Reverse Engineering An RC Spy Tank

[Michael] sells a remote control spy tank through his company, and although it’s a toy, there’s an impressive amount of electronics in this R/C tank. It’s controlled from an Android or iDevice over a WiFi connection, something that simply won’t do if you’re trying to sell this to the hacker and maker crowd. The solution to this problem is Wireshark, and with a little bit of work this spy tank can be controlled from just about anything, from a microcontroller via WiFi to a Python app.

Wireshark, everyone’s favorite network packet analysis and capture tool, was used to listen in on the communications between an iPad and the tank. This immediately showed the video stream coming from the camera in the tank, and pointing VLC to the correct port displayed the video.

The motors in the tank were a little trickier, but looking at the data stream, a few packets stood out as being responsible for controlling the motors. After a little experimentation the simple command set was decoded and a Python app whipped up.

These spy tanks are cheap – about $70 from [Michael]’s company and the other usual vendors. It’s not a particularly useful piece of hardware, but someone out there is sure to do something cool with this bit of reverse engineering.