Is reverse engineering the wireless protocol easy? I imagine hacking hardware involves a lot more work than software.
I also love how she 3d printed out some plastic cases for her toy. I see cheap 3d printers eventually being so ubiquitous that a quick prototype may be just as easy to hack up as a working software program.
1. The specs for the radio chip are easily available, so she could identify the actual packets from looking at the voltages on four wires.
2. Each packet had two identical bytes that went up when she turned the remote up, and down when she turned it down.
3. There were some bytes which were always constant, and didn't seem to do anything.
From there, the code ended up being fairly simple:
On power-up, it sends an initialization sequence, copied from the trace from the original remote. This has a bunch of settings that you can look up in the manual. Then for each packet, it sends a start sequence (essentially, "finish sending anything queued, and stand by"), puts a packet into the transmit queue (packet = 0x0100a5[power][power]00000005, where power is the power level byte), and then tells the radio to transmit.
And then of course you can debug this by comparing the traces it generates to the traces from the original remote.
How does one go about doing this? Is this done on hardware or some wireshark-esque software tool?
I can dream.
There's been some promising blips here and there with the reprappers:
There's gotta be a market for this.