From RF to bytes with an RTL-SDR
I recently un-earthed my RTL-SDR after moving. I also received two RF remote controls for the garage door. It seemed like a good idea to put the two together to see if I could discover what the remotes were transmitting.
The back of one of the remote controls handily listed it’s serial number, FCC ID and the frequency on which it transmits. In this case it transmits at 318MHz. I was expecting that it encoded the transmitted data with On-Off Keying (OOK), also called Amplitude Shift Keying (ASK). OOK is quite simple to generate and decode, which helps keep costs down. The device has multiple buttons, so some bits identifying the pressed button were expected. The serial number was also expected to be present, as well as a code of some description.
Read the rest of this entry »
Reverse Engineering the FFS Flash File System Format
As part of de-bricking a Talkswitch TS-450i IP Phone I needed to see and extract the files within the flash image so that I could replace corrupt ones with known good versions. That required reverse engineering the in-flash format of the file system as there was no way to get files off the device, only onto it.
Read the rest of this entry »
Getting root on a TELUS VGS1432 cable modem and router
A friend of mine recently issued me with a challenge to try to break into his router. I would have LAN access (via WiFi), but that would be it, no touchy touchy. I’d wanted the chance to try and get a copy of the firmware on these routers, as it isn’t available for download, in order to poke around. This router came with a package from Telus so it was likely running firmware that differed in some way to the stock ZyXEL image.
Triton 9610 ATM Teardown
A few years ago I got a Triton 9610 single cassette ATM of craigslist as something to play with. While I did take a look at it and started to reverse engineer it, over time I lost interest and it became a potplant stand. I finally decided to get rid of it and I thought I’d rip it to bits and take a bunch of photos during the process.
Read the rest of this entry »
Dragonfly Ordainment
For my girlfriend’s birthday the other week I made her a dragonfly ordainment. 
Here’s how I built it.
Read the rest of this entry »
Steampunk Inspired Goggles
I had been meaning to make a set of goggles for a while and when a pair of broken 58mm lenses came into my possession I couldn’t resist. Here is how I went from raw materials to the finished goggles, which took the best part of a day to accomplish.
Read the rest of this entry »
GPS Logger VIII – What happened?
So over two years ago I set out to build a GPS Logger to take hiking and traveling. Everything was assembled and it was good to go (almost) and hasn’t moved from that state. Driving around Australia for 2 years and then taking off around the world has a way of putting a cramp in finishing projects.
Read the rest of this entry »
File format reverse engineering – Redux
I was contacted by a visitor of this site asking for the following:
‘I read your nice article on file format reverse engineering and was wondering if you could give me a small tip / hint about compression / encryption. I am trying to understand a constant size file format and need to know if by any chance the file is compressed or encrypted in a simpler way, which leaves hope in cracking it.
…
In the case you would like to have a look at the files, I generated 2 pairs. The first file pair differs only in that one variable. The second file’s name and caption are set to “;1”;, the file 2b to “;1111111…”; (31 chars)’
As the reader seeked advice on how to proceed further and provided enough information to investigate the problem, I took a look. Read the rest of this entry »