Quantcast
Channel: Alarms – Cybergibbons
Browsing all 20 articles
Browse latest View live

It swings both ways, especially for RF comms

In a few of the previous posts, I’ve discussed some principles used in the radio communications in alarms. I’ve mentioned that some features are harder to implement well using one-way radios. What is...

View Article



Why am I hacking your alarm?

Since I’ve started posting about alarm systems, a number of people have questioned by motives. I can understand why – these are security products and I can see how many people would think poking around...

View Article

Image may be NSFW.
Clik here to view.

Tomographic motion detection

Typical alarms use PIR (passive infrared), microwave or ultrasound detectors for motion detection. PIR are by far the most common type of detector – they work by detecting changes in infrared emitted...

View Article

Image may be NSFW.
Clik here to view.

What’s inside a WebWayOne SPT?

I managed to find a reasonable resolution image of a WebWayOne SPT (supervised premises transceiver, the device that communicates with the ARC (alarm receiving centre)). Just some quick notes about...

View Article

Image may be NSFW.
Clik here to view.

Reversing an anti-code

A contact in the alarm industry recently asked if I could take a look at a quick reverse engineering job. I’m trying to gain some credibility with these guys, so I naturally accepted the challenge....

View Article


Image may be NSFW.
Clik here to view.

We need an antidote to the anti-code

In the last post, I briefly went over the process of reverse engineering the algorithm behind an anti-code generator for an alarm system. It turned out that the algorithm was very simple indeed. For a...

View Article

Image may be NSFW.
Clik here to view.

Programming a Texecom Premier Elite 12-W using a FTDI cable

The Texecom Premier Elite series of alarms can be programmed using Windows software called Wintex. This makes setting up these alarms far easier than using the keypad menus – they have hundreds of...

View Article

Wireless alarm recommendations

Several times I have been asked which wireless alarm system I would recommend, so I thought I would write a quick blog post. I’ll start with some simple points: Wired is always going to be more secure...

View Article


Why have I removed all the CSL Dualcom posts?

As part of my reverse engineering of the CSL Dualcom alarm signalling boards, I have uncovered some issues that I would classify as vulnerabilities. I have recently informed CSL Dualcom about one the...

View Article


Image may be NSFW.
Clik here to view.

iSmartAlarm – quick “teardown”

I noticed this post on the alarm forum at DIYnot. It mentions the iSmartAlarm – an alarm I’ve heard nothing about before. Smart tends to mean “connected to the Internet” which tends to mean “massive...

View Article

Image may be NSFW.
Clik here to view.

Reverse engineering a CSL Dualcom GPRS part 10 – analysing the logic trace 2

Last post, we looked at the comms between the board and the GPRS modem. There was a long, interesting, string send to a remote server:LjS1WQjg8FHqR1a4P4DVsjO8eUITXY6ifHPlaFhkZ2SJWhen we look out to the...

View Article

Image may be NSFW.
Clik here to view.

Reverse engineering a CSL Dualcom GPRS part 11 – disassembling firmware

I find reverse engineering is about building up a broad picture instead of working in-depth on any one aspect of the system. Dip into one bit, check what you are seeing is reliable and makes sense, dip...

View Article

Reverse engineering a CSL Dualcom GPRS part 12 – board buzz out

We’ve now got the code disassembled. The disassembler has no concept of what is connected to the microcontroller though, so we need to work out which ports/pins/peripherals are used by which parts of...

View Article


Image may be NSFW.
Clik here to view.

Reverse engineering a CSL Dualcom GPRS part 13 – checking the SIM card

The ICCID is written on the outside of the Dualcom GPRS, stored in the EEPROM, read in from the GRPS modem, and read in from EEPROM immediately before a long, random looking, string is sent to a remote...

View Article

Reverse engineering a CSL Dualcom GPRS part 14 – interpreting disassembly

A few posts ago, we managed to disassemble the firmware from the CSL Dualcom site. The entire listing is available here as a zip. There is a lot of blank space in the file which needs to be trimmed...

View Article


Image may be NSFW.
Clik here to view.

Reverse engineering a CSL Dualcom GPRS part 15 – interpreting disassembly 2

In addition to finding the most frequently called functions, we should go through the memory map and identify importants parts of it. One part of this that is very important to how the device operates...

View Article

Image may be NSFW.
Clik here to view.

Reverse engineering a CSL Dualcom GPRS part 16 – SMS remote commands

Sorry for the slow-down in posts – I stored up a load of posts, then posted them too quickly. Since the last post, I have identified a lot of functionality in the code, including: TX/RX subs for all...

View Article


Image may be NSFW.
Clik here to view.

CSL Dualcom CS2300-R signalling unit vulnerabilities

Today, CERT/CC will be disclosing a series of vulnerabilities I have discovered in one particular alarm signalling product made by CSL Dualcom – the CS2300-R. These are: CWE-287: Improper...

View Article

Questions for CSL Dualcom

When CSL made their statement last Friday, it was noticeable that they didn’t actually claim that any of my report was false. To me, that implies that the content of the report is true. CSL should be...

View Article

Multiple serious vulnerabilities in RSI Videofied’s alarm protocol

RSI Videofied are a French company that produce a series of alarm panels that are fairly unique in the market. They are designed to be battery powered and send videos from the detectors if the alarm is...

View Article
Browsing all 20 articles
Browse latest View live




Latest Images