[Security Of Anti-Codes]

How can you disarm a system with a reset code?

 

Changed to reset, sorry.

[Security Of Anti-Codes]

I've just updated the blog with my findings from the reverse engineering of Technistore, if anyone is interested.

[Security Of Anti-Codes]

Really? I would have thought you'd need a lot more data than that.

 

I suppose if you don't like your panel manufacturers anti-code you can disable it and use the RR input method.

 

The key would need to be longer than the pin for it to be difficult. With it being so short, it's really not hard.

[Security Of Anti-Codes]

CG, I'm cringing each time you start a new topic...

 

Thanks, I guess?

[Security Of Anti-Codes]

So I guess I need to start ripping UDL software apart now?

[Security Of Anti-Codes]

Out of interested which ones have you looked at ?

 

Technistore and one other. Not wanting to name as I can't openly source it.

[Security Of Anti-Codes]

It's a hard one to make better though. If you are limited to 0-9 on 5 digits, it can only be so secure, but a seed at least as long as the reset code would make it better.

[Security Of Anti-Codes]

But you have to call them activate it? We did with ours.

 

It's easy to bypass that check with a debugger, and then it just seems to be a 0-255 code.

[Security Of Anti-Codes]

That's interesting. With no seed, the only protection is keeping the executable secret.

 

Technistore allow you to download it from their site, oddly. 

[Security Of Anti-Codes]

This is the thing - it is virtually impossible to secure an executable such that you can't get the algorithm out. The security has to be in the key (the secret). If the key is only 8 bits, then guessing it isn't going to be hard.

 

Have their been many changes in anti-codes recently? Do new panels have new decoders? 

 

Which standard or body is it that dictates how anti-codes are used?

[Security Of Anti-Codes]

Another question about impressions of security.

 

I'm looking at anti-codes at the moment, which seem common on monitored systems.

 

Typically this takes a 5 digit quote code along with a secret seed, and generates a 5 digit reset code (along these lines, anyway).

It turns out for the few decoders I have now looked at, the secret seed can be determined from a one or two pairs of quote/reset codes. If this seed was constant across an entire installer or manufacturer, this could present a risk.

 

What are your thoughts on this?

 

 

[Ifsec Moves To London]

It doesn't take me much longer to get from West London to the NEC than getting to Excel, such is the public transport.