WingNews logo WingNews
top | item 41390509

(no title)

gstar | 1 year ago

You're right! The serial bus isn't encrypted!

I got inspired, and have plugged in my scope, and then an RS422 to serial adapter, and I'm getting XML encoded (weird) CAN messages, which I presume are the same as what's on the CAN bus exposed on some of the control box's ports. I'll get out the can analyser tomorrow and check.

Now the trick will be to reverse engineer this protocol. Here's a tiny sample:

  <U>setCAN 0201000000236000000000000 </U=ce><U>getCAN 1 </U=00><U>Ping</U=db> <U>ackCAN 1</U=aa><U>Ping</U=db> <U>setCAN </U=b2><U>getCAN 1 </U=00><U>Ping</U=db> <U>ackCAN 1</U=aa><U>Ping</U=db> <U>setCAN </U=b2><U>getCAN 1 </U=00><U>Ping</U=db> <U>ackCAN 1</U=aa><U>Ping</U=db> <U>setCAN </U=b2><U>getCAN 1 </U=00><U>Ping</U=db> <U>ackCAN 1</U=aa><U>Ping</U=db> <U>setCAN </U=b2><U>getCAN 1 </U=00><U>Ping</U=db> <U>ackCAN 1</U=aa><U>Ping</U=db>

discuss

order

nehz|1 year ago

The AES encryption might be related to the android intent messages that are sent to the AAservice. I recall they had an encrypted mode and a "signed app" mode that AAservice will respond to

selcuka|1 year ago

I have decompiled the apk and it produced a somewhat useful (but incomplete) package of Java source files, which can be useful for reverse engineering the serial protocol. For example:

    <string name="parse_block_tag_ping">&lt;U&gt;Ping&lt;/U=db&gt;</string>
    ...
    private static final byte[] f2305f = "getCAN ".getBytes(Charset.defaultCharset());
    private static final byte[] g = MyApp.a().getString(R.string.parse_block_tag_ping).getBytes(Charset.defaultCharset());
    private static final byte[] h = MyApp.a().getString(R.string.parse_block_tag_startu).getBytes(Charset.defaultCharset());
    private static final byte[] i = "<request>Unknown</request>".getBytes(Charset.defaultCharset());
You can do the same, or alternatively ping me if you'd like me to email you the source package.

FLT8|1 year ago

I have reached out to your email address (as described in your profile) with some additional information that I've been putting together. Let me know if you didn't receive my mail.