cybergibbons Posted May 16, 2013 Posted May 16, 2013 Another question about impressions of security. I'm looking at anti-codes at the moment, which seem common on monitored systems. Typically this takes a 5 digit quote code along with a secret seed, and generates a 5 digit reset code (along these lines, anyway). It turns out for the few decoders I have now looked at, the secret seed can be determined from a one or two pairs of quote/reset codes. If this seed was constant across an entire installer or manufacturer, this could present a risk. What are your thoughts on this? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
matthew.brough Posted May 16, 2013 Posted May 16, 2013 This depends a lot on the manufacturer. Technistore and Aritech for example use seed codes so you would need to know what seed a particular arc uses which in fairness wouldn't be so hard to find out but then any reset would be possible if you had the software. Certain decoders don't even have a seed so one you get the software, you can anticode reset any panel using it. What worried me most was if the algorithm was worked out, what would stop someone putting it on a website for the end users to reset their own alarms with the arcs seeds being made public knowledge. Seems from your investigations, not a lot. Quote www.securitywarehouse.co.uk/catalog/
cybergibbons Posted May 16, 2013 Author Posted May 16, 2013 This is the thing - it is virtually impossible to secure an executable such that you can't get the algorithm out. The security has to be in the key (the secret). If the key is only 8 bits, then guessing it isn't going to be hard. Have their been many changes in anti-codes recently? Do new panels have new decoders? Which standard or body is it that dictates how anti-codes are used? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
matthew.brough Posted May 16, 2013 Posted May 16, 2013 Generically the ones in use have been around for years. Technistore is a popular one as this is in galaxy and a few other popular panels but prior to that the did a stand alone unit that you could connect to panels that didn't have remote reset. How it worked was you wired a 24 hour circuit through the unit which opened when a reset was required so you couldn't set the alarm. I don't ok now exactly when that came out but it was a long long time ago. I don't think there are any standards around anti code reset, it was introduced due to police policy requiring that the users couldn't reset the alarms themselves so the engineer had to go out and do it all the time. Anti code reset was introduced so that the arc could issue a reset code if the cause of the alarm was obvious and didn't need an engineer such as user error door left insecure. Again one of those things we have never questioned, until now. Quote www.securitywarehouse.co.uk/catalog/
MrHappy Posted May 16, 2013 Posted May 16, 2013 What are your thoughts on this? some don't even have a seed... Quote Mr Veritas God
cybergibbons Posted May 16, 2013 Author Posted May 16, 2013 That's interesting. With no seed, the only protection is keeping the executable secret. Technistore allow you to download it from their site, oddly. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
matthew.brough Posted May 16, 2013 Posted May 16, 2013 That's interesting. With no seed, the only protection is keeping the executable secret. Technistore allow you to download it from their site, oddly. But you have to call them activate it? We did with ours. Quote www.securitywarehouse.co.uk/catalog/
cybergibbons Posted May 16, 2013 Author Posted May 16, 2013 But you have to call them activate it? We did with ours. It's easy to bypass that check with a debugger, and then it just seems to be a 0-255 code. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
matthew.brough Posted May 16, 2013 Posted May 16, 2013 It's easy to bypass that check with a debugger, and then it just seems to be a 0-255 code. Got it in one Quote www.securitywarehouse.co.uk/catalog/
james.wilson Posted May 16, 2013 Posted May 16, 2013 It is potentially an issue but bear in mind this is used just to reset the system. No menu access can be gained with it so its not a security risk Imo. Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.