Re: Re: Tecan Freedom Evo -- $2000 on ebay
350 views
Skip to first unread message
Bryan Bishop
Apr 24, 2013, 3:19:28 PM4/24/13
to Benjamin Lack, Jonathan Cline, diybio, East Bay DIYbio
On Wed, Apr 24, 2013 at 2:10 PM, Benjamin Lack <ben...@gmail.com> wrote:
> It is… But it doesn't come with the dongle and you can't run the software
> that drives this without the Dongle.
Jonathan, is that true? Or have you also reversed how the dongle works
in the Perl module?
- Bryan
http://heybryan.org/
1 512 203 0507
> It is… But it doesn't come with the dongle and you can't run the software
> that drives this without the Dongle.
Jonathan, is that true? Or have you also reversed how the dongle works
in the Perl module?
- Bryan
http://heybryan.org/
1 512 203 0507
Jonathan Cline
Apr 26, 2013, 10:50:30 PM4/26/13
to diy...@googlegroups.com, Benjamin Lack, Jonathan Cline, East Bay DIYbio
Tecan's software on Windows passes an authentication key to the robot hardware in order to allow 3rd party software to send the robot commands. Otherwise, only Tecan's own software can send the robot any commands. [*But see Note below] If the Windows box does not have the authentication key, then the Tecan software doesn't allow 3rd party software any method to send commands to the robot. Tecan does this to enforce royalties or licensing or other typical biz practices. The hardware isn't really "open" unless you buy the key [*But see Note below].
Without the dongle, it was possible to run Tecan's own version of Gemini (PC software) to control the Genesis Robot. Other LIMS system software is 3rd party though, so might require the dongle. Maybe for the Freedom, Tecan tightened up the controls.
Certainly with the newer USB robots (no longer serial bus controlled), the robot makers are keeping the communications under tighter control. I approached a couple companies as a 3rd party developer and they immediately requested signing NDA before any details of their robot would be provided. Part of the NDA restricted any open source release of info, too. They're trying to protect their turf more than in the past. (Cavro became ad hoc industry standard for a while, so details were much more was open, and also the devices were simpler/dumber, so command formats were also simple.)
[*Note] - it is possible to send commands directly to some of Tecan's robots by using raw serial or CAN bus protocol. The commands are documented in my open source Bio Robotics software (free for the taking). This requires some low level computer knowledge. For example, a USB-to-serial or USB-to-CAN bus converter could drive the robot directly from any host, if the correct communications protocol is used (simple header for device address, etc, if I remember right).
[*Note 2] - it is possible to hack a bypass to the authentication key by cloning or etc. It's a simple key exchange, after all, and there are grey-market imposter keys which can mimic the real Tecan keys.
The cost of the key is something around $3000 +/- or at least that was the price when I saw a purchase order for one.
## Jonathan Cline
## jcl...@ieee.org
## Mobile: +1-805-617-0223
########################
Without the dongle, it was possible to run Tecan's own version of Gemini (PC software) to control the Genesis Robot. Other LIMS system software is 3rd party though, so might require the dongle. Maybe for the Freedom, Tecan tightened up the controls.
Certainly with the newer USB robots (no longer serial bus controlled), the robot makers are keeping the communications under tighter control. I approached a couple companies as a 3rd party developer and they immediately requested signing NDA before any details of their robot would be provided. Part of the NDA restricted any open source release of info, too. They're trying to protect their turf more than in the past. (Cavro became ad hoc industry standard for a while, so details were much more was open, and also the devices were simpler/dumber, so command formats were also simple.)
[*Note] - it is possible to send commands directly to some of Tecan's robots by using raw serial or CAN bus protocol. The commands are documented in my open source Bio Robotics software (free for the taking). This requires some low level computer knowledge. For example, a USB-to-serial or USB-to-CAN bus converter could drive the robot directly from any host, if the correct communications protocol is used (simple header for device address, etc, if I remember right).
[*Note 2] - it is possible to hack a bypass to the authentication key by cloning or etc. It's a simple key exchange, after all, and there are grey-market imposter keys which can mimic the real Tecan keys.
The cost of the key is something around $3000 +/- or at least that was the price when I saw a purchase order for one.
## Jonathan Cline
## jcl...@ieee.org
## Mobile: +1-805-617-0223
########################
Bryan Bishop
Apr 26, 2013, 10:54:52 PM4/26/13
to diy...@googlegroups.com, Bryan Bishop, Benjamin Lack, Jonathan Cline, East Bay DIYbio
On Fri, Apr 26, 2013 at 9:50 PM, Jonathan Cline wrote:
> [*Note 2] - it is possible to hack a bypass to the authentication key by
> cloning or etc. It's a simple key exchange, after all, and there are
> grey-market imposter keys which can mimic the real Tecan keys.
I don't understand what's going on here. What sort of key is this? Are
> [*Note 2] - it is possible to hack a bypass to the authentication key by
> cloning or etc. It's a simple key exchange, after all, and there are
> grey-market imposter keys which can mimic the real Tecan keys.
they just verifying that it has some format? Are they running it
against a list of known good keys? or were they serious enough to use
public/private key signing?
