Reverse Engineering Amazon Echo Digital Signal with a Logic Analyzer

Поділитися
Вставка
  • Опубліковано 27 гру 2024

КОМЕНТАРІ • 31

  • @brianbirkerd8206
    @brianbirkerd8206 Рік тому +12

    You look like a teenager with that cap 😂

  • @billheckel3891
    @billheckel3891 2 роки тому +47

    I do not think that 76800 is the correct baud rate. Note the bit position indicators drift in relation to the rising edge. Measure the time between rising edges to find the bit time.

  • @ctbrahmstedt
    @ctbrahmstedt 2 роки тому +32

    Crank up your sampling rate. 500KS/s is only 50 samples per 0.1ms frame. A 115200 baud rate would be 11.5 bits per 0.1ms per frame. ~4samples/bit may be masking a higher frequency bitrate. Do a quick capture at 5Mbit to see what the signal bit rate is and the dial back from there.

  • @Scyth3934
    @Scyth3934 2 роки тому +5

    The volume on this one is much better than your last one. FYI you can see how loud it should be by checking "stats for nerds". If the "content loudness" is negative it means your audio is too quiet and if it is positive it means it is too loud.

  • @FAKEAXIS
    @FAKEAXIS 2 роки тому +9

    There is a lot of products with hidden stuff that we will most likely get no access too, I have a JBL Google Home speaker that I know can accept digital audio through its microusb port, but that was because it was hooked up to some black box thing in a retail display. I would love to get low latency aux in to this speaker one day as it sounds great.

  • @Anx181
    @Anx181 2 роки тому +19

    Hey Matt, great vid!
    I was one of the people commenting on your previous videos recommending you to get a new microphone
    I think the new mic / mic balance is great now, I think it’s a big improvement over previous videos
    Great content and keep hacking brother

    • @gorak9000
      @gorak9000 2 роки тому

      Is this an ASMR channel, or a hardware reverse engineering channel? Pretty sure how the mic sounds is 99% irrelevant for the point he's getting at here.

    • @Anx181
      @Anx181 2 роки тому +1

      @@gorak9000 regardless of the type of content he’s making in the previous videos his microphone was so harsh. It made it very difficult to watch, especially on a tv or good headphones

    • @gorak9000
      @gorak9000 2 роки тому +2

      @@Anx181 Ok, I see what you mean - I went and checked some older videos - the video on arp poisoning has pretty hard to listen to audio. It's not so much the quality of the microphone so much as the level was set too high and it's continually clipping and distorted. That's not really fixable post-processing wise. Yes, clipped and distorted audio is very hard on the ears no matter the playback volume.

  • @campbellmorrison8540
    @campbellmorrison8540 2 роки тому +3

    I dont even know what an amazon echo is but its great to see the up coming generation digging into this stuff, good luck on getting some kind of interaction. I have to agree with the comments below 76800 doesnt seem right and I suspect your sampling is too slow. Personally I would connect a scope to line to see what its really doing before trying to use a logic analyser

  • @Hexnano
    @Hexnano 2 роки тому +5

    Already becoming one of my favorite tech channels!!! Can't wait to see you hit 1k subs and then even more ✌

  • @Aaron_Dayton
    @Aaron_Dayton 2 роки тому +11

    Hi Matt,
    You would be able to determine the baud rate based off the period of a single bits width.
    That way you can get it right on the first try and no guessing. Cheers.

  • @erlendse
    @erlendse 2 роки тому +5

    Probably I2C. The signal looks too regular and is probably a clock. The resistors may be pullup.
    You would need both lines to get the data if so (the other is likely data).

  • @siosinv3851
    @siosinv3851 9 місяців тому +1

    Hey @Matt what papers or publications did you use to help you out on this?

  • @t67m
    @t67m 2 роки тому +2

    The pulses mostly appear to have a 1:2 or 2:1 Mark-Space ratio, so I don't think this is a UART, but maybe even some form of Manchester coding, or the control signal for a NeoPixel LED.

