+
+  def self.create_ipmi_getchannel_probe
+    [   # Get Channel Authentication Capabilities
+      0x06, 0x00, 0xff, 0x07, # RMCP Header
+      0x00, 0x00, 0x00, 0x00, 
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x20, 0x18, 
+      0xc8, 0x81, 0x00, 0x38, 0x8e, 0x04, 0xb5
+    ].pack("C*")
+  end
+
+  # open rmcpplus_request
+  def self.create_ipmi_session_open_request(console_session_id)
+    head = [
+      0x06, 0x00, 0xff, 0x07,   # RMCP Header
+      0x06,                     # RMCP+ Authentication Type
+      PAYLOAD_RMCPPLUSOPEN_REQ, # Payload Type
+      0x00, 0x00, 0x00, 0x00,   # Session ID
+      0x00, 0x00, 0x00, 0x00    # Sequence Number
+    ].pack("C*")
+
+    data =
+    [   # Maximum access
+      0x00, 0x00,
+      # Reserved
+      0x00, 0x00
+    ].pack("C*") + 
+    console_session_id +
+    [
+      0x00, 0x00, 0x00, 0x08, 
+      0x01, 0x00, 0x00, 0x00,
+      0x01, 0x00, 0x00, 0x08, 
+      # HMAC-SHA1
+      0x01, 0x00, 0x00, 0x00, 
+      0x02, 0x00, 0x00, 0x08, 
+      # AES Encryption
+      0x01, 0x00, 0x00, 0x00
+    ].pack("C*")
+
+    head + [data.length].pack('v') + data 
+  end
+
+
+  # open rmcpplus_request with cipherzero
+  def self.create_ipmi_session_open_cipher_zero_request(console_session_id)
+    head = [
+      0x06, 0x00, 0xff, 0x07,   # RMCP Header
+      0x06,                     # RMCP+ Authentication Type
+      PAYLOAD_RMCPPLUSOPEN_REQ, # Payload Type
+      0x00, 0x00, 0x00, 0x00,   # Session ID
+      0x00, 0x00, 0x00, 0x00    # Sequence Number
+    ].pack("C*")
+
+    data =
+    [   # Maximum access
+      0x00, 0x00,
+      # Reserved
+      0x00, 0x00
+    ].pack("C*") + 
+    console_session_id +
+    [
+      0x00, 0x00, 0x00, 0x08, 
+      # Cipher 0
+      0x00, 0x00, 0x00, 0x00,
+      0x01, 0x00, 0x00, 0x08,
+      # Cipher 0
+      0x00, 0x00, 0x00, 0x00,
+      0x02, 0x00, 0x00, 0x08,
+      # No Encryption 
+      0x00, 0x00, 0x00, 0x00
+    ].pack("C*")
+
+    head + [data.length].pack('v') + data 
+  end
+
+  def self.create_ipmi_rakp_1(bmc_session_id, console_random_id, username)
+    [
+      0x06, 0x00, 0xff, 0x07,  # RMCP Header
+      0x06,                    # RMCP+ Authentication Type
+      PAYLOAD_RAKP1,           # Payload Type
+      0x00, 0x00, 
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x21, 0x00, 
+      0x00, 0x00, 0x00, 0x00
+    ].pack("C*") +
+    bmc_session_id +
+    console_random_id +
+    [
+      0x14, 0x00, 0x00, 
+      username.length
+    ].pack("C*") + 
+    username
+  end
+
+
+  def self.create_rakp_hmac_sha1_salt(con_sid, bmc_sid, con_rid, bmc_rid, bmc_gid, auth_level, username)
+    con_sid +
+    bmc_sid +
+    con_rid +
+    bmc_rid +
+    bmc_gid + 
+    [ auth_level ].pack("C") +
+    [ username.length ].pack("C") +
+    username
+  end
+
+  def self.verify_rakp_hmac_sha1(salt, hash, password)
+    OpenSSL::HMAC.digest('sha1', password, salt) == hash
+  end
+
+end
+end
+end
+end

data/lib/rex/proto/natpmp.rb

@@ -1,11 +1,7 @@
 # -*- coding: binary -*-
-##
-#
 # NAT-PMP protocol support
 #
-# by Jon Hart <jhart@spoofed.org>
-#
-##
+# @author Jon Hart <jhart@spoofed.org>
 
 require 'rex/proto/natpmp/constants'
 require 'rex/proto/natpmp/packet'

data/lib/rex/proto/natpmp/constants.rb

@@ -10,10 +10,10 @@
 module Rex
 module Proto
 module NATPMP
-	DefaultPort = 5351
-	Version = 0
-	TCP = 2
-	UDP = 1
+  DefaultPort = 5351
+  Version = 0
+  TCP = 2
+  UDP = 1
 end
 end
 end

data/lib/rex/proto/natpmp/packet.rb

@@ -11,34 +11,34 @@ module Rex
 module Proto
 module NATPMP
 
-	# Return a NAT-PMP request to get the external address.
-	def self.external_address_request
-		[ 0, 0 ].pack('nn')
-	end
+  # Return a NAT-PMP request to get the external address.
+  def self.external_address_request
+    [ 0, 0 ].pack('nn')
+  end
 
-	# Parse a NAT-PMP external address response +resp+.
-	# Returns the decoded parts of the response as an array.
-	def self.parse_external_address_response(resp)
-		(ver, op, result, epoch, addr) = resp.unpack("CCSLN")
-		[ ver, op, result, epoch, Rex::Socket::addr_itoa(addr) ]
-	end
+  # Parse a NAT-PMP external address response +resp+.
+  # Returns the decoded parts of the response as an array.
+  def self.parse_external_address_response(resp)
+    (ver, op, result, epoch, addr) = resp.unpack("CCSLN")
+    [ ver, op, result, epoch, Rex::Socket::addr_itoa(addr) ]
+  end
 
-	# Return a NAT-PMP request to map remote port +rport+/+protocol+ to local port +lport+ for +lifetime+ ms
-	def self.map_port_request(lport, rport, protocol, lifetime)
-		[   Rex::Proto::NATPMP::Version, # version
-			protocol, # opcode, which is now the protocol we are asking to forward
-			0, # reserved
-			lport,
-			rport,
-			lifetime
-		].pack("ccnnnN")
-	end
+  # Return a NAT-PMP request to map remote port +rport+/+protocol+ to local port +lport+ for +lifetime+ ms
+  def self.map_port_request(lport, rport, protocol, lifetime)
+    [   Rex::Proto::NATPMP::Version, # version
+      protocol, # opcode, which is now the protocol we are asking to forward
+      0, # reserved
+      lport,
+      rport,
+      lifetime
+    ].pack("ccnnnN")
+  end
 
-	# Parse a NAT-PMP mapping response +resp+.
-	# Returns the decoded parts as an array.
-	def self.parse_map_port_response(resp)
-		resp.unpack("CCSLnnN")
-	end
+  # Parse a NAT-PMP mapping response +resp+.
+  # Returns the decoded parts as an array.
+  def self.parse_map_port_response(resp)
+    resp.unpack("CCSLnnN")
+  end
 end
 
 end

data/lib/rex/proto/ntlm/base.rb

@@ -40,287 +40,287 @@
 # The latter has a minor bug in its separate_keys function.
 # The third key has to begin from the 14th character of the
 # input string instead of 13th:)
-#--
-# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $
-#++
-
-#this class defines the base type needed for other modules like message and crypt
 
 require 'rex/proto/ntlm/constants'
 
 module Rex
 module Proto
 module NTLM
+# The base type needed for other modules like message and crypt
 class Base
 
