能力值:
(RANK:260 )
|
-
-
2 楼
你指的是分析通讯协议吗?
hook所有的对com1文件的读写操作,将数据包保存下来分析即可。
还有一种方法,利用“虚拟串口”软件,把两个虚拟串口相连接,让软件打开其中一个,自己写个程序打开另一端,同时也打开物理串口,让自己的程序当做一个中继,同时也就可以分析数据了。
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
书呆彭:你好,串口发出的数据我是可以截获了,但是看不出什么规律啊,我是想看看数据帧采用什么校验方式~~
|
能力值:
(RANK:260 )
|
-
-
4 楼
如果协议是非公开的,没有文档可参照,只有对软件进行逆向了。
视软件的复杂情况,可能比较容易,也可能非常复杂。
不过有一些规律,可以作为指导,一般的通讯协议,大体都是这样一种数据帧的格式:
SOF(Start of Frame) + 寻址信息 + 数据长度信息 + 数据正文 + 数据校验值
虽然不是所有的协议都遵循同样的方式,但大数数都是这样一个结构,这对于分析协议有很多的帮助。
而数据校验,如果是硬件产生,常用CRC;如果是嵌入式软件,一般都采取比较简单的校验算法,比如字节异或,或者字节累加等,通常不会用太复杂的校验方式的,当然不排除例外情况。
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
Request: 发送
30 30 30 36 30 31 46 39 61 61
Answer:
30 30 30 36 30 31 46 39 2E 30 31 30 38 46 37
以上是我截获的串口数据! 它的功能是读取版本号:1.08
F7 应该就是校验,看不出是怎到得到的~
发 收
(000601F9aa 16进制) = (000601F9.0108F7 16进制)
|
能力值:
(RANK:260 )
|
-
-
6 楼
像是累加校验
不过这里恰好000601F9的帧头的和也是0,所以不知道校验是只对数据正文还是也包括头部。
byte : 0x01 + 0x08 + 0xF7 = 0x00
byte : 0x00 + 0x06 + 0x01 + 0xF9 = 0x00
再看看其它命令,看有没有规律。
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
Request: 2009-3-14 10:41:01.218750064 (+11.5312500000 seconds)
30 30 30 30 30 31 46 46 61 61 000001FFaa
Answer: 2009-3-14 10:41:01.218750064 (+0.0000000000 seconds)
30 30 30 30 30 31 46 46 2E 30 30 30 32 46 45 000001FF.0002FE
Request: 2009-3-14 10:41:01.234375064 (+0.0000000000 seconds)
30 30 30 36 30 31 46 39 61 61 000601F9aa
Answer: 2009-3-14 10:41:01.250000064 (+0.0156250000 seconds)
30 30 30 36 30 31 46 39 2E 30 31 30 38 46 37 000601F9.0108F7
Request: 2009-3-14 10:41:01.296875064 (+0.0000000000 seconds)
30 30 30 41 30 31 46 35 61 61 000A01F5aa
Answer: 2009-3-14 10:41:01.312500064 (+0.0156250000 seconds)
30 30 30 41 30 31 46 35 2E 30 36 39 33 36 37 000A01F5.069367
Request: 2009-3-14 10:41:01.359375064 (+0.0000000000 seconds)
30 30 30 43 30 31 46 33 61 61 000C01F3aa
Answer: 2009-3-14 10:41:01.375000064 (+0.0156250000 seconds)
30 30 30 43 30 31 46 33 2E 30 30 30 30 30 30 000C01F3.000000
Request: 2009-3-14 10:41:01.421875064 (+0.0000000000 seconds)
30 30 30 34 30 31 46 42 61 61 000401FBaa
Answer: 2009-3-14 10:41:01.437500064 (+0.0156250000 seconds)
30 30 30 34 30 31 46 42 2E 30 31 30 31 46 45 000401FB.0101FE
Request: 2009-3-14 10:41:01.484375064 (+0.0000000000 seconds)
30 31 30 30 30 31 46 45 61 61 010001FEaa
Answer: 2009-3-14 10:41:01.484375064 (+0.0000000000 seconds)
30 31 30 30 30 31 46 45 2E 30 37 39 34 36 35 010001FE.079465
Request: 2009-3-14 10:41:01.546875064 (+0.0000000000 seconds)
30 31 30 32 30 31 46 43 61 61 010201FCaa
Answer: 2009-3-14 10:41:01.546875064 (+0.0000000000 seconds)
30 31 30 32 30 31 46 43 2E 30 34 34 43 42 30 010201FC.044CB0
Request: 2009-3-14 10:41:01.609375064 (+0.0000000000 seconds)
30 31 30 34 30 31 46 41 61 61 010401FAaa
Answer: 2009-3-14 10:41:01.609375064 (+0.0000000000 seconds)
30 31 30 34 30 31 46 41 2E 30 30 36 34 39 43 010401FA.00649C
Request: 2009-3-14 10:41:01.656250064 (+0.0000000000 seconds)
30 31 30 36 30 31 46 38 61 61 010601F8aa
Answer: 2009-3-14 10:41:01.671875064 (+0.0156250000 seconds)
30 31 30 36 30 31 46 38 2E 30 30 36 34 39 43 010601F8.00649C
Request: 2009-3-14 10:41:01.718750064 (+0.0000000000 seconds)
30 31 30 38 30 31 46 36 61 61 010801F6aa
Answer: 2009-3-14 10:41:01.734375064 (+0.0156250000 seconds)
30 31 30 38 30 31 46 36 2E 30 30 30 35 46 42 010801F6.0005FB
Request: 2009-3-14 10:41:01.781250064 (+0.0000000000 seconds)
30 31 30 41 30 31 46 34 61 61 010A01F4aa