  • @TomStorey96
    @TomStorey96 2 роки тому +2

    Agree with a couple of others here that this is not UART. The signal is too repetitive to be transferring anything useful, it looks more like a clock to me.
    With two signals next to each other like that it could be the clock side of I2C, or if it really is something then it may be one half of a differential pair.

  • @larrybud
    @larrybud 8 місяців тому +1

    Sounds great!

  • @benjaminlarsson8685
    @benjaminlarsson8685 2 роки тому +8

    76800 sounds bogus to me. Try with pulseview/sigrok instead.

    • @gorak9000
      @gorak9000 2 роки тому +2

      I don't see why the decoder would need to know the baud rate in an offline analysis of an asynchronous signal to begin with. All it needs to look at is edges, and perhaps the duration between the edges (depending on what signaling standard is in use - RZ, NRZ, Manchester, etc). Baud rate is only relevant for real-time decoding, not offline analysis after the fact. Clearly a decoder written by a CS person that has some lack of understanding how the hardware actually works. Also, I'd trace where those lines go, and look up the datasheet - there's no point reverse engineering what's mostly likely a list of commands in the datasheet of whatever it's talking to. And yes, I'd also vote to use Sigrok rather than proprietary Salaee software - I'm surprised that the Salaee software even works with the $12 clones - I thought they got super anal about that a few years back.

  • @arie1293
    @arie1293 Рік тому +1

    The xbox one s has a paired optical drive to the console which makes it impossible to replace the disc drive without moving the old daughterboard into the new drive. In some cases users have replaced their drive without this understanding and lost the old drive making their console completely inoperable following a software update. It would be fantastic if a logic analyzer could be used to understand the serial number reporting back to the console create a modchip of sorts that could report the correct serial number and fix consoles with this type of problem.

  • @jonnyphenomenon
    @jonnyphenomenon 2 роки тому +4

    How did you "discover" that signal in the first place?

    • @mattbrwn
      @mattbrwn  2 роки тому +2

      great question.
      I poked around the board with a multimeter first looking for any voltages that looks interesting. That coupled with the fact that these pads were next to the CPU made them interesting enough to look at with the logic analyzer.

    • @jonnyphenomenon
      @jonnyphenomenon 2 роки тому

      @@mattbrwn oh, were they test pads? I couldn't see through the puddle of solder. I've been doing a little hardware hacking lately with my students. Mostly just looking for uarts in iot things so we can get a shell into them and look for exploits and vulnerabilities. It's amazing how much they leave wide open. You now, since those devices have an fccid, their are records of them on the fcc page including close up photos of all the circuit boards inside. I usually start there to see if anything stands out as a possibility, before I actually take something apart.

  • @borontv6400
    @borontv6400 2 роки тому +2

    I'm hoping I can learn how to interpret UART from videos like this!
    I have a Smart Appliance with IoT functionality and consumable cartridges. (I want to refill my own cartridge)
    I have successfully captured the signals between the the cartridge reader by tapping into the UART lanes exactly as you were able to.
    I'm essentially stuck where this video leaves off.

    • @mattbrwn
      @mattbrwn  2 роки тому +1

      I highly suggest the book: Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation.
      The next step after getting bytes is to try to make sense of the binary protocol in use. That book is a good intro to reverse engineering binary protocols.
      then you might want to look into if you can program something like a Raspberry Pi Pico to send the same UART data you observed from the 1st party cartridge to the appliance.

  • @gael5773
    @gael5773 5 місяців тому

    Nice video 🎉

  • @r3dll
    @r3dll 2 роки тому +3

    ayyy matt
    great content for a small channel, keep hacking forward

  • @DopeSaladz
    @DopeSaladz Рік тому +2

    You should reverse engineer a gaming console like a new Xbox or PS4 or ps4

  • @asdhuman
    @asdhuman 2 роки тому +3

    Maybe 86400?

  • @EinSwitzer
    @EinSwitzer 2 роки тому +2

    just dont freak out when you see brain monitoring stuff and its real and if you try to talk about it things happen !