 CONST = Rex::Proto::NTLM::Constants
 
-	# base classes for primitives
-	class Field
-		attr_accessor :active, :value
-
-		def initialize(opts)
-			@value  = opts[:value]
-			@active = opts[:active].nil? ? true : opts[:active]
-		end
-
-		def size
-			@active ? @size : 0
-		end
-	end
-
-	class String < Field
-		def initialize(opts)
-			super(opts)
-			@size = opts[:size]
-		end
-
-		def parse(str, offset=0)
-			if @active and str.size >= offset + @size
-				@value = str[offset, @size]
-				@size
-			else
-				0
-			end
-		end
-
-		def serialize
-			if @active
-				@value
-			else
-				""
-			end
-		end
-
-		def value=(val)
-			@value = val
-			@size = @value.nil? ? 0 : @value.size
-			@active = (@size > 0)
-		end
-	end
-
-	class Int16LE < Field
-		def initialize(opt)
-			super(opt)
-			@size = 2
-		end
-
-		def parse(str, offset=0)
-			if @active and str.size >= offset + @size
-				@value = str[offset, @size].unpack("v")[0]
-				@size
-			else
-				0
-			end
-		end
-
-		def serialize
-			[@value].pack("v")
-		end
-	end
-
-	class Int32LE < Field
-		def initialize(opt)
-			super(opt)
-			@size = 4
-		end
-
-		def parse(str, offset=0)
-			if @active and str.size >= offset + @size
-				@value = str.slice(offset, @size).unpack("V")[0]
-				@size
-			else
-				0
-			end
-		end
-
-		def serialize
-			[@value].pack("V") if @active
-		end
-	end
-
-	class Int64LE < Field
-		def initialize(opt)
-			super(opt)
-			@size = 8
-		end
-
-		def parse(str, offset=0)
-			if @active and str.size >= offset + @size
-				d, u = str.slice(offset, @size).unpack("V2")
-				@value = (u * 0x100000000 + d)
-				@size
-			else
-				0
-			end
-		end
-
-		def serialize
-			[@value & 0x00000000ffffffff, @value >> 32].pack("V2") if @active
-		end
-	end
-
-	# base class of data structure
-	class FieldSet
-		class << FieldSet
-		def define(&block)
-			c = Class.new(self)
-			def c.inherited(subclass)
-				proto = @proto
-				subclass.instance_eval {
-					@proto = proto
-					}
-			end
-			c.module_eval(&block)
-			c
-		end
-
-		def string(name, opts)
-			add_field(name, String, opts)
-		end
-
-		def int16LE(name, opts)
-			add_field(name, Int16LE, opts)
-		end
-
-		def int32LE(name, opts)
-			add_field(name, Int32LE, opts)
-		end
-
-		def int64LE(name, opts)
-			add_field(name, Int64LE, opts)
-		end
-
-		def security_buffer(name, opts)
-			add_field(name, SecurityBuffer, opts)
-		end
-
-		def prototypes
-			@proto
-		end
-
-		def names
-			@proto.map{|n, t, o| n}
-		end
-
-		def types
-			@proto.map{|n, t, o| t}
-		end
-
-		def opts
-			@proto.map{|n, t, o| o}
-		end
-
-		private
-
-		def add_field(name, type, opts)
-			(@proto ||= []).push [name, type, opts]
-			define_accessor name
-		end
-
-		def define_accessor(name)
-			module_eval(<<-End, __FILE__, __LINE__ + 1)
-			def #{name}
-				self['#{name}'].value
-			end
-
-			def #{name}=(val)
-				self['#{name}'].value = val
-			end
-			End
-		end
-		end #self
-
-		def initialize
-			@alist = self.class.prototypes.map{ |n, t, o| [n, t.new(o)] }
-		end
-
-		def serialize
-			@alist.map{|n, f| f.serialize }.join
-		end
-
-		def parse(str, offset=0)
-			@alist.inject(offset){|cur, a|  cur += a[1].parse(str, cur)}
-		end
-
-		def size
-			@alist.inject(0){|sum, a| sum += a[1].size}
-		end
-
-		def [](name)
-			a = @alist.assoc(name.to_s.intern)
-			raise ArgumentError, "no such field: #{name}" unless a
-			a[1]
-		end
-
-		def []=(name, val)
