Control I SPY TANK via computer
I got such a toy in my hands
Having played them a little from the phone, I decided to make control from the computer.
Armed with a laptop with WiFi, connected with it to the tank. It turned out that he had IP 10.10.1.1. First of all I decided to contact him via http via a browser at 10.10.1.1 : 80, but it was not there, the web-server on the tank was raised, but it was locked with a password, which upset me a little. Then I connect via FTP - it is also up and running, access is open, but only in read mode. Again disappointment.
The next step was a port scan. Among the list of open ports, two of them (
Checked them in the browser. Port
Further it turned out to be more difficult - to determine the management teams.
To do this, I sketched a simple little program that listens to port
All commands consist of two bytes.
The first byte is responsible for selecting the device to which the command is addressed:
The second byte is the direction of travel:
By combining these commands, you can easily control the tank, for example, to go ahead you need to send 4 bytes
The execution of a command, if no other command is sent, automatically ends in about 1s.
')
Constantly connecting directly to the tank, I did not want to, and I decided to use TP-LINK MR3020 router that had been lying around for a long time.
Having filled the OpenWrt firmware into it, I configured it as a client to connect to the tank's router. Next, I configured port forwarding
Below is a simple C # code that controls a tank.
I hope someone will come in handy.
Having played them a little from the phone, I decided to make control from the computer.
Reengineering
Armed with a laptop with WiFi, connected with it to the tank. It turned out that he had IP 10.10.1.1. First of all I decided to contact him via http via a browser at 10.10.1.1 : 80, but it was not there, the web-server on the tank was raised, but it was locked with a password, which upset me a little. Then I connect via FTP - it is also up and running, access is open, but only in read mode. Again disappointment.
The next step was a port scan. Among the list of open ports, two of them (
8150 and 8196 ) seemed to me the most suspicious.
Checked them in the browser. Port
8150 did not answer me, but the MJPG stream was transmitted via port 8196 .
Further it turned out to be more difficult - to determine the management teams.
To do this, I sketched a simple little program that listens to port
8150 , installed the laptop's IP 10.10.1.1 and turned its WiFi into access point mode. Having connected to it from the phone, I tried to start the tank control program. As I expected, she connected to the port, which I listened to, but immediately flew out, it turned out she could not connect to the video transmission port. Having added the imitation of video transmission in my program, the program still started. After analyzing the data obtained from the management program, the management teams revealed that there were not so many.
All commands consist of two bytes.
The first byte is responsible for selecting the device to which the command is addressed:
- 49 (
0x31) - left caterpillar - 50 (
0x32) - right track - 51 (
0x33) - tower (raise / lower the camera)
The second byte is the direction of travel:
- 48 (
0x30) - stop (stop motion) - 49 (
0x31) - forward / up (for camera) - 50 (
0x32) - back / down
By combining these commands, you can easily control the tank, for example, to go ahead you need to send 4 bytes
0x31 0x31 0x32 0x31 .
The execution of a command, if no other command is sent, automatically ends in about 1s.
')
Connection
Constantly connecting directly to the tank, I did not want to, and I decided to use TP-LINK MR3020 router that had been lying around for a long time.
Having filled the OpenWrt firmware into it, I configured it as a client to connect to the tank's router. Next, I configured port forwarding
8150 and 8196 from the local interface to WiFi and connected it to the home router. Now it was possible to connect to the tank from the local network.
Control
Below is a simple C # code that controls a tank.
Socket socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); // socket.Connect(IPAddress.Parse("192.168.10.15"), 8150); // 3 / // socket.Send( new byte[] { 49, 49, 50, 49, 51, 48 }); // 1 Thread.Sleep(1000); // socket.Send( new byte[] { 49, 50, 50, 50, 51, 48 }); Thread.Sleep(1000); // socket.Send( new byte[] { 49, 50, 50, 49, 51, 48 }); Thread.Sleep(1000); // socket.Send( new byte[] { 49, 49, 50, 50, 51, 48 }); Thread.Sleep(1000); // socket.Send( new byte[] { 49, 48, 50, 48, 51, 49 }); Thread.Sleep(1000); // socket.Send( new byte[] {49, 48, 50, 48, 51, 48}); socket.Disconnect();
I hope someone will come in handy.
Source: https://habr.com/ru/post/178003/
All Articles