Hacking the Power Grid - Their password is TERRIBLE! 😂
HTML-код
- Опубликовано: 29 сен 2023
- BECOME A PATREON!
/ recessim
Building a hacking tool from a smart grid modem. Learn how to build your own hacking tools by following along with me on my journey building this one.
Raspberry Pi Zero W amzn.to/3tgJ8wj
Soldering Kit amzn.to/3ZDG35p
HackRF Software Defined Radio amzn.to/48x7dPD
RTL SDR amzn.to/48xHgzq
RECESSIM Links
DISCORD / discord
TWITTER / bitbangingbytes
TIKTOK / bitbangbytes
INSTAGRAM / bitbangingbytes
WIKI wiki.recessim.com/
PATREON / recessim
IF YOU WANT TO SEND SOMETHING INTERESTING... :)
RECESSIM
7201 Virginia Pkwy
Unit 6131
McKinney, TX 75071
As an Amazon Associate I earn from qualifying purchases. 
Наука
As a natural gas Pipeline Operator, you have no idea how much this terrifies me. Literally everything is Internet connected but a great deal of the equipment is up to 50 years old so the tech is added on top with the cheapest devices they can get. Security isn't even considered beyond a simple retarded password. I've literally guessed the system password just by knowing how the company operates. They love American history and 1776 is a big player, so doesn't take much to make an educated guess.
Trying to help shed light on that! Seems crazy there isn’t a larger sense of urgency to address it.
Yeah my experience with technology on the power grid is that the people making the decisions really have no idea about security. This is common with technology in other areas too, but is particularly important when it comes to the power grid. They really are at the level that they don't know enough to know how crazy insecure everything is. They know they need to be secure but they don't understand security. I've seen odd things where security rules were crazy tight about things that didn't really make a difference, and everything else was wide open. Its a total mess.
Equally bad if not worse in the power industry.
@@justanothercomment416 I would have to say it's worse. Imagine pipelines exploding everywhere. I work on a Pipeline supplying El Paso, it's crazy vulnerable. Just under normal conditions we have had 3 pipelines rupture.
this is script kid level of insecure...
It's kind of funny to think about people freaking out over the Flipper Zero when things like this are so readily available and nobody cares.
No one cares because what are you going to do with random people's energy consumption meter readings? They are already readable from outside the house with binoculars or you could walk right up to the meter and read it, all you need is a high-vis vest. You wont be able to use this network to communicate any better than internet already allows us-- the bandwidth and low latency are both not there on a network like this. So that's why nobody cares. And the flipper isnt that crazy either-- for any rolling code (actually protected) wireless communication it doesnt work. That's why no one cares about flipper zero stealing your car, either
It's not that you can capture and read this stuff as it is if you can transmit back into the system the captured data came from.
@@tgmelinda7544 it would bena federal crime to transmit on frequency you don't have the right to. Why would anyone risk 10+ years of jail time to temporarily confuse meter readers in a data center somewhere? They have a database of all the meter readings and know what to expect. Relatively easy to point out fabrications. Plus you can't stop the original meter from continuing to transmit, So it would be pretty obvious someone is messing with the system. The reason no one cares about this is because it's not worth the risk.. because its beneficial at all to do this. Smart meters do not control power, they simply monitor and report it.
@@tgmelinda7544 And do what? Make someones bill marginally higher or lower before they send a troubleman to check what the fault is, especially if the system that polls these devices gets inconsistent readings from a given device, or gets multiple responses? I mean, sure, you could command one of the meters on or off, which will be recorded in the meters memory, and in the utilities own systems, and then they can get it sorted out in literally seconds. There's nothing especially dangerous or new you can do with these devices other than read them from moderately further away.
Like, the reason it seems like there's no consideration for real security is that the total honest truth is the security is more there to keep networks separate than actually secure anything. Because everything on these networks is pretty much public data in the first place, and the chances anyone can consistently enough tamper with traffic to steal services or overbill someone without being caught by the error checking on the database side is basically zero. So there's really no reason for these devices to need security beyond keeping test networks or different utilities from getting their networks mixed together. I know that sounds absurd, but that's the honest truth.
Especially since the utilities do absolutely have direction finding radio equipment on some of their trucks, because it's used to look for cracked insulators, so once they notice your device on their network, it's a simple matter of time before your goose is cooked and the FCC shows up to arrest you arm in arm with the DoE.
@@gutrali The problem is, there **will** be some vulnerability that allows you to update firmware on these power meters. That opens possibities from faking meter readings to attacking other kind of devices (pipelines? high-voltage switches?), just like IoT devices was turned into botnet for most powerful DDoS internet had ever experienced.
I love how this man is trying to avoid a lawsuit so hard by emphasizing that the transmitter is *turned off*
But seriously, it’s turned off via HARDWARE! Not no bullshit software switch 😂
“Someone I once knew” worked for a utility company that upgraded the gas meters from analog to digital. They used a handheld that would read and program them. It was a pretty interesting system. I’d love to see how the technology compares. The meter faces basically just read the position of the cog gear ⚙️ inside and count how many times it’s spun around. Very simple device.
