Author Topic: "Hack" an Commercial Airline Groundstation Radio?  (Read 10058 times)

0 Members and 1 Guest are viewing this topic.

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #25 on: June 03, 2016, 12:16:09 am »
0, 0, 0  ::)

So is that so hard to find the function who desired what run?

Hi

What you will dump is a bunch of binary numbers. They correspond to Motorola assembly language primitive operations. The first task is to work out where the program actually starts .... From there you use a reverse assembler to convert the binary into text op codes like STA,X and CMPA,I or something similar. From there you begin to figure out what does what in the program. I do this stuff for a living. It would take me months....No, that's not part time months. That's full time 40 hour a week months.

Bob
 

Offline Lord of nothingTopic starter

  • Super Contributor
  • ***
  • Posts: 1581
  • Country: at
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #26 on: June 03, 2016, 12:21:48 am »
 ;D i have enough time. What is the best way to start?
Made in Japan, destroyed in Sulz im Wienerwald.
 

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #27 on: June 03, 2016, 12:30:00 am »
;D i have enough time. What is the best way to start?

Hi

Start with a course in computer programming at your local school. After that there are generally about three courses before you get to assembly language programming principles. That will give you the basics to understand what you are looking at. Next step would be to reverse assemble some code you are already familiar with and get the hang of looking at things backwards. It is unlikely that they will teach you HC11 coding since it's basically an "over the hill" part. Yes, we use them, but not a lot. I'd get a couple of demo boards and start doing code on them. That will get you up to speed with the tools. Figure that there's about $500 in the tools so far. For the reverse assemble part of it, you *might* find code out there. You may have to write your own. For a simple machine like the one on that board, it's not all that hard to do. From there it's just working out what each and every line of code in the machine does. Also consider that there are other chips on the board that get into the act. The HC11 is only one of the devices you have to dig into.

Bob
 

Offline Lord of nothingTopic starter

  • Super Contributor
  • ***
  • Posts: 1581
  • Country: at
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #28 on: June 05, 2016, 09:54:31 pm »
hmm so what can I do now?  :o
Made in Japan, destroyed in Sulz im Wienerwald.
 

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #29 on: June 05, 2016, 10:02:09 pm »
hmm so what can I do now?  :o

Hi

What you are trying to do is in the "can be done" category. It's not 100% certain it can be done, but it's quite likely. Doing it is not in the "simple weekend project" category. It is likely the people who made the radio did some things to make it hard to do. If it was really simple, nobody would ever pay for a license for this or that on the radio.

Bob
 

Offline Lord of nothingTopic starter

  • Super Contributor
  • ***
  • Posts: 1581
  • Country: at
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #30 on: June 05, 2016, 10:04:18 pm »
the company must void the Warranty to Hack it.
This Product is made for an huge Solution so nobody would ever touch it.
Made in Japan, destroyed in Sulz im Wienerwald.
 

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #31 on: June 05, 2016, 10:09:20 pm »
the company must void the Warranty to Hack it.
This Product is made for an huge Solution so nobody would ever touch it.

Hi

Which company must void the warranty to hack it?

Why would people never touch it?

Bob
 

Offline Lord of nothingTopic starter

  • Super Contributor
  • ***
  • Posts: 1581
  • Country: at
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #32 on: June 05, 2016, 10:10:36 pm »
ähm? How do you want replace the Main Memory without open the Case?  :-//
Made in Japan, destroyed in Sulz im Wienerwald.
 

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #33 on: June 05, 2016, 10:27:53 pm »
ähm? How do you want replace the Main Memory without open the Case?  :-//

Hi

You use a boot loader.

Bob
 

Offline Lord of nothingTopic starter

  • Super Contributor
  • ***
  • Posts: 1581
  • Country: at
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #34 on: June 05, 2016, 10:33:05 pm »
 :-//
Made in Japan, destroyed in Sulz im Wienerwald.
 

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #35 on: June 05, 2016, 10:35:03 pm »
:-//

Hi

You use a custom program that uploads the code to the MCU after doing some custom validation against the firmware already in the MCU.

Again, fairly basic firmware stuff. Not something that most people do every day.

Bob
 

Offline Lord of nothingTopic starter

  • Super Contributor
  • ***
  • Posts: 1581
  • Country: at
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #36 on: June 05, 2016, 10:37:31 pm »
So let me try it.  ;D
What kind of Hardware does I need to read the Data out?
I ordered today an Tool to get the Chip out.  :-+
When I learn something from the Videos never use an Screwdriver for.  :scared:
Made in Japan, destroyed in Sulz im Wienerwald.
 

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #37 on: June 05, 2016, 10:50:11 pm »
So let me try it.  ;D
What kind of Hardware does I need to read the Data out?
I ordered today an Tool to get the Chip out.  :-+
When I learn something from the Videos never use an Screwdriver for.  :scared:

Hi

Ok, so first step:

Identify the chips on the board and take a look at how they are interconnected. That will give you a basic idea how the code may be accessed and where the information you are looking for may be stored. Possible locations:

1) EEPROM
2) Outboard FLASH
3) Outboard mask ROM
4) Re-loaded into RAM after pull from external memory
5) On the MCU

It's a pretty good bet that what you are after (license keys)  is not in the MCU it's self. Of course without ever seeing the board or the radio, this is all 99% guesswork.

Bob
 

Offline Lord of nothingTopic starter

  • Super Contributor
  • ***
  • Posts: 1581
  • Country: at
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #38 on: June 05, 2016, 10:52:08 pm »
How can i see this?
Made in Japan, destroyed in Sulz im Wienerwald.
 

Offline uncle_bob

  • Supporter
  • ****
  • Posts: 2441
  • Country: us
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #39 on: June 06, 2016, 12:31:09 pm »
How can i see this?

Hi

Open up the radio and make a list of all the major chips.

Look up each chip and see what sort of chip it is.

Bob
 

Offline Lord of nothingTopic starter

  • Super Contributor
  • ***
  • Posts: 1581
  • Country: at
Re: "Hack" an Commercial Airline Groundstation Radio?
« Reply #40 on: June 08, 2016, 07:28:12 pm »
ok i will do it tomorrow. I have some good pics but the are not that good for "reverse engineering".
Made in Japan, destroyed in Sulz im Wienerwald.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf