Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reverse Engineering a Missile Launcher Toy's Interface

Posted by Soulskill on from the target-that-explosion-and-fire dept.

nitro writes "A fairly in-depth technical report by the security researchers at TippingPoint was released on how to reverse engineer the proprietary protocol for controlling a USB missile-launching toy system. They develop an iPhone application to control the device. 'The hardware is coupled with a simple GUI controller written in Delphi (MissileLauncher.exe) and a USB Human Interface Device (HID) interface written in C++ (USBHID.dll). The toys lost their allure within minutes of harassing my team with a barrage of soft missile shots. That same night I thought I would be able to extend the fun factor by coding up a programmatic interface to the launchers in Python. ... One interesting thing is that we have a lot more granular control of the turret movement now than we did with the original GUI. I wrote two simple loops to count the number of possible horizontal and vertical ticks and the results were 947 horizontal and 91 vertical versus 54 and 10 from the original GUI respectively. Granular control allows you to slowly and quietly reposition the turret for stealthy attacks.'"

29 of 118 comments (clear)

  1. Legal implications by CRCulver · · Score: 5, Funny

    Just as Phil Zimmermann famously had to distribute PGP internationally in print form to avoid violating munitions laws, wouldn't these guys have to be really careful about their elite missle launching software? If this code makes it to Syria or Iran, we're in for a mildly annoying attack with state of the art styrofoam weaponry.

  2. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  3. Good work. by curtinparloe · · Score: 5, Funny

    Now you need to incorporate webcam target recognition and create an automated firing application.

    You could call it "Skynet".

    1. Re:Good work. by drinkypoo · · Score: 4, Insightful

      Actually, this seems like an almost ideal platform for sentry gun research. It's small, cheap, relatively harmless, can be operated in an office environment, and is probably wildly inaccurate which means that if you can make this work, actually shooting targets with some kind of accurate weapon will be trivial. I'd very much like a sentry gun that would squirt the @#$%@#@ deer with water (at least) when they come to eat the plants on the front porch.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Good work. by diskis · · Score: 4, Insightful

      Why go for the complex solution?
      A motion sensor connected to a air horn should do the trick.

    3. Re:Good work. by im_thatoneguy · · Score: 2, Interesting

      Wouldn't an ultrasonic loud speaker be more effective and less likely to miss?

      Or perhaps a pop up scarecrow.

      Problem is deer are usually smart enough to figure out what is and is not dangerous. If they get squired a few times they'll just assume they're setting off your sprinkler system. And I've seen deer walk right through sprinklers without a care in the world.

    4. Re:Good work. by drinkypoo · · Score: 5, Funny

      That sounds fantastic. I'd love to jump out of bed at 3 am wondering where the iceberg is. And I won't need to squirt the deer with water, either; I just sleep on the porch, and when I fucking piss myself I can hose them down, too.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re:Good work. by wisty · · Score: 2, Funny

      Who says the squirt gun has to use water?

    6. Re:Good work. by Ihmhi · · Score: 3, Interesting

      Aren't there more than a few "Paintball turrets" floating around on the 'net that basically do this already? I recall seeing one that was already for sale as a package.

      I'd love to have one of these to get rid of the animals that poop in my backyard. Better biodegradable paint than cat shit.

      And with a little hacking into an alarm system and replacing paintballs with ball bearings...

      "Get the HELL out of my house! You have FIVE seconds to comply. FIVE. FOUR. ONE." *bam* *bam* *bam*

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    7. Re:Good work. by Anonymous Coward · · Score: 5, Funny

      I'd love to jump out of bed at 3 am wondering where the iceberg is.

            Thanks to global warming, there are no icebergs anymore. Oh, wait-

      Shit, an iceberg got him!

    8. Re:Good work. by Hanyin · · Score: 3, Funny

      What kind of geek are you? Just make a project out of it ;-)

    9. Re:Good work. by Cyberax · · Score: 3, Funny

      I recommend landmines. Just don't forget where you put them :)

    10. Re:Good work. by glittalogik · · Score: 2, Funny

      I recommend tiger urine.

