One of the things I did in 2018 was a bit of reverse engineering, the company I worked for had bought a bunch of older hardware which had to be reused, the trouble being? They had bought the hardware NOT the software.
It look a lot of USB sniffing and signal trapping but eventually I had the device handshake and could see it spew me messages, from these I saw the header format was pretty simple just a pair of bytes and then a length byte followed by whatever the message was.
Interacting with the device stimulated it into sending more messages, so we could start to map physical actions to these USB packet ghosts, eventually we had all the ones we could just prod out of the unit, so it was time to work on more advanced interactions and actually try to tell the device to carry out actions for us.
This immediately met with problems, you see the messages coming out had a counter in the footer, it turned out that if you sent a message you had to use the next number... so receiving messages 1, 2, 3 and then you send 4 and receive 5. Keeping this in sync was a little bit of black magic, but it soon made sense the unit was serial in operation, you could only talk when it was listening, and it only listened after certain choice messages it sent to you.
This all made sense.... What didn't make sense was a four byte message I saw every few minutes, this frustrated me no end....
10111110111011111101111010101101
I converted these to two into an integer... 3203391149... It didn't ring any bells, but I persisted and was rewarded when I switched it into hex...
BEEF DEAD
This is a common message left in hex in code, as a joke, but it was also apt, the board was not going to talk until a full handshake was given again and the packet series stream started over to order things. Cute.
I've found other hex strings, but this one was the first on this particular board
No comments:
Post a Comment