Reverse Engineering a Missile Launcher Toy's Interface

nitro writes "A fairly in-depth technical report by the security researchers at TippingPoint was released on how to reverse engineer the proprietary protocol for controlling a USB missile-launching toy system. They develop an iPhone application to control the device. 'The hardware is coupled with a simple GUI controller written in Delphi (MissileLauncher.exe) and a USB Human Interface Device (HID) interface written in C++ (USBHID.dll). The toys lost their allure within minutes of harassing my team with a barrage of soft missile shots. That same night I thought I would be able to extend the fun factor by coding up a programmatic interface to the launchers in Python. ... One interesting thing is that we have a lot more granular control of the turret movement now than we did with the original GUI. I wrote two simple loops to count the number of possible horizontal and vertical ticks and the results were 947 horizontal and 91 vertical versus 54 and 10 from the original GUI respectively. Granular control allows you to slowly and quietly reposition the turret for stealthy attacks.'"

Re:Good work.

[drinkypoo]

Actually, this seems like an almost ideal platform for sentry gun research. It's small, cheap, relatively harmless, can be operated in an office environment, and is probably wildly inaccurate which means that if you can make this work, actually shooting targets with some kind of accurate weapon will be trivial. I'd very much like a sentry gun that would squirt the @#$%@#@ deer with water (at least) when they come to eat the plants on the front porch.

Re:Good work.

[diskis]

Why go for the complex solution?
A motion sensor connected to a air horn should do the trick.