Learn to reverse engineer

The most common email we get is “how do I learn how to hack things?”. It looks looks like [ladyada] gets that question a lot too. She didn’t waste any time writing up a step by step guide to reverse engineering USB devices, specifically the Kinect.

She goes into depth on how USB works, how to record the communication, what to look for, how to deconstruct what you’ve found, and how to put it all to use. This is all done with real world data from the Kinect so you could easily follow along at home.  There is source code available so you can download her example and see how to control the device as well.

We wish every hack could be so well written that it could also be called a tutorial.

Comments

  1. Jake says:

    How do you reverse engineer something?

    You just do it. If you don’t know how, then you figure it out. You learn all of the theory and techniques needed to understand how a system works.

    If you are going around asking “How do I hack? I wanna be a hacker!” then you’re an idiot. VERY few people qualify as true “hackers”. In order to qualify as such, you must be reverse engineering (and modifying) technical systems, and IT MUST ALL BE YOUR OWN WORK. Following someone else’s tutorial does not make you a hacker, it makes you a n00b. Figure it out yourself. ALL OF IT. Only then might you possibly be able to refer to yourself as a “hacker” (even then, it’s questionable, and ultimately determined by the complexity of the “reverse engineering” that you have performed).

    I can’t imagine that HAD would ever attract wannabe hacker n00bs (that are really just nubs looking for tutorials, rather than figuring something out for themselves)… xD

  2. donald says:

    captain self righteous strikes again.

  3. xeracy says:

    @Jake – Hacking is comprised of a set of skills and knowledge. The best hackers do teach themselves how things work and how to manipulate them, but that does not mean that these skills are useless or trivial for the rest of the populous. I dont think i’ll ever reverse engineer a USB device, but by knowing how (or at least partially), I have a better understanding of how it works. If we treated medicine the way you are approaching hacking, you would hope your doctor gets lucky as he ‘figures out’ how to remove your tonsils on his own.

  4. ril3y says:

    I can’t help but disagree. Learning from others that are smarter than you is a very important concept of becoming a hacker. Its true that much of the time you need to try stuff on your own. But stating that “IT MUST ALL BE YOUR OWN WORK” is downright misleading to new “hackers in training”. I have not got to where I am today by living in a box. The internet allows for hacking communities. Go out and learn from other. One last comment the whole noob / hacker mentality is so old. If you ask questions about hacking, you are not a noob. Keep on asking and learning.

    If you take the Kinect for an example… A driver was published… Now people all over are writing code / hacks for the kinect to do other things. Should they have said. I must re-invent the wheel before I do anything on the Kinect? Course not. Learn to hack… Hack to learn.. Fight trolls… +50 int.

    Cool stuff Lady Ada.

    ril3y

  5. Doktor Jeep says:

    This work by Lada Ada is out-farking-standing!
    There is nothing better than a hack/tutorial that intends to teach. Most of the hacks appear to come from people who take something that was already out there, and then make it look more complicated so they look leet. Maybe that impresses college instructors – though most of them can see through that crap as it’s plainly obvious that most script kiddies these days are better at looking smart than actually being smart.
    I don’t know much about USB, never had the time for it, but this new material is exactly what I am looking for.

  6. smoker_dave says:

    Amazing link, thanks for bringing it to my attention.

  7. Gdogg says:

    You don’t have to figure out all of it. *rolleyes*
    Hacking is overused though. IMO a hacker is someone who modifies or uses an electrical or computer system in a way it isn’t intended. That means that ‘life hacks’ don’t exist and that website name is retarded.

  8. Gdogg says:

    That said, that is a fantastic article.

  9. AdoZ says:

    Excellent article.

  10. fartface says:

    How do you reverse engineer?

    Step 1 stop being afraid.
    Step 2 assume you will break it and not be stopped by that.
    Step 3 do it.
    Take things apart, get curiosity back in your life, enjoy breaking things. THAT is how you learn this stuff.

  11. ClutchDude says:

    Thanks fartface!
    I read your step-by-step instructions, laid out carefully by you, and followed them onward to success!

    Nice article that spread some light on an area I’m not at all familiar with.

  12. Jake says:

    @xeracy
    You’re mistunderstanding what I am saying. Yes, it’s fine to learn from someone elses work, but following a tutorial to “hack” something does NOT make you a “hacker”.

    Those who *independently* reverse engineer a complex device are the only ones who can potentially call themselves “hackers”.

    This site seems to attract quite a few nubs who like to follow tutorials (or do something that has been done a thousand times before) and then call themselves “hackers”. I laugh. xD

  13. DarkFader says:

    #1 Be interested and willing to put time into it.
    #2 Gather as much as existing documentation on the subject and read/understand it.
    #3 Summarize what you want to know and what’s still unknown.
    #4 Do you hack magic. Find the right formula by trying things out if you will. Write it down in your spell-book :)
    #5 Share the knowledge and get credited.

    (I hope that’s somewhat correct)

  14. woutervddn says:

    I was hacking when I was 12 years old (I didn’t knew it was hacking, I was just breaking thing apart and trying to make something else with it)
    then a certain website named hackaday.com pulled me
    towards everything that was electric, and here I am, I’m a tech junk and I’m willing to seek help…

    btw my point exactly: http://www.youtube.com/watch?v=k5JSJuN3UWI

  15. Rupin says:

    This post is awesome..I wish I had this sort of information available 4 years ago when cypress chips were available as free samples

  16. jeicrash says:

    So can the bus pirate be used instead of the Beagle USB 480 Protocol Analyzer? Never did this type of thing before and from all the usb junk I have laying around this would be a neat new hobby to pick up.

