

Blind Reverse Engineering a Wireless Protocol [pdf] - kasbah
https://github.com/r-ohare/Amateur-SIGINT/raw/master/Amateur%20Signals%20Intelligence.pdf

======
kabouseng
"That’s not real encryption! And who the heck encrypts the weather anyways? It
didn’t make sense. Why would a company bother to invent a terribly bad
encryption technique in order to obscure data that isn’t private? The next
oddity was that the last byte is described in the PDF as an “exotic” checksum.
Huh? What company would bother to invent their own checksum technique? Are
standard checksums not good enough?"

I have seen such behaviours, where two companies' products has to be able
interoperable, they would introduce odities in the communications protocol to
confuse the opposition and claim the oppositions product is crap...

------
SIGALRM
very cool article, and I did not expect to see what the device was at the end.
it wasn't until I noticed the BCD pattern, then I knew what it was.

~~~
keenerd
It was a good read, but as general advice you should start with looking for
information about the frequency and device in question. The willpower to avoid
the checking for an easy answer was the most impressive part of the writeup.
(A week in the lab can save you a day in the library.) Educationally, it is
the equivalent of doing something longhand instead of punching it into a
calculator. As a volunteer who provides support[1] for some SDR software, the
moment anyone mentions "433.9MHz", the immediate reply is "temperature
sensor". There is even a neat little program[2] that understands a wide
variety of manufactures' formats.

[1] ##rtlsdr [3]

[2] [https://github.com/merbanan/rtl_433](https://github.com/merbanan/rtl_433)

[3] Which I'm running a small fundraiser for,
[http://igg.me/at/rtlsdr](http://igg.me/at/rtlsdr)

