[ILUG] Reverse engineering serial protocol

[Christian van den Bosch]

Dale Dunlea wrote:

> I need to puzzle out an RS232 serial protocol.

> The first thing I need to do is verify the baud rate. I suspect that it
> is 9600 8N1, but have no way of being sure. Does anyone know of a way to
> verify the baud-rate/data/parity/stop-bits for an RS232 interface that
> doesn't require an oscilloscope?

Without a scope, there's not much you can do to detect baud rate other
than "suck it and see". However, if your rx baud rate is too low, you'll
just see gibberish; if it's too high, you'll see bits repeated in what
you receive (for example, you'll never get a byte that reads 01010101 in
binary, but you could well get one that reads 0011001 or 00001111).

> I've tried listening with minicom, and wrote a program to read bytes
> from /dev/ttyS0 and print them to the screen in the hope of something
> readily apparent, but no joy so far. My next step is to connect an RS232
> cable from my linux box to my windows laptop that has the drivers
> installed, sned it some characters, and see what the mouse pointer does.

To reverse engineer a protocol, you're _much_ better off eavesdropping
on a functional dialogue than talking gibberish, particularly where you
have some idea of or control over what's happening at application level
(in this case, poke the screen in different places!). Talking gibberish
to an unknown piece of driver software could well crash it, which would
be unhelpful.

The optimal way to do this is to make up an eavesdropping cable which
has two extra connectors - each of these has one of the data lines in
question wired to its rx pin. Plug these two eavesdropping connectors
into two ports on your box, and the normal two as usual, and watch the
two serial ports and write a program to poll both ports and output what
comes in on them - either to separate files with (accurate) timestamps,
or to stdout in a format that makes it clear whence each byte came.

Christian / cjb

http://www.cjb.ie/