6 Appendix A: Remote Assistance Invitation File Format

The purpose of the Remote Assistance Initiation Protocol is to obtain the Remote Assistance Connection String using DCOM. However, the implementer is free to use alternative approaches to obtain the connection string. One such alternative approach implemented in Windows is to transmit the Remote Assistance Invitation File over email as an XML file.<15>

The expert computer parses the Remote Assistance Invitation File to extract the Remote Assistance Connection String and other information.

There are two version-specific types of the Remote Assistance Invitation File.

The following is a sample Remote Assistance Invitation File of the first type:<16>

 <?xml version="1.0" encoding="Unicode" ?>
     <UPLOADINFO TYPE="Escalated">
         <UPLOADDATA 
             USERNAME="jeff" 
             RCTICKET="65538,1,192.168.1.65:3389;jeff_xp:3389,*,ot9B5Ut8n6FmiIOr2Aa91
             5WwuLcMdtNl5AoXFiA4wLg=,*,*,5nKH3X0Ikre0jjL9SaRlfN10p9o=" 
             RCTICKETENCRYPTED="1" 
             DtStart="1160080069" 
             DtLength="60" 
             PassStub="o2*5GdBARK_JBB" 
             L="0" />
     </UPLOADINFO>
  

The file contains the following pieces of information:

Value

Meaning

UPLOADINFO

The UPLOADINFO TYPE is set to "Escalated".

UPLOADDATA

The UPLOADDATA contains the following information:

USERNAME: The name of the Remote Assistance novice computer.

RCTICKET: The Remote Assistance Connection String.

RCTICKETENCRYPTED: Indicates whether the ticket identified by RCTICKET is encrypted. RCTICKETENCRYPTED = 1 means the ticket is encrypted, zero means the ticket is not encrypted.

DtStart: The time when the Remote Assistance Connection String was created. This time is the number of seconds elapsed since UTC 1/1/70.

DtLength: The duration for which the Remote Assistance Connection String is valid. This is expressed in minutes. If the expert computer cannot connect to the novice computer successfully within this time, Remote Assistance closes on the novice computer.

PassStub: The encrypted novice computer's password string. When the Remote Assistance Connection String is sent as a file over email, to provide additional security, a password is used.<17>

L: Indicates whether the novice computer is connected via a modem. L = 1 means MODEM is used, 0 means high-speed connectivity is used.

The following diagram shows the password encryption flow for specific implementations.<18>

Password encryption flow

Figure 2: Password encryption flow

The following is a sample Remote Assistance Invitation File of the second type:<19>

 <?xml version="1.0" encoding="Unicode" ?>
 <UPLOADINFO TYPE="Escalated">
     <UPLOADDATA 
         USERNAME="jeff" 
      LHTICKET="3CD9C8A0DB0628410E91EC277CAEB705E5422CE1DA55E0C118155A8BA465C3E81552DC
      B85D03F6A7F2F930C44C1D097239DB8B47339A01D4392F4F05985106757148AEA4C6832BA2AC7C46
      0B958BD4F47966DBBC76E72F6F47FEE1AC50844D654D2D86A760854286F9DAA3823F0346D41063C7
      6378535688017C2D00D263AC187F6BE26FDB854B01E1BC8E4328F54163DB2E901D3805E0D6CF2593
      7A2D43C959F51809124DA2E70807A737323968644CB8BC56ECDCD43AAA40B3B2BA7021198D98AA4D
      5B9818095053C0104A52743343489AD1E12AC0CB7001E56910718B9A8155A60AFF3CC26D2B163629
      46C32F7F9C22AE844D731740301FBF5951FCF765E052D793F526603AA6B7F86C0697BD02FEF32A8F
      4031E30AD55F9752FCA3DB60F8A12466D256F29B22131C1D8ED43E9ACA2BBD172C27D1FD284F825E
      E4E65F2D201E042C1C4DEE6C06522A3F015036F7603AAF16D8A6CB595E22CA80572C91F9E163028C
      AA4A3E7EA0152045BDAAE8C1221283FF2E23CCC53D34870348D6D9CBD5B93411D4F9BB8180062D6B
      573CF2D428FDB1CA7142885F6B2A966A149E19F5D00E22E18A3802612521C126455B675F4D7E12C3
      6B861C19A2795CE87ED592CCCB735A081E428CC50BC23B460794B53601221FFCCCB458090DEB9B59
      19C942A6FD6937F49F9951A9CD416E8E356A6293443EC11798DE204CC67B652C5B62491E37455098
      764EE6727AB8272827411A712C62012026C71BC408D09F6B5FEEB85BF9DE434A5A2BB6F514C4BD06
      4D643F0A0EEAE46CCACA4994A6E7CEC42B70EC020DD2CB42058DC919EBE2CBCBE34575F4A40D47D1
      EEA092653FC6723B2EC2E88231E46E98598218AA305810360CA972C935B5BCB73769197FD78B835C
      3A63A7D603E6CB51F6E84B377D731FEF38C6A9FE68640B58506486C76C33B7F53176E7A52D753DD2
      EAEE34FB2812663D94B5F6BEF6C878BCD7D41F1983A5B87F1F797D4D7504F9C83A9FE661EBBD57FB
      3A01CF82D2E7FF01AE38F70EB8FA8A77B2A4DAB5BDA0E0B458A8FC51F3A354AB9F104DD7B91144D5
      E8589F319CDB5ABD4A2B5DBB4B9C43E74309DE5C30102E7165507C5B2A5E613E30F784A0540E206C
      38965F1869EE53BD0CC8056B324C242F4DFD5D70EB55082F5A9F5513164D1097536037AB6964DBF4
      D3425CBC5F2564B8DBC13889782BFE2C3DB391992781A80B187F6DAE15D643C85BAB3E12B535FEB0
      E0BF79FF58"
      RCTICKET="65538,1,172.31.244.101:55646,*,BnrZvG4FglMwHBhZgo7SkJEqD90DrPYPnxtC/lv
      UcczDCZJacjm0w80gKyzCHTTc,*,*,VasNb+Ymg1mvJ/AJWSh56qq7pk4="
        RCTICKETENCRYPTED="1" 
        DtStart="1160080069" 
        DtLength="60" 
        PassStub= "fg^2IkiL*z3j4U"
        L="0" />
 </UPLOADINFO>
  

The file contains the following pieces of information:

Value

Meaning

UPLOADINFO

The UPLOADINFO TYPE MUST be "Escalated".

UPLOADDATA

The UPLOADDATA contains the following information:

USERNAME: The name of the Remote Assistance novice.

LHTICKET: The encrypted Remote Assistance Connection String 2 where each byte is converted to two HEX numbers<20>

RCTICKET: The version-specific<21> Remote Assistance Connection String.

RCTICKETENCRYPTED: Indicates whether the ticket identified by RCTICKET is encrypted. RCTICKETENCRYPTED = 1 means the ticket is encrypted, zero means the ticket is not encrypted.

DtStart: The time when the Remote Assistance Connection String was created. This time is the number of seconds elapsed since UTC 1/1/70.

DtLength: The duration for which the Remote Assistance Connection String is valid. This is expressed in minutes. If the expert computer cannot connect to the novice computer successfully within this time, Remote Assistance closes on the novice computer.

PassStub: The encrypted novice computer password string. When the Remote Assistance Connection String is sent as a file over email, to provide additional security, a password is used.

L: Indicates whether the novice computer is connected via a modem. L = 1 means MODEM is used, 0 means high-speed connectivity is used.

The following diagram shows the password encryption flow for specific implementations.<22>

Password encryption flow

Figure 3: Password encryption flow

Show: