Security Of Anti-Codes

**matthew.brough** · May 17, 2013

crackin work lads,hes posting on twitter how to defeat remote reset codes,oh and alarms in general....i hope your customers are reading..but were all keen to know how everythings works so its ok..

It's our duty to assist him with his work.

Adrian is a good example. From what cg says their radio kit is a 1st class job, secure and all round a great product. Compared with other kit that is the polar opposite but no one knows the difference. By cg trying to hack Adrian's product and not being able to is a huge selling point for Texecom. If I were texecom, I'd point people towards the blog.

I can't wait until signalling products are done as finally he will reveal to the world, with evidence that all is not the same. If all the kit the industry used was as good as the alarm companies tell the end user it is, cgs work wouldn't worry anyone. The only reason people are nervous is he is starting to expose the truth about some of the sub standard kit in use. I am sat with every confidence that the equipment we use will stand up 100% to any test and I'm happy to assist him with his investigations so that the faith I've placed in Aritech and webway is based on some hard facts.

**magpye** · May 17, 2013

All very interesting I'm sure, but at least one (or is it two?) important piece of information is missing from all this. It's not been grasped yet.

**matthew.brough** · May 17, 2013

All very interesting I'm sure, but at least one (or is it two?) important piece of information is missing from all this. It's not been grasped yet.

Such as?

**Lwillis** · May 17, 2013

CG-from your web blog .

I'm not sure how you would get the seed codes. The customer doesn't know what they are. It's added to the account during commissioning. Or by the office direct to the ARC.

Not sure how many of us have had a customer watch us while we program a panel. If its via UDL I doubt the customer would see anything more than the zone lists. And I'd say even if a customer was behind me whilst I was programming a galaxy he would miss what I'm typing I'm that used to which menu options to change etc etc.

As others have said resetting the system yourself could potentially risk a URN loss.

It also effects false alarm managment, and could cause more problems than its worth. -takes 5 mins to ring the arc for a reset providing the reason is genuine. If its not customer error, they have an issue with the system and need an engineer visit to assure the integrity of their security system.

I tout technistore was a pay for product so posting a code generator would be against copyright?? Not sure if the actual algorithm is protected by that or not.

Would make sence otherwise every one would have a copy of the generator??

**matthew.brough** · May 17, 2013

The seed codes are reasonably common knowledge. I think most engineers know a few just by where they have worked and engineers they know in other companies. If cg had bad intentions, he could simply write a list of them and generate a little web page for customers to reset their own alarms and the fact he can is the frightening bit, exposing a system that isn't very secure which I believe was the whole point of his blog in the first place. We have all seen websites appear to assist the consumer getting around things such as sayno20870 etc, why should we be immune from customers trying to save a few quid and reset their own alarms and avoid the engineer call out fee? We should have a better system that stops them being able to.

**MrHappy** · May 17, 2013

The only reason people are nervous is he is starting to expose the truth about some of the sub standard kit in use.

IMHO the equipment is fit for purpose, due to checks & balances in put in place. (Every day there's activation reports received which are checked against our records so we should be able to find system reset w/o aid of ARC / installer)

Anti-code reset is a cheap & cheerful way of providing a simple means to manage the resetting of signalling alarms, high levels of cryptography ain't a big issues for me. Don't forget where still in as world where lots of systems are still on redcares & digi as mobile & internet ain't everywhere.

**matthew.brough** · May 17, 2013

IMHO the equipment is fit for purpose, due to checks & balances in put in place. (Every day there's activation reports received which are checked against our records so we should be able to find system reset w/o aid of ARC / installer)Anti-code reset is a cheap & cheerful way of providing a simple means to manage the resetting of signalling alarms, high levels of cryptography ain't a big issues for me. Don't forget where still in as world where lots of systems are still on redcares & digi as mobile & internet ain't everywhere.

I've no doubt you check your activation reports, I'm sure 90% of the industry doesn't bother. The worry for me is the fact you could reset a tamper with remote reset so someone could have a tinker with the system (as you say a lot on Redcare still and other pin driven signalling) so you could tamper the panel, mess around with a few wires and system not talking. Fail to operate. That's my concern more with customers having access to rr.

**Cubit** · May 17, 2013

The seed codes are reasonably common knowledge. I think most engineers know a few just by where they have worked and engineers they know in other companies. If cg had bad intentions, he could simply write a list of them and generate a little web page for customers to reset their own alarms and the fact he can is the frightening bit, exposing a system that isn't very secure which I believe was the whole point of his blog in the first place. We have all seen websites appear to assist the consumer getting around things such as sayno20870 etc, why should we be immune from customers trying to save a few quid and reset their own alarms and avoid the engineer call out fee? We should have a better system that stops them being able to.

One of the problems with what he's doing is it doesn't give a true reflection of products in general.

Mentioning one brand/product specifically as secure whilst suggesting others that remained unnamed gives those who don't understand a false view.

In effect, a potentially false but damaging reputation.

cybergibbons · May 17, 2013

CG-from your web blog .

I'm not sure how you would get the seed codes. The customer doesn't know what they are. It's added to the account during commissioning. Or by the office direct to the ARC.

For Technistore, on average you need just one quote/reset code pair to derive the seed code. About 0.25% of code pairs lead to two valid seeds, and less than 0.01% generate more than that. So after a single reset, you have the seed for your panel, and it seems quite likely the seed for all alarms on the same ARC (correct me if wrong, there are quite a lot of references to the seed not varying on a per-customer basis).

Not sure how many of us have had a customer watch us while we program a panel. If its via UDL I doubt the customer would see anything more than the zone lists. And I'd say even if a customer was behind me whilst I was programming a galaxy he would miss what I'm typing I'm that used to which menu options to change etc etc.

Like I say, the key length is so short that you can normally recover it with a single quote/reset code pair. No need to spy on the installer.

As others have said resetting the system yourself could potentially risk a URN loss.

It also effects false alarm managment, and could cause more problems than its worth. -takes 5 mins to ring the arc for a reset providing the reason is genuine. If its not customer error, they have an issue with the system and need an engineer visit to assure the integrity of their security system.

So what if it isn't genuine? The point is that this mechanism is touted as secure ("a military strength data encryption algorithm") and it isn't. There isn't a need for it to be insecure, this is just bad code.

I tout technistore was a pay for product so posting a code generator would be against copyright?? Not sure if the actual algorithm is protected by that or not.

Would make sence otherwise every one would have a copy of the generator??

Reverse engineering for the purposes of writing your own code for interoperability is specifically protected in law in the EU.

**matthew.brough** · May 17, 2013

You make a good point, technistore brag on their website of military grade encryption. If the technistore decoder is military grade and it took you 5 mins to work it out, doesn't say much for military grade!

One of the problems with what he's doing is it doesn't give a true reflection of products in general.

Mentioning one brand/product specifically as secure whilst suggesting others that remained unnamed gives those who don't understand a false view.

In effect, a potentially false but damaging reputation.

I can see that. Hopefully cg will have the time to take a look at all the common gear we use. Especially signalling devices. (Not sure if I mentioned before I'm looking forward to that?)

Edited May 17, 2013 by matthew.brough

Sign In

Security Of Anti-Codes

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members

Important Information