Answer: 2009-3-14 10:41:01.796875064 (+0.0156250000 seconds)
30 31 30 41 30 31 46 34 2E 46 46 43 45 33 33 010A01F4.FFCE33
Request: 2009-3-14 10:41:01.843750064 (+0.0000000000 seconds)
30 31 30 43 30 31 46 32 61 61 010C01F2aa
Answer: 2009-3-14 10:41:01.859375064 (+0.0156250000 seconds)
30 31 30 43 30 31 46 32 2E 46 46 43 45 33 33 010C01F2.FFCE33
Request: 2009-3-14 10:41:01.906250064 (+0.0000000000 seconds)
30 31 30 45 30 31 46 30 61 61 010E01F0aa
Answer: 2009-3-14 10:41:01.906250064 (+0.0000000000 seconds)
30 31 30 45 30 31 46 30 2E 30 30 30 30 30 30 010E01F0.000000
Request: 2009-3-14 10:41:01.968750064 (+0.0000000000 seconds)
30 31 31 30 30 31 45 45 61 61 011001EEaa
Answer: 2009-3-14 10:41:01.968750064 (+0.0000000000 seconds)
30 31 31 30 30 31 45 45 2E 30 30 30 30 30 30 011001EE.000000
Request: 2009-3-14 10:41:02.015625064 (+0.0000000000 seconds)
30 31 31 32 30 31 45 43 61 61 011201ECaa
Answer: 2009-3-14 10:41:02.031250064 (+0.0156250000 seconds)
30 31 31 32 30 31 45 43 2E 30 30 30 30 30 30 011201EC.000000
Request: 2009-3-14 10:41:02.078125064 (+0.0000000000 seconds)
30 31 31 34 30 31 45 41 61 61 011401EAaa
Answer: 2009-3-14 10:41:02.093750064 (+0.0156250000 seconds)
30 31 31 34 30 31 45 41 2E 30 30 30 30 30 30 011401EA.000000
Request: 2009-3-14 10:41:02.140625064 (+0.0000000000 seconds)
30 31 31 36 30 31 45 38 61 61 011601E8aa
Answer: 2009-3-14 10:41:02.156250064 (+0.0156250000 seconds)
30 31 31 36 30 31 45 38 2E 30 30 36 34 39 43 011601E8.00649C
Request: 2009-3-14 10:41:02.203125064 (+0.0000000000 seconds)
30 31 31 38 30 31 45 36 61 61 011801E6aa
Answer: 2009-3-14 10:41:02.218750064 (+0.0156250000 seconds)
30 31 31 38 30 31 45 36 2E 30 30 30 35 46 42 011801E6.0005FB
Request: 2009-3-14 10:41:02.265625064 (+0.0000000000 seconds)
30 31 31 41 30 31 45 34 61 61 011A01E4aa
Answer: 2009-3-14 10:41:02.281250064 (+0.0156250000 seconds)
30 31 31 41 30 31 45 34 2E 30 30 30 30 30 30 011A01E4.000000
Request: 2009-3-14 10:41:02.328125064 (+0.0000000000 seconds)
30 31 31 43 30 31 45 32 61 61 011C01E2aa
Answer: 2009-3-14 10:41:02.328125064 (+0.0000000000 seconds)
30 31 31 43 30 31 45 32 2E 30 30 30 30 30 30 011C01E2.000000
Request: 2009-3-14 10:41:02.390625064 (+0.0000000000 seconds)
30 31 31 45 30 31 45 30 61 61 011E01E0aa
Answer: 2009-3-14 10:41:02.390625064 (+0.0000000000 seconds)
30 31 31 45 30 31 45 30 2E 30 30 30 30 30 30 011E01E0.000000
Request: 2009-3-14 10:41:02.437500064 (+0.0000000000 seconds)
30 31 32 30 30 31 44 45 61 61 012001DEaa
Answer: 2009-3-14 10:41:02.453125064 (+0.0156250000 seconds)
30 31 32 30 30 31 44 45 2E 31 30 34 32 41 45 012001DE.1042AE
ascii 格式 hex 格式
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
http://www.spartan-rc.com/products/ds760/ds760.php
Configuration Editor
from fw 1v08 (R2) 就是这个软件,很小,呵呵,我很少接PC软件开发,更不要说反向工程了,好累,不知道怎么开工好~~这年头不容易啊
|
能力值:
(RANK:260 )
|
-
-
9 楼
从这些数据包来看,这个协议可能是这么个规律:
request is : 3 bytes command then 1 byte checksum then 1 byte end signature(aa)
check bytewise : command[0] + command[1] + command[2] + checksum === 00
answer is : repeate 3 bytes command and 1 byte checksum, plus a dot(0x2E), then the 2 bytes data text, finally the 1 byte data checksum
check bytewise : datatext[0] + datatext[1] + datachecksum === 00
|
能力值:
( LV2,RANK:10 )
|
-
-
10 楼
嗯,谢谢,书呆彭,我自己试一下~
|
能力值:
( LV2,RANK:10 )
|
-
-
11 楼
书呆彭: 谢谢你的分析啊!刚试了1个命令,好像可以用啊,等全部完工了,再说...,再次感谢你的指点~~~
|
能力值:
( LV2,RANK:10 )
|
-
-
12 楼
这个协议太简单~~~
|
|
|