-			a = @alist.assoc(name.to_s.intern)
-			raise ArgumentError, "no such field: #{name}" unless a
-			a[1] = val
-		end
-
-		def enable(name)
-			self[name].active = true
-		end
-
-		def disable(name)
-			self[name].active = false
-		end
-	end
-
-	Blob = FieldSet.define {
-		int32LE    :blob_signature,   {:value => CONST::BLOB_SIGN}
-		int32LE    :reserved,         {:value => 0}
-		int64LE    :timestamp,      {:value => 0}
-		string     :challenge,      {:value => "", :size => 8}
-		int32LE    :unknown1,     {:value => 0}
-		string     :target_info,      {:value => "", :size => 0}
-		int32LE    :unknown2,         {:value => 0}
-	}
-
-	SecurityBuffer = FieldSet.define {
-		int16LE   :length,        {:value => 0}
-		int16LE   :allocated,     {:value => 0}
-		int32LE   :offset,        {:value => 0}
-	}
-
-
-	class SecurityBuffer
-		attr_accessor :active
-		def initialize(opts)
-			super()
-			@value  = opts[:value]
-			@active = opts[:active].nil? ? true : opts[:active]
-			@size = 8
-		end
-
-		def parse(str, offset=0)
-			if @active and str.size >= offset + @size
-				super(str, offset)
-				@value = str[self.offset, self.length]
-				@size
-			else
-				0
-			end
-		end
-
-		def serialize
-			super if @active
-		end
-
-		def value
-			@value
-		end
-
-		def value=(val)
-			@value = val
-			self.length = self.allocated = val.size
-		end
-
-		def data_size
-			@active ? @value.size : 0
-		end
-	end
+  # base classes for primitives
+  class Field
+    attr_accessor :active, :value
+
+    def initialize(opts)
+      @value  = opts[:value]
+      @active = opts[:active].nil? ? true : opts[:active]
+    end
+
+    def size
+      @active ? @size : 0
+    end
+  end
+
+  class String < Field
+    def initialize(opts)
+      super(opts)
+      @size = opts[:size]
+    end
+
+    def parse(str, offset=0)
+      if @active and str.size >= offset + @size
+        @value = str[offset, @size]
+        @size
+      else
+        0
+      end
+    end
+
+    def serialize
+      if @active
+        @value
+      else
+        ""
+      end
+    end
+
+    def value=(val)
+      @value = val
+      @size = @value.nil? ? 0 : @value.size
+      @active = (@size > 0)
+    end
+  end
+
+  class Int16LE < Field
+    def initialize(opt)
+      super(opt)
+      @size = 2
+    end
+
+    def parse(str, offset=0)
+      if @active and str.size >= offset + @size
+        @value = str[offset, @size].unpack("v")[0]
+        @size
+      else
+        0
+      end
+    end
+
+    def serialize
+      [@value].pack("v")
+    end
+  end
+
+  class Int32LE < Field
+    def initialize(opt)
+      super(opt)
+      @size = 4
+    end
+
+    def parse(str, offset=0)
+      if @active and str.size >= offset + @size
+        @value = str.slice(offset, @size).unpack("V")[0]
+        @size
+      else
+        0
+      end
+    end
+
+    def serialize
+      [@value].pack("V") if @active
+    end
+  end
+
+  class Int64LE < Field
+    def initialize(opt)
+      super(opt)
+      @size = 8
+    end
+
+    def parse(str, offset=0)
+      if @active and str.size >= offset + @size
+        d, u = str.slice(offset, @size).unpack("V2")
+        @value = (u * 0x100000000 + d)
+        @size
+      else
+        0
+      end
+    end
+
+    def serialize
+      [@value & 0x00000000ffffffff, @value >> 32].pack("V2") if @active
+    end
+  end
+
+  # base class of data structure
+  class FieldSet
