对黑盒串行协议进行逆向工程
我目前正在为 NewTek LiveControl LC-11 编写 OS X 驱动程序,如此处所示。
newtek.com/addons/livecontrol.php
在我的逆向工程过程中,我发现它使用串行到 USB 转换器,并且当按下按钮或模拟值发生变化时,它会与十六进制输出进行通信。使用此输出,我已经能够解释每个按钮、数字旋钮和模拟滑块,但目前我只能解释两个模拟操纵杆并控制背光 LED。 这是不同位置的操纵杆输出值的表格。
(抱歉,我无法嵌入图像,但堆栈溢出不允许我嵌入图像,因为我刚刚注册。)
Left Center Right
Top ^529DC ^587FF ^5D6DA
Center ^50883 ^58181 ^5F280
Bottom ^51E2F ^57C00 ^5BC1F
或
http://i28.tinypic.com/217vbr.png
我认为“^”是某种标记(其他一些按钮的代码以“~”开头,还有一些释放事件除了之前消息中的“\r”之外,根本没有任何标记,我根本无法解释这些标记中的任何模式,但我认为这不一定重要。)并且我知道每个操纵杆都有它的。自己独特的输出值范围。如果有人能解开这个谜团,我们将不胜感激。 :D
I am currently writing an OS X driver for the NewTek LiveControl LC-11 as seen here.
newtek.com/addons/livecontrol.php
In the course of my reverse engineering I have found that it is using a serial to USB converter and that it communicates with hexadecimal output when a button is pushed or an analog value changes. Using this output I have been able to interpet every button, digital knob, and the analog slider, but am currently stuck on interpreting the two analog joysticks and controlling the backlight LEDs.
Here is a table of the joysticks output values in various positions.
(Sorry that I couldn't embed the image but stack overflow won't let me since I just registered.)
Left Center Right
Top ^529DC ^587FF ^5D6DA
Center ^50883 ^58181 ^5F280
Bottom ^51E2F ^57C00 ^5BC1F
or
http://i28.tinypic.com/217vbr.png
I think that the '^' is some kind of marker (some of the other buttons have codes that start with '~' and some of the release events have no marker at all other than a '\r' from the message before. I have been able to interpret no pattern in these markings at all but I don't think it is necessarily important.) and I know that each joystick has it's own unique range of output values. If anyone can shed some light on this mystery it would be greatly appreciated. :D
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
有趣的谜题!
第一个(十六进制)数字始终是 5。让我们忽略这个数字。 (也许这是操纵杆的标识符?)
第二个和第三个位于左列下方(29、08、1E)。它们位于中间列范围的一半(87、81、7C)。它们在右列中很大(D6、F2、BC)。所以这一定是 X 坐标。
顶行的最后两位数字较大(DC、FF、DA)。中间行的最后两个位于范围的中间(83、81、80)。底行的最后两个为低电平(2F、00、1F)。这显然是 Y 坐标。从外部两个值远离极端的方式来看,我猜测操纵杆以圆形(而不是方形)移动?
长话短说,格式似乎是:
这里,
xx是描述 X 位置的一个字节(以十六进制表示法编写),左侧为 0,中心为 80,右侧为 FF。同样,yy是 Y 位置,底部为 0,中心为 80,顶部为 FF。Interesting puzzle!
The first (hex) digit is always 5. Let's ignore that one. (Maybe it's the joystick's identifier?)
The second and third are low in the left column (29, 08, 1E). They're halfway the range in the middle column (87, 81, 7C). And they're large in the right column (D6, F2, BC). So this must be the X coordinate.
The last two digits in the top row are large (DC, FF, DA). The last two in the middle row are halfway the range (83, 81, 80). The last two in the bottom row are low (2F, 00, 1F). So that's clearly the Y coordinate. Judging from the way the outer two values are away from the extremes, I'm guessing that the joystick moves around in a circle (as opposed to a square)?
Long story short, the format seems to be:
Here,
xxis one byte (written in hex notation) describing the X position, with left being 0, centre being 80 and right being FF. Similarly,yyis the Y position, bottom being 0, centre being 80 and top being FF.看起来数据包以两个字节开头:^5,后跟代表两个字节的四个十六进制数字。像这样:
单独查看数字:
顶部和底部居中:
左侧和右侧居中:
因此,这意味着理想情况下,操纵杆的最左或最底部值应为 0,最顶部值应为 255(0xFF)或对。
当然,从物理角度来看,操纵杆看起来向右和向上偏移了一位(129 而不是 128),并且无法达到左右的最大值(8 和 242 而不是 0 和 255)。
It looks like the packet starts with two bytes: ^5 followed by four hexadecimal digits representing two bytes. Like this:
Look at the numbers in isolation:
Centered top and bottom:
Centered left and right:
So this means that ideally, the joysticks should have a value of 0 for extreme left or bottom and a value of 255(0xFF) for extreme top or right.
Of course, physically the joystick looks to be offset to the right and up by one bit (129 instead of 128) and can't reach maximum values for left and right (8 and 242 instead of 0 and 255).