USB Logger....

Request a hack or modification here:

So, you need a new wheelchair control for your nephew, someone here can figure it it. Maybe you want ambient lighting for your car to match the music, we've probably got someone here who does that.

No illegal "hacking" requests allowed and we are not responsible for the activities of the users. If you make an arrangement with another user, it is between the two of you.

USB Logger....

Postby NTense » November 12th, 2011, 12:09 pm

So, I have a device that can be programmed by hooking it up to my computers USB port. The company has programmed a GUI that allows me to set the settings and then upload them to the device. The device does has to be hooked up to a small box, but I think the unit is more to convert the connector to USB.

What I am interested in is intercepting the upload data from multiple configurations to compare the differences. Currently right now the unit can be put in a spec mode, which has a stock set of settings.....this is denoted by the unit flashing a light. I am trying to figure out the differences in the uploads that cause the light to blink and such.

The unit is an RC car speed control.

Please PM me or post here.

Later EddieO
NTense
 
Posts: 23
Joined: November 12th, 2011, 11:12 am

Re: USB Logger....

Postby UAirLtd » November 12th, 2011, 1:24 pm

Use a USB snooping/trace software, this will show you the exact data being sent/received over USB for that device, so you can compare the data that is being sent for a configuration.

I used to use one, but I can't remember which it was. It wasn't very good anyway, so I suggest you try others. Here's one to start: http://www.sysnucleus.com/ I've never used it, and can't say whether you should use it or not, but it's an example of the kind of software I'm talking about.

There are definitely free and/or open source software out there which will do it, if you don't find one that works, let me know and I'll see if I can remember which one I used.
User avatar
UAirLtd
 
Posts: 629
Joined: July 19th, 2011, 10:32 pm

Re: USB Logger....

Postby st2000 » November 13th, 2011, 7:15 am

There is a boat load of stuff that a USB host and peripheral go through before they ever get around to talking. Are you sure there isn't another way to tap into what is going on?

Is the GUI a program on your computer? What about just saving the file before sending it to the car?

Do you know what type of USB peripheral you are connecting to? Or what type of USB protocol you are using? Assuming it is "computer"<=>"some-box"<=>"car" arrangement of connections, maybe the "some-box" is just a USB-to-serial converter. If so, it would be way way easier to tap into the "some-box" to "car" connection than to monitor all the data over the USB connection.

If the GUI is coming out of the external equipment (i.e. You are using a web browser on your computer to change the settings. This would be similar to how one configures a router.), then there is no point in tapping in to the USB data as you already see everything on your web browser.
st2000
 
Posts: 1454
Joined: February 3rd, 2011, 6:10 pm

Re: USB Logger....

Postby NTense » November 13th, 2011, 7:59 am

www.teamtekin.com is the company.

Hotwire is the unit that goes between the unit and the computer, which I believe coverts the signal wire to USB.

You can download the software program, though without a unit it won't do much.

The unit is the RS PRO speed control, though any unit they sell pretty much programs.

Later EddieO
NTense
 
Posts: 23
Joined: November 12th, 2011, 11:12 am

Re: USB Logger....

Postby st2000 » November 13th, 2011, 9:06 am

So you download proprietary software to your PC to modify the controller on your car. So you're right, the information you want to backwards engineer is likely to be passed over the USB.

Best of all the HotWire lets you download completely new software as it is developed


You sure you want to do this. Sound like this interface also does firmware upgrades. Speaking from both sides (as a creator of FW upgrades and as a user of FW upgrades) I can say there is usually (almost always) a chance FW upgrades will brick your controller.

---

Let's back up and look at this from farther away.

There is a boat load of tricks and techniques to get the most out of (I assume these are) DC motors. If you really want to learn how to do this, it might be better to take a more direct approach and create a controller from scratch. I'm not DC motor knowledgeable, but there are plenty of great sites that will start you off w/H-bridges and some might even get to PWM speed control and the subtleties of the best acceleration profiles.

And why stop there?

I don't know how crazy this model car stuff gets - but I assume you do this on various types of surfaces. The coefficient of friction must vary wildly. How's about being the first on the block to include AVS into your model car. Yes, yes, I know - takes some of the fun out of it. But, really, it is difficult enough to pull up on the accelerator in a real car when you start slipping. I imagine it is impossible to do so in any timely fashion for a model car. You could monitor the drive wheels verses the free wheels. If there was any difference that would indicate slippage. Your custom on board controller could compensate and let up on the motor power.

Any why stop there?

You could write software to "learn" the characteristics of the race course. It could track the static friction as well as the kinetic friction and predict when to let up. You might include a temperature sensor to adjust to ambient conditions. You could even store the profiles of different tires (I assume you guys/gals are into it enough to actually swap out tiers for different surfaces).

Yeah ... the way I look at it, Tekin will be coming to you for help.
st2000
 
Posts: 1454
Joined: February 3rd, 2011, 6:10 pm

Re: USB Logger....

Postby UAirLtd » November 13th, 2011, 10:13 am

Funny you should mention those things, we're on the lookout for someone with some high performance RC vehicles and some electronics knowledge that we can collaborate with to attach our UAV controller/sensor boards to RC vehicles (and boats). These boards were designed to convert RC aircraft into autonomous UAVs, so they're brimming with sensors and plenty of processing power, and designed to go between the RC receiver and ESCs/servos. This should allow RC vehicles to do some insane automated stuff, including automatic track navigation (via GPS).
User avatar
UAirLtd
 
Posts: 629
Joined: July 19th, 2011, 10:32 pm

Re: USB Logger....

