More Displaylink stuff
floe at butterbrot.org
Wed Dec 24 15:23:15 PST 2008
>> - The key is likely 16 bytes, which are sent as a control transfer. They appear
>> to be random, but the same 16-byte string can appear repeatedly, esp. if the
>> device is initialized immediately after bootup. If these 16 bytes are equal,
>> then all bulk transfers are also identical byte-for-byte. Changing a single
>> byte in this transfer causes the device to stop working.
> So is this a hash (eg SHA1 or MD5) or crypto - does the same image
> generate different patterns as if it is a key ?
I definitely think it's a crypto key. I set my Windows up so that the
Displaylink device would be a secondary monitor, thereby showing just my
desktop background image and nothing else. So the image contents should be
identical every time. Now, if the initial 16-byte block is different, then
so are the subsequent image blocks. However, when I change the background
image and reboot the VM, I can get the same "key" at startup, but
different image blocks. So I'm quite sure it can't be any kind of hash.
>> - The bigger data blocks show a surprising regularity: every 4095 bytes,
>> significant portions of the blocks repeat. This can be found by comparing every
>> byte i with the byte at i+offset and increasing a counter if the two bytes are
>> equal. Do this for all offsets from 1 to n. The result is a series
>> of maxima at 4095 and multiples thereof.
> Might be worth looking to see if the protocol in use is RDP based, that
> would be "natural" way to implement a Windows device with a low bandwidth
> USB connection for image transmission.
I think so, too. Moreover, I've been mystified so far as to why there is
any encryption at all - it's far from being HDCP, and the DVI output is
unencrypted anyway. So it can't really be for content copy protection.
However, assuming for a moment that they just took a big bunch of VNC code
and hacked their driver out of that, that could possibly be a reason.
One other question: as mentioned, I suspect that the first big block
(which seems to be very regular, and contain some kind of counter every
10 bytes) is a sort of RAM initialization. So, does that mean that it's
SRAM, DRAM or something else? And where (some Xorg driver?) could I find
an example for such RAM init code?
Thanks, Yours, Florian
"_Nothing_ brightens up my morning. Coffee simply provides a shade of
grey just above the pitch-black of the infinite depths of the _abyss_."
More information about the xorg