PocketPC to FreeBSD

There is a SourceForge project called SynCE where this kind of thing is driven further.


The goal of the "Cassi" project is to connect a Windows CE PocketPC (mine is a Cassiopeia E-115G) with a computer running a Unix-like operating system (mine is FreeBSD) over a serial line. So far, we only have the MS ActiveSync program running on Windows 98 and up, which is doing it's job well on these systems.


Project discontinued. I have given away the Cassiopeia PDA and bought me a Sharp Zaurus instead. There is another project for this one.

Mon Jul 9 15:09:44 CEST 2001 I've been on vacation in Denmark until today, so no updates -- I'll continue with this project today. I'm also waiting for Ludovic Lange to release his research results on this at sourceforge.

Wed Jul 4 13:18:07 CEST 2001
Wrote a new ping daemon, which will be made available on a download page maybe this evening.

Mon Jul 2 23:32:21 CEST 2001 We have a lift-off! I've managed to configure NAT, now Cassi and Win98 talked to each other, not noticing the man-in-the-middle (me!). I've captured and analuzed some data from that.

Mon Jul 2 22:34:37 CEST 2001
Here's some general information on my test setup, more as a reminder for me than for anyone else.

Mon Jul 2 20:47:08 CEST 2001
Connected the Windows machine to the network now, and played around with tcpdump and ethereal. I've found some interesting packets, and I'll share those with you... If interested, look here.
Things seem to go like this: First, Cassiopeia sends an identification packet to the server, originating from a random port. After this, we use this source port to send our ping packets (every five seconds) and get replies to port 5679 again.
At the same time, there's something going on with the server's port 999. Cassiopeia sends packets here (originating at the same port as used for the ping-pong above), SYN set, and received (in my case) RST, ACK and tries again some seconds later (one to three).
The next step must be to get IP address translation running to be able to really do the synchronization over Ethernet.

Sun Jul 1 13:32:07 CEST 2001
Played around and managed to get Cassi connected to my fBSD box. This was done using the standard /usr/sbin/ppp with a somewhat vanilla configuration (linked above).
I have installed asyncd, written by Ludovic Lange to get around the ping timeouts, but it seems there's another timer running which makes the device reconnect about every minute. I've not researched this so far, but worked on with this connection I've got.
Then, I've tried nmap on Cassiopeia and seen lots of open ports, much more than listed in my last entry and found in the documentation. I do not know why. Trying to access Cassi by Samba's smbclient did not work.
Next thing to do: Make the FreeBSD machine route and try to connect a Win98 to Cassi over ethernet. Maybe then, NetBIOS will work and, what is more, maybe we can see the synchronisation (using tcpdump on the fBSD "router").

Fri Jun 29 15:42:49 CEST 2001
Found quite a lot of information on the net: The protocol is actually PPP with TCP/IP on it. IP address of CE is, is the PC. Communication occurs on ports 990, 999, 5678, 5679, all TCP, and over NetBIOS. It seems possible to communicate over the standard pppd, which is what I will try next.
Unfortunately, finding this on the Internet means that I'm not the first one to research this -- I'll continue anyways. So far, people are doing it only for Linux, and I tend to prefer FreeBSD and Solaris. At least interacting with Sun's dtcm seems weird enough to be left for me.

Fri Jun 29 14:03:15 CEST 2001
Started documenting this project. With FreeBSD's snooper, I've captured a session of ActiveSync between a Windows machine and the Cassiopeia. The session contains authentication by the device password number, browsing "My Documents", copying a note from CE to 98, and copying an ASCII file from 98 to CE. The session also seems to include some keepalive packets, which I could not identify any further. Automatic synchronisation was NOT enabled.
Analysing the trace, we see that obviously the connection is started with the CE sending the string "CLIENT", four times in my example, and 98 responding with "CLIENTSERVER". Then there are 4 bytes of something, different on CE and 98 side, and then both sides seem to send the same, 0xc0, 0x21, which could be the protocol identifier for PPP's Link Control Protocol. Maybe this is PPP?
Next: Get a current list of PPP protocol identifiers. Maybe there's more to find here.