We had a requirement for a wireless projector solution for our conference room. The ATEN KE8220 was selected because it used the VNC protocol which we all know and understand. Unfortunately, the projector feature (push video) uses a proprietary connection protocol and the supplied software does not support Linux.
The script in this article allows you to connect to the KE8220 in push/projector mode using Linux (or other platforms)
The KE8220 offers a "push" video option which is not part of the VNC protocol. Instead, it is provided using a proprietary, encrypted extension.
Run the script with
python ./atenvnc -h host -P vncport -p vncpassword
where host is the IP address of the KE8220, vncport is the TCP port your VNC server is running on, and vncpassword is the password you set on the VNC server.
You should see your desktop appear on the display connected to the KE8220!
Whilst the script does exactly what I need it for, it might be nice to wrap a GUI around it - perhaps integrate it with vino somehow using a randomly generated password, etc. It might also be possible to make a stand-alone project.
The initial communication between the client and KE8220 device is encrypted with a shared key. As this key is known, it is a trivial matter to decrypt this communication. Doing so reveals the plain text password used to connect to the VNC server. So... DO NOT RE-USE A SENSITIVE PASSWORD!
Aten's VNC server is actually a modified version of UltraVNC It has been set up so that the remote host can control the local desktop. Consequently, if you are using Aten's software, a compromised password could well mean a compromised desktop if that password was intercepted by an adversary
Firstly, I should point out that I am not a lawyer. What follows is my opinion only. It is up to you to form your own opinion after carefully checking the facts for yourself.
In the early stages of my reverse engineering effort, I unpacked the AtenVNC executable. Within, I discovered that they had used modified UltraVNC (a GPL licensed program) complete with original GPL license text. I searched their website but I could not find the source code.
So, I emailed them explaining I had found a copy of the GPL and I requested the source code. They refused, stating "The source code is proprietary we don't have it to send."
Naturally, I wasn't prepared to give up there and many many emails, almost two months later I eventually got them to release some source code.
Unfortunately, the code they released did not correspond to the original binary. They had modified the code and moved the proprietary part into a new DLL. This new DLL was not part of the original distribution. Not only that, but I suspect they had also modified parts of the code by obfuscating the variable and function names.
I challenged them on this explaining very clearly that this was still a license violation and the issue was moved from support to their HQ. After even more emails and much prodding, they eventually stated that they were not prepared to release any further source code due to "the concern of protection of the confidential information related to the company and the KE8220 users." This was disappointing to say the least!
Study of their source code meant I was able to figure out what happened when... despite the obfuscated symbols... but in the end I gave up on their source code and loaded up a debugger. Enjoy the script!