[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[coldsync-hackers] Ritual Packets and origination of long arguments

To: coldsync-hackers at lusars dot net
Subject: [coldsync-hackers] Ritual Packets and origination of long arguments
From: "Cliff L. Biffle" <cbiffle at safety dot net>
Date: Wed, 6 Mar 2002 04:04:01 -0700
Reply-To: coldsync-hackers at lusars dot net
Sender: owner-coldsync-hackers at lusars dot net

So here's something that may interest others. :-)

I've been picking through the exchanges with my Clie T415 (OS4.1).  The 
initial data exchange very much resembles the 'ritual packets' seen in the 
wild with the m500, with a few differences.  Here's the ritual for the Clie:

1. The Clie sends a packet that looks for all the world like a userinfo 
response, except that the payload doesn't quite match.  This packet is 
delivered without a corresponding command.

2. The host sends a sysinfo request with a single argument.  This argument, 
in the case of the Clie, is:
FF FF FF FF
3c 00 3c 00
00 00 00 00
00 00 00 01
00 04 00 00
00 04 00 00
3c 00 3c 00
00 00 00 00
00 00 00 00

There are several different bytes here, but making the changes in netsync.c 
makes no difference in behavior.

3. The Clie responds with a sysinfo response.  This packet was pretty 
accurately described in the ritual transfer, but if I'm reading these bytes 
right, it's not ritual at all, but rather a valid response packet.
The hex (all one packet):
92 01
00 00
00 00 00 00
00 20
00 00 00 24
FF FF FF FF
00 3C 00 3C
40 00 00 00
01 00 00 00
00 00 04 00
00 00 04 00
00 3C 00 3C
00 00 00 00
00 00 00 00

My reading of this is as follows:
0x92 0x01	sysinfo response, one argument attached
0x00 0x00	no error
(four zero bytes)	padding out to eight bytes (?  I see this elsewhere)

0x0020		argument ID
0x00000024	argument body length (0x24, or 36, bytes)
0xFFFF003c.....	body (36 bytes, a transposition of the payload above)

I'm new to DLP, and I'm aware that the Palm isn't supposed to originate long 
arguments (according to comments in the code), but this seems to fit eerily 
well with both the data and the structures laid out in dlp.h.  Thoughts?
-Cliff L. Biffle

-- 
This message was sent through the coldsync-hackers mailing list.  To remove
yourself from this mailing list, send a message to majordomo@thedotin.net
with the words "unsubscribe coldsync-hackers" in the message body.  For more
information on Coldsync, send mail to coldsync-hackers-owner@thedotin.net.

Follow-Ups:
- Re: [coldsync-hackers] Ritual Packets and origination of long arguments
  - From: Andrew Arensburger <arensb+CShackers@ooblick.com>

Prev by Date: [coldsync-hackers] Segmentation fault whem no pda block in /etc/coldsync.conf
Next by Date: RE: [coldsync-hackers] Segmentation fault whem no pda block in /etc/coldsync.conf
Previous by thread: Re: [coldsync-hackers] Segmentation fault whem no pda block in /etc/coldsync.conf
Next by thread: Re: [coldsync-hackers] Ritual Packets and origination of long arguments
Index(es):
- Date
- Thread