
Decoding an air conditioner control's checksum with differential cryptanalysis - kogir
http://www.righto.com/2017/12/decoding-air-conditioner-controls.html
======
bschwindHN
Nice writeup! I'm going to be decoding a variety of air conditioner remotes in
the future so this will be a good reference.

If anyone is interested in the process of reverse engineering an infrared
remote from "I have a raspberry pi and some electronics" to "I can decode and
encode infrared signals to control my stuff", I have an article on that:

[https://blog.bschwind.com/2016/05/29/sending-infrared-
comman...](https://blog.bschwind.com/2016/05/29/sending-infrared-commands-
from-a-raspberry-pi-without-lirc/)

There are better ways to do what I've described there but it's a good start.

~~~
cinquemb
> _You can see if an infrared LED is emitting light by looking at it through
> your phone camera_

Do you or anyone else happen to know the sensitivities of phone cameras to
infrared bleeding into the visible spectrum, esp under interference from the
rest of the visible spectrum?

~~~
friendzis
Disclosure: not an expert. IR/UV bleeding depends mostly on 3 things: sensor
sensitivity, materials of and coatings on lenses, raw sensor data processing.
Professional cameras are usually equipped with IR blocking filters and UV
filter is "standard practice". Results can vary drastically from seeing under
clothes [1] to barely registering IR lighting.

[1]:
[http://abcnews.go.com/GMA/story?id=126782&page=1](http://abcnews.go.com/GMA/story?id=126782&page=1)

------
nerdponx
Coming from a statistics background, this kind of work is totally unfamiliar
and very fascinating. This kind of high dimensional, complex data seems like
it would admit some very interesting machine learning. And I wonder if the
techniques described here could be adapted outside of cryptography for
inference or other data processing applications.

------
simcop2387
This is a little scary. I'm in the middle of doing this exact same thing. Not
sure if it's compatible or if I'll have to do the same thing.

------
yetihehe
Nice read, it reminds me of CrcRevEng[1], it was really useful several times
when I needed to find what CRC algorithm a vendor used. The most fun was when
I tried to RE disassembled function named crc_512. Turns out it was a checksum
of 4 bytes.

[1] [http://reveng.sourceforge.net/](http://reveng.sourceforge.net/)

------
jorjordandan
Wow sounds like whoever engineered that checksum was a missy elliot fan:
[https://xkcd.com/153/](https://xkcd.com/153/)

------
ninju
I wonder if you could use a machine learning algorithm, trained on the samples
provided, to correctly predict the outcome of another input

------
bhhaskin
Great read! Thanks!

