21.2 Analyze serial protocols

Since radare 1.0 it ships a serial:// IO plugin to connect to a serial port device and work with it like if it was a socket:// one.

Both plugins (socket and serial) are quite similar and based on the concept of an always-growing virtual file containing the received bytes. The plugin sets flags for each read operation from the device.

Let's see an example of how to use it to analyze the protocol of the Symbian's TRK debugger.

1) Install TRK symbian agent into your phone:


2) Prepare your laptop

 $ rfcomm listen hci0 1

3) Make your phone connect via bluetooth

 f.ex: Options -> Connect -> BlueZ(0)

4) Attach radare to the newly rfcomm created

 $ sudo radare serial:///dev/rfcomm0:9600

Once here we can start writing raw commands which are headed and footed by '7E'

> wx 7E 00 00 FF 7E
> wx 7E 01 01 FD 7E
> wx 7E 05 02 F8 7E

> x
   offset   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF01234567
0x00000000, 7eff 0007 f97e 7220 5379 6d62 6961 6e20 ~....~r Symbian OS start
0x00000018, 6564 c7bf 0463 c24a ffff ffff ffff ffff ed...c.J................