I caught some guy in my yard acting suspicious. I went out to talk to him and he was changing the battery in our gas meter. He showed me that handheld device. Apparently they have to reprogram it when they change the battery. He says they are outside contractors. Really glad I caught him when I did because those batteries last a long time and it was an interesting conversation.
There is value in dumb simplicity. Not just from a security perspective but from a reliability one. There are lots of mechanical meters in the power grid. They are used even when there is electronic monitoring.
I've just watched the Patreon version and he wasn't lying about showing some gory details there. Very entertaining.
I've been studying a bunch of modbus and serial protocols for industrial equipment, it's a big rabbit hole to go down. But I've had some success with my weak points understanding hex and binary calculations for the CRC checks.
Considering ditching tinder for the patreon, you'll give me what I want lol!
The main problem is how long this stuff has to last. You might think it's easy to add encryption but you have to realize a lot of this dates back decades and the service life is decades. We had smart meters when everyone used those old analog meters with the spinning disc - and they're still in use. The protocol is ancient but not encrypted as encryption was something fancy people could do (remember this stuff predates things like Windows XP). Even later equipment might be designed in the XP era, and still in use today. Why not upgrade? Well, to do so would cost money to buy the latest equipment and millions more to install it all. And chances are the latest equipment could support more secure channels with encryption but the legacy equipment installed won't understand it so it has to fall back to less secure communications because again, no one wants to pay to move the network forward. It's like trying to make sure your network will work with DOS, Windows 3.1, Windows XP and the latest Windows 11 all together on period machines. And be secure.
You don't know enough about the technology to make that claim. Fact is you are completely wrong and a chip to secure that device would cost maybe a dime at the numbers a company would.purchase to mass produce the device. They are called.microcontrollers. they are extremely cheap and available.
It's like you didn't read the message you're replying to... the cost is not in the microcontroller itself, the cost is in installation / maintenance / managing secrets / certificates / backwards compatibility / etc. across a staggering number of units from possibly different manufacturers.@@fjb666
@@fjb666 They are now, they were not when the protocols were created, nor when the PUCs signed off on the replacement hardware, hardware which needs to last decades given the cost of the revenue grade metering hardware and how little the PUCs want to spend and allow prices to be raised. Granted, there's very minimal control beyond typically single point of use on these networks. So you can watch, but you normally can't do anything but watch. These networks are also very very carefully segregated with gateways, multiple firewalls, and near airgapping of these networks from any control authority.
These don't need to be secure to do their jobs typically, because while sure, you can potentially turn off points of use, you could also turn them off with the manual isolation valves or other hardware that is required by law to be readily accessible for emergency responders just as easily. So in the utility space, we more or less don't care about these devices, because there's very little you can do or get out of them that you couldn't already do or get without the networking upgrades. Recall that these things have the displays on the exterior displaying nearly all the data, and that the analog ones before them had the dials on the exterior that also displayed everything.
For anything actually important controls wise, the standards set by FERC and NERC, along with the regular security audits are perfectly good at catching issues.
to be really technical I assume you know why it still industry standard to use bacnet, modbus, profinet and can for serial communication and I will also assume you know serial handshake. and securing serial comms is as easy as a white list and a jtag lock.
@@Mr424242424242424242 "sure, you can potentially turn off points of use, you could also turn them off with the manual isolation valves" This is typical sloppy thinking which proves that you have no idea what digital security measures are even for in the first place (unfortunately, just like so many other so-called "experts" in many of these spaces).
The whole point of an integrated mesh network like this is that it allows _easy remote access_ to a large number of devices at the same time. This is a double-edged sword. If it actually allows manipulation of such things, then a weak system and a single malicious actor within a couple of seconds could _disable an entire neighborhood._ They could even just drive around in a car, never even stopping, and hit multiple networks across a large area, without even leaving any evidence of what actually happened, how, or by whom. That is *absolutely not the same* as having to physically walk up to each and every house, trespass on private property, locate the manual shutoff, break the tamper-proofing (leaving evidence) and shut things off, and then go to the next house, etc.
With the physical approach, you'd probably get through a handful of houses before somebody calls the police on you and you're done. With an integrated digital system with crappy security, you could potentially knock out multiple neighborhoods with a keypress, even do it over and over again, and they'd never be able to even find you.
And even if the devices only allow monitoring and not changing anything, being able to collect power usage information for all of the houses in a whole neighborhood can have a variety of not-so-great applications, such as giving people insight into which houses are occupied when, identify when people move in and out, etc, allowing them to do things like scan a whole neighborhood for burglary targets at a glance.
Honestly, it's surprising it doesn't happen more often already...
the S in IOT stands for security
Don't forget the R in IoT for Reliability or Resiliancy!
I love this comment
This is incredible work. Thank you so much for sharing!
I remember how we were looking into possibility of passive monitoring of power consumption. Now, it seems like you went much deeper 😂.
another sweet video! great work always love seein what ur up to with the smart home monitors
Very interesting project! Keep it up.
you are the king ..nice work
Public/Private key is 'inconvenient' and 'difficult' hence these scary shortcuts.
