2 bugs in New-AADIntP2PDeviceCertificate, function seems currently broken

[EnriqueHernandezL]

Following on https://aadinternals.com/post/prt/ I have tried out dumping a PRT and respective session key and trying to turn it into a P2P certificate with New-AADIntP2PDeviceCertificate.

The function asks for an unset variable https://github.com/Gerenios/AADInternals/blob/0fa2edf5676439cd3fe7c92ed8006b63f0be9632/PRT.ps1#L672 that should lead to the tenant ID. I hardcoded my tenant ID in the source to fix that. I guess this needs to be passed as an argument, since the $prtKeys object may not be set if you are using a "stolen" PRT.

Then everything works up to the following point:

PS C:\> New-AADIntP2PDeviceCertificate -RefreshToken $PRT -SessionKey $SKey
New-AADIntP2PDeviceCertificate : AADSTS5000611: Symmetric Key Derivation Function version '1' is invalid. Update the device for the latest updates. '' Trace ID:
97f6a681-f7de-4374-ac73-b866a30d1500 Correlation ID: 9f8bbcf2-38ce-48ba-8976-4a16a1d1e093 Timestamp: 2024-05-04 16:14:10Z
At line:1 char:1
+ New-AADIntP2PDeviceCertificate -RefreshToken $newprt -SessionKey $SKe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-AADIntP2PDeviceCertificate

Interestingly, I got this error code and message too when using https://github.com/morRubin/PrtToCert instead. Note that getting another PRT and (for example) a graph token works without problems

# these 2 work
PS> $prtToken = New-AADIntUserPRTToken -RefreshToken $PRT -SessionKey $SKey -GetNonce
PS> Get-AADIntAccessTokenForAADGraph -PRTToken $prtToken -SaveToCache

I also tried getting the P2P cert with the "refresh_token" field in the body of $prtToken (which is the new PRT I guess) but this results in the same error as above.

I am using AADInternals 0.9.3 in Windows 10.