Learn To Reverse Engineer

The most common email we get is “how do I learn how to hack things?”. It looks looks like [ladyada] gets that question a lot too. She didn’t waste any time writing up a step by step guide to reverse engineering USB devices, specifically the Kinect.

She goes into depth on how USB works, how to record the communication, what to look for, how to deconstruct what you’ve found, and how to put it all to use. This is all done with real world data from the Kinect so you could easily follow along at home.  There is source code available so you can download her example and see how to control the device as well.

We wish every hack could be so well written that it could also be called a tutorial.

37 thoughts on “Learn To Reverse Engineer

  1. How do you reverse engineer something?

    You just do it. If you don’t know how, then you figure it out. You learn all of the theory and techniques needed to understand how a system works.

    If you are going around asking “How do I hack? I wanna be a hacker!” then you’re an idiot. VERY few people qualify as true “hackers”. In order to qualify as such, you must be reverse engineering (and modifying) technical systems, and IT MUST ALL BE YOUR OWN WORK. Following someone else’s tutorial does not make you a hacker, it makes you a n00b. Figure it out yourself. ALL OF IT. Only then might you possibly be able to refer to yourself as a “hacker” (even then, it’s questionable, and ultimately determined by the complexity of the “reverse engineering” that you have performed).

    I can’t imagine that HAD would ever attract wannabe hacker n00bs (that are really just nubs looking for tutorials, rather than figuring something out for themselves)… xD

  2. @Jake – Hacking is comprised of a set of skills and knowledge. The best hackers do teach themselves how things work and how to manipulate them, but that does not mean that these skills are useless or trivial for the rest of the populous. I dont think i’ll ever reverse engineer a USB device, but by knowing how (or at least partially), I have a better understanding of how it works. If we treated medicine the way you are approaching hacking, you would hope your doctor gets lucky as he ‘figures out’ how to remove your tonsils on his own.

  3. I can’t help but disagree. Learning from others that are smarter than you is a very important concept of becoming a hacker. Its true that much of the time you need to try stuff on your own. But stating that “IT MUST ALL BE YOUR OWN WORK” is downright misleading to new “hackers in training”. I have not got to where I am today by living in a box. The internet allows for hacking communities. Go out and learn from other. One last comment the whole noob / hacker mentality is so old. If you ask questions about hacking, you are not a noob. Keep on asking and learning.

    If you take the Kinect for an example… A driver was published… Now people all over are writing code / hacks for the kinect to do other things. Should they have said. I must re-invent the wheel before I do anything on the Kinect? Course not. Learn to hack… Hack to learn.. Fight trolls… +50 int.

    Cool stuff Lady Ada.


  4. This work by Lada Ada is out-farking-standing!
    There is nothing better than a hack/tutorial that intends to teach. Most of the hacks appear to come from people who take something that was already out there, and then make it look more complicated so they look leet. Maybe that impresses college instructors – though most of them can see through that crap as it’s plainly obvious that most script kiddies these days are better at looking smart than actually being smart.
    I don’t know much about USB, never had the time for it, but this new material is exactly what I am looking for.

  5. You don’t have to figure out all of it. *rolleyes*
    Hacking is overused though. IMO a hacker is someone who modifies or uses an electrical or computer system in a way it isn’t intended. That means that ‘life hacks’ don’t exist and that website name is retarded.

  6. How do you reverse engineer?

    Step 1 stop being afraid.
    Step 2 assume you will break it and not be stopped by that.
    Step 3 do it.
    Take things apart, get curiosity back in your life, enjoy breaking things. THAT is how you learn this stuff.

  7. Thanks fartface!
    I read your step-by-step instructions, laid out carefully by you, and followed them onward to success!

    Nice article that spread some light on an area I’m not at all familiar with.

  8. @xeracy
    You’re mistunderstanding what I am saying. Yes, it’s fine to learn from someone elses work, but following a tutorial to “hack” something does NOT make you a “hacker”.

    Those who *independently* reverse engineer a complex device are the only ones who can potentially call themselves “hackers”.

    This site seems to attract quite a few nubs who like to follow tutorials (or do something that has been done a thousand times before) and then call themselves “hackers”. I laugh. xD

  9. #1 Be interested and willing to put time into it.
    #2 Gather as much as existing documentation on the subject and read/understand it.
    #3 Summarize what you want to know and what’s still unknown.
    #4 Do you hack magic. Find the right formula by trying things out if you will. Write it down in your spell-book :)
    #5 Share the knowledge and get credited.

