Project:RELaserSoftware: Difference between revisions

From London Hackspace Wiki
Line 52: Line 52:
example command block:
example command block:


<code><nowiki>
<pre>
>w04 0002    00000000: 01 05
>w04 0002    00000000: 01 05
*r88 0001    00000000: 04
*r88 0001    00000000: 04
Line 62: Line 62:
     00000010: 00 00 00 66
     00000010: 00 00 00 66
>w04 0002    00000000: 01 06
>w04 0002    00000000: 01 06
</nowiki>
</pre>
</code>


bah mediawiki fail.
bah mediawiki fail.

Revision as of 18:48, 24 November 2010

Reverse Engineering Laser Software

The laser software is bad, we need to know about the file that is created by it so we can create our own in some fashion. Also if it does anything fancy when it downloads itself via USB.

Background

The software is available here. Please scan this with antivirus software before use.

There is a special patched version that cannot currently (but hopefully one day) will be useful for exploring .mol files on babbage in EB4890's folder.

Note that this says there's software bounds protection with firmware versions 4.1.0.0 or above (once origin is set)

Initial Analysis of .mol file

Looking at: /Solexious/MarioBoxes/MINIMARIO.MOL

No ASCII strings (looking using strings)

Does not appear to be compressed (too many zeroes)

  • 0x000 : Header
  • 0x200 : One set of information What?
  • 0x400 : Another set of information.
  • 0xa10 : Likely co-ordinate data. Quite repetitive. Analysis document was mario boxes, with many repetitions of sub boxes, so that makes sense. It looks like possible 16bit number co-oords as the numbers range from a few thousands to hundreds. 32bits are in unrealistic ranges (huge in negative ranges).

To Do

Create simple .mol files with slight changes in

  • One co-ordinate of a point
  • The colour of one line
  • The speed of one colour
  • The power of one colour

And find diffs.

USB

Vendor: 0548 Product: 1005

The protocol seems to be fairly simple. I have a capture of some file downloads and deleting a file.

looks like:

commands are sent to endpoint 0x04 and read form 0x88, sent commands are (byte)length and then length bytes

commands 5 and 6 seem to be start and end

example command block:

>w04 0002     00000000: 01 05
*r88 0001     00000000: 04
>w04 0006     00000000: 05 01 01 83 01 7a
*r88 0001     00000000: 06
*r88 0001     00000000: 05
>w04 0002     00000000: 01 04
*r88 0014     00000000: 0f 01 83 53 51 55 41 52 45 20 20 4d 4f 4c 00 0e
    00000010: 00 00 00 66
>w04 0002     00000000: 01 06

bah mediawiki fail.

Random Links that may be useful