CNI Discovery¶
At the moment this is a rather unorganised set of notes while I’m still figuring out the protocol.
I’ve started working on a test program for dissecting the protocol in
experiments/cni_discovery.py
.
Discovery Query¶
A client will broadcast a UDP packet on 255.255.255.255:20050.
Data structure is as follows:
char[4] command = "CB 80 00 00" // CBUS_DISCOVERY_QUERY
char[4] unknown1 = "00 00 00 00"
char[4] unknown2 = "01 01 01 0B"
char[4] unknown3 = "01 1D 80 01"
char[3] unknown4 = "02 47 FF"
Example packet:
cb:80:00:00:00:00:00:00:01:01:01:0b:01:1d:80:01:02:47:ff
0xcb, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x01, 0x01, 0x0b, 0x01, 0x1d, 0x80, 0x01,
0x02, 0x47, 0xff
Discovery Reply¶
Replies are sent back to the querying client on port 20050.
Values are in big-endian format (network byte order):
char[4] magic = 0xcb, 0x81, 0x00, 0x00 CBUS_DISCOVERY_REPLY
char[4] unknown1 = 0x00, 0x00, 0x00, 0x01 // 0x20, 0xe8, 0xf5, 0x52
char[4] unknown2 = 0x81, 0x01, 0x00, 0x01
char product_id = 0x03 // 0x01
char[4] unknown4 = 0x81, 0x0b, 0x00, 0x02
uint16 port = 0x27, 0x11 (10001)
char[4] unknown5 = 0x81, 0x1d, 0x00, 0x01
char unknown6 = 0x00 // 0x01 (not a flag for "in use")
char[4] unknown7 = 0x80, 0x01, 0x00, 0x02
char[2] unknown8 = 0x66, 0x1e // 0x8c, 0x26 (may be a checksum, but doesn't appear to be used)
Product IDs:
01
: CNI202
: Hidden – Toolkit ignores packets with this product ID. May be used for internal development.03
: WISER- Other values: “unknown”
Example packet data:
Recv
Client 1 (172.26.1.81)
CNI2 port 10001, "not accessible" (controlled by a WISER)
0xcb, 0x81, 0x00, 0x00, 0x20, 0xe8, 0xf5, 0x52,
0x81, 0x01, 0x00, 0x01, 0x01, 0x81, 0x0b, 0x00,
0x02, 0x27, 0x11, 0x81, 0x1d, 0x00, 0x01, 0x01,
0x80, 0x01, 0x00, 0x02, 0x8c, 0x26
Client 2 (172.26.1.80)
WISER port 10001
0xcb, 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x81, 0x01, 0x00, 0x01, 0x03, 0x81, 0x0b, 0x00,
0x02, 0x27, 0x11, 0x81, 0x1d, 0x00, 0x01, 0x00,
0x80, 0x01, 0x00, 0x02, 0x66, 0x1e
b = "\xcb\x81\x00\x00\x00\x00\x00\x01\x81\x01\x00\x01\x03\x81\x0b\x00\x02'\x11\x81\x1d\x00\x01\x00\x80\x01\x00\x02f" + '\x1e'