Reverse Engineering Serial Protocol Project
-
Upload
richard-msiska -
Category
Documents
-
view
151 -
download
3
description
Transcript of Reverse Engineering Serial Protocol Project
![Page 1: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/1.jpg)
Reverse Engineering A Proprietary Serial Communication
Richard Msiska
Thompson Rivers University
Supervisors: Kevin O’Neil, Sharon Brewer, and Bruno Cinel
![Page 2: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/2.jpg)
Outline
• Term Objectives and Analysis• Current progress• Future progress
![Page 3: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/3.jpg)
Term Objectives
• Discover commands for initializing the instrument, performing a Lab and shutting down the TOC analyzer.
• Send and receive those commands using a C++ interface.
• Create a simplified web interface that allows remote connection to the TOC Analyzer.(if Time Permits)
![Page 4: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/4.jpg)
The Instrument
• The Total Organic Carbon/Total Nitrogen (TOC/TN) Analyzer analyses for the Organic Carbon or Nitrogen present in a water sample.
• The TN value is used to infer water quality, the higher it is the poorer the quality of the water.
![Page 5: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/5.jpg)
Tools Used in the Project
• Visual Studio 2010 as an Integrated Development Environment (IDE).
• Serial port sniffer for reading traffic.• USB to serial port converter for creating a
serial port from a USB port.• Serial port splitter for sharing of one serial
port.
![Page 6: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/6.jpg)
Software Implementation
• A standard C++ Library was used for serial port communication.
• The interface contains a lot of timing issues.• Development methodology used was Agile.
![Page 7: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/7.jpg)
Objectives Completed
• Completed Analysis of the Perform Lab use case
• Completed Analysis of the Shutdown Commands Use case.
• Partial Analysis of start up commands.
![Page 8: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/8.jpg)
Current Configuration
Interface
TOC Proprietary Software
Serial Port
SplitterToc Analyzer
Initialization
Perform Lab and Shutdown
![Page 9: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/9.jpg)
The Nature of the Lab
• The lab parameters of the TOC Analyzer are known before hand.
• The user has to: – pick the vial position which contains the sample– start the lab which commands the software – wait for the TOC Analyzer to return a value for TN.
![Page 10: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/10.jpg)
TOC Initialization Protocol
A5 0B F4 00 04 01 00 00 00 00 00 00 00 04
A5 03 FC 00 01 00(Good)
A5 03 FC 00 02 00(Bad)
System Parameters
![Page 11: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/11.jpg)
System ParametersHeader Payload Checksum
A503FC000100 A503FC000100A523DC01041B000000000000D0001 00 00 00 150000000B00000003000000 29 00 00 00
50
0B determines the Hours when this was sent.03 determines minute when this was sent.29 determines seconds when this was sent.50 is the checksumA hexadecimal conversion tells us this command was sent at 11:03:49
![Page 12: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/12.jpg)
Lab Start Up Bytes
• A timed handshake protocol is performed.• A block of data is sent to the TOC Analyzer
defining the lab parameters including injection volume and vial position.
![Page 13: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/13.jpg)
Lab Start Up Bytes Example
A5 03 FC 0001 00 A5 73 8C 07 04 5A 00 00 00 00 00 00 00 0000 00 00 09 00 00 00 03 00 00 00 03 00 00 00 3C00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2201 00 00 00 00 00 00 22 01 00 00 0A 00 00 00 0000 00 00 03 00 00 00 00 00 00 00 00 00 00 00 F000 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 FF FF FF FF E1
![Page 14: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/14.jpg)
Lab Start Up Bytes Example
A5 03 FC 0001 00 A5 73 8C 07 04 5A 00 00 00 00 00 00 00 0000 00 00 09 00 00 00 03 00 00 00 03 00 00 00 3C00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2201 00 00 00 00 00 00 22 01 00 00 0A 00 00 00 0000 00 00 03 00 00 00 00 00 00 00 00 00 00 00 F000 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 FF FF FF FF E1
![Page 15: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/15.jpg)
Lab Start Up Bytes Example
A5 03 FC 0001 00 A5 73 8C 07 04 5A 00 00 00 00 00 00 00 0000 00 00 09 00 00 00 03 00 00 00 03 00 00 00 3C00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2201 00 00 00 00 00 00 22 01 00 00 0A 00 00 00 0000 00 00 03 00 00 00 00 00 00 00 00 00 00 00 F000 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 FF FF FF FF E1
![Page 16: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/16.jpg)
Lab Start Up Bytes Example
A5 03 FC 0001 00 A5 73 8C 07 04 5A 00 00 00 00 00 00 00 0000 00 00 09 00 00 00 03 00 00 00 03 00 00 00 3C00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2201 00 00 00 00 00 00 22 01 00 00 0A 00 00 00 0000 00 00 03 00 00 00 00 00 00 00 00 00 00 00 F000 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 FF FF FF FF E1
![Page 17: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/17.jpg)
Lab Start Up Bytes Explained
• 3C, tells the TOC to inject 60ml of the sample.• OA , tells the interface the vial position is at
position 10.
![Page 18: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/18.jpg)
Shutdown Protocol
A5 0F F0 07 04 51 00 00 00 00 00 00 00 01 00 00 00 5C A5 03 FC 00 01 00 (Command to initiate shutdown)
A5 03 FC 0001 00 + Payload(Good)
A5 03 FC 00 01 00 A5 0B F4 0804 02 00 00 00 00 00 00 00 0D (Final Shutdown)
A503FC000200 (Bad)
![Page 19: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/19.jpg)
Future Prospects
• Updated configuration • Finalize Serial Port Commands and
Communication• Create Local Interface• Create Web Interface• Network Security Assessment• New chair to sit on.
![Page 20: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/20.jpg)
Future Local Configuration
Interface
Toc Analyzer
Initialization, Perform Lab and Shutdown
Lab Results and protocol feedback
File containing sample
information
![Page 21: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/21.jpg)
Future Cloud Configuration
Interface Toc AnalyzerPerform Lab
Lab Results
BC-ILN CLOUD ARCHITECTURE
API + WEB INTERFACE
LAB REQUEST
LAB RESULTS
![Page 22: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/22.jpg)
Remaining Analysis
• Completing start up commands• Starting and completing Lab Results analysis
![Page 23: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/23.jpg)
Local and Web Interface
• Local Interface is a matter of completing my code
• Web Interface would require more communication with the BC-ILN.
• Learn about the BC-ILN cloud architecture.
![Page 24: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/24.jpg)
Network Assessment
• To verify that the network that instrument on is secure.
![Page 25: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/25.jpg)
Difficulties
• Determining correct serial port timings as software works in milliseconds.
• Determining correct serial port configuration.• Decoding a serial port protocol simply by
observing bytes.• Black Box Reverse Engineering.
![Page 26: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/26.jpg)
Overall
• Working towards an interface that will allow labs to be performed remotely.
• Next step is finding out more information about the protocol.
![Page 27: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/27.jpg)
Questions?
![Page 28: Reverse Engineering Serial Protocol Project](https://reader035.fdocuments.net/reader035/viewer/2022081413/5466f5eab4af9f533f8b56ca/html5/thumbnails/28.jpg)
Demonstration
• Head to the Science Lab room 237