As I am still looking to remotely provision the Dell Venue Pro device that I am experimenting with, it suddenly hit me that it in fact connects to Visual Studio through a TCP layer. I remembered this from the times when I was experimenting with emulator configurations, and there was a section dedicated to a remote connection.
Yep, right here. The path to the file in my case is: C:\Users\DEV\AppData\Local\Microsoft\Phone Tools\CoreCon\10.0\ImageConfig.xsl. Obviously, it might vary depending on the OS and user configuration. This is the file that defines the connection configuration for the physical device (ImageConfig.en-Us.xsl works for the emulator).
This snippet above gives us several clues:
- The IP to which I should try connecting is 127.0.0.1 (also known as localhost)
- The destination port is 6791
- There is no authentication required (which is good for further experiments)
Easy task now – capture the traffic on the loopback interface. There is one problem, however. Wireshark, the tool I use for packet capture, doesn’t support capturing traffic on the loopback interface because of a known design limitation. The solution was using RawCap. It is able to capture local packets and save the data in a pcap file.
I downloaded and executed it:
Exactly what I needed. I do not need to specify the port at this stage, so simply selection option 3 will do. Again – the option number might vary depending on individual OS and user configurations. Once the interface is selected, enter the path for the output pcap file.
You are now ready to intercept packets. Start Visual Studio and open a Windows Phone project (or create one). Make sure that:
- Your phone is connected to the PC
- Your phone is developer-unlocked
- Zune Software is running (or WPConnect was ran)
Press Enter in the RawCap console window and you will see a slow packet flow, especially if there is secondary activity going on in the context of localhost on your machine. Now start the deployment in Visual Studio. You will see the number of packets spike:
Whenever you decide to stop the capture, you can press Ctrl+C in the console window to abort the operation. The pcap file will be saved regardless.
Now go to the location of the file you indicated above. It is really easy to analyze it with Wireshark at this point, since pcap files are natively recognized and parsed by it.To clear the screen from unnecessary data, simply add a port filter: tcp.port eq 6791.
Select one of the packets with the highest length value, right click on it and select Follow TCP Stream. You will see the output of the entire transfer – that is exactly how Visual Studio deploys a XAP to the phone through the TCP pipe.
In HEX view, you can see that there is a VSD delimiter introduced between sections (assuming it means Visual Studio Deployment). The files are individually passed for OS registration (like the application-specific images). More information to come as I analyze the data passed between the two parties.