Jump to content
Security Installer Community

What Does "ri" Mean On A Csl Dualcom Gprs?

cybergibbons

By cybergibbons
in Members Lounge (Public)

Recommended Posts

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

Was thinking "remote interface" but as I say I am not 100% it was a good while ago, not had any issues with them for a long while.

 

Yeah, this sounds like it could be the case. If I leave the SIM out, I get E 13 (no SIM). On the 1.25 firmware, it was looking for an SMS to be received, so this might be the same thing but with a message being displayed. I'll get the logic analyser on it later and see if it is actually doing anything.

I don't know if the kill is coming from Vodafone or Gemini, I'm not sure it's really possible to tell. But I can use the SIMs for a short period for data before they cut out.

Calm down calm down. He can have webway, Redcare, Emizon, Chrion whatever he wants. I sent him DC because he ASKED for DualCom. When he ASKS for something else then i'll send it to him.

 

#simples

Wouldn't mind having my network tested by a hacking boffin.

 

Yep - I wanted to start on DualCom. I looked at the boards and saw they were quite simple and hadn't changed physically for 10+ years. I also am very new to GSM signalling. I'm also totally in the dark with the encryption, authentication etc. - I'm hoping to find a vulnerability in the architecture or design rather than specific implementation of encryption or anything like that.

Webway have given me enough confidence that the architecture and design of their system is good, so I'd be looking for a very specific issue in implementation on their system.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites
cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

Not all pen testers are 'good' though.

 

More specifically, very few are attuned to the needs of our industry or embedded devices / GPRS / GSM comms in general.

 

There are very few that want to do anything if it doesn't involve an Ethernet port or at least embedded Linux. TTL serial, reading EEPROM, custom debug interfaces? Nope.

 

The Dualcom boards are a bit of a pain TBH. The processors (78K0R) are only really supported by Renesas and IAR tools which are both really quirky. The instruction set is really hard work - there are about 90 different MOV instructions - so hand reading it is just a no-go compare to AVR or even x86.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites
matthew.brough Newbie

matthew.brough

Posted
Posted

 

.

Quote "Webway have given me enough confidence that the architecture and design of their system is good, so I'd be looking for a very specific issue in implementation on their system."

 

 

Out of interest what was Webways response when you wanted the blueprint to their stuff?

www.securitywarehouse.co.uk/catalog/

Link to comment
Share on other sites
datadiffusion Newbie

datadiffusion

Posted
Posted

The Dualcom boards are a bit of a pain TBH. The processors (78K0R) are only really supported by Renesas and IAR tools which are both really quirky. The instruction set is really hard work - there are about 90 different MOV instructions - so hand reading it is just a no-go compare to AVR or even x86.

 

So, whats the betting the front door lock is strong but all the important documents are laid out on the kitchen table for all to see?

Out of interest what was Webways response when you wanted the blueprint to their stuff?

 

I suspect we're back to 3am Strepsils again?!

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

Link to comment
Share on other sites
cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

 

 

.

Quote "Webway have given me enough confidence that the architecture and design of their system is good, so I'd be looking for a very specific issue in implementation on their system."

 

 

Out of interest what was Webways response when you wanted the blueprint to their stuff?

 

 

Webway invited me to their premises (as did CSL Dualcom), but also provided me with some detail of what they do and were fine answering question, and weren't aggressive or imposing when I posted an image of one of their boards annotated with some detail. 

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites
cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

So, whats the betting the front door lock is strong but all the important documents are laid out on the kitchen table for all to see?

 

I suspect we're back to 3am Strepsils again?!

 

Well... the socketed EEPROM which has settings generated using CS2364 "Programmer for DualCom GPRS". I can't actually program the EEPROM with this as I don't have the CSL programmer, but the .prm file it generates is easy to interpret and load using a normal EEPROM programmer. I've also read several of the EEPROMs from the board I have and they all seem to use the same password for access to the CSL Dualcom APNs.

 

Is that a problem? Not really sure at the moment. 

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept