Wednesday, January 14, 2009

Shmoocon and Black Hat, DC

Howdy y'all,

I'll be presenting two new lectures in DC next month. The first, at Shmoocon, is on the construction of wireless sensors. Beginning with a product idea, Josh Gourneau and I will step you through the design of a modern sensor node's hardware and software. Then we walk you through the design of a brand new node: hardware design, fabrication, porting an operating system, writing an application, maintaining power efficiency, and proper use of the radio. Who knows, we might even make radio version of our neighborly Party Mode Belt Buckle?

At Shmoocon, be sure to catch Off the Shelf Security - Meeting Crime with an Open Source Mind, which immediately follows my talk in the same room.

My second lecture, at Black Hat DC, will describe the reverse engineering and exploitation of wireless sensors. You will learn how to take a wireless sensor apart, reverse engineer its firmware, sniff the various buses it contains, craft an embedded stack overflow, and some interesting techniques with radio jamming.

--Travis Goodspeed
<travis at radiantmachines.com>

Saturday, January 3, 2009

Implementing the MSP430 FET Protocol

by Travis Goodspeed <travis at radiantmachines.com>
continuing initial observations.

Following a comment posted to the prior article, I discovered that, as suggested, the PPP FCS-16 checksum is the one used for communicated with the FET. Searching MSP430.dll for the initial bytes of the checksumming table which is presented on Section C.2 of RFC1662, yields the following table,
CRC16 Function from MSP430.dll

The 16-bit entries from the table appear as little endian, so {0x1189, 0x2312} becomes {0x89, 0x11, 0x12, 0x23}. Running a quick test with the RFC's FCS-16 code yields a proper checksum, with which messages can be signed.

The result of this is an open source too, MSP430FET, for programming chips with the MSP430 FET tools. The present version can read and write memory, but it is limited to spy-bi-wire and is unable to erase memory. Expect those features, and a website, in a later revision.

svn co https://msp430fet.svn.sourceforge.net/svnroot/msp430fet/trunk msp430fet