Smart Meter Hacking - Hardware Modifications
HTML-код
- Опубликовано: 26 мар 2021
- BECOME A PATREON!
/ recessim
Making use of a faraday cage to isolate smart meter transmissions in episode 3. Also some circuit board modifications to reduce transmit power. 
Наука
Since you have access to the CC1020, you could tap the SPI interface and grab the init sequence and slap those values info into TI's Smart RF studio and have exact RF parameters such as modulation types, bandwidth,/data-rates/channel spacings and such. And the exact channel hopping sequences could be determined from other logic dumps of an active meter..
It’s a good approach, thought about that as well to get exact parameters. It wouldn’t be from a meter on an active network though, but still useful to see what hopping pattern they run in discovery mode on the receive side.
It shows. You love what you do. Fantastic content.
Thanks!
another well made episode!
You're doing some amazing stuff! Way more than I could do!
I believe in you! Start taking things apart.
As always: awesome approach and video!
i know I'm quite randomly asking but does anybody know of a good site to stream newly released series online ?
Please don't power your test meters with line voltage if you can avoid it. I've spent some time developing manufacturing tests for smart meters. If we had to power a meter at line we ether had the super fancy test fixture that could power up any form of meter, or we would run down the to electric supply store and buy a meter enclosure and wire it up so that it would plug into the 120v or 240 volt outlet.
I'm not familiar with L&G meters but if they are anything like the ones I worked on they will have a power supply that takes the line voltage (240v AC) and converts it to 12v or 5v DC to power all the digital logic on the board. They go through a lot of engineering effort so that you can test subsystems like the radio in the factory using low voltage DC and we only powered up the meter with line voltages once it was completely assembled and we were calibrating it for measurement accuracy. If you poke around you should find a spot for a header that you can supply with DC to power up the board.
We never had to worry about powering up ISM band smart meters outside of a faraday cage. They are all FCC Part 15 complaint so shouldn't be interfering with anything else. The only concern I would have is if you have meters that came from a power company in your local area. Each meter will be programmed with a NetworkId that should be part of the broadcast packet header so that neighboring power networks can operate without interfering with each other by ignoring packet that don't have the correct NetworkId. If you power up a meter with the network Id that the local routers/collectors are listening to it will show up in the power company's system as an unknown meter.
We only used faraday cages for smart meters with cell modems in them, but that was because the test equipment included a cell tower simulator. The meter itself wouldn't interfere with the cell network since they have well established protocols for dealing with devices that are not provisioned on the network.
Thanks for taking the time to provide such an information packed comment! I agree with you and believe I need to find a test jumper on these meters to enable them to be powered via the lower voltage regulated supply.
I initially tried feeding in 20VDC at the point I found on the PCB but these meters would not boot up ( think one in the past did), I believe it has a protection mechanism kicking in because it thinks there is an issue with the missing 240VAC and is keeping it in a reset state.
This is likely the Teridian chip doing this so I can probably just hold a line high/low to skip past it or short a jumper that's used during manufacturing. But part of my tests is simulating the exact environment so for that I need to ensure I take proper precautions when powering them.
Thanks for the tip on the NetworkID, I suspected that was the case just due to the number of different providers here using the same meters and airspace.
Love this series.
Wonder if anything is verified or if the mesh network would just accept whatever data sent to it. Say reducing a bill, or raising one.
If you can properly craft a message my gut tells me it’ll accept it, now there’s a lot of systems downstream that might catch on to these data mismatches and raise red flags, but the smart meters will likely happily forward them on.
they shay it's a short wave but yet them things are transmitting 24/7 around the clock nonstop.
Did you make this data available on the Wiki? I'd like to take look at that.
I don’t believe I posted the hardware mods I was making, but perhaps a page for that would be good
I don’t believe I posted the hardware mods I was making, but perhaps a page for that would be good
Huh, Landis und Gyr Meter, that's my country. Cheers from Switzerland 🙋
Thanks for watching!
@@RECESSIM Yeah it's good content, i mean i'm always on the design side, never dug into reverse engineering/hacking, there is a lot to learn there, looking forward for more 👍
Love the series! Also whats the intro music name?
Thanks! It’s one of the tracks RUclips makes available license free. I’ll have to look it up to see which one.
@@RECESSIM That would be awesome if you could! Thanks for the reply 😊
Anymore episodes planned?
Posting #4 in a few days, just editing it now.
@@RECESSIM Can you send you an email, and see if you're interesting into looking into our smart meters here in New Zealand? What what I gathered they are encrypted but I need someone whos done this before.
@@leithacullen Join the discord channel, you can find the link at recessim.com/
Ultra interesting. Sadly it almost impossible to find european smartmeters on ebay.
EU might control disposal better than US, or there might be other surplus sites country specific you could check.
There must be a worker that mean what we do. That has one. Ore old houses getting destroyed for roads has them.... Where does they go..
Security by obscurity at it's finest.
Do u have a video showing hoe to slow the meter
No, demonstrating something like that would get removed from RUclips for promoting illegal activity. My content is about understanding how it works and searching for vulnerabilities in the design.
If you have to ask this question you cannot safely do this. You need to change the resistor out for one with lower ohm than stock and then raise the tolerance (max is 20%). If you have an old style meter use 3 magnets (one in each side and one in the centre of the top wrapped in foil.
You can buy a meter and housing for private use so it’s not like this information can only be used to store power. Especially people who mine cryptocurrency and host this process. We tend to install our own meters for each of our clients.
Only thing you had to do was not plug the transmitter wire back in 🤦🏽 the transmitter wire the blue one then you have the other one that counts the meter which is the red one
Hi if i cud get a hold of EU meters and ROUTERS. Can you hack them, ore try to do it. i think we have 3-4 models AMS meters here. There the new ones. They say they cant be hacked. But some even has USB. I my self refused to get ams installed. Since i have the right not to have a device that like a cell ore a wifi router that is radioactive.. Small but. still my choice to have it in my house. And i aslo have the right to get power! My main reason to not get one is, I think some can get sick. Nr2 i know they can get hacked. Nr3 i dont want to record when i use what and for how long. More then they cud whit out AMS. Also we have them inside the House and some like mine are small. I told them to build a isolated box outside for it then i wood take it. Cause i know they never wood do that. I hate these AMS shit. And the reason for high power cost now + all the eletrical shit like cars! But thats to much in my bad grammar! LOL