cybergibbons
-
Posts
498 -
Joined
-
Last visited
-
Days Won
7
Content Type
Profiles
Forums
Events
Downloads
Gallery
Blogs
Posts posted by cybergibbons
-
-
Thanks for sharing the code, looks to me like some sort of check-sum style algorithm but without strong crypto (military grade, HA).
Adding 1 to version and -11111 to quote results in the same result from what I can see, not where the key has 0 in it though. It's week, have you found anything else?
The biggest problem by far is the small key compared to the code size, so I've kind of stopped looking into this one.
-
The same is true for encryption in some wireless systems. The receiver in the panel doesn't have the overhead to deal with a key per detector, so it just uses a single system wide key. That means all detectors, ever, use the same key...
-
Great blog btw, it's really got my attention. Correct me if I'm wrong but I'd like to run a few things by you:
a) We need access to the panel keypad in the first place, thus triggering the alarm. We need the code to unset the alarm and to be presented with an anti-code, all within a timelimit.Ah the issue of customers resetting panels without the need for an ARC. Now I see the issue.
b) Would the method of producing these products (the algrothm) be stored within the firmware of an alarm system? If not how does the alarm know that you have entered the right anti code?
Thanks.
With a) it seems that the main issue is that customers could reset the panel when the ARC doesn't want them to.
b) I suspect exactly the same algorithm is used in the panel as in the program. I think the algorithm was written for whatever 8-bit processor was used in those days.
Might as well show the algorithm used, the only bit of it that needs to be secrete is the vector at the top which I have changed. I don't know if you know any programming or python, but it's really simple.
# Taken from the data in the exe vector = [3,3,5,5,8,1,3,9,8,0,5,9,3,9,4,1,1,0,9,4,3,0,2,2,8,4,3,2,8,4,9,4,1,3,3,3,3,8,5,3,0,2,4,3,2,1,8,9,0,5,4,3,9,5,8,3,9,9,1,0,0,9,9,3,3,8,2, 1,4,9,1,4,9,2,9,0,9,5,3,9,5,3,3,5,9,1,0,2,9,3,2,1,2,9,8,0,4,9,4,2,3,9,4,0,1,8,5,3,3,9,9,1,0,5,9,3,8,9,4,8,4,2,3,1,0,3,9,4,8,2,0,4,3,3, 1,0,5,2,8,3,3,5,2,8,3,2,9,5,2,1,2,4,4,3,0,4,2,3,4,1,8,2,9,1,0,5,1,8,2,4,3,5,1,0,3,8,5,3,2,1,1,3,9,3,2,3,5,8,3,9,0,3,2,3,5,3,8,4,0,3,9, 1,9,3,0,2,9,3,8,1,4,2,8,4,0,1,9,1,0,1,2,1,3,5,3,3,9,0,2,1,4,1,2,3,4,3,4,9,5,3,5,9,3,1,3,9,4,0,3,2,3,3,4,4,2,1] def generate_reset(quote, version): i = 0 tens = 0 reset = [] while i <= 4 : j = 0 result = 0 while j <= 4: offset = (version + tens + quote[j]) % 256 result = result + vector[offset] tens = tens + 10 j = j + 1 reset.append(result%10) i = i + 1 return reset print(generate_reset(quote = [0,0,0,0,2], version=131))
Notice that there is no multiplication, division, or anything fancy. The % symbol means "modulus" which most people know as "remainder". So "% 256" means "divide by 256 and give me the remainder". You normally get this for free in a microcontroller - an 8-bit number is limited to 256 values, so it just wraps round anyway.
Panel firmware would contain it - in fact, now that I know certain panels have it, I can find the long string of characters called "vector" in some of them. The problem with panel firmware is that it is very hard for me to work out what is data and what is code. In x86 exes, there are normally a lot more hints available to me. I can also easily run an x86 exe and step through the running code to see how it works. With a microcontroller in an alarm, I can't easily do this.
-
1
-
-
I still don't see how you can get the mapping from only one complete pair.
Have you looked into any other popular ones? Tunstall or Texe for example.
