Hardening consulting

Yes, another post on RDP ! I did some experiments with automatic reconnection, so this post talks about that project.


Automatic reconnection

Automatic reconnection allows a RDP client to automatically reconnect to the server without the need to re-authenticate. The typical example is when you close the lid of your laptop with an active RDP session, when you open it again, the client will reconnect automagically. This can also be the case with a network problem.


Read more…

Looking at my Piwik stats I've seen some interest with my previous DJI Phantom 3 posts. I've also seen a guy that has quite the same goal as me: writing a PC-based ground station software to drive a phantom 3.

So I guess it's time to speak of my discoveries regarding the protocol that is spoken between the remote controller, the camera, the mobile app and the drone.

Protocol basics

Header

First the packets are split in two parts: a header and a payload.

The header has the following format:

-------------------------------------------------------------------------
| 0 0 0 0 0 0 0 0 | 0 0 1 1 1 1 1 1 | 1 1 1 1 2 2 2 2 | 2 2 2 2 2 2 3 3 |
| 0 1 2 3 4 5 6 7 | 8 9 0 1 2 3 4 5 | 6 7 8 9 0 1 2 3 | 4 5 6 7 8 9 0 1 |
|-----------------------------------------------------------------------|
|  magic - 0x55   |    payload length    |  version   |     crc8        |
-------------------------------------------------------------------------

There's the 0x55 magic on 1 byte. Followed by a lenVer field on 2 bytes, it contains length of the payload and version of the protocol in the 6 upper bits. And then you have
a custom crc8 of the first 3 bytes.

The payload size is limited to 4096 bytes. As magic and protocol version never change, you can notice that only the size of the payload influence the crc8. So you can have a table that list some lengths and give the expected crc8 result.

The crc8 is there to be sure we have a header and that we may read the payload (well we can't be sure as it's just a crc8 but at least it give a good level of confidence).

Read more…

A post written after some recent inquiries with multi-monitor in firerds (so server side). It looked quite easy when I started working on this, but as usual with RDP I had lots of surprises (bad of course ;)

Testing multi-monitor

To begin, you need a test platform, the easiest way is to just plug 2 screens on your host and run xfreerdp:

xfreerdp /v:myserver /multimon /f

Read more…

I had never looked at Android programming, in my mind it was smelling like desktop web apps. But when buying the drone and analyzing the network capture, it became obvious that I would have to look at how the pilot application was done. So this post tries to be an introduction to reverse engineering on Android.

Read more…

A post written after an error I have made while coding UWAC (Using Wayland As Client), my library to use wayland on the client side with the spirit of the Xlib. The symptoms were that an application using UWAC was working with the X11 compositor and was freezing with the RDP compositor. After some testing, it appeared that the pixman renderer was the guilty component (using the X11 compositor and forcing the pixman renderer, the behaviour was the same).

Read more…

Just a small post to say "Happy birthday Mario Bros". 30 years old, and you can measure the progress made by computers.

I have learned that Nintendo is doing a new game, Mario Maker, where you can build your own stages.

code Teasing title for a post on development methods or more specifically coding tools. But we'll see that the two are linked.

My story begins at the XDC 2014, a few places in front of me I could see a venerable developer who was live coding. He was working on Xorg, I could see him use vi or vim, do some changes, compile, run Xorg which was crashing or not, and loop this workflow. I have already worked in Xorg, so I was thinking myself "Wow he codes with vim".

It was a "Wow" meaning: respect and... Oh my god !!!

Read more…

I have searched for a software that could do documents or pictures sharing like DropBox or google drive. I wanted something OpenSource that I could host too. After tests of misc products, I have finally choosen pydio, formerly Ajaxplorer. Despite the name it's not a python application, but a good old dirty PHP application.

Installation has been done on debian wheezy.

Read more…