+    class << FieldSet
+    def define(&block)
+      klass = Class.new(self) do
+        def self.inherited(subclass)
+          proto = @proto
+
+          subclass.instance_eval do
+            @proto = proto
+          end
+        end
+      end
+
+      klass.module_eval(&block)
+
+      klass
+    end
+
+    def string(name, opts)
+      add_field(name, String, opts)
+    end
+
+    def int16LE(name, opts)
+      add_field(name, Int16LE, opts)
+    end
+
+    def int32LE(name, opts)
+      add_field(name, Int32LE, opts)
+    end
+
+    def int64LE(name, opts)
+      add_field(name, Int64LE, opts)
+    end
+
+    def security_buffer(name, opts)
+      add_field(name, SecurityBuffer, opts)
+    end
+
+    def prototypes
+      @proto
+    end
+
+    def names
+      @proto.map{|n, t, o| n}
+    end
+
+    def types
+      @proto.map{|n, t, o| t}
+    end
+
+    def opts
+      @proto.map{|n, t, o| o}
+    end
+
+    private
+
+    def add_field(name, type, opts)
+      (@proto ||= []).push [name, type, opts]
+      define_accessor name
+    end
+
+    def define_accessor(name)
+      module_eval(<<-End, __FILE__, __LINE__ + 1)
+      def #{name}
+        self['#{name}'].value
+      end
+
+      def #{name}=(val)
+        self['#{name}'].value = val
+      end
+      End
+    end
+    end #self
+
+    def initialize
+      @alist = self.class.prototypes.map{ |n, t, o| [n, t.new(o)] }
+    end
+
+    def serialize
+      @alist.map{|n, f| f.serialize }.join
+    end
+
+    def parse(str, offset=0)
+      @alist.inject(offset){|cur, a|  cur += a[1].parse(str, cur)}
+    end
+
+    def size
+      @alist.inject(0){|sum, a| sum += a[1].size}
+    end
+
+    def [](name)
+      a = @alist.assoc(name.to_s.intern)
+      raise ArgumentError, "no such field: #{name}" unless a
+      a[1]
+    end
+
+    def []=(name, val)
+      a = @alist.assoc(name.to_s.intern)
+      raise ArgumentError, "no such field: #{name}" unless a
+      a[1] = val
+    end
+
+    def enable(name)
+      self[name].active = true
+    end
+
+    def disable(name)
+      self[name].active = false
+    end
+  end
+
+  Blob = FieldSet.define {
+    int32LE    :blob_signature,   {:value => CONST::BLOB_SIGN}
+    int32LE    :reserved,         {:value => 0}
+    int64LE    :timestamp,      {:value => 0}
+    string     :challenge,      {:value => "", :size => 8}
+    int32LE    :unknown1,     {:value => 0}
+    string     :target_info,      {:value => "", :size => 0}
+    int32LE    :unknown2,         {:value => 0}
+  }
+
+  SecurityBuffer = FieldSet.define {
+    int16LE   :length,        {:value => 0}
+    int16LE   :allocated,     {:value => 0}
+    int32LE   :offset,        {:value => 0}
+  }
+
+
+  class SecurityBuffer
+    attr_accessor :active
+    def initialize(opts)
+      super()
+      @value  = opts[:value]
+      @active = opts[:active].nil? ? true : opts[:active]
+      @size = 8
+    end
+
+    def parse(str, offset=0)
+      if @active and str.size >= offset + @size
+        super(str, offset)
+        @value = str[self.offset, self.length]
+        @size
+      else
+        0
+      end
+    end
+
+    def serialize
+      super if @active
+    end
+
+    def value
+      @value
+    end
+
+    def value=(val)
+      @value = val
+      self.length = self.allocated = val.size
+    end
+
+    def data_size
+      @active ? @value.size : 0
+    end
+  end
 end
 end
 end