DEV Community

0x424c41434b
0x424c41434b

Posted on

The Role Of Reverse Engineering Legacy Products in IOT applications

Problem

I was given a very interesting use case for my final project. The idea was to help the science department build a mini web server that allows students to do remote experiments. The machine in question was a TOC Analyzer that was physically controlled by vendor software and connected via serial port. This TOC Analyzer also came with software to be installed a computer that would used to send commands to it.

Solution

The solution was to first see if it was possible to get an API or SDK for sending commands to the TOC. This rendered unsuccessful as we really couldn’t find it anywhere and we thought contacting the company would delay us by a lot. In the end, we decided to reverse engineer the serial communication protocol and implement in C++. This would give us our own personal SDK to the TOC which we could customize to own specifications.

Tools

To begin doing this we needed a few items.

  • A USB to Serial Port Adapter
  • A Virtual Serial Port Sniffer
  • A C++ development environment.

Process

The process during this reverse engineering was a mixture of repeated experiments and pure luck. I divided commands of the TOC protocol from a feature perspective. The TOC would exchange data based on whether you were starting the TOC, doing an experiment with the TOC or shutting down the TOC. Finding out what the essential bytes where was the difficult part. I hoped all I had to do was change the value and notice which byte data changes but it is a bit difficult when multiple bytes also make that change. It is hard to isolate which data means what. Good thing we managed to decipher large parts of the protocol and we managed to get it working.

The end idea was to build a small server on top of our SDK, this way it would be able to receive data from TCP for remote commands to perform actions on the TOC.

Conclusion

A few cons about this process is that you are not 100% sure if what you have is robust. There could be some part of the data which changes the whole meaning of your byte mapping. The checksum could be wrong because of the time and all sorts of things. However, it is worth investigating to when you have no specifications around a legacy product but you want to revitalize it. Reverse engineering gives you a better understanding of the application because you repeatedly know what makes it tick

Top comments (1)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.