Tunstall are someone who Menvier took over who Cooper took over?
If you can point me towards a program to generate them...
-
Precisely Joe. This is just an easy target to show that.
-
It's all part of learning. Nothing lost for a few hours work.
-
New rules made the requirement of the anti-code's reply the same as the codes to unset IIRC.
So a 4 digit is required for Grade 2 and a 6 digit is used for Grade 3
However 4 digit anti-codes are used long before 2004.
So I wonder what drove the standard to require that and where the 5-digit Technistore code fits in to this? There must have been some reason behind it being 5-digit - it's rarely seen as a code length.
I still don't see how you can get the mapping from only one complete pair.
It's a combination of the long code and short key.
The key allows 256 distinct mappings between the quote code and reset code. That means that 12345 quote can only map to at most 256 of the 100,000 possible output values. 999,744 of the outputs are not possible - our keyspace has been reduced hugely.
Notice I say "at most 256". It is possible for 12345 to map to 98765 using one or more keys. In fact, 12345 could map to 98765 using all 256 keys, but then we wouldn't need to find out they key at all.
So if you tell me the reset code and I know the quote code, it is highly likely that I can just guess the key. For a very limited number of quote/reset pairs, I get 2 possible keys (in fact, there are two combinations with 4). So more than 99% of the time, I just need a single quote/reset pair to work out the key.
So normally I get something like:
12345/74643 - only possible key is 123 (99.25% of the time)
Sometimes I get this:
23654/34234 - two possible keys 232 and 154 (about .75% of the time)
98747/37265 - one possible key 232 (about 99.25% of the time)
It would be really unlikely to get this:
23654/34234 - two possible keys 232 and 154 (about .75% of the time)
91737/72764 - two possible keys 078 and 154 (about .75% of the time)
(we know the key is 154 as it is the only common one)
Vanishly small chance of this happening:
23654/34234 - two possible keys 232 and 154 (about .75% of the time)
73748/38377 - two possible keys 232 and 154 (about .75% of the time)
98747/37265 - one possible key 232 (about 99.25% of the time)
I've just tested these by running every single possible combination of key and input code against the algorithm.
Have you looked into any other popular ones? Tunstall or Texe for example.
Not in any detail - have started looking at Texecom. Not aware of Tunstall.
-
1
-
-
The way I see it, there are several stages this system has gone through:
1. Customers were allowed to reset alarms themselves. ARCs didn't want them to do this - what's the reasoning here?
ARC's don't like doing anything. Most want to sit and have blank screens and no phones to answer. This then becomes a profitable business.
2. A simple 00-99 quote and reset code system was developed and used by several panels. Someone must have deemed this inadequate because a more complex system was developed. Why was this required?
If you get enough resets and write them down you would get a full house of reset codes so you wouldn't have to call the ARC again?
3. Technistore was developed which claims "military grade encryption" is used, and looks like it is licensed out to alarm manufacturers.
Today yes but in the past they sold a standalone unit that they sold to fit to panels that didn't have remote reset in those days.
So, the complexity of it has moved forwards incrementally over time. What was the reasoning for moving forwards? Were people finding that the 00-99 codes were being bypassed by customers? Or, in reality, was it just Technistore looking to make some money by artificially creating a need for security round this process?
Thanks Matt.
You've raised something interesting there.
With the 00-99 mapping system, you'd need to get all 100 pairs to be sure of the mapping.
With Technistore, you need one pair to know the mapping.
-
I think the point was if the remote reset algorithm could be figured out, there is no need to call the arc as in effect, the system would be on customer reset.
My point is that someone, for some reason, decided a simple scheme of mapping 00-99 wasn't adequate.
A much more involved scheme was developed, Technistore. This has the illusion of being more complex/secure, but once the algorithm is known, it is equivalent to a 000-255 mapping. The key is easy to derive from a single quote/reset code, and once the key is known, that's it.
It is easy to develop a 00000-99999 mapping that uses a decent key length (128 bit is ideal, even 16 bit is much better) that would get rid of these problems. It wouldn't have required any more effort. It would have looked complex/secure, but also been secure, unlike with Technistore.
