From e7d7aef1aa69674feb518d80dae95e10b4ab7c8c Mon Sep 17 00:00:00 2001
From: iris <iris@hyperhive>
Date: Wed, 20 May 2026 20:52:17 +0200
Subject: [PATCH] screen: fix Apple-DH response byte order

rfb_apple_dh_client_msg has encrypted_credentials at offset 0 and
public_key as a flexible array at offset 128. We were sending them
in the wrong order (pub_key first), so neatvnc decrypted the wrong
bytes as credentials and sent the wrong bytes as the DH public key,
causing a mismatched shared secret and SecurityResult=1.

Fixes #92
---
 hive-ag3nt/assets/screen.html | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hive-ag3nt/assets/screen.html b/hive-ag3nt/assets/screen.html
index 268e04b..5ce270e 100644
--- a/hive-ag3nt/assets/screen.html
+++ b/hive-ag3nt/assets/screen.html
@@ -423,10 +423,12 @@ canvas { display: block; cursor: default; }
             const creds = new Uint8Array(128); // empty username + empty password
             const encCreds = await aes128ecb(aesKey, creds);
 
-            // Send: client_pub + encrypted_creds
+            // Send: encrypted_creds + client_pub
+            // neatvnc struct rfb_apple_dh_client_msg has encrypted_credentials
+            // at offset 0 and public_key at offset 128 (flexible array after).
             const response = new Uint8Array(ks + 128);
-            response.set(clientPubBytes, 0);
-            response.set(encCreds, ks);
+            response.set(encCreds, 0);
+            response.set(clientPubBytes, 128);
             send(response);
             dbg('→ Apple-DH response sent (' + response.length + ' bytes)', 'ok');