Reverse Engineering A Toy Robot


Tea Time



  • introduce mebo
  • reverse engineering!
  • writing a library
  • publishing solution

Meet Mebo

  • toy robot
  • controlled via an Android/iOS app
  • looks kind of like Mars rover


  • 5-axis arm
  • joystick control
  • interactive media

Problem Definition

  • I want to play with this thing!
  • I want my son to think I'm cool
  • I want to do nerdy things with my son
  • I want to use my computer and (probably) Python

I'll use whatever's on PyPI!


No Python Library


Sweet, I'll Write It!


Undocumented API


Can I Figure it Out?


Reverse Engineering

Step 1: What do I know?

  • The app talks to the robot via the LAN
  • It is possible to spy on traffic in a network
  • There are a limited number of functions
  • It works on iOS & Android client devices

Step 2: Gathering Data

  • Problem 1: I don't know the IP address of the robot


Discovering the Correct IP

  1. Ping the IP for hostnames I don't recognize
  2. Turn off Mebo
  3. Does it still ping?
  • Problem 2: I don't know how to snoop traffic from iPad -> Mebo

LMGTFY lmgtfy

Snooping Traffic

  1. Plug in iPhone to Mac
  2. Get the UDID (unique ID for device)
  3. Add a virtual interface on Mac using the UDID1
  4. tcpdump from virtual interface
  5. Wireshark

(side note: go watch Christine Spang on WebSockets from the Wire Up

  • Problem 3: I don't know what I'm looking for



  1. lots of experimentation
  2. look for familiar things
  3. use filters


Mebo is controlled via normal HTTP GET requests. Query parameters change the type of function and add additional optional parameters (speed, duration, etc.)

Writing the Library

  • flexible design for rapid prototyping while I'm still discovering functions
  • minimal 3rd party dependencies (requests)
  • easy to build, test, deploy, publish

Publishing to PyPI

  • my first PyPI package
  • lots of wrangling
  • python sdist bdist_wheel
  • twine upload

Next Steps

  1. Refine the API and clean up
  2. Write some real tests
  3. Media streaming (RTSP + RTP).