Hacker News new | comments | ask | show | jobs | submit login
Hacking the Kinect - How to hack USB device drivers (ladyada.net)
245 points by there on Nov 17, 2010 | hide | past | web | favorite | 33 comments

This is seriously awesome. While I've spent a lot of time reversing network protocols (and thus had a good foundation on which to pick up USB hacking (which I documented at http://daeken.com/hacking-the-belkin-network-usb-hub and, to a lesser extent, at http://daeken.com/emokit-hacking-the-emotiv-epoc-brain-compu... )), most people have never dropped to this level. We need more articles like this. Good work.

Edit: So, I have an idea, and I think this may be the community to ask about it. I'm considering going to a company (specifically, one that produces some network software or a USB device) and asking them to get a copy/unit of their product, which I will then reverse-engineer in full public view, with the intention of making it fully transparent, and hopefully getting other people into this stuff. It could be something that's already open (either intentionally or by someone reversing it and publishing a driver or other code), or something that's currently closed. But the whole goal is to end up with a set of data that people can work through, along the lines of my Belkin post (but better organized, and published as things go on).

Anyone have any suggestions for who I should approach about this? Or hell, any startups want me to reverse their stuff for the greater good?

I would recommend something simple to start. How about this USB nerf rocket launcher from ThinkGeek: http://www.thinkgeek.com/geektoys/warfare/8a0f/ It's cheap ($25), cool, has horizontal and vertical movement plus firing, and the software is Windows-only. Not to mention that a Kinect + rocket launcher combo would be awesome.

My secondary vote (and it's a selfish one) is this pedometer that only has Windows software: http://www.mattcutts.com/blog/my-favorite-pedometer-omron-hj... . Another possibility would the the Fitbit.

I'd be happy to get you any of these devices if you wanted to document what you find with adafruit-like clarity. Even better would be an exchange to hook willing USB reverse engineers up with people willing to provide devices for those engineers. :)

Some people at our office purchased lots of USB gimmicks, like Rocket Launchers, on expenses because they had to test whether all those USB devices work with XenClient.

Maybe the paper-cnc machine cricut? http://www.cricut.com/ .

It's an awesome device that's locked up into buying cartridges that are basically little disks of svg files. These cartridges cost about $60 a piece, but scrap-booking moms pay for them because they don't know any better.

They have software called Sure Cuts A Lot (SCAL) that can take SVG images in and connect via USB to the Cricut machine (which has to have any cartridge in to work). It's probably sending a well known (but crippled I'd guess) format over the wire.

I suspect that with even the simplest software ever you'd still find a lot of people wanting to buy the cartridges (within the Cricut target demographic).

What about the iPhone/iPad dock connector? There's lots of interesting devices being hooked up to them.

For USB, what about barcode scanners and keyboards? It would be very interesting to see how they communicate with the computer and I figure it would be relatively simple, compared to say an external USB drive.

Keyboard / Mouse / Storage / etc are fully standardized protocols on top of USB (http://www.usb.org/developers/devclass_docs#approved)

Another candy that you might not know about Apple: - Any gadget that wants to communicate with an iPhones/iPods/etc via USB, needs to purchase a proprietary decoding chip. Yep ! - http://www.popularmechanics.com/technology/gadgets/news/4272...

I really want to do this with the support of the manufacturer for a change; that's what actually makes it difficult to choose a target. I've hacked a lot of stuff in the past, but it's never been with the manufacturer's support, and I think that somewhere out there, there's a perfect target. One which is not only a good learning experience for people, but a good marketing opportunity for some company.

You might be interested in joining the linux driver project - www.linuxdriverproject.org

(As started by GregKH - http://kerneltrap.org/node/7636 )

What about the Arduino USB connection? I don't know if it sounds interesting enough to you but I suspect they would be open to it.

I believe the Arduino USB is just a FTDI USB to serial converter.


It used to be but the new Arduino UNO uses custom software on an Atmel microcontroller that includes USB support:


That sounds like an awesome idea. You might want to start off with something simple and not too expensive so that everyone can play along at home.

Maybe some day it could actually turn into some sort of online course or series where there is purpose-built hardware that are designed as "hacking tests", sort of like a real-life version of this reverse-engineering game: http://www.zachtronicsindustries.com/ruckingenur-ii/

Oh, yeah, that game's so cool! I played it a while back--it's a pity it's Windows only but if you can play it try it out.

It's a fun little game if you've got a little bit of a reverse-engineering/hackery mind set. The production values (a story line and everything!) are pretty good for what it is too.

I've written USB drivers before (linux, but USB is the same for everything) and this is exactly how you do it even if you know all the command you're writing into the device. Spot on.

This is the most detailed explanation on howto explore a USB device I've seen. Need more articles like this!

lvr.com also has incredibly useful information. support jan axelson and buy one of her books, they're essential for any usb development!

The website isn't very well laid out.

Well, it isn't. It's just a big mess barfed up onto html. Some links are to elsewhere on the same site. Intermixed with those are links to some other site.

I'm not saying there isn't useful information there, or that her book sucks. I'm just saying her website is a poorly organized mess that makes it less useful unless you know exactly what you're looking for. For a USB newbie it'd just be a maze of links, all alike.

If you're interested in a more of a "project log" style (rather than a complete article) you might want to take a look at my previous efforts at reversing a wireless USB dongle:


And if you happen to like reading about other people's (sometimes uncompleted) reversing projects like I do I've got a few more of those too: :)




And a more general reverse engineering link collection:


I asked about this a few days ago. This appearing now is just awesome. Would like to say a big thanks for taking the time to share your knowledge.

you're welcome! we write a new tutorial every tuesday - some beginner, some advanced. if you subscribe to the blog rss feed you can get the notifications

A straightforward, in-depth guide which is easy to understand. It's absolutely superb ... but am I alone in being put off by the high cost of a USB analyser?

While the Beagle 480 is $1200, the Beagle 12 (full/low speed) is only $400. You can force a high speed peripheral down to full speed by using a USB 1.1 hub. The protocols are identical at the application layer, although there are a few low-level differences in flow control packets.


The PS3 hack only needed full-speed descriptors:



a hardware usb analyzer is just one of those things that's terribly expensive, not really even because of the hardware (its not that complicated) but because of the software which must be really good and this one runs on all OS's. I will admit I used this project as an excuse to get one but good electrical engineering tools cost in the thousands of $

Maybe it could be possible to set-up a virtual hackspace-equipment sharing service, where groups can purchase and pool resources .. allowing remote groups to loan items like this on an adhoc-basis.

Unfortunately, no. I worked for places that wouldn't even approve the purchase of the 2.0 beagle. I guess that what happens when the equipment and my pay come from separate budgets. That said one can use Linux as an analyser when windows is the usb-host by running windows in a vm. There are also software analysers that tap into the windows stack available. The Kinect is one of the few peripherals that isn't windows based.

There are some software-only tools like USBlyzer (Windows only I think) that work pretty well. I've been able to sniff traffic exactly like the examples in this Kinect page.


wait - the kinect has a motor?

To tilt the camera up and down, making it more adaptable to the range of televisions it may be housed on or under.

and to get a wider field of vision for the camera as it records and analyzes your living room and sends it to advertisers and marketers to build an even more detailed profile on you.


...is something that isn't actually happening and would violate Microsoft privacy policy if it did.

.. and an accelerometer (to keep track of the camera orientation)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact