Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Reverse engineering biomedical
equipment for fun and open science
Charles Fracchia & Joel Dapello
BioBright
DEFCON BioHack...
What to expect from this talk
1. What is a biolab & its equipment
2. How we reverse engineered two pieces of equipment
3. ...
The Bio Lab
The Bio Lab
“This is my [pipette]. There are many like it, but this one is mine.”
- Rifleman’s Creed, adapted by Prof. John Castorino
What should have happened
≠
What actually happened
But Wait!
Reverse engineering a pipette
What is a pipette?
The equivalent of the computer
mouse for biological research
Single-channel Multi-channel
How does a pipette work?
Electronic pipettes
Toys
Logic analyzerOscilloscope
Step 1: choose target carefully
Criteria:
● Easy to obtain
● Made by a leading brand (aka trusted)
● Elegant hack:
○ One t...
Step 1: choose target carefully
Mettler Toledo / Rainin EDP3 Plus
✔ Purchasable on eBay
● around $50
? Remote control
● me...
Step 2: hunt for more documentation
Step 2: hunt for more documentation
Step 2: REMOTE CONTROL !!!
But... Heu, can I
haz remote
control
softwarez
plz?
No.
Discontinued
product...
Heu, can I
haz remote
control
softwarez
plz?
“I think I
have one in
a secret
stash in the
factory”
Step 3: find an engineer
Step 4: find remote control port
Oh hi there :)
Step 4: figure out pinout
Step 4: figure out pinout
Try pressing a button while sniffing
but nothing...
Step 4: figure out pinout
How about using the software?
Success! Here’s the FW version: 1.5
Step 4: figure out pinout
We have a pinout
Step 5: make it easy for others to use
This hack enables actual remote control
Use the simple board to relay messages via ...
Step 6: document the comms
Other machines?
Reverse engineering a -80ºC freezer
Step 1: find documentation
Step 1: find documentation
But...
Hmm, more details please?
Step 2: collect samples from the RS-232 port
Sending random characters through the port yields interesting behavior
● “N” ...
Step 3: reverse temperature encoding
Increase the temperature by known amounts and collect the temperature bytes
Still a b...
Step 3: reverse temperature encoding
This is very likely to be linear !
Calculate the slope: m = ( 20221 - 20608 ) / ( -87...
Step 4: make it easy to use for biologists
Complete with alerts & maintenance/downtime prediction algorithms !
Transform the way biology is done
These tools are essential in curing
disease, finding new drugs, etc.
What we need help with
Create a repository of open & interoperable device “drivers”
Create a framework to teach these skil...
We need the Arduino & Redhat for
Biology
open @ biobright.org
Contact us!
Questions?
DEF CON 24: Reverse engineering biomedical equipment for fun and open science
DEF CON 24: Reverse engineering biomedical equipment for fun and open science
DEF CON 24: Reverse engineering biomedical equipment for fun and open science
DEF CON 24: Reverse engineering biomedical equipment for fun and open science
DEF CON 24: Reverse engineering biomedical equipment for fun and open science
DEF CON 24: Reverse engineering biomedical equipment for fun and open science
Upcoming SlideShare
Loading in …5
×

DEF CON 24: Reverse engineering biomedical equipment for fun and open science

343 views

Published on

Tl;DR: Device "drivers" for biology to enable permissionless Innovation innovation and the 'smart lab' of the future. Contact: open@biobright.org

Charles Fracchia, CEO, BioBright
Joel Dapello, Founding Engineering, BioBright

Published in: Devices & Hardware
  • Be the first to comment

  • Be the first to like this

DEF CON 24: Reverse engineering biomedical equipment for fun and open science

  1. 1. Reverse engineering biomedical equipment for fun and open science Charles Fracchia & Joel Dapello BioBright DEFCON BioHacking Village - Aug 6 2016
  2. 2. What to expect from this talk 1. What is a biolab & its equipment 2. How we reverse engineered two pieces of equipment 3. Call to arms: how YOU can help
  3. 3. The Bio Lab
  4. 4. The Bio Lab
  5. 5. “This is my [pipette]. There are many like it, but this one is mine.” - Rifleman’s Creed, adapted by Prof. John Castorino
  6. 6. What should have happened ≠ What actually happened
  7. 7. But Wait!
  8. 8. Reverse engineering a pipette
  9. 9. What is a pipette? The equivalent of the computer mouse for biological research Single-channel Multi-channel
  10. 10. How does a pipette work?
  11. 11. Electronic pipettes
  12. 12. Toys Logic analyzerOscilloscope
  13. 13. Step 1: choose target carefully Criteria: ● Easy to obtain ● Made by a leading brand (aka trusted) ● Elegant hack: ○ One that could be used by anyone ○ No irreversible modifications
  14. 14. Step 1: choose target carefully Mettler Toledo / Rainin EDP3 Plus ✔ Purchasable on eBay ● around $50 ? Remote control ● mentioned on product sheet, but no details
  15. 15. Step 2: hunt for more documentation
  16. 16. Step 2: hunt for more documentation
  17. 17. Step 2: REMOTE CONTROL !!!
  18. 18. But... Heu, can I haz remote control softwarez plz? No. Discontinued product...
  19. 19. Heu, can I haz remote control softwarez plz? “I think I have one in a secret stash in the factory” Step 3: find an engineer
  20. 20. Step 4: find remote control port Oh hi there :)
  21. 21. Step 4: figure out pinout
  22. 22. Step 4: figure out pinout Try pressing a button while sniffing but nothing...
  23. 23. Step 4: figure out pinout How about using the software? Success! Here’s the FW version: 1.5
  24. 24. Step 4: figure out pinout We have a pinout
  25. 25. Step 5: make it easy for others to use This hack enables actual remote control Use the simple board to relay messages via XBee You can even use encryption on the XBee link
  26. 26. Step 6: document the comms
  27. 27. Other machines?
  28. 28. Reverse engineering a -80ºC freezer
  29. 29. Step 1: find documentation
  30. 30. Step 1: find documentation
  31. 31. But... Hmm, more details please?
  32. 32. Step 2: collect samples from the RS-232 port Sending random characters through the port yields interesting behavior ● “N” → Dumps NVRAM ● “T” → Temperature packet
  33. 33. Step 3: reverse temperature encoding Increase the temperature by known amounts and collect the temperature bytes Still a bit cryptic, until...
  34. 34. Step 3: reverse temperature encoding This is very likely to be linear ! Calculate the slope: m = ( 20221 - 20608 ) / ( -87 + 84 ) = 129 Get the Y-intercept: 31444 → 243.75ºC Hmm, strange: 0 Kelvin → -243.15 not 243.75ºC Temp ºC ≈ n/129 - 243.75
  35. 35. Step 4: make it easy to use for biologists Complete with alerts & maintenance/downtime prediction algorithms !
  36. 36. Transform the way biology is done
  37. 37. These tools are essential in curing disease, finding new drugs, etc.
  38. 38. What we need help with Create a repository of open & interoperable device “drivers” Create a framework to teach these skills to biologists and doctors Recruit hackers & reverse engineers to this cause
  39. 39. We need the Arduino & Redhat for Biology
  40. 40. open @ biobright.org Contact us!
  41. 41. Questions?

×