Installers and ARCs don't seem to like the idea of customers resetting anti-codes themselves, so there has to be a security aspect here.
Is it really a problem how bad Technistore is? No, not really. But what does it show?
1. Things can give an impression of being better, but they aren't really.
2. End users don't really have any way of knowing if things are better or not as they don't have the tools, knowledge or skill.
3. Some people developing alarms seem happy with this being the status quo. If I can write "AES-128" on my box, that's all they care about.
-
lol!
anti-code means to me (due to make used) having triped the alarm, the user gets a code from keypad, gives that code to the ARC, they insert that into some software, produce and give this one time reset code to the user, who inserts it and resets alarm.
how knowing that reduces anyones security beats me
The way I see it, there are several stages this system has gone through:
1. Customers were allowed to reset alarms themselves. ARCs didn't want them to do this - what's the reasoning here?
2. A simple 00-99 quote and reset code system was developed and used by several panels. Someone must have deemed this inadequate because a more complex system was developed. Why was this required?
3. Technistore was developed which claims "military grade encryption" is used, and looks like it is licensed out to alarm manufacturers.
So, the complexity of it has moved forwards incrementally over time. What was the reasoning for moving forwards? Were people finding that the 00-99 codes were being bypassed by customers? Or, in reality, was it just Technistore looking to make some money by artificially creating a need for security round this process?
-
000001 - 999999
How long is the anticode though?
-
How does the UDL software authenticate with the panels?
-
It is almost always without exception a bad idea to "roll your own" encryption:
http://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own
It's also a really bad idea to keep encryption schemes secret - the security should lie in the key, not the algorithm. If you keep it secret, the most clever person to look at it is going to be you. Make it public, and there is almost always someone more clever than you to take a look.
I partly understand why Technistore is like this - it was implemented for embedded systems 25 years ago. Even with that in mind, it's got issues.
-
Your constant play on words, inferences, claims suggesting you are the 'good guy' etc etc are misleading. The easily led fall for it, not i.
I'm out!!
One of the big reasons I am here is to make sure anything I infer isn't false.
-
The problem is that, and it is entirely your call, you only release some information whilst alluding to other products (unnamed) either having problems or inferring that they do.
This is very misleading to the public in general and to those amongst us who are quick to castigate a product (or company) but then do a 360 degree turn based on something they read on the web without being able to validate the new 'facts'.
I don't recall any point where I haven't given enough evidence to back up a claim about a specific product. If I haven't named the product, it is because the manufacturer has made it clear they would be interested in legal action, so I need to be careful.
The system that I didn't name that I don't think is good, I provided a document describing a similar system, and asked you to make your own conclusions. Open up a Scantronic wireless panel, look at that document, compare the radio modules, make your own judgement.
But is it illegal? No.
Is it factually incorrect? i'd say no because no specifics mentioned.
In effect, no different to the bull put out by any other company or business.
I don't know. I'd question the use of the word "encryption" under trading standards.
If your signalling system claimed it was encrypted and it turned out to be as weak as this, would that not be of concern?
-
Hence the rhetorical question.
Technically it's not encryption either. So, on a marketing and technical level, it's pretty bad.
Where's the line? "This alarm uses rolling code" and the rolling code is 1,2,3,4. Is that dodgy?
Indeed it does. All return anticode 18003
So if I am allowed chosen plaintext (i.e. I can call up the ARC and tell them whatever quote code I chose, and get a response), then it wouldn't require many pairs to get the keys. I don't know how possible this would be, as I think they would have to see an alarm activation, which means I would need a real quote/code pair.
If it's only known plaintext (i.e. I am using valid quote codes generated by the alarm), it would be quite a lot more pairs required. Still a tiny number compared to the security a 2048-bit key affords.
All of this would have been caught by an undergraduate doing a cryptography coursework "Is this homebrewed MAC secure?".
It wouldn't have been hard to make this secure at all. Actually, I think it would be less effort just using something ready made.
-
And therein lies the problem.
