News:

Printed Amstrad Addict magazine announced, check it out here!

Main Menu
avatar_JohnElliott

LocoLink

Started by JohnElliott, 23:00, 03 March 23

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

JohnElliott

23:00, 03 March 23
I've updated my PCW Hardware document with more information on the LocoLink wire protocol. The versions I've looked at (and thanks to @JTN for locating them) are:

  • LocoLink 1.3 (in the 2011 PCW Megapack)
  • LocoLink 1.4 (included with LocoScript PC 1.08)
  • LocoLink 2.02 (I originally bought this on eBay in 2002)
  • LocoLink for Windows (Windows software only)
  • Rosanne v1.12 (PcW16 software only)

It would be interesting to know if anyone has any more versions of LocoLink out there. In particular, Rosanne and LocoLink for Windows need a different boot disc at the PCW end (confirmed by Howard Fisher) and I've never seen it anywhere.

JohnElliott

#1
11:54, 05 March 23
Having taken a deeper look at the protocol used by LocoLink for the PcW16, it seems to me that it would be quite open to Heartbleed-style attacks. The way it works is:
  • The client sends a request.
  • The server responds with one of "send me data", "here's some data" or "here's the final result".
  • If the response was "send me data" or "here's some data", the server also gives a code to say what address should be used. One of these codes (intended for file read/writes) means "just after the last block of data read/written".

So, suppose the client sends an innocuous 'select drive' request. There's nothing to stop the server replying with repeated 'send me data just after the last block' responses until the client has sent it the whole 64k of memory. Or sending 'send me data just after the last block' until the last address read is just before something interesting and then switching to 'write data just after the last block' to overwrite arbitrary areas of client memory.

The same protocol is used in LocoLink for Windows, but I suspect that the opportunities for mischief would be less there because of 286 segmentation and protected mode - unless the transfer address pointed at a full 64k segment, an out-of-range request would be more likely to crash the client with a protection fault.

JohnElliott

#2
22:34, 04 March 24
I think I've now got a handle on the various versions of the LocoLink protocol, and have written it all up on my website with screenshots. I can also confirm that a PcW16 will talk to an older PCW, provided the older PCW is running LocoLink 3.00.

Still looking for a copy of Three Inch Software's "PCW Link" which was the other bit of software to use the LocoLink interface.
Print
Go Up Pages1
User actions
Powered by SMFPacks Menu Editor Mod