Oh where to start! A bit of a deviation from the last post, let's explore the binary protocol the video controllers use instead of working with QSR's KDS software. Since it requires licensing it doesn't seem to be the ideal development platform.
Starting with Ida and a copy of QSR's RDSConsole and KDS software, I proceeded to look through KDS.exe. Finding out it interfaces with RDSApi.dll I proceeded from there.
Exploring and spending a lot of time renaming functions and variables, leaves us with some nice looking protocol buffers!
Going through many device functions, a proof-of-concept application was written to send text and recieve events from display controllers. The code has been published on GitHub! GitHub Repo
Wanting more technical information on the protocol? Well it's a simple UDP based protocol which as a terminal/device ID (0xff for all terminals on the network), opcode for command type, opcode for sub-command, and then the command's data. Each opcode can have different parameters and data lengths, parameters requesting a string are null terminated. There is no command end flag or byte, the system detects new commands by expected length of data or null terminator. Command can be sent which crash or corrupt the video controller's data.
Fonts are stored as the DOS F16 bitmap format, including some VGA BIOS code. I have provided a simple bitmap font editor and converter, feel free to play around with these but note that font file validation is non-existent on the older ePic devices and it is possible to corrupt device firmware.
The video controller's default video mode is DOS text mode 3, of which the color bit mask matches including the luminance and flashing bits.
Bit: 7 6 5 4 3 2 1 0
| | | | \___ ___ ___/
| | | | Foreground color (3 bits)
| | | |
| | | +------- Intensity bit (bright foreground)
| | +----------- Background color (3 bits)
| +--------------- Intensity bit (bright background) [ignored in Mode 3]
+------------------- Blink bit (1 = blink)
Now that we can send full screen data to the display controller, what to do!? I'm thinking a JIRA integrated kanban display, or what about a text mode information channel?
no comments