Also how much does this matter? When you "send commands directly",
like in ::Tecan, do you still require a key?
Nathan McCorkle
Apr 26, 2013, 11:07:13 PM4/26/13
to diybio
$3000 license, or $20 USB to FTDI cable (FTDI can do RS232, SPI, I2c,
JTAG) or this $20 board and a $20 arduino:
https://code.google.com/p/canduino/
> --
> -- You received this message because you are subscribed to the Google Groups DIYbio group. To post to this group, send email to diy...@googlegroups.com. To unsubscribe from this group, send email to diybio+un...@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/diybio?hl=en
> Learn more at www.diybio.org
> ---
> You received this message because you are subscribed to the Google Groups "DIYbio" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to diybio+un...@googlegroups.com.
> To post to this group, send email to diy...@googlegroups.com.
> Visit this group at http://groups.google.com/group/diybio?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
-Nathan
JTAG) or this $20 board and a $20 arduino:
https://code.google.com/p/canduino/
> -- You received this message because you are subscribed to the Google Groups DIYbio group. To post to this group, send email to diy...@googlegroups.com. To unsubscribe from this group, send email to diybio+un...@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/diybio?hl=en
> Learn more at www.diybio.org
> ---
> You received this message because you are subscribed to the Google Groups "DIYbio" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to diybio+un...@googlegroups.com.
> To post to this group, send email to diy...@googlegroups.com.
> Visit this group at http://groups.google.com/group/diybio?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
-Nathan
Jonathan Cline
Apr 27, 2013, 12:56:27 AM4/27/13
to diy...@googlegroups.com, Bryan Bishop, Benjamin Lack, Jonathan Cline, East Bay DIYbio
The key used with the older Tecan's are the typical old-school "parallel port
security dongle" which has a serial number or something similar, which
matches the hardware. In the simplest cases the dongle internally is just a set of jumpers which hardwires the parallel port IO's to a fixed value (tied to vcc or gnd). Or it could be an EPROM. A hacker here emailed me the dump and
instructions for the Tecan dongle a while back and reportedly got a clone working. These parallel
hardware-dongle keys used to be pretty common for different types of
server software. Nowadays companies use USB dongles for
software-license-control, these are a bit more involved crypto-wise yet
still pretty simple and I'm sure there are cloners out there. (Cloners
or crackers are not appropriate for a commercial installation though.)
The security functionality of most products is usually a last-minute engineering effort for most products, which is why it often looks too simple (borderline silly) from the outside. Like: read dongle's serial number, read robot's serial number, XOR the two, do a parity sum, result be even. No mathematically complex keys. The dongle serves a legal purpose simply by being present or not present and having a simple check for it's existence, which is enough for regulating and restricting use in a business environment. (Especially if the business is ISO-anything.)
When the dongle is installed, Tecan windows software allows 3rd party software to pass commands through a windows shared pipe (filename \\.\\pipe or similar) -- this is in my source code. If the dongle is not installed, this windows pipe doesn't exist, so the user is stuck -- unless customized (but not difficult) hardware is used to pass the serial commands directly to the hardware, without Tecan in the middle. For example, the typical Bio guy writes MS Visual Basic (yuck!) which writes commands through Tecan's command pipe, to the robot.
So, the dongle is required if using Tecan software in an out-of-the-box configuration with 3rd party software like mine, where Tecan windows software requires being the "man in the middle" for all the robot commands.
The better method is to send the commands directly to the robot with a USB-to-serial device. For my Perl Robotics::Tecan software to work with such a setup, it would be a straightforward change to write to the correct device and prepend the comm byte header. (Or similar.) This isn't implemented right now though since I always used a PC with the dongle, and most labs do too.
The security functionality of most products is usually a last-minute engineering effort for most products, which is why it often looks too simple (borderline silly) from the outside. Like: read dongle's serial number, read robot's serial number, XOR the two, do a parity sum, result be even. No mathematically complex keys. The dongle serves a legal purpose simply by being present or not present and having a simple check for it's existence, which is enough for regulating and restricting use in a business environment. (Especially if the business is ISO-anything.)
When the dongle is installed, Tecan windows software allows 3rd party software to pass commands through a windows shared pipe (filename \\.\\pipe or similar) -- this is in my source code. If the dongle is not installed, this windows pipe doesn't exist, so the user is stuck -- unless customized (but not difficult) hardware is used to pass the serial commands directly to the hardware, without Tecan in the middle. For example, the typical Bio guy writes MS Visual Basic (yuck!) which writes commands through Tecan's command pipe, to the robot.
So, the dongle is required if using Tecan software in an out-of-the-box configuration with 3rd party software like mine, where Tecan windows software requires being the "man in the middle" for all the robot commands.
The better method is to send the commands directly to the robot with a USB-to-serial device. For my Perl Robotics::Tecan software to work with such a setup, it would be a straightforward change to write to the correct device and prepend the comm byte header. (Or similar.) This isn't implemented right now though since I always used a PC with the dongle, and most labs do too.
Reply all
Reply to author
Forward
0 new messages