    P.S. To those who constantly feel HaD is a waste of time / lame. Why not just find another site or refrain from posting.

  17. anon says:

    @jeicrash

    problem with trolls is if you feed them they come back. note the infestation of arduino trolls on this site.

  18. PhilKll says:

    @jeicrash
    No USB is very different from what the protocols the buspirate does. Its way more complex in how it sends data, unfortunately, cause the USB sniffers are really expensive.

    Also there is a windows program that shows the USB info. Usbview.exe it comes in the source code examples of the WinDDK, its a huge download, not really practical for just that, but if you got a reason or have it already, its in there.

  19. Eirinn says:

    You don’t magically have the skills to make heads or tails of reversed engineered data plain and simple. And you wont get it either magically just by keep trying.

    @anon they’re everywhere, not just here; jake is just the local town crier.

  20. Truth says:

    I can only see further than anyone else because I’m standing on the shoulders of giants.
    Everybody uses something developed by someone else to aid them in going that little bit further. It all boils down to how long people are willing to bang their head against the wall for that one second of YES! Good tools and methodology reduce the time spent banging your head, which can only be a good thing in the long run.

    Thanks ladyada, excelent tutorials.

  21. mungewell says:

    @jericash

    As noted the BusPirate does not do USB, but it was extremely useful on a project I did recently where a USB micro was interfaced to a RF24L01 transceiver via SPI.

    The bus pirate enabled me to see what USB writes caused activity on the SPI bus and to work out what it all meant.

    You don’t have too have really fancy kit to hack, but sometimes it helps a lot.

  22. DesperateBob says:

    Can someone post drivers for the freaking 360 chatpad now? It can’t possibly be as hard as the kinect, right?

  23. PhilKll says:

    I forgot to mention, if you are hooked up to a PC there are various software solutions out there. I’ve used sniffUSB.exe with good success. Its not as fancy as the pay-to-play varieties, but there is some good information out there about what all the numbers mean, it just takes a bit more work to decipher things.
    Also I wish there was more information out there like this, I read it last night, was superb work. Thank you, the internet needs more pages like this.

  24. M4CGYV3R says:

    “Sadly, it does not exist for windows”

    Pure haterade. The VID and PID and the same amount of information is available in Windows under the device manager.

  25. mungewell says:

    @DesparateBob

    I have RE’ed schematics if you want them… lost interest in it.

  26. PhilKll says:

    You can capture USB traffic with Linux too. This worked for me with Ubuntu 9.10

    mount -t debugfs / /sys/kernel/debug

    lsusb to find what bus your device is on, example here is 1

    sudo cat /sys/kernel/debug/usb/usbmon/1u >my_capture_file

  27. jeicrash says:

    Thanks everyone for the helpful tips. This kind of stuff always gets my geek side going. Sadly there is not much on HaD to get my bank account going :P

    I’ll check into the software stuff, who knows maybe I’ll learn something I can use. Otherwise I’m all for filling up my brain with useless stuff just so I can say I tried to learn it.

    Anyone up for making a how-to on using low tech / mostly software based items to do something similar?

  28. PhilKll says:

    I don’t have a tutorial on it, but this is where I started. Using the Linux method or sniffUSB.exe on windows, find yourself a USB storage device, capture some data, then google wiki SCSI Commands, and use this document to figure out what is happening.

    http://www.usb.org/developers/devclass_docs/usbmassbulk_10.pdf

    You can then see how the SCSI commands are being sent, and what is being returned.
    Not exactly all that exciting, but the commands are known, and it should give you a feel for some of the stuff going on. So then at least, if you attempt something not so well known, you got a place to start from.

  29. zyxel says:

    jake so how should some1 figure out usb without dox.
    she read other guides then made a simplified shorter version for the public.

    you do realize that the usb standard was made by thousands of engineers how about reverse it on your own without any knowledge about it you big haxxor

  30. Jake says:

    @zyxel
    I normally wouldn’t answer such an illiterate-sounding post, but whatev…

    You missed my point completely. You don’t “reverse engineer” USB. It is well documented, this is known to all.

    You clearly don’t even *know* what the term “hacking” means, so I’ll just reiterate my point: To be a “hacker”, you must reverse engineer a complicated system, then modify that system to do something that it was never intended for.

    There are many different levels of “hacking”. If you make your sonicare toothbrush blink out its battery level in morse code, yeah, you’re a hacker, but then again, that’s a pretty lame hack. If you reverse engineer some complicated device, and make it perform a different function that makes this device infinitely more useful, then you are probably a decent “hacker”.

    Get it?

  31. davi jordan says:

    Know your hardware as you would know yourself.

  32. rasz says:

    bus pirate no, but you could use USB 2.0 data loggers to grab full speed usb traffic (12MHz), for example saleae. Of course you would need a software that can interpret that data.

  33. fluidic says:

    Well, that was a fun read up to the point where it requires a $1200+ sniffer. It’s going to be a long time before it’s enough of a priority to justify that.

  34. mike says:

    instead of the $1200 analyzer,is it possible to build a cheap version yourself?

  35. Jake says:

    Advanced analysis requires advanced tools. These tools usually are NOT cheap. In some cases, generic, less-functional equivalents are available for less (like the zeroplus logic analyzer that can be easily modified to function as the much more expensive model) but in most cases, you have to shell out the cash. Fortunately, if this is your passion, you won’t have a problem spending all of your hard earned cash on it :D

  36. default says:

    The same hacker mantra we’ve all heard for the past 20 years.

    No one asked, “How do I hack?”, but you obviously wish someone would so badly that you felt the need to ask the question yourself, just so you could get your response out there.

    Worthless article.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,369 other followers