Reverse Engineering Smart TV Remote with Logic Analyzer
ฝัง
- เผยแพร่เมื่อ 2 มิ.ย. 2024
- In this video, I show how I analyzed an unknown digital signal on a remote control for a Google Smart TV with a logic analyzer. I used the PCBite probe kit to connect to the test points without solder.
PCBite kits:
sensepeek.com/pcbite
saleae-logic2 program:
aur.archlinux.org/packages/sa...
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nmatt0/
#iot #hacking #embedded_systems #microscope #tools - วิทยาศาสตร์และเทคโนโลยี
A video on the process of decoding would be incredibly interesting! What tools you use, common patterns you know, etc etc. Really enjoying all of your videos, keep it up :)
This explains why I gotta wait between button presses on these "smart" remotes. Channel surfing is dead now.
haha I know right?
@Arpad Toth 🤣
2F seems to be transmit, 5F might be receive? (Not sure) I noticed additional patterns in each of the messages as well. It seems each message has three messages in it. I've broken them apart before. As you noted, the same byte is sent in position 3 for each of the three parts, which is always followed up be 48.
Perhaps the 3rd byte is a sort of message id for the current packet?
2F 8A7D 48 0A08
2F 9A7D 48 0A08
5F FA7D 48 690D1828F8
2F 3FA8 48 0A08
2F 2FA8 48 0A08
5F 4FA8 48 690D1828F8
2F F9AC 48 0A08
2F E9AC 48 0A08
5F 89AC 48 690D1828F8
good video
It would be cool to see how you approach CANbus
Hi. Thank you for the video. I have a question. The blue LED in the logic analyzer is on all the time, and Logic2 shows that the device is starting from a high state. Is it damaged or is it supposed to be like that?
Its normal
7:43
1 Million (Translated to BAUD) is Sym/s SYMBOLS PER SECOND
Not Samples
and 1MHz is Frequency not BAUD, 1MHz doesn't have to mean 1 Million symbol changes per second,
you could have 9600 Symbols in that time, it depends on the BAUD RATE in use in the protocol
but.. you were looking for BAUD RATE... in SYMBOLS per second Sym/s or Sym/sec or even Bd
Bought one of these off ebay it never arrived:/ first experience of this but could you recommend a reseller
I got mine from amazon:
www.amazon.com/PCBite-SP10-probes-test-wires/dp/B08FGG1QWD
sorry you had a bad experience :(
@@mattbrwn yeah amazon makes you have a business license to sell but i just dont like their business model i have a small wifi router llc on eBay
@@mattbrwn thankful for your empathy but iv been in the game for awhile *no skin lost* got a refund, you shouldn't apologize for the mistakes of others ;p
Also how about the salea same place? Those were supposed to be my Christmas to myself lmao but THM is just a good present
Woo!
8:35 it's not Binary Protocol. it's likely NEC Protocol
Binary isn't a protocol. it's a Numbering system and a Language, it's not a Protocol
also you just said it was HEX so....
Yes my g ......brillant