-
Notifications
You must be signed in to change notification settings - Fork 82
Ambit protocol dissection reverse engineering
The first target of this project is to dissect the protocol used between the Ambit clocks and a PC.
To ease the parsing of the protocol a wireshark dissector is maintained. This dissector parses pcap-files made with usbpcap. The parts of the protocol that is known atm should be present in the latest dissector.
The dissector can be downloaded from the download page (just put the .so-file in your ~/.wireshark folder) or built from source.
Q: I want to help out, where should I start?
A: Start out with recording your own pcap-dump. Boot up your windows computer. Make sure your moveslink application is terminated. Download and install usbpcap. Plugin your watch. Start usbpcap, select the correct usb-device and set pcap-filename. Start moveslink and complete a full synchronisation. Exit moveslink and usbpcap, You should now have a pcap-dump ready to be dissected with wireshark
Q: I have looked at the dump in wireshark, but nothing makes sense!
A: The dissector is so far based on the data from a single Ambit 2 clock, and it might be possible that the format significantly differs between hardware and software versions. Please file a ticket and make sure to attach the pcap-dump, model info and if possible one of moveslinks logfiles (usually found in C:\Users<username>\AppData\Roaming\Suunto\Moveslink2).
Q: Ok, the wireshark dissection made sense, but I found some commands are data fields that was missing.
A: Good! We are getting closer to a complete dissection. Please file a ticket with your findings. If you are up to it, we would very much appreciate if you can file a patch for the dissector code.
Q: What is all this crap about wireshark dissectors, why don't you just write a freaking protocol specification.
A: The Wireshark dissector comes very handy while you are still trying to figure out all bits and pieces of the protocol. A spec should be written sooner or later, but right now it is more important to find out the missing pieces. Hey, if you have some time to spare, maybe you can help out?