  4. Pft. by Spatial · · Score: 5, Funny

    No wireless. Less ammunition than an AH-64. Lame.

  5. Re:Python? by Clueless+Moron · · Score: 5, Informative

    His python code is here. It implements a HTTP web server (as well as a command line and direct socket server mode) that directly invokes a DLL to control the unit. And so in the video he can control the thing using the web browser in his cellphone.

    All the code is only 283 lines and easy to understand. I don't see anything awkward about it.

    In what way exactly would Lua be better at doing that?

  6. Rememer Robot Wars? by anorlunda · · Score: 4, Interesting

    Oh wow. I was one of the enthusiastic fans of Muse Software's Robot Wars for the Apple ][. It sounds to me like Soulskill has invented a way to re-create Robot Wars in a more real and more fun way.

    Here's a description of the original game.


    Create code for a robot using the provided programing language, limited to 256 lines of code. Test your robot on the test bench by examining the code line by line and determining whether the bot performs as intended. Then put your finished robot in the arena with up to four other bots, set the number of battles, and watch them fight it out in a top-down view. Computer Gaming world had annual contests for several years in which readers could send their bots on disk to participate in the match, with results and prizes reported in the magazine.

  7. Re:Cops and Robbers or Global Armageddon ? by drinkypoo · · Score: 3, Funny

    I was thinking of some joke a little more limp-wristed, which is what I always thought when I saw some kid talking about "Rouge Squadron". They fly the pink X-Wings, right?

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  8. Re:Hacking somethign that did not need a hack. by woolpert · · Score: 5, Funny

    These have been "hacked" for years now. I had one running under linux in my cubicle 4 years ago using a webcam for auto targeting coworkers.

    The code. Put up or shut up, AC.

  9. Re:Cops and Robbers or Global Armageddon ? by cleatsupkeep · · Score: 5, Funny

    I was thinking of some joke a little more limp-wristed, which is what I always thought when I saw some kid talking about "Rouge Squadron". They fly the pink X-Wings, right?

    Pink 5 standing by... And FABULOUS

  10. Re:More Granular Implies Poorer Control by vux984 · · Score: 2, Insightful

    If we're going to argue about the meaning of the word...

    When something is granular, it is made up of chunks.

    When something is granular it is made of granules, or 'grains'. Typically something granular is made of numerous grains that form a larger unit.

    When something is more granular, the chunks are larger, it has more of the characteristics of being grainy.

    That doesn't really follow. The characteristic of being granular is that it has granules or grains. "More granular" is actually ambiguous.

    It could mean: more granules or grains -- ie more of the actual characteristic that makes it granular.
    Or it could mean, as you say, larger granules or grains -- ie more pronounced characteristics

    Granular and continuous are antonyms.

    So? More grains doesn't make it 'more opposite', in fact, the fundamental theorem of calculus is that you can approximate continuity with lots of small discontunities... and if you let the number of discontinuites rise to infinity, their size goes zero and it becomes continuous.

    What the OP meant is that he achieved more fine grained control.

    Correct. And fine grained is a better way of putting it because its not ambiguous.

    Not more granular control; more granular control would be worse control than the original resolution.

    More granular control is ambiguous. Although easily understood from the context.

  11. Re:DIADS by Tiger4 · · Score: 2, Funny

    Not such a joke. Look up DIADS, Digital integrated Air Defense (amazingly, not in Wikipedia!). This guy has just hacked the rudiments of Fire Control system. Which is approximately half of a DIADS. The other half being the radar and sensor integration. Which is handled by the many Open projects on sonar and video camera applications. Put them all together, and Our Sandbox Conquering Overlords will have all the tools they need to take them to Playground Domination.

    --
    Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
  12. Re:Hacking somethign that did not need a hack. by kostmo · · Score: 5, Informative

    It's true. http://code.google.com/p/pyrocket/wiki/RelatedWork I hacked the thing about a year ago and started this google code project. You will be able to apt-get this package in Ubuntu Jaunty.

  13. Re:Python? by Jurily · · Score: 4, Funny

    Oblig.

  14. Squirting deer... by Firethorn · · Score: 2, Insightful

    It also depends on how hungry a deer is and the relative quality of the food. A stuffed deer can afford to be very, very skittish. One that hasn't eaten it's fill in a couple days/weeks is going to start taking chances - including eating the plants off your back porch, especially if they're tasty to the deer.

    That's why we need hunters to actually reduce the deer population. If all everybody does is scare them off, eventually there will be so many deer that the non-scary food sources are exhausted and the deer overcome their fear of the scary things. That or start starving over the winter, which isn't a nice way to go either.

    Yes, I do have venison in my freezer...

    --
    I don't read AC A human right
    1. Re:Squirting deer... by Sir_Lewk · · Score: 4, Funny

      Personally, I don't see why we need any more justification for shooting deer than how damn good they taste. :)

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  15. Done that by Space+cowboy · · Score: 4, Interesting

    Get a 'Striker' laser-target-enabled missile launcher ($40, I think). Then get a webcam or IP-enabled camera (I got one of these from Ebay for ~$70).

    Use the camera to detect motion and generate a centroid of motion; use the (high-intensity of red) laser-spot to detect where the missile is pointed (again from the camera image), and move the missile to make the centroid and laser-spot coincident.

    It's actually pretty trivial, but it looks pretty cool to have people walk into the office and have two missile-launchers automatically track them.

    I also have the think-geek big-red-button box, which I modified to allow the button to control a USB port. Now I can fire the (auto-targetting :) missiles by hitting the big-red-button :)

    It's actually only slightly harder to get the system to track two independent targets... The next step is to build in target-recognition by accessing the company's person-directory (we all have pictures)... Don't shoot the VP. Only directors and below are valid targets :)

    Simon

    --
    Physicists get Hadrons!
  16. Re:Python? by Anonymous Coward · · Score: 2, Insightful

    283 lines... plus the Python runtime, including modules to implement the HTTP server.

    ...plus the various C libraries, video drivers, operating system, etc. Wtf? The point is that 283 lines of new code makes for a web controlled nerfgun where previously there was none.

    You can't neglect the overhead of the runtime when you deploy something like this.

    Yes, you can.

    It's running on his desktop PC, which already has python on it. Just like my PC, which also has java, perl and various other languages sitting around. As far as he's concerned, an extra 9k of python script is all it took to make his pet project happen. And if I had one of those USB nerfguns, that same extra 9k of python would trivially do it for me too: right-click, save, "python ped_missile.py".

    although I'd probably go with straight C.

    I've been coding in C continuously for 25 years now, from apps to embedded systems. It's a great language for many things, but for this purpose it would be an absolutely idiotic choice. C is good for size and speed, neither of which is an issue for this task.

    And drop a few features--do you really need to put the HTTP server into the Python code?

    Yes, he does. He wants to be able to control it via a web browser. It's a requirement.

    Are you suggesting he install apache and write a CGI script to do it? I thought you were the one worried about deployment costs.

    Tell you what, go and implement what he did in probably an afternoon (including the web server interface) using pure Lua instead and then show us how much easier and better it is than the way he did it.

  17. Alternatively by phoebe · · Score: 4, Informative

    You can just download the developers guide from the manufacturer: http://www.dreamcheeky.com/dream/forum/viewtopic.php?f=13&t=102

  18. For continuos integration servers! by ciryon · · Score: 2, Interesting

    I am seriously considering to hook up one of these USB Missile Launchers to our continuos integration server at work. When someone checks in code that doesn't compile or breaks tests the launcher targets the offending developer (using pre-determined login aiming mapping) and fires a couple of rounds at him. That'll certainly increase code quality!