d2jsp
Log InRegister
d2jsp Forums > Off-Topic > General Chat > Science, Technology & Nature > Proprietary Wifi Frequency > Wireless Headphones Connectivity
Add Reply New Topic New Poll
Views: 8154Replies: 5Track Topic
Member
Posts: 25,098
Joined: Jun 9 2009
Gold: 657.64
#1
Jun 14 2014 04:44am
So I recently got my set of gaming cans back and I saw that the receiver emits a frequency that registers on anything that has wifi.
They are the Turtle beach X42s, which are wireless surround sound headphones for Xbox, Playstation and PC.

The wifi connection is named "TB proprietary" which most likely means that some hash or keyword is needed for it to accept a connection. (the key is probably embedded in the hardware of the cans)

I was wondering if anyone has cracked this headset or anything like it.
it probably scans a range of frequencies until it hits the one that is sending out the right number.

I think if this can be reverse engineered, and since it uses the frequencies in a range that most wifi enabled devices pick up, that it would be useable via smartphones and maybe PCs (without the use of the receiver).



LMK if I made sense... or not... :wacko:

it's something I've been wondering for a while and I haven't found anything on google.


:D
Member
Posts: 62,215
Joined: Jun 3 2007
Gold: 9,039.20
#2
Jun 14 2014 07:42am
The most you could probably do is intercept the wireless packets, actually reverse engineering would be too difficult and beyond your skill-set.

I have a Logitech G930 and it uses a 5.8GHz connection and probably lacks basic security but any unprotected wireless traffic is fair game. Luckily for you you the Turtle Beach X42's do use Wi-Fi at 2.4/5 GHz (2.404-2.476 GHz / 5.160-5.340 GHz) which gives you a better chance at understanding it, you still need to find out more information about what the connection uses. What channel(s) it operates on, the authentication and encryption methods are used, and even the bits that make it proprietary. Maybe look for a manual on it: http://support.turtlebeach.com/entry/830516913/?View=entry&EntryID=830516913&Msg= or user guide: http://cdn-assets.turtlebeach.com/products/59/x42_user_guide_091813.pdf

The manual seems to suggest some type of pairing is used, this could be similar to WPS. Actually breaking the device down and figuring out how it works is not easy and may be required to figure this out. I cannot find anything specifically on these but if garage doors, Bluetooth, and other forms of wireless can be broken and intercepted then it doesn't exclude Turtle beach X42s either.
Member
Posts: 25,098
Joined: Jun 9 2009
Gold: 657.64
#3
Jun 14 2014 08:09am
Quote (killg0re @ Jun 14 2014 06:42am)
The most you could probably do is intercept the wireless packets, actually reverse engineering would be too difficult and beyond your skill-set.

I have a Logitech G930 and it uses a 5.8GHz connection and probably lacks basic security but any unprotected wireless traffic is fair game. Luckily for you you the Turtle Beach X42's do use Wi-Fi at 2.4/5 GHz (2.404-2.476 GHz / 5.160-5.340 GHz) which gives you a better chance at understanding it, you still need to find out more information about what the connection uses. What channel(s) it operates on, the authentication and encryption methods are used, and even the bits that make it proprietary. Maybe look for a manual on it: http://support.turtlebeach.com/entry/830516913/?View=entry&EntryID=830516913&Msg= or user guide: http://cdn-assets.turtlebeach.com/products/59/x42_user_guide_091813.pdf

The manual seems to suggest some type of pairing is used, this could be similar to WPS. Actually breaking the device down and figuring out how it works is not easy and may be required to figure this out. I cannot find anything specifically on these but if garage doors, Bluetooth, and other forms of wireless can be broken and intercepted then it doesn't exclude Turtle beach X42s either.


Thanks for the response.
I'm not looking to get into the receiver. (which throws up the proprietary channel and performs most of the actions.)

For lack of a better description I'll say that I want to copy it's functionality.
if one could do this then the receiver wouldn't be needed.

it would also allow me to have fun while connecting it to certain things.

This post was edited by TJI_KS on Jun 14 2014 08:11am
Member
Posts: 15,960
Joined: Nov 29 2008
Gold: 40.64
#4
Jun 14 2014 08:28am
To make it work you're going to need a mobile app programmed to work for that specific proprietary protocol. I dont think there is any easy answer to reverse engineering proprietary firmware without having substantial information about the device and its programming. I think what you're suggesting is possible on paper but I doubt the practical application of it will be worth the time and effort unless you're into that type of thing


This post was edited by NatureNames on Jun 14 2014 08:33am
Member
Posts: 62,215
Joined: Jun 3 2007
Gold: 9,039.20
#5
Jun 15 2014 12:58am
Quote (AbDuCt @ Jun 15 2014 01:59am)
I could likely do this if given a set of headsets that use this technology. I would personally take them apart and look for some sort of I/O such as jtag or serial. If you can get access to that reversing the software would be a bit easier, if not you would likely have to dump the micro controller and reverse the assembler which may or may not be possible depending on their steps to prevent this (oh the joys of epoxy over all the pins). Also depending on the wireless encryption setup it may be possible to MITM the device or obtain packet dumps which could be decrypted if you managed to find the pass phrase to the headset. I used a similar method to MITM wireless IP cameras to create a script to control the PTZ and obtain audio and video from the camera.

But at last I have never heard of a headset that does this seeing how it is far easier and a bit more secured to use a paired transceiver set such as the nrf24l01 or similar which can be locked to one device by using a unique master slave address.This would most likely be easier to program for as well seeing how you wouldn't need to add the overhead of an actual 802.11 protocol... but heh its turtle beach... I wouldn't put their wireless knowledge past the quality of their products.


:drool:
Member
Posts: 25,098
Joined: Jun 9 2009
Gold: 657.64
#6
Jun 16 2014 01:24am
Thanks a ton for the responses.
I don't have the equipment for the dump.

As for the mitm method I guess I have to ask and look around to see if anyone knows the phrase.

Go Back To Science, Technology & Nature Topic List
Add Reply New Topic New Poll

© 2003-2026 d2jsp  Contact