Re: [coldsync-hackers] Ritual Packets and origination of long arguments

[Andrew Arensburger <arensb+CShackers at ooblick dot com>]

On Wed, Mar 06, 2002 at 11:00:41AM -0700, Cliff L. Biffle wrote:
> On Wednesday 06 March 2002 10:11 am, you wrote:
> > 	The next question is, can you hack up a ritual exchange that
> > reliably works for you? (Possibly after doing great violence to the
> > code.)
>
> Working on that now.  The Clie, it seems, will respond with an 'invalid
> packet' error to an initial sysinfo request that -doesn't- include the
> mystery block.

	Then presumably the mystery block contains some sort of
identification. Host ID? Host password? User ID? User password?
	I'm guessing that this is a security thing: the Clie starts by
announcing, "I am user Joe Bob, ID 12345", and won't sync unless the
desktop proves that it's allowed to sync Joe Bob's stuff. Try turning
the password off on the Clie. Also, if you have a password, run it
through MD5 and see if you can find that in the initial exchange.

> I do need some advice in regards to USBSnoopy's dumps, though.  Between every
> couple of packets that I can identify as being DLP is a 6-byte packet with
> what looks like a serial number (of the frame -- i.e. increases by one for
> traffic from one of the encapsulating protocols, or is this a DLP feature?  I
> each 16 bytes of the message) and a size (which is sometimes wrong).  Is this

	Is this what you're seeing? From include/pconn/netsync.h :

 * NetSync outline:
 *
 * This packet encapsulation protocol is used for both 'NetSync' and
 * talking to the Palm m50x in its USB Palm cradle.
 *
 * Data goes back and forth in the following format:
 *
 *      +------+------+
 *      | cmd  | xid  |
 *      +------+------+------+------+
 *      | length                    |
 *      +------+------+------+------+
 *      | <length> bytes of data...
 *      +------+------+------+------+

> This whole ritual exchange is beginning to look rather like some sort of
> challenge-response, except that no challenge-response protocol in its right
> mind would just reverse the byte order of the challenge and pass it back. :-)

	It might make sense if the challenge includes "I am X, talking
to Y" and the response includes "I am Y, talking to X", where X and Y
are host IDs or addresses.

-- 
Andrew Arensburger                      This message *does* represent the
arensb@ooblick.com                      views of ooblick.com
		      I'd like it all automated.

-- 
This message was sent through the coldsync-hackers mailing list.  To remove
yourself from this mailing list, send a message to majordomo@thedotin.net
with the words "unsubscribe coldsync-hackers" in the message body.  For more
information on Coldsync, send mail to coldsync-hackers-owner@thedotin.net.