Dr_Doggy
Well-Known Member
well, very interesting stuff...
i see now the pin boards for iscp on a tv remote, I get better now what you are saying that "open device" is any port, but that also means I may need to think of things like rf encoders, plus then different protocols and such, compilers, up loaders..ect? I cant help but think one of those "flying probes" mentioned the other day could help me here... it runs on the max Q610, I found the datasheet, but cant figure out how to compile or upload (software required)...
I took apart a fiber optic- to rg6 tv decoder the other day, it was being run by a 16F pic! so i got the compiler and icsp pins on this, but I would then need to trace pcb, and figure out ports... prolly wont find firmware... and cant imagine a uC would be doing much on these things anyway... besides some minor power monitors and such...
it would also be fun to see if i could push some personal firmware in to a cable box, or intercept the firmware download off the cable line to decompile, but i can just imagine the size of scope this would take, i would need to decode the DL from Rf and reencode back to RF, then decompile firmware before any fun, if its even possible... img_033 is the chip for it... but there are several others on the board... *note i dont want to decrypt authorization codes or anything, just change some small features, like maybe disable some buttons or add messages to LCD... or fact that it likes to freeze (global issue )
also it makes a bit more sense about the core of these devices after reading about bootloaders for arduino,, now i wonder is it possible to get bootloader for android cellphones and other machines, and would i want to? maybe it is better to compile using the java compiler and just stick with building apps? instead of building ground up...
One that has my full attention/interest is an advanced game controller, which does not follow common protocol, or have (good)drivers, there are lots of attempts and hacks, but not much mention of fruit, Some were able to interface a microcontroller via the usb interface, , but i wasn t able to decipher the usb.h enough to use for my vb usb lib (which is my ideal). In this case again hard to get firmware , and hard to decompile(i have had little success with decompilers so far). https://d3nevzfk7ii3be.cloudfront.net/igi/Pxl4pYkemGjKR2Xb.medium --- since its arm i am guessing if i did decide to rewrite firmware from scratch that i need python? also i wonder how i would upload, im guessing via usb, but what software, but it is difficult to tell as the vendor has hidden the datasheet. Mostly with this i just want to figure out the communication to get the buffer data from the buttons/sensors, I'm not sure how the handshakes works, or if it needs instruction to send data, i know there is also instruction i need to figure out so i can upload a bluetooth macaddress for pairing,,, on the usb side, i found arduino instruction that looks like this: PS3BT PS3(&Btd,0×00,0×15,0×83,0x3D,0x0A,0×57); but cant figure out what bytes it is inserting prior to mac addr enough to emulate on pc usb... I can get connected , send hex, sometimes i get flashing colors but i have feeling those are error codes.... also any ideas how i can sniff this out when the game system is interfacing ? maybe hook a uC to the usb data lines, but i fear that might entail alot of decryption of annoying packets that are only for ID-ing usb driver and such or that usb2.0 maybe too fast for my microcontroller to listen in on.... i noticed sniffers are quite expensive...
here in the img 20160324_113407 is a zigbee flood sensor, so small i can't see numbers on IC's, my target is just to interface with it, however so far i have discovered there are different pair protocols and handshakes with these devices, so again i wonder how can i sniff this, or another way to get in? In this situation there is no headers or pins, so maybe firmware would upload via the zigbee RF? how would i go about this compiling, uploading or getting firmware? in this board there are really only 2 buttons, the flood trigger and the tamper button.... It kinda looks like the cpu is a zigbee rf module board , simply soldered to the sensor pcb.... (maybe)...
Another device i havn't had a chance to tear down is the bluebolt xbee-lan hub, due to the protocol i was not able to discover or pair it to my devices, plus i dont like how you need cloud server to run it... My options here are to see if i can reprogram it to myown use and to work with my uncompatable devices, or maybe it would be easier to start from scratch: get an arduino, get zigbee & Lan shields and do fresh code from ground up with internal server... would save 100$ in circuits if reprogramming bluebolt is possible...
I have been thinking about getting a raspberry pi, and far as i can tell I could run it on windows10 and other os', I wonder if that would include win7 or xp, does that mean my vb.c# would work for it? but all talk is about python, also i worry about how hard it would be to program.... or find dll plugins for my C# code...
also again, with the mention of devices using python compiler, is there way i can use my vb.c#? so far i am able to compile for arduino with the vb...not sure if i understand what software is needed for uploading... or the different compiler langs involved.
if there are any of these we feel we would have success cracking, please elaborate, I am interested in attempting any of them if I could have a hand in walk through!
i see now the pin boards for iscp on a tv remote, I get better now what you are saying that "open device" is any port, but that also means I may need to think of things like rf encoders, plus then different protocols and such, compilers, up loaders..ect? I cant help but think one of those "flying probes" mentioned the other day could help me here... it runs on the max Q610, I found the datasheet, but cant figure out how to compile or upload (software required)...
