I've always wondered how people reverse engineer these things. Do they just guess what the interface might be based on the chips? Or are they able to probe it somehow through the port?
"I call this method the "French Cafe technique". Imagine you wanted to
learn French, and there were no books, courses etc available to teach
you. You might decide to learn by flying to France and sitting in a
French Cafe and just listening to the conversations around you. You
take copious notes on what the customers say to the waiter and what
food arrives. That way you eventually learn the words for "bread",
We use the same technique to learn about protocol additions that
Microsoft makes. We use a network sniffer to listen in on
conversations between Microsoft clients and servers and over time we
learn the "words" for "file size", "datestamp" as we observe what is
sent for each query.
Now one problem with the "French Cafe" technique is that you can only
learn words that the customers use. What if you want to learn other
words? Say for example you want to learn to swear in French? You would
try ordering something at the cafe, then stepping on the waiters toe
or poking him in the eye when he gives you your order. As you are
being kicked out you take copious notes on the words he uses.
The equivalent of "swear words" in a network protocol are "error
packets". When implementing Samba we need to know how to respond to
error conditions. To work this out we write a program that
deliberately accesses a file that doesn't exist, or uses a buffer that
is too small or accesses a file we don't own. Then we watch what error
code is returned for each condition, and take notes. "
Look at his desk: a complete mess of wires and hardware and a single Rubiks cube. Total hacker :-)
It's probably a bit out of date now, but my dog-eared copy is still a good read. Ah, nostalgia. There once were days when I dreamed that a CS degree would make me as a god; the silly thoughts of a child. Now I know that it is a _PhD_ which makes gods of men.
I know you're joking, but...
When I was halfway through my Ph.D. I formulated a hypothesis: The proximate challenge that keeps you from graduating is that you have to write a thesis. But the ultimate challenge to getting your Ph.D. is this: You somehow have to learn to understand, deep down, that all your romantic notions about the Ph.D. are bunk, that you will be exactly the same person on the day after you get it that you were the day before, and that you need to stop waiting for the day when you feel like a god and just write something down and get on with life.
It may take you years to accept this, and it may drive you to drink, but after you get to that point you can graduate.
Only then will you be able to live with the fact that your thesis looks like crap to you. Your thesis will always look like crap to you. Either you will have figured out absolutely everything and your thesis will look incredibly boring to you, because you've moved on, or -- vastly more likely -- your thesis will look woefully incomplete because, geez, there is so much that you couldn't figure out, and you're just so stupid!
Or, most likely of all, you will think both of these things at the same time.
Similarly: Being the world's foremost expert on a particular scientific problem is a lot less exciting in real life than it seems in the movies. In fact, being on the frontier of science feels like being totally, hopelessly lost and confused. Why this came as a surprise to me I'll never know.
I failed at both, as you might expect. The world wasn't wrong, I was. While I could program, I had no discipline. While I had intellect, I had no ability to learn. The world was not wrong, I was. All of my anger and suffering and frustration were my fault. From the defeat of my new University and my new job I learned that my romantic notions of most things were not reality. Enrico Fermi, on whose stairway I bounded up, did not simply decide to conjure nuclear fission under what is now a library. He worked for years, a thing which I had never done.
The novice says to the master, "Coal is black." The master replies, "No, it is not."
The intermediate says to the master, "Coal is not black." The master replies, "Of course it is."
The masters say among themselves, "It is coal."
I hold no romantic notions as I held when I were a boy; I have not become a cynical man. Life is suffering and pain. Life is joy and love. I have built a business from nothing and sold it for a profit. I am now very poor. Life is life and that is beautiful. What we learn, what we truly learn, we so incorporate into our being that we cannot perceive it as unknown to all. We are the streams into which a man steps: never the same, yet always the same.
To gain mastery over the frontier of science is to gain mastery over nothing, over one's self. It is confusion and pain and truth and beauty.
Just yesterday I saw so much negativity and pettiness on another thread that I had pretty much written off HN as a lost cause.
Your post brought me back. Thanks!
I think that's why most people I know that are on "the cutting edge" are very humble: either they got "it" right and know 40 people just as smart that went in one of 40 equally promising directions and got it wrong. Or they're one of the 41 people still trying to figure out just where the heck they can go from this apparent dead-end.
Then along comes 42...
Though the Kinect is apparently a lot more tractable.
The BitBlaze project at UC Berkeley. http://bitblaze.cs.berkeley.edu/
There's also http://www.cs.kent.ac.uk/people/staff/amk/ which offers a PhD studentship in "Reverse Engineering for Security."
CERIAS at Purdue will definitely have some RE related courses, e.g. http://www.cerias.purdue.edu/site/projects/detail/malware_re...
http://www.adafruit.com/blog/2010/11/09/kinect-hacking-video... (demo of analyzer)
http://github.com/adafruit/Kinect (USB log dump)
It's a fun game usually.
Reversing USB is the same as any protocol on top of TCP is the same as any other protocol, just with different tools.
I wish there were an open source hex editor like Hex Workshop for Windows - one of the features I loved was tagging a section of bytes with comments, and being able to use those same tags across multiple data dumps.
There are also software loggers for Windows such as "Snoopy Pro" but last time I tried that it dropped certain types of packets. No such issues with usbmon.
Sadly, there aren't many (any?) protocol dissectors yet, so comms with common chips like FTDI devices don't automatically translate into something human-readable like, say, HTTP conversations.
I'm knee-deep in a personal project that involves reverse-engineering a USB device; since the only drivers for the device are for Windows, the solution was to virtualize Windows on a Linux host (presenting the USB device to the guest OS), fire up wireshark on the host OS (using the usbmon kernel module), interact with the Windows software and drivers as per usual, and capture anything the guest OS sends to the device for analysis.
Really simple stuff; much easier than following this stuff with scopes or logic analyzers.