Re: [sudo-discuss] robot hacking - help crack the code!

last night I plugged a second serial port into the 3d printing computer and connected it to the robot's floppy drive - and then wrote a program to man-in-the-middle the conversation between the two. read 123.JBI from disk: http://spaz.org/~jake/robot/read123.log delete 123.JBI: http://spaz.org/~jake/robot/delete123.log save 124.JBI: (a copy of 123.JBI) http://spaz.org/~jake/robot/save124.log read 124.JBI from disk: http://spaz.org/~jake/robot/read124.log if you do a diff of read123.log and read124.log you will see the slight differences in the packets. Note that the file creation times are different, not just the filenames, in packets mentioning that info. the most succinct examples are these: disk: \x02\x13\x00LST0001123.JBI \x00\xfc disk: \x02\x13\x00LST0001124.JBI \xff\xfb yasnac: \x02\x0f\x00FRD123.JBI \xdc\xfc yasnac: \x02\x0f\x00FRD124.JBI \xdb\xfc the escape codes (starting with \x) are two-character hexadecimal codes for unprintable characters. This is how python does it, which means you can copy these strings directly into python, for example, to test a theory on how they are checksummed. Like this: print sum([ord(c) for c in '\x02\x13\x00LST0001123.JBI \x00\xfc']) that will give you the 8-bit checksum, but that's not what it's using. perhaps it's a 16-bit checksum? if we figure this out, we can write programs for the robot with our own computers and upload them to it, by pretending that we are its disk drive. i looked through this doc but did not find the info we need at this point: http://spaz.org/~jake/robot/479236-17-Communications.pdf poc||gtfo: https://github.com/jerkey/yasnac/blob/master/src/mitm.py -jake