Skip to content
This repository has been archived by the owner on Jan 9, 2019. It is now read-only.

Understanding the Packet Body

Jump to bottom
Evan edited this page Dec 28, 2016 · 4 revisions

When receiving a reply from the Ulterius server it will be in one of two states, encrypted or not encrypted. If a reply is encrypted it will be a binary body of data, otherwise it will be plain text json.

Encrypted packets have a header and a payload, the header looks like this.

-----------Header-----------
Endpoint Name Length (int32)
Endpoint Name Bytes (bytes[])
Endpoint Encryption Type Bytes (bytes[])
----------------------

If you were to parse this header in C# it would look like this

using (var binaryReader = new BinaryReader(new MemoryStream(packetData)) {
   var endpointLength = binaryReader.ReadInt32();
   var endpointName =   binaryReader.ReadBytes(endpointLength);
   var encryptionType = binaryReader.ReadBytes(3);
}

The header retains valuable information to help make it easier to manage responses. The endpoint name tells you where the data is coming from, the encryption types helps you in decrypting the data.

Standard Ulterius responses will be using CBC encryption, however, screen share frames are encrypted with OFB for speed.

All the remaining bytes of data within the packet are the payload. If the response is for the standard api, decrypting will reward you with a json string. If the response is for screen share, you will receive a screen share frame body. See Understanding the Screen Share Protocol for information on handling that.

Clone this wiki locally