1.2.0 - The Rudolph Desktop Protocol!

Release blog post: https://www.gosecure.net/blog/2022/12/23/a-new-pyrdp-release-the-rudolph-desktop-protocol/

Release highlights

• Net-NTLMv2 Hash Capture
• 6x faster pyrdp-convert
• RDP Version 10.9 and 10.10 supported
• Python 3.10 support
• Plugged memory leak and fixed important long-standing bugs

Full list of changes follows.

Backwards Compatibility Changes

• Collected files are now stored as their SHA-256 hash value instead of SHA-1 (#389)
• The log field shasum now holds the SHA-256 hash value of files instead of SHA-1 (#389)

Security

• Backported security fixes from rdesktop to our Python C extension doing RLE processing.
  Exploitability wasn't verified. (#357)

Enhancements

• Support for RDP version 10.9 and 10.10 (#396, #397)
• Capture and log NetNTLMv2 hash if the server enforces NLA and we don't have the NLA redirection attack activated (#367, #358)
• The Net-NTLMv2 challenge can be defined via --ssp-challenge allowing to do more efficient parallel cracking or leverage rainbow tables (#405, #418)
• pyrdp-convert video conversion is now 6x faster! (See #349)
• pyrdp-convert video format can be viewed during encoding and will play even if the conversion process crashes or is halted (#352, #353)
• pyrdp-convert can now handle exported PDUs (decrypted pcaps) with multiple sessions in them (#313, #368)
• pyrdp-convert can now extract session information including keyboard and mouse movement information in JSON from pcap and PDUs (#331, #366)
• pyrdp-convert has better success messages, error reporting and exit status (#361, #369)
• pyrdp-mitm added --address argument to choose the IP address where PyRDP is listening (#411, #412)
• Minor CLI improvements
• Improved type hints
• Updated instructions to extract the RDP certificate and private key (#345)
• Documentation updates (#335, #339, #340, #360, #371, #381, #383, #384, #408, #420)
• Replaced unmaintained dependency notify2 with py-notifier (#363, #365)
• Some Python 3.10 compatibility work (#366, #380, #421)
• Enable play/pause replay on the Player by pressing the Space key (#403).

Bug fixes

• Fixed situations where device redirection or clipboard sharing would hang and timeout (#139, #422)
• Fixed a memory leak in the bitmap decoding routine preventing the conversion or the replay of very large captures (#352, #353)
• Fixed pyrdp-player on macOS platforms (#362)
• Fixed pyrdp-convert pcap processing when victim IP and MITM IP are the same (#366)
• Fixed a pyrdp-convert segmentation fault in QT in some MP4 conversions (#378, #428, #429)
• Fixed NLA redirection problems if original target and NLA redirection target are the same (#342, #343)
• Fixed leak of file descriptors due to missing close on replay file recording (#392, #413, #415)
• Added a missing dependency for the GUI on Ubuntu 20.04 LTS (#348, #351, #355)
• No longer assuming every connection will have VirtualChannels (#375)
• Some minor protocol-level fixes (#408)

Infrastructure

• The slim flavor of our Docker image is now provided for the ARM64 platform (#346, #388)
• Docker images are now built and pushed via GitHub Actions (#334, #341)
• Added an automated video conversion test to CI configuration (#349)
• Added an automated JSON conversion test to CI configuration with some validation (#369)
• Added an automated replay conversion test to CI configuration (#369)
• Test refactoring to allow running most GitHub CI tests locally when developing (#368)
• Added Python 3.10 to CI test configuration (#387)
• Updated our dependencies to the latest stable versions (#386, #391, #400, #414, #417)

Credits

Thanks to the following people who contributed to this release:

Alexandre Beaulieu (@alxbl), Lisandro Ubiedo (@lubiedo), Francis Labelle (@xshill), Lukas Kupczyk (@lkupczyk), Olivier Bilodeau (@obilodeau), simonhuang (@thelongestusernameofall), Jonas (@spameier) and Flare Systems