More Displaylink stuff

Florian Echtler floe at butterbrot.org
Wed Dec 24 11:17:01 PST 2008 

Hello everyone,

I fiddled around a bit more with my Displaylink device, and here's what I 
found so far (posted as a sort of reference, and maybe to help start a 
discussion):

Content of transfers:

- All image data is sent as bulk transfers.
- The driver sends two big blocks during the setup phase. I suspected that the 
first one is the firmware, as it's always the same size regardless of image 
content, but a) it doesn't match any of the firmware blobs coming with the 
driver and b) it's far too regular to be a firmware. I now think that it might 
be the initialization for the video memory, as If that block is left out, the 
device displays a ghost image of the previous framebuffer content.
- The second big block seems to be the initial framebuffer content. Its size 
depends on the current image content, and changing a few bytes results in 
colored garbage lines to appear, which leads me to the conclusion that some 
sort of run-length encoding is used (maybe even some derivative of vnc's RFB?).

Encryption

- All bulk transfers are encrypted.
- The key is likely 16 bytes, which are sent as a control transfer. They appear 
to be random, but the same 16-byte string can appear repeatedly, esp. if the 
device is initialized immediately after bootup. If these 16 bytes are equal, 
then all bulk transfers are also identical byte-for-byte. Changing a single 
byte in this transfer causes the device to stop working.
- The bigger data blocks show a surprising regularity: every 4095 bytes, 
significant portions of the blocks repeat. This can be found by comparing every 
byte i with the byte at i+offset and increasing a counter if the two bytes are 
equal. Do this for all offsets from 1 to n. The result is a series
of maxima at 4095 and multiples thereof.

Now, 4095 is (2^12)-1. This reminded me of something from a crypto class
from a few years back, and indeed, this kind of periodicity occurs with a 
certain type of pseudo-random generators, called linear feedback shift 
registers (LFSR). So it might just be possible that the encryption is a stream 
cipher based on a 12-byte LFSR..

So far from me - I hope that somebody else might have some comments about this. 
BTW: happy holidays, everyone :-)

Yours, Florian
-- 
"_Nothing_ brightens up my morning. Coffee simply provides a shade of
grey just above the pitch-black of the infinite depths of the _abyss_."

More information about the xorg mailing list