Postby NTense » November 13th, 2011, 11:03 am

Well to explain a little further...

Rc racing for decades used brushed mprofs, but in 2005 brushless was finally apprOved for use. Many, including myself warned people there would be issues in regards to cheating.

Fastforward to 2009... A company shows up with a new speed control that can modify the timing while the motor is running. This allows a 17.5 turn mOtor(think stock four banger) to perform like an 8.5 turn (think big block 454 v8)... Was basically like adding a turbo charger and nos to the motor. A no name racer who had never made the a main, was suddenly lapping the entire field, including multiple national champs.

The boost revolution began... But it caused the other wise slow stOck classes to suddenly be undriveable for many racers as the cars were simply too fast.

As a bandaid the racing organizations with pressure from certain comPanies developed a spec mode class...basically the speed control must add no timing...and to denote this the speed control light will blink that it's n spec mode.

The bandaid is not working and many people fear cheating. The speed control companies claim there is no way to cheat the software...I am attempting to prove them wrong.

I am not worried about bricking my speedo.... Stuff happens

As for helping on rc projects, no problem.... I am an expert in cars, boats a little...I own team brood racing, a multiple time national champion comPany.

Later EddieO
NTense
 
Posts: 23
Joined: November 12th, 2011, 11:12 am

Re: USB Logger....

Postby st2000 » November 13th, 2011, 11:58 am

The bandaid is not working and many people fear cheating. The speed control companies claim there is no way to cheat the software...I am attempting to prove them wrong.


It really depends on how technical they get. But, in the end, I should think it is a lot like, hummm, stealing cars. You can make it harder - but really not impossible.

If you were wondering, I am fairly sure I can make it so difficult for my self to break in that I wouldn't try. But this would involve CRC hand shaking and some specialized chips (not really that hard to find, ti.com makes a set) to hold the CRC "secret". It would work much like those $30 A/V cables you now need to buy for your iPod if you have any hope of watching your videos on your TV / monitor. If you don't hold the "secret" in both the car's motor controller and the computer, you don't get to update the controller. And the "secret" is guarded in such a way as to make it very hard to extract.

If you think this technique doesn't work, just ask the OEMs (especially the Pacific rim ones) who, over night, had to dump their inventory of "gee, these portable iPod video monitors don't work any more" after a simple Apple iPod firmware upgrade.

---

UAVs? So, UAirLtd, sounds like you've been working w/the boys over at Wright-Patterson. Very interesting.
st2000
 
Posts: 1454
Joined: February 3rd, 2011, 6:10 pm

Re: USB Logger....

Postby UAirLtd » November 13th, 2011, 12:31 pm

Is there any scope in these competitions for automated systems (I'm talking about a system that goes between the receiver and the ESC), and does the rules allow it? We're looking for someone UK based at the moment since it would be difficult for us to collaborate with a US team.

Anyway, back to your issue on hacking speed controllers. The info helps a lot, I think I may be able to advise you on this. A lot of ESCs are driven by flash-based microcontrollers, and it it looks like to me, Hotwire can completely reprogram the microcontroller on the ESC with new versions of the firmware, as well as send configuration data.

Mandatory disclaimer:
I am advising you the following based on your previous post that I am taking as statement that your intent is completely legal, and to provide proof of concept demonstrating the flaws in the system, and not to actively circumventing rules, or for any other illegal activity.


What is most likely to be the case is that standard non-locked-down firmware would be able to receive configuration settings from Hotwire - timings and whatever, that the user can set via the program.

However, the ROAR approved, firmware that includes the non-changeable timings and flashing LEDs, would most likely be locked-down and have the timing values hard-coded into the firmware itself. Which means there is no way to change those settings via Hotwire or any other method.

If that is the case, then yes, there would be no way to cheat the software.

Unfortunately for Tekin, if they've done things as I have described (and I've made a lot of assumptions up to this point, so it may not be so), then anyone who really wants to cheat would simply replace the software with one that does allow cheating. Load a custom firmware onto the ESC that flashed the LEDs in the same way that the ROAR approved firmware does, but also allows custom timings.

I think Tekin are assuming that nobody except their own engineers have access to the original source code that they use to develop and compile these firmwares, so it would be difficult for anyone else to make their own firmware. But this is untrue, the firmware can be decompiled and edited. It would be hard, yes, and you'd need to be an expert in assembly code, but I'd say there are plenty of people in the world who can do that given time and motive.

UAVs? So, UAirLtd, sounds like you've been working w/the boys over at Wright-Patterson. Very interesting.


No, independent company. UK-based. We make UAV products for hobbyists.
User avatar
UAirLtd
 
Posts: 629
Joined: July 19th, 2011, 10:32 pm

Re: USB Logger....

Postby GaspingSpark » November 13th, 2011, 1:03 pm

The only way to tell if the unit is running with approved settings is a blinking LED? What prevents someone from just connecting a hidden blinking circuit to the LED and running whatever cheat settings they want?
GaspingSpark
 
Posts: 180
Joined: March 8th, 2011, 10:24 am

Next

Return to Requests and commissions

Who is online

Users browsing this forum: No registered users and 2 guests