| | Six
Registered: Apr 2002 Posts: 293 |
Punter File Transfer Protocol
Reading the doc here: http://cbmfiles.com/genie/geniefiles/TelcomTools/C1-PROTOCOL-DE..
it outlines what seems like a very simple protocol. Seems easy to implement from scratch. To that end, I set up two tcpser instances, two instance of VICE with CCGMS 11, and began a transfer, observing the logging output of TCPSER.
What Steve Punter describes should go like this:
SENDER
[dummy packet 1]---ACK---[filetype packet]---ACK---[First file packet]---ACK---[Second file packet]....
RECEIVER
----------------GOO---S/B-----------------GOO---S/B------------------GOO---S/B-- ------------------GOO...
Where dummy packet 1 would be just the two checksums, 8 for the "next block size", and a block number of 0000, filetype packet is much the same, but with the filetype as the payload and a larger "next block size"
But what I'm observing looks more like this:
SENDER
--------------------------------------------------0x91---ACK---[odd data block]---ACK---SYN---S/B---ACK---[data block 1]
RECEIVER
GOO(over and over again until the transfer starts)----GOO---S/B---------------GOO---S/B---SYN---GOO---S/B----
Where the odd data block has a next block size of 4, and a block number of 0xffff and appears to have the file type in it.
My next step is going to be to try multi-punter on the same setup, then try a few different terms and see if the peculiarities are specific to this implementation of punter on CCGMS 11.
Has anyone else dug into this, or have any insight into the how/why? Is there a comprehensive documentation of this protocol anywhere? |
|
... 26 posts hidden. Click here to view all posts.... |
| | Frantic
Registered: Mar 2003 Posts: 1648 |
@Magervalp: Looking forward to an updated version of CGTerm once Six has worked this out completely. ;) |
| | Six
Registered: Apr 2002 Posts: 293 |
Note: There are numerous variations on this protocol. This post covers the version used in CCGMS 11.0 only. It has not thus-far been tested on other versions.
RECEIVER: GOO
SENDER: ACK
RECEIVER: S/B
SENDER: [filetype packet]
RECEIVER: GOO
SENDER: ACK
RECEIVER: S/B
SENDER: SYN
RECEIVER: SYN
SENDER: S/B
RECEIVER: GOO
SENDER: ACK
RECEIVER: S/B
SENDER: [dummy packet]
RECEIVER: GOO
SENDER: ACK
Loop<---------------------------------
RECEIVER: S/B |
SENDER: [file data packet] |
RECEIVER: GOO |
SENDER: ACK |
-------------------------------------|
RECEIVER: S/B
SENDER: [final data packet]
RECEIVER: GOO
SENDER: ACK
RECEIVER: S/B
SENDER: SYN
RECEIVER:SYN
SENDER: S/B
[filetype packet]
Normal packet, one-byte payload, 1 for prg, 2 for seq, next block size of 4, block number of 0xffff
[dummy packet]
Normal packet, no payload, next block size as needed for the sent file, block number of 0x0000
[final packet]
Normal packet, next block size of 0x00, and upper nybble of block number set to 0xff
[file data packet, Normal packet]
bytes 00, 01 : Additive checksum LO/HI
bytes 02, 03 : CRC Checksum LO/HI
byte 04 : Next block size
bytes 05, 06 : block number LO/HI
Checksums are calculated on all bytes from the Next Block Size forward to the end of the packet. Assuming TempPacket is your byte array of packet data and AdditiveChecksum and CLCChecksum are ushorts, checksum can be generated as follows (thanks to MagerValp for the original on this)
public void Generate_Checksum()
{
AdditiveChecksum = 0;
CLCChecksum = 0;
for (int i = 4; i < TempPacket.Length; i++)
{
AdditiveChecksum += TempPacket[i];
CLCChecksum ^= TempPacket[i];
CLCChecksum =
(ushort)((CLCChecksum << 1) | (CLCChecksum >> 15));
}
}
Validating received packets:
Received packets should pass a checksum test, and be the proper length specified in the preceeding packet.
Handshaking considerations:
You may receive handshakes out-of-sync (KCA, CAK, etc...), your handshaking routines should be able to deal with this.
|
| | Six
Registered: Apr 2002 Posts: 293 |
For receivers, dealing with bad packets.
RECEIVER: BAD<---------------|
SENDER: ACK |
RECEIVER: S/B |
SENDER: RESENDS SAME PACKET |
RECEIVER: (BAD OR GOO)-------|
|
| | Tao
Registered: Aug 2002 Posts: 115 |
@Six: I'd be happy if you'd have a look at the C*Base punter implementation; I have a slight recollection of something being wrong with it... |
| | Six
Registered: Apr 2002 Posts: 293 |
Aye, I'm moving on to that next. I'll have to set up C*base on VICE for sniffing.
BTW, talked to Steve Punter himself about this on facebook. (VERY nice guy, btw, and he cleared some things up about the various versions.) He dispelled my suspicion that he was "high as fuck" when he wrote that document... His initial version did, in fact, work as he described. People took that initial version and made a number of variations on it, some of which were incompatible with it and eachother. Eventually a sort-of-standard seems to have been reached. Multi-punter, for instance, he had nothing to do with.
This is both good and bad for my research. It's good, because it means there is a lot of ground and forensics work to do yet, and that will be interesting, but bad because this means I have to root through every old term and BBS I can find so I can work out the various protocol variations in order to build a gold-standard. Looks like this will be a longer project than I originally assumed. |
| | Six
Registered: Apr 2002 Posts: 293 |
Delving into multi-punter. It seems to be the same for each file transfer, but starts in an odd way from the sender. Each file is preceded by the following exchange:
SENDER: 0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09, FILENAME,P,0x0d
SENDER:GOO
RECEIVER: GOO
SENDER: ACK [and so on as a normal xfer.]
After all files are transferred:
SENDER: 0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09,0x09, 0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x04, 0x0d
No response from the receiver after this. |
| | Tao
Registered: Aug 2002 Posts: 115 |
Quoting SixAye, I'm moving on to that next. I'll have to set up C*base on VICE for sniffing.
Well, the source code is available, which might help ever so slightly. I did, however, not write the code, so if I were you I wouldn't bet on getting sane answers about the code :P |
| | Six
Registered: Apr 2002 Posts: 293 |
Do you recall who did write that version? |
| | Tao
Registered: Aug 2002 Posts: 115 |
Quoting SixDo you recall who did write that version?
Well, it's most probably written by Gunther Birznieks. Possibly by Jerome P. Yoner.
I've made some minor modifications, but that's all. |
| | MagerValp
Registered: Dec 2001 Posts: 1078 |
Wow that is one seriously fucked up protocol. I don't think I could come up with something slower and more error prone if I tried. |
Previous - 1 | 2 | 3 | 4 - Next | |