Whole-known-network
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> *giggle*</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@f4grx" class="u-url mention">@<span>f4grx</span></a></span> Welcome to the harsh reality.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://ioc.exchange/@azonenberg" class="u-url mention">@<span>azonenberg</span></a></span> The Wayne Gretzkys of baud rate.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@crzwdjk" class="u-url mention">@<span>crzwdjk</span></a></span> this one is a decoy, it's guaranteed to crash-land unless shot down</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> the RE countermeasures are external to the firmware (they figure the device will destroy itself anyway)</p>
<p>i think this has a buffer overflow</p>
<p>i've reverse-engineered the entire state machine in the firmware. it only parses three messages! these are:</p><p>UBX-NAV-PVT<br />UBX-NAV-SOL<br />UBX-NAV-SAT</p><p>once again, the firmware is... simple. every part i can understand does exactly one thing, in the most uncomplicated way possible</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://ioc.exchange/@azonenberg" class="u-url mention">@<span>azonenberg</span></a></span> yep u-blox receivers can do this, there’s a command sequence from the host to the receiver that does it. </p><p>And in the intended application, it makes sense to do so because I’ll bet one of the next commands is to increase the frequency of navigation messages up from the default of 1Hz</p>
<p>adding proper autobaud is fairly tricky for the analyzer, but i did at least add per-channel baud (i.e. you can have different baud rates for RX and TX)</p><p>an online ublox protocol decoder (implemented e.g. as a script) could promptly switch baud rates when it observes a command to do so</p>