I took apart a fiber optic- to rg6 tv decoder the other day, it was being run by a 16F pic! so i got the compiler and icsp pins on this, but I would then need to trace pcb, and figure out ports... prolly wont find firmware... and cant imagine a uC would be doing much on these things anyway... besides some minor power monitors and such...
it would also be fun to see if i could push some personal firmware in to a cable box, or intercept the firmware download off the cable line to decompile, but i can just imagine the size of scope this would take, i would need to decode the DL from Rf and reencode back to RF, then decompile firmware before any fun, if its even possible... img_033 is the chip for it... but there are several others on the board... *note i dont want to decrypt authorization codes or anything, just change some small features, like maybe disable some buttons or add messages to LCD... or fact that it likes to freeze (global issue )
also it makes a bit more sense about the core of these devices after reading about bootloaders for arduino,, now i wonder is it possible to get bootloader for android cellphones and other machines, and would i want to? maybe it is better to compile using the java compiler and just stick with building apps? instead of building ground up...
One that has my full attention/interest is an advanced game controller, which does not follow common protocol, or have (good)drivers, there are lots of attempts and hacks, but not much mention of fruit, Some were able to interface a microcontroller via the usb interface, , but i wasn t able to decipher the usb.h enough to use for my vb usb lib (which is my ideal). In this case again hard to get firmware , and hard to decompile(i have had little success with decompilers so far). https://d3nevzfk7ii3be.cloudfront.net/igi/Pxl4pYkemGjKR2Xb.medium --- since its arm i am guessing if i did decide to rewrite firmware from scratch that i need python? also i wonder how i would upload, im guessing via usb, but what software, but it is difficult to tell as the vendor has hidden the datasheet. Mostly with this i just want to figure out the communication to get the buffer data from the buttons/sensors, I'm not sure how the handshakes works, or if it needs instruction to send data, i know there is also instruction i need to figure out so i can upload a bluetooth macaddress for pairing,,, on the usb side, i found arduino instruction that looks like this: PS3BT PS3(&Btd,0×00,0×15,0×83,0x3D,0x0A,0×57); but cant figure out what bytes it is inserting prior to mac addr enough to emulate on pc usb... I can get connected , send hex, sometimes i get flashing colors but i have feeling those are error codes.... also any ideas how i can sniff this out when the game system is interfacing ? maybe hook a uC to the usb data lines, but i fear that might entail alot of decryption of annoying packets that are only for ID-ing usb driver and such or that usb2.0 maybe too fast for my microcontroller to listen in on.... i noticed sniffers are quite expensive...
here in the img 20160324_113407 is a zigbee flood sensor, so small i can't see numbers on IC's, my target is just to interface with it, however so far i have discovered there are different pair protocols and handshakes with these devices, so again i wonder how can i sniff this, or another way to get in? In this situation there is no headers or pins, so maybe firmware would upload via the zigbee RF? how would i go about this compiling, uploading or getting firmware? in this board there are really only 2 buttons, the flood trigger and the tamper button.... It kinda looks like the cpu is a zigbee rf module board , simply soldered to the sensor pcb.... (maybe)...
Another device i havn't had a chance to tear down is the bluebolt xbee-lan hub, due to the protocol i was not able to discover or pair it to my devices, plus i dont like how you need cloud server to run it... My options here are to see if i can reprogram it to myown use and to work with my uncompatable devices, or maybe it would be easier to start from scratch: get an arduino, get zigbee & Lan shields and do fresh code from ground up with internal server... would save 100$ in circuits if reprogramming bluebolt is possible...
I have been thinking about getting a raspberry pi, and far as i can tell I could run it on windows10 and other os', I wonder if that would include win7 or xp, does that mean my vb.c# would work for it? but all talk is about python, also i worry about how hard it would be to program.... or find dll plugins for my C# code...
also again, with the mention of devices using python compiler, is there way i can use my vb.c#? so far i am able to compile for arduino with the vb...not sure if i understand what software is needed for uploading... or the different compiler langs involved.
if there are any of these we feel we would have success cracking, please elaborate, I am interested in attempting any of them if I could have a hand in walk through!