    (I hope that’s somewhat correct)

  10. So can the bus pirate be used instead of the Beagle USB 480 Protocol Analyzer? Never did this type of thing before and from all the usb junk I have laying around this would be a neat new hobby to pick up.

    P.S. To those who constantly feel HaD is a waste of time / lame. Why not just find another site or refrain from posting.

  11. @jeicrash
    No USB is very different from what the protocols the buspirate does. Its way more complex in how it sends data, unfortunately, cause the USB sniffers are really expensive.

    Also there is a windows program that shows the USB info. Usbview.exe it comes in the source code examples of the WinDDK, its a huge download, not really practical for just that, but if you got a reason or have it already, its in there.

  12. You don’t magically have the skills to make heads or tails of reversed engineered data plain and simple. And you wont get it either magically just by keep trying.

    @anon they’re everywhere, not just here; jake is just the local town crier.

  13. I can only see further than anyone else because I’m standing on the shoulders of giants.
    Everybody uses something developed by someone else to aid them in going that little bit further. It all boils down to how long people are willing to bang their head against the wall for that one second of YES! Good tools and methodology reduce the time spent banging your head, which can only be a good thing in the long run.

    Thanks ladyada, excelent tutorials.

  14. @jericash

    As noted the BusPirate does not do USB, but it was extremely useful on a project I did recently where a USB micro was interfaced to a RF24L01 transceiver via SPI.

    The bus pirate enabled me to see what USB writes caused activity on the SPI bus and to work out what it all meant.

    You don’t have too have really fancy kit to hack, but sometimes it helps a lot.

  15. I forgot to mention, if you are hooked up to a PC there are various software solutions out there. I’ve used sniffUSB.exe with good success. Its not as fancy as the pay-to-play varieties, but there is some good information out there about what all the numbers mean, it just takes a bit more work to decipher things.
    Also I wish there was more information out there like this, I read it last night, was superb work. Thank you, the internet needs more pages like this.

  16. You can capture USB traffic with Linux too. This worked for me with Ubuntu 9.10

    mount -t debugfs / /sys/kernel/debug

    lsusb to find what bus your device is on, example here is 1

    sudo cat /sys/kernel/debug/usb/usbmon/1u >my_capture_file

  17. Thanks everyone for the helpful tips. This kind of stuff always gets my geek side going. Sadly there is not much on HaD to get my bank account going :P

    I’ll check into the software stuff, who knows maybe I’ll learn something I can use. Otherwise I’m all for filling up my brain with useless stuff just so I can say I tried to learn it.

    Anyone up for making a how-to on using low tech / mostly software based items to do something similar?

  18. I don’t have a tutorial on it, but this is where I started. Using the Linux method or sniffUSB.exe on windows, find yourself a USB storage device, capture some data, then google wiki SCSI Commands, and use this document to figure out what is happening.
    You can then see how the SCSI commands are being sent, and what is being returned.
    Not exactly all that exciting, but the commands are known, and it should give you a feel for some of the stuff going on. So then at least, if you attempt something not so well known, you got a place to start from.

  19. jake so how should some1 figure out usb without dox.
    she read other guides then made a simplified shorter version for the public.

    you do realize that the usb standard was made by thousands of engineers how about reverse it on your own without any knowledge about it you big haxxor

  20. @zyxel
    I normally wouldn’t answer such an illiterate-sounding post, but whatev…

    You missed my point completely. You don’t “reverse engineer” USB. It is well documented, this is known to all.

    You clearly don’t even *know* what the term “hacking” means, so I’ll just reiterate my point: To be a “hacker”, you must reverse engineer a complicated system, then modify that system to do something that it was never intended for.

    There are many different levels of “hacking”. If you make your sonicare toothbrush blink out its battery level in morse code, yeah, you’re a hacker, but then again, that’s a pretty lame hack. If you reverse engineer some complicated device, and make it perform a different function that makes this device infinitely more useful, then you are probably a decent “hacker”.

    Get it?

  21. Advanced analysis requires advanced tools. These tools usually are NOT cheap. In some cases, generic, less-functional equivalents are available for less (like the zeroplus logic analyzer that can be easily modified to function as the much more expensive model) but in most cases, you have to shell out the cash. Fortunately, if this is your passion, you won’t have a problem spending all of your hard earned cash on it :D

  22. The same hacker mantra we’ve all heard for the past 20 years.

    No one asked, “How do I hack?”, but you obviously wish someone would so badly that you felt the need to ask the question yourself, just so you could get your response out there.

    Worthless article.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.