Matt has formed a view that you did and duly posted.
He has form for castigating a product in preference to another even when he may not be in possession of all the facts.
Preference of one brand over another without starting why is not the same argument.
How do I change that though? I've looked at a good few systems, enough that I can form an opinion of where they lie in terms of security. I've posted information on why I think the bad products are bad, some of which has been in quite a lot of depth. I can go into more depth, but as many have said, it would be beyond them.
I can
that installers aren't in possession of all the facts - there are alarm systems that fall far short of the marketing. -
Question.
What does military grade actually mean?
Absolutely nothing, it's marketing. It suggests it would be a standard that the military could use, which suggests it might pass some standards that the military have.
If any of you have Technistore in front of you and it is a version where you can change the seed, try this:
Seed 100, code 33333
Seed 101, code 22222
Seed 102, code 11111
Notice how they all produce the same unlock code? It's leaking information - changing outputs in a predictable way like this shouldn't produce a predictable output.
I think, but I am not 100% sure, than it would only take about 50 valid reset/code pairs for me to determine the seed and the far longer initialisation vector (256 bytes). So even if the key was much longer, the algorithm sucks.
-
One of the problems with what he's doing is it doesn't give a true reflection of products in general.
Mentioning one brand/product specifically as secure whilst suggesting others that remained unnamed gives those who don't understand a false view.
In effect, a potentially false but damaging reputation.
I don't think I have said that one brand is secure really, just my impression of it is better than others. Is it any different to an installer saying they prefer Texecom over Honeywell?
-
CG-from your web blog .
I'm not sure how you would get the seed codes. The customer doesn't know what they are. It's added to the account during commissioning. Or by the office direct to the ARC.
For Technistore, on average you need just one quote/reset code pair to derive the seed code. About 0.25% of code pairs lead to two valid seeds, and less than 0.01% generate more than that. So after a single reset, you have the seed for your panel, and it seems quite likely the seed for all alarms on the same ARC (correct me if wrong, there are quite a lot of references to the seed not varying on a per-customer basis).
Not sure how many of us have had a customer watch us while we program a panel. If its via UDL I doubt the customer would see anything more than the zone lists. And I'd say even if a customer was behind me whilst I was programming a galaxy he would miss what I'm typing I'm that used to which menu options to change etc etc.
Like I say, the key length is so short that you can normally recover it with a single quote/reset code pair. No need to spy on the installer.
As others have said resetting the system yourself could potentially risk a URN loss.
It also effects false alarm managment, and could cause more problems than its worth. -takes 5 mins to ring the arc for a reset providing the reason is genuine. If its not customer error, they have an issue with the system and need an engineer visit to assure the integrity of their security system.
So what if it isn't genuine? The point is that this mechanism is touted as secure ("a military strength data encryption algorithm") and it isn't. There isn't a need for it to be insecure, this is just bad code.
I tout technistore was a pay for product so posting a code generator would be against copyright?? Not sure if the actual algorithm is protected by that or not.
Would make sence otherwise every one would have a copy of the generator??
Reverse engineering for the purposes of writing your own code for interoperability is specifically protected in law in the EU.
-
There's money in reverse engineering, trust me.
-
like i said...
Which one is it then?
-
crackin work lads,hes posting on twitter how to defeat remote reset codes,oh and alarms in general....i hope your customers are reading..but were all keen to know how everythings works so its ok..
You'd still need a lot of skill from anything I had posted to be able to defeat the anti-codes.
On one hand I am being told that these issues I'm pointing out aren't real vulnerabilities, on the other hand I'm being told that they shouldn't be published?
-
How can you disarm a system with a reset code?
Changed to reset, sorry.
that installers aren't in possession of all the facts - there are alarm systems that fall far short of the marketing.
Risco Agility 3
in Members Lounge (Public)
Posted
I'd much rather have a system where I can update the firmware than one I can't, and as part of that, the manufacturer needs to be open to dealing with reports of problems.
Online firmware updates are a bit scary. There's a lot that can go wrong, and it's a big opening for attacks.