// When
        byte[] messageBytes = type3.toByteArray();

        // Then
        assertTrue(messageBytes.length >= 12);
        // Message type should be 3 (little endian)
        assertEquals(3, messageBytes[8] & 0xFF);
        assertEquals(0, messageBytes[9] & 0xFF);
        assertEquals(0, messageBytes[10] & 0xFF);
        assertEquals(0, messageBytes[11] & 0xFF);
    }

            int bytesEncoded = buffer.encode(dst, 0);

            // Manually verify the encoded bytes
            assertEquals(buffer.size(), bytesEncoded);

            // Check referral level (little-endian)
            assertEquals(4, dst[0] & 0xFF);
            assertEquals(0, dst[1] & 0xFF);

            // Check path starts at byte 2
            byte[] expectedPathBytes = path.getBytes(StandardCharsets.UTF_16LE);

OUTMASK V9 #define OUTHEAD V10 #define OUTTAIL V11 // For P9 instruction emulation #define ESPERM V21 // Endian swapping permute into BE #define TMP2 V22 // Temporary for P8_STXVB16X/P8_STXVB16X // For {en,de}cryptBlockAsm #define BLK_INP R3 #define BLK_OUT R4 #define BLK_KEY R5 #define BLK_ROUNDS R6 #define BLK_IDX R7 DATA 路rcon+0x00(SB)/8, $0x0f0e0d0c0b0a0908 // Permute for vector doubleword endian swap DATA 路rcon+0x08(SB)/8, $0x0706050403020100 DATA 路rcon+0x10(SB)/8, $0x0100000001000000 // RCON DATA...

            /*
             * We want to compare only the first index where left[index] != right[index]. This
             * corresponds to the least significant nonzero byte in lw ^ rw, since lw and rw are
             * little-endian. Long.numberOfTrailingZeros(diff) tells us the least significant
             * nonzero bit, and zeroing out the first three bits of L.nTZ gives us the shift to get
             * that least significant nonzero byte.

      System.arraycopy(hash, 0, hashes, i * hashBytes, hash.length);
    }

    // Then hash the result array
    byte[] result = hashFunction.hash(hashes, 0);

    // interpreted in little-endian order.
    int verification = Integer.reverseBytes(Ints.fromByteArray(result));

    if (expected != verification) {
      throw new AssertionError(
          "Expected: "
              + Integer.toHexString(expected)

OUTMASK V9 #define OUTHEAD V10 #define OUTTAIL V11 // For P9 instruction emulation #define ESPERM V21 // Endian swapping permute into BE #define TMP2 V22 // Temporary for P8_STXVB16X/P8_STXVB16X // For {en,de}cryptBlockAsm #define BLK_INP R3 #define BLK_OUT R4 #define BLK_KEY R5 #define BLK_ROUNDS R6 #define BLK_IDX R7 DATA 路rcon+0x00(SB)/8, $0x0f0e0d0c0b0a0908 // Permute for vector doubleword endian swap DATA 路rcon+0x08(SB)/8, $0x0706050403020100 DATA 路rcon+0x10(SB)/8, $0x0100000001000000 // RCON DATA...

            nonces[i] = encryptionContext.generateNonce();
        }

        // Then - Check that counter portion has entropy
        // For SMB3-compliant nonces, the first 8 bytes are a counter (little-endian)
        // so we check that the counter bytes change as expected
        Set<String> uniqueCounters = new HashSet<>();
        for (int i = 0; i < sampleSize; i++) {
            // Extract first 8 bytes as counter

	//

	// 3.3.1: Environment Call and Breakpoint
	ECALL						// 73000000
	SCALL						// 73000000
	EBREAK						// 73001000
	SBREAK						// 73001000

	// Arbitrary bytes (entered in little-endian mode)
	WORD	$0x12345678	// WORD $305419896	// 78563412
	WORD	$0x9abcdef0	// WORD $2596069104	// f0debc9a

	// MOV pseudo-instructions
	MOV	X5, X6								// 13830200
	MOV	$2047, X5							// 9302f07f

# Request Body { #request-body }

Cuando necesitas enviar datos desde un cliente (digamos, un navegador) a tu API, los envías como un **request body**.

Un **request** body es un dato enviado por el cliente a tu API. Un **response** body es el dato que tu API envía al cliente.

Estos ataques aprovechan que los navegadores permiten que los scripts envíen requests sin hacer un preflight de CORS cuando:

* no tienen un header `Content-Type` (p. ej. usando `fetch()` con un body `Blob`)
* y no envían credenciales de autenticación.

Este tipo de ataque es relevante principalmente cuando: