⛵🔌

After some digging in ghidra I narrowed down a couple of consistent functions such as the fun_CRCMessage? that appears to validate/format the message that gets sent to the device. When I saw the CONCAT14(byBrightness,0x312) I got the idea that this might be visible in the pcap and wow! There it is!

Jul 05, 2024 at 20:15 UTC

1 replies 1 reposts 0 likes

⛵🔌 @shadylink.lol
[ View ] Jul 05, 2024 at 20:17 UTC

So I spent the next hour or so digging into various functions in the DLL and notating which headers are what and ended up with some nicely commented frames in wireshark. Next step is to try and emulate some of these via python in Linux...

0 replies 1 reposts 0 likes