[sudo-discuss] robot hacking - help crack the code!
Jake
jake at spaz.org
Tue Sep 23 11:43:30 PDT 2014
last night I plugged a second serial port into the 3d printing computer
and connected it to the robot's floppy drive - and then wrote a program to
man-in-the-middle the conversation between the two.
read 123.JBI from disk:
http://spaz.org/~jake/robot/read123.log
delete 123.JBI:
http://spaz.org/~jake/robot/delete123.log
save 124.JBI: (a copy of 123.JBI)
http://spaz.org/~jake/robot/save124.log
read 124.JBI from disk:
http://spaz.org/~jake/robot/read124.log
if you do a diff of read123.log and read124.log you will see the slight
differences in the packets. Note that the file creation times are
different, not just the filenames, in packets mentioning that info.
the most succinct examples are these:
disk: \x02\x13\x00LST0001123.JBI \x00\xfc
disk: \x02\x13\x00LST0001124.JBI \xff\xfb
yasnac: \x02\x0f\x00FRD123.JBI \xdc\xfc
yasnac: \x02\x0f\x00FRD124.JBI \xdb\xfc
the escape codes (starting with \x) are two-character hexadecimal codes
for unprintable characters. This is how python does it, which means you
can copy these strings directly into python, for example, to test a theory
on how they are checksummed. Like this:
print sum([ord(c) for c in '\x02\x13\x00LST0001123.JBI \x00\xfc'])
that will give you the 8-bit checksum, but that's not what it's using.
perhaps it's a 16-bit checksum?
if we figure this out, we can write programs for the robot with our own
computers and upload them to it, by pretending that we are its disk drive.
i looked through this doc but did not find the info we need at this point:
http://spaz.org/~jake/robot/479236-17-Communications.pdf
poc||gtfo:
https://github.com/jerkey/yasnac/blob/master/src/mitm.py
-jake
More information about the sudo-discuss
mailing list