ATEN KE8220 for Linux/Apple Mac

MISCELLANEOUS -️ August 22, 2010


We had a requirement for a wireless projector solution for our conference room. The ATEN KE8220 was selected because it used the VNC protocol which we all know and understand. Unfortunately, the projector feature (push video) uses a proprietary connection protocol and the supplied software does not support Linux.

The script in this article allows you to connect to the KE8220 in push/projector mode using Linux (or other platforms)

Why not just VNC?

The KE8220 offers a "push" video option which is not part of the VNC protocol. Instead, it is provided using a proprietary, encrypted extension.

How to use this script for push video

  1. Start a VNC server on your desktop. I used vino (vino-preferences) which is built into the Gnome Desktop. For security reasons (outlined further on) I recommend: A) setting the server to NOT allow the remote end to control the desktop as it is not required and B) Using a randomly generated password - that is, NOT a password you use for something else.
  2. Run the script with

    python ./atenvnc -h host -P vncport -p vncpassword

    where host is the IP address of the KE8220, vncport is the TCP port your VNC server is running on, and vncpassword is the password you set on the VNC server.

    You should see your desktop appear on the display connected to the KE8220!



Whilst the script does exactly what I need it for, it might be nice to wrap a GUI around it - perhaps integrate it with vino somehow using a randomly generated password, etc. It might also be possible to make a stand-alone project.

Security Issues affecting Aten KE8220 in "push" mode

The initial communication between the client and KE8220 device is encrypted with a shared key. As this key is known, it is a trivial matter to decrypt this communication. Doing so reveals the plain text password used to connect to the VNC server. So... DO NOT RE-USE A SENSITIVE PASSWORD!

Aten's VNC server is actually a modified version of UltraVNC It has been set up so that the remote host can control the local desktop. Consequently, if you are using Aten's software, a compromised password could well mean a compromised desktop if that password was intercepted by an adversary

GPL violations by Aten. (As of 25th July 2010)

Firstly, I should point out that I am not a lawyer. What follows is my opinion only. It is up to you to form your own opinion after carefully checking the facts for yourself.

In the early stages of my reverse engineering effort, I unpacked the AtenVNC executable. Within, I discovered that they had used modified UltraVNC (a GPL licensed program) complete with original GPL license text. I searched their website but I could not find the source code.

So, I emailed them explaining I had found a copy of the GPL and I requested the source code. They refused, stating "The source code is proprietary we don't have it to send."

Naturally, I wasn't prepared to give up there and many many emails, almost two months later I eventually got them to release some source code.

Unfortunately, the code they released did not correspond to the original binary. They had modified the code and moved the proprietary part into a new DLL. This new DLL was not part of the original distribution. Not only that, but I suspect they had also modified parts of the code by obfuscating the variable and function names.

I challenged them on this explaining very clearly that this was still a license violation and the issue was moved from support to their HQ. After even more emails and much prodding, they eventually stated that they were not prepared to release any further source code due to "the concern of protection of the confidential information related to the company and the KE8220 users." This was disappointing to say the least!

Study of their source code meant I was able to figure out what happened when... despite the obfuscated symbols... but in the end I gave up on their source code and loaded up a debugger. Enjoy the script!