cybergibbons Posted May 9, 2013 Posted May 9, 2013 You found something you can't break Well You can't read the code out... but you can still sniff the RF using the same chips on a cheap dev kit. The Texecom gear has the same issue (from my perspective!) - the RF SoC has integrated flash and pretty good protection of the flash if you set the lockbit. There is almost certainly a way round it, likely by power and clock glitching, but I've never had to bother before... I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Joe Harris Posted May 9, 2013 Posted May 9, 2013 Ahh come on Matt,, you know everything can be broken
matthew.brough Posted May 9, 2013 Posted May 9, 2013 Ahh come on Matt,, you know everything can be broken My engineers prove that on a weekly basis. www.securitywarehouse.co.uk/catalog/
chief Posted May 9, 2013 Author Posted May 9, 2013 Love the conversation here. Of course everything can be beaten eventually, we like to learn from people pounding our system. I promise it will be harder than spraying hairspray on a PIR. CyberGibbons - lock bit is set, packets are encrypted. I'm sure there's a way in, but it won't be easy... chief
cybergibbons Posted May 9, 2013 Posted May 9, 2013 I'd love to take a look, I just haven't got the time at the moment. I still have two alarms to finish with, then it looks like signalling devices are the next thing. You'd be surprised how many things don't have the lock bits set, or there are just gaping holes (like on the PIC18F series...) I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
matthew.brough Posted May 10, 2013 Posted May 10, 2013 I'd love to take a look, I just haven't got the time at the moment. I still have two alarms to finish with, then it looks like signalling devices are the next thing.You'd be surprised how many things don't have the lock bits set, or there are just gaping holes (like on the PIC18F series...) I look forward to signalling devices www.securitywarehouse.co.uk/catalog/
cybergibbons Posted May 10, 2013 Posted May 10, 2013 Me too! At least it's almost guaranteed that I can read the flash memory in these devices and normal network tools will work (wireless normally needs something custom). It opens up a lot of opportunities for holes. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
matthew.brough Posted May 10, 2013 Posted May 10, 2013 Me too! At least it's almost guaranteed that I can read the flash memory in these devices and normal network tools will work (wireless normally needs something custom). It opens up a lot of opportunities for holes. I'm sure certain ones will make the grade and others won't make their (self certified) grade. You need any units to test or any help, just ask. www.securitywarehouse.co.uk/catalog/
AdrianMealing Posted May 10, 2013 Posted May 10, 2013 I'm sure certain ones will make the grade and others won't make their (self certified) grade. You need any units to test or any help, just ask. Nail, head, third party cert is the only way to be amealing@texe.com Head of Industry Affairs Visit Our Website Texecom
cybergibbons Posted May 11, 2013 Posted May 11, 2013 I'm going to be a fourth party into this game I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Recommended Posts
Archived
This topic is now archived and is closed to further replies.