[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[coldsync-hackers] Ritual Packets and origination of long arguments
- To: coldsync-hackers at lusars dot net
- Subject: [coldsync-hackers] Ritual Packets and origination of long arguments
- From: "Cliff L. Biffle" <cbiffle at safety dot net>
- Date: Wed, 6 Mar 2002 04:04:01 -0700
- Reply-To: coldsync-hackers at lusars dot net
- Sender: owner-coldsync-hackers at lusars dot net
So here's something that may interest others. :-)
I've been picking through the exchanges with my Clie T415 (OS4.1). The
initial data exchange very much resembles the 'ritual packets' seen in the
wild with the m500, with a few differences. Here's the ritual for the Clie:
1. The Clie sends a packet that looks for all the world like a userinfo
response, except that the payload doesn't quite match. This packet is
delivered without a corresponding command.
2. The host sends a sysinfo request with a single argument. This argument,
in the case of the Clie, is:
FF FF FF FF
3c 00 3c 00
00 00 00 00
00 00 00 01
00 04 00 00
00 04 00 00
3c 00 3c 00
00 00 00 00
00 00 00 00
There are several different bytes here, but making the changes in netsync.c
makes no difference in behavior.
3. The Clie responds with a sysinfo response. This packet was pretty
accurately described in the ritual transfer, but if I'm reading these bytes
right, it's not ritual at all, but rather a valid response packet.
The hex (all one packet):
92 01
00 00
00 00 00 00
00 20
00 00 00 24
FF FF FF FF
00 3C 00 3C
40 00 00 00
01 00 00 00
00 00 04 00
00 00 04 00
00 3C 00 3C
00 00 00 00
00 00 00 00
My reading of this is as follows:
0x92 0x01 sysinfo response, one argument attached
0x00 0x00 no error
(four zero bytes) padding out to eight bytes (? I see this elsewhere)
0x0020 argument ID
0x00000024 argument body length (0x24, or 36, bytes)
0xFFFF003c..... body (36 bytes, a transposition of the payload above)
I'm new to DLP, and I'm aware that the Palm isn't supposed to originate long
arguments (according to comments in the code), but this seems to fit eerily
well with both the data and the structures laid out in dlp.h. Thoughts?
-Cliff L. Biffle
--
This message was sent through the coldsync-hackers mailing list. To remove
yourself from this mailing list, send a message to majordomo@thedotin.net
with the words "unsubscribe coldsync-hackers" in the message body. For more
information on Coldsync, send mail to coldsync-hackers-owner@thedotin.net.