cybergibbons Posted November 13, 2013 Author Posted November 13, 2013 Was thinking "remote interface" but as I say I am not 100% it was a good while ago, not had any issues with them for a long while. Yeah, this sounds like it could be the case. If I leave the SIM out, I get E 13 (no SIM). On the 1.25 firmware, it was looking for an SMS to be received, so this might be the same thing but with a message being displayed. I'll get the logic analyser on it later and see if it is actually doing anything. I don't know if the kill is coming from Vodafone or Gemini, I'm not sure it's really possible to tell. But I can use the SIMs for a short period for data before they cut out. Calm down calm down. He can have webway, Redcare, Emizon, Chrion whatever he wants. I sent him DC because he ASKED for DualCom. When he ASKS for something else then i'll send it to him. #simples Wouldn't mind having my network tested by a hacking boffin. Yep - I wanted to start on DualCom. I looked at the boards and saw they were quite simple and hadn't changed physically for 10+ years. I also am very new to GSM signalling. I'm also totally in the dark with the encryption, authentication etc. - I'm hoping to find a vulnerability in the architecture or design rather than specific implementation of encryption or anything like that. Webway have given me enough confidence that the architecture and design of their system is good, so I'd be looking for a very specific issue in implementation on their system. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Joe Harris Posted November 13, 2013 Posted November 13, 2013 There are a good few PEN Testing companies Not all pen testers are 'good' though. More specifically, very few are attuned to the needs of our industry or embedded devices / GPRS / GSM comms in general.
cybergibbons Posted November 13, 2013 Author Posted November 13, 2013 Not all pen testers are 'good' though. More specifically, very few are attuned to the needs of our industry or embedded devices / GPRS / GSM comms in general. There are very few that want to do anything if it doesn't involve an Ethernet port or at least embedded Linux. TTL serial, reading EEPROM, custom debug interfaces? Nope. The Dualcom boards are a bit of a pain TBH. The processors (78K0R) are only really supported by Renesas and IAR tools which are both really quirky. The instruction set is really hard work - there are about 90 different MOV instructions - so hand reading it is just a no-go compare to AVR or even x86. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
matthew.brough Posted November 13, 2013 Posted November 13, 2013 . Quote "Webway have given me enough confidence that the architecture and design of their system is good, so I'd be looking for a very specific issue in implementation on their system." Out of interest what was Webways response when you wanted the blueprint to their stuff? www.securitywarehouse.co.uk/catalog/
datadiffusion Posted November 13, 2013 Posted November 13, 2013 The Dualcom boards are a bit of a pain TBH. The processors (78K0R) are only really supported by Renesas and IAR tools which are both really quirky. The instruction set is really hard work - there are about 90 different MOV instructions - so hand reading it is just a no-go compare to AVR or even x86. So, whats the betting the front door lock is strong but all the important documents are laid out on the kitchen table for all to see? Out of interest what was Webways response when you wanted the blueprint to their stuff? I suspect we're back to 3am Strepsils again?! So, I've decided to take my work back underground.... to stop it falling into the wrong hands
cybergibbons Posted November 13, 2013 Author Posted November 13, 2013 . Quote "Webway have given me enough confidence that the architecture and design of their system is good, so I'd be looking for a very specific issue in implementation on their system." Out of interest what was Webways response when you wanted the blueprint to their stuff? Webway invited me to their premises (as did CSL Dualcom), but also provided me with some detail of what they do and were fine answering question, and weren't aggressive or imposing when I posted an image of one of their boards annotated with some detail. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
cybergibbons Posted November 13, 2013 Author Posted November 13, 2013 So, whats the betting the front door lock is strong but all the important documents are laid out on the kitchen table for all to see? I suspect we're back to 3am Strepsils again?! Well... the socketed EEPROM which has settings generated using CS2364 "Programmer for DualCom GPRS". I can't actually program the EEPROM with this as I don't have the CSL programmer, but the .prm file it generates is easy to interpret and load using a normal EEPROM programmer. I've also read several of the EEPROMs from the board I have and they all seem to use the same password for access to the CSL Dualcom APNs. Is that a problem? Not really sure at the moment. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
matthew.brough Posted November 13, 2013 Posted November 13, 2013 Webway invited me to their premises (as did CSL Dualcom), Maybe CSL wanted you there for a different reason? www.securitywarehouse.co.uk/catalog/
james.wilson Posted November 13, 2013 Posted November 13, 2013 Id of thought the apn password must be global. securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount.
cybergibbons Posted November 13, 2013 Author Posted November 13, 2013 Not sure really... is there a reason why it should be global? I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Recommended Posts
Archived
This topic is now archived and is closed to further replies.