Lync RDP parsing

Question

I am making a RDP client to get desktop sharing from Microsoft Lync (2010), I was able to get all decrypted RDP streams from Lync but stuck in paring it. Can anyone help me on this? Below is some stream that Lync send to my client:

8B23AF01112119002B00100065E2EAA3821...

8023A207112109001802B081D9848000158...

8023B10D11211900AA80454024822000144...

8023090B11210EC324C7B00869200003500...

A023BA101121160035011B004B5CC915604...

A023781E112107CE7B4100143C420481004...

A023E326116104DE6609C0952F14A915002...

9023F41C1221690A4B0586F7C98C018F978...

8023A61B112106009200B486554940400B8...

A023DD2411210200850305803FB30080348...

9023D61612219F4582A002CAB25C2249800...

A023962011210200480080135BED0019132...

as my observation, almost stream has some same bytes

The first by is always 0x80 or 0xA0

The second byte is always 0x23

Next should be 2 bytes of length (probably correct, eg 0xA207)

Then always is 0x1121

for example this stream:

80 23 A207 1121 09001802B081D9848000158...

Does anyone know what do those bytes encode? how to parse these streams correctly?

Thank you in advanced!

Did you get an answer to this? I have a similar query. – Siddharth Toshniwal Dec 23 '14 at 10:56 — Siddharth Toshniwal, Dec 23 '14 at 10:56

score 0 · Answer 1 · answered Jul 08 '13 at 13:11

0

Maybe this help you. Managing stream from Lync server: http://blog.greenl.ee/2011/12/30/modifying-sip-headers-managed-sip-application-api/

answered Jul 08 '13 at 13:11

Cthulhu

1

Lync RDP parsing

1 Answers1