+ out_uint8(s, 0);
+
+ ber_out_header(s, BER_TAG_INTEGER, 1);
+ out_uint8(s, 0); // connect id
+
+ mcs_out_domain_params(s, 34, 2, 0, 0xffff); // dumdidum?
+
+ ber_out_header(s, BER_TAG_OCTET_STRING, 58);
+
+ // some unknown header of sorts
+ out_uint8(s, 0x00);
+ out_uint8(s, 0x05);
+ out_uint8(s, 0x00);
+ out_uint8(s, 0x14);
+ out_uint8(s, 0x7c);
+ out_uint8(s, 0x00);
+ out_uint8(s, 0x01);
+ out_uint8(s, 0x2a);
+ out_uint8(s, 0x14);
+ out_uint8(s, 0x76);
+ out_uint8(s, 0x0a);
+ out_uint8(s, 0x01);
+ out_uint8(s, 0x01);
+ out_uint8(s, 0x00);
+ out_uint8(s, 0x01);
+ out_uint8(s, 0xc0);
+ out_uint8(s, 0x00);
+ out_uint8(s, 0x4d);
+ out_uint8(s, 0x63);
+ out_uint8(s, 0x44);
+ out_uint8(s, 0x6e);
+
+ out_uint8(s, 36); // one byte length
+
+ // server info -- we claim to support RDP5
+ out_uint16_le(s, SEC_TAG_SRV_INFO);
+ out_uint16_le(s, 8); // length
+ out_uint16_le(s, 4); // version
+ out_uint16_le(s, 8); // unknown
+
+ // channel info -- open a few channels
+ out_uint16_le(s, SEC_TAG_SRV_CHANNELS);
+ out_uint16_le(s, 16); // length
+ out_uint16_le(s, 1003);
+ out_uint16_le(s, 3);
+ out_uint16_le(s, 1004);
+ out_uint16_le(s, 1005);
+ out_uint16_le(s, 1006);
+ out_uint16_le(s, 0);
+
+ // crypto info
+ out_uint16_le(s, SEC_TAG_SRV_CRYPT);
+ out_uint16_le(s, 12); // length
+ out_uint32_le(s, 1); // 40-bit
+ out_uint32_le(s, 0); // no encryption