Go Down

Topic: Incubator RS232 reverse engineering and logging (Read 1 time) previous topic - next topic


Dec 27, 2009, 12:17 pm Last Edit: Dec 27, 2009, 12:22 pm by zenbomb Reason: 1

I work in a biology lab where we have a lot of incubators. The purpose of an incubator is to keep cells at a temperature of in most cases 37 °C and 5% CO2. It is important to know of a drop in temperature and CO2 concentration to get good experimental results. All of our incubators have a standard RS232 connector for data logging. The logging solutions offered by the manufacturer are not flexible enough for my purposes. I would like to connect an Arduino to the RS232 port, read the status and write it into a database using an Ethernet Shield.

Problem: The RS232 commands of the incubator are most likely proprietary, meaning that there is no documentation about the commands whatsoever.

My question: How do I reverse engineer the commands and how good are my chances to succeed? What is the general approach to read out and interpret raw RS232 data for the purpose of reverse engineering?

Thank you very much!



Dec 27, 2009, 12:35 pm Last Edit: Dec 27, 2009, 02:07 pm by Mario_H Reason: 1
Edit: Removed link to sniffer program since my virus scanner came up with an alert

What I did was:
- Connect the main PC to the device.
- Take a 2nd PC and connect the RX of this PC's com to the TX of the main PC (don't forget ground) to receive the commands sent by the main PC.
- Setup a list of actions to perform with the vendor supplied software
- Start a terminal program on the 2nd pc and log all commands being sent form the main PC

- Connect the RX of the 2nd pc to the RX of the main PC.
- again send exactly the same commands form the main PC as before
- With the terminal program again log all data.

- Now you have to analyse all data and hope you can crack the code.

I did a similar thing years ago and had the luck that all data exchanged was plain ascii.
I addition I investigated a firmware upgrade disk that came with the device with a hex viewer and was able to extract even more usable commands.

If you google for "rs232 sniffer" you will find some pages with diagrams that can be used to connect the 2nd pc and possible reduce the risk of damage to one of the com ports. My attempt was in the "pre-internet" era so I just took the risk and connected the 2nd PC directly.

Ran Talbott

Problem: The RS232 commands of the incubator are most likely proprietary, meaning that there is no documentation about the commands whatsoever.

Why assume that?  Since we're talking about lab equipment that often needs to be integrated into setups the manufacturer hasn't anticipated,  there's actually a decent chance that the interfaces are published so people can write their own apps using systems like Labview.  Have you done google searches on the make and model,  or checked the manufacturers' websites?

If you do need to reverse-engineer the protocol,  I recommend you grab an old unused PC with 2 serial ports,  put Linux on it,  and use scope to monitor the traffic.  It's free,   easy to set up,  and makes it simple to capture the traffic to a text file so you can pore over it at your leisure.


Go Up