Jump to content
Security Installer Community

Security Of Anti-Codes


Recommended Posts

Another question about impressions of security.

 

I'm looking at anti-codes at the moment, which seem common on monitored systems.

 

Typically this takes a 5 digit quote code along with a secret seed, and generates a 5 digit reset code (along these lines, anyway).

It turns out for the few decoders I have now looked at, the secret seed can be determined from a one or two pairs of quote/reset codes. If this seed was constant across an entire installer or manufacturer, this could present a risk.

 

What are your thoughts on this?

 

 

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

This depends a lot on the manufacturer.

Technistore and Aritech for example use seed codes so you would need to know what seed a particular arc uses which in fairness wouldn't be so hard to find out but then any reset would be possible if you had the software.

Certain decoders don't even have a seed so one you get the software, you can anticode reset any panel using it.

What worried me most was if the algorithm was worked out, what would stop someone putting it on a website for the end users to reset their own alarms with the arcs seeds being made public knowledge. Seems from your investigations, not a lot.

www.securitywarehouse.co.uk/catalog/

Link to comment
Share on other sites

This is the thing - it is virtually impossible to secure an executable such that you can't get the algorithm out. The security has to be in the key (the secret). If the key is only 8 bits, then guessing it isn't going to be hard.

 

Have their been many changes in anti-codes recently? Do new panels have new decoders? 

 

Which standard or body is it that dictates how anti-codes are used?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

Generically the ones in use have been around for years.

Technistore is a popular one as this is in galaxy and a few other popular panels but prior to that the did a stand alone unit that you could connect to panels that didn't have remote reset. How it worked was you wired a 24 hour circuit through the unit which opened when a reset was required so you couldn't set the alarm. I don't ok now exactly when that came out but it was a long long time ago.

I don't think there are any standards around anti code reset, it was introduced due to police policy requiring that the users couldn't reset the alarms themselves so the engineer had to go out and do it all the time. Anti code reset was introduced so that the arc could issue a reset code if the cause of the alarm was obvious and didn't need an engineer such as user error door left insecure.

Again one of those things we have never questioned, until now.

www.securitywarehouse.co.uk/catalog/

Link to comment
Share on other sites

That's interesting. With no seed, the only protection is keeping the executable secret.

 

Technistore allow you to download it from their site, oddly.

But you have to call them activate it? We did with ours.

www.securitywarehouse.co.uk/catalog/

Link to comment
Share on other sites

It is potentially an issue but bear in mind this is used just to reset the system. No menu access can be gained with it so its not a security risk Imo.

Just a loose urn risk if mr end user can gain access to reset the alarm.

www.securitywarehouse.co.uk/catalog/

Link to comment
Share on other sites

It's a hard one to make better though. If you are limited to 0-9 on 5 digits, it can only be so secure, but a seed at least as long as the reset code would make it better.

I'm surprised the old Redcare remote reset idea where the arc sends a reset command wasn't more popular.

www.securitywarehouse.co.uk/catalog/

Link to comment
Share on other sites

That's interesting. With no seed, the only protection is keeping the executable secret.

worse still they give away UDL software to every man & this dog which contains the anticode software too!

Mr? Veritas God

Link to comment
Share on other sites

worse still they give away UDL software to every man & this dog which contains the anticode software too!

That does annoy me a little. Although it seemed a bit heavy handed, technistores more restrictive nature was a preferred option to including the reset tool with UDL software as why does the alarm co really need it? If they are udling to the panel the engineer code will reset anyway so don't see why they need it.

www.securitywarehouse.co.uk/catalog/

Link to comment
Share on other sites

Show some enthusiasm h. All this high tech cyber stuff not press your buttons?

I like the old days of coloured wires, give it another 25yrs & I'll be spamming every topic with bell bottom trousers or some other tripe ?

Mr? Veritas God

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.