I work for a utility company. There not the smartest bunch. This is amazing
Yup a lot of the NEW guys don't last some even get BURNT out from work..pun intended.
I am extremely disappointed in RUclips not notifying me of a new video. Thanks for posting and glad I found your video anyway!
"It was password by the way...." had me dying 💀
Someone's getting a visit from homeland security... 🤣
this is the level of nerd i aspire to be!
Mad video Hash!
Yea baby, Im loving this! Making me want to ditch one of the Wife's accounts (netflix) and become a patreon!
Can kwh usage be seen with this? I think that was something that was still being worked on last time I checked in on the smart meter sniffing.
Wait, someone released an IoT system that WASN'T secure?! :O
In other breaking news, the sun will rise again tomorrow 🌞 😂
Being from a rural place, it's always funny seeing changes like this. The ones that clearly only sound good to those who are blinded by the prospect of making everything "high tech". Everyone wants the newest technology in our infrastructure, but no one wants to make it secure!
Sad thing is.... A very high majority of all utilities/infrastructure/equipment etc is using 50 year old "high tech" equipment and devices. They do not upgrade to more secure & newer technology because the cost is astronomical. Very expensive to rip out the old equipment,install the new equipment, troubleshoot, possible outages etc... so they just keep the 50 year old technology with zero security.
Utilities have been heavily motivated for decades to get away from people roaming the countryside to read meters. I can recall the power company's first attempts at this way back in the 80's... something that looked like a doorbell transformer that sent a very low power RF signal that the truck could hear as it drove by -- still needed a person and a truck, but much faster and more accurate as they don't have to stop, get out, decipher the reading, write it down, etc., etc., etc. These days, we have 900MHz and 2.4GHz (the same as your wifi) mesh systems that don't require people in trucks anymore. (99% of the time... out in the sticks where there's no cell coverage, or other meters in range, someone still has to drive out to read those. And they charge for it!)
Have you been able to see other controllers/repeaters sending commands? Would be interesting to see what a remote disconnect looks like...
Why does my power keep turning off when I'm about to win at cs go?
This'll be fun!
The 915 MHz network reminds me of the metrocom ricochet network in NY NY, it's been gone for 25yrs , but they did bring it back up a short time after 9-11.
I would love to know how to piggyback on the bandwidth of those smart meters, if it could be done without interfering with the operation of the overall system.
900 MHz ISM will not have bandwith to do much in the way of modern internet access, I think at best on a test setup of a Ubiquity Nanostation M900 pair I was doing 10 base T speeds in a 5 mile link, however it does make the band reliable for long distance links and the RF can penetrate through most obstructions especially trees and such, but given it's band, 900 is considered a low end microwave and solid metal obstructions will deflect / reflect it but not as much as 2.4GHz or 5GHz bands.
The higher the frequency band the wider bandwidth you can use like on 5GHz you can do 5MHz - 160 MHz wide channels where 5 MHZ will give you a super stable long range at the cost of speed due to bandwith constraint vs 160MHz which will give you speed but at the cost of instability due to interference from other devices on adjacent channels that you now overlap
SO if you need SCADA type linkage to remote locations or vehicles in your area of operation 900 MHz is a good band to go with obviously.
As Todd Howard would say "It Just Works"
These modems are based on Ricochet technology! Same company designed them!
@@RECESSIM I got my hands on one of the old ricochet pole mounts and a few of the modems, do you know anything about them or got any tips how I should go about dissecting them?
@@tgmelinda7544 I live in upstate New York and I tried to start a wireless broadband ISP back in the 90's,
Failed miserably, I'm no salesman, it was just a bit too soon, and I had no money to speak of...
Anyway, still got a hodge-poge of equipment , sold or scraped most..
I used the DEC, later lucent technologies wavelan's.. an old itronix 486 laptop to go around doing configuration, homemade yagis and servers.
Completely quit even trying in 2003.. I did have a few ubiquitis by then.
(Made an old breaker panel look like a Cheerios box and marked it "Router O'S" , Even built something into a glass block at one point.)
Don't think I ever had more than six customers at a time.
I wanted to try TV white space but it didn't get defined and approved quick enough.
@@petevenuti7355 I was able to get two modems communicating with each other directly. Fun to chat back and forth in terminal windows!
Check out this site, there’s a reference guide at the bottom with modem commands.
www.qsl.net/n9zia/metricom/
I’m waiting on this guy to tell someone to get bent. 😂 at least the buildup to it is coming. 😂
I actually had a solid rant I cut from the video 😂
@@RECESSIM I could sense it. Please upload it. 😂
I feel like this could put me on a watch list.
Is it even worth watching if it doesn’t? 😈
Those infrastructure-level crap security devices are low-key terrifying... That and SS7 attack surface...
So whats the points is it to use utility networks for WiFi or to hack you meters. I have no clue about technology computers etc.
We have a smart meter now but it utilizes a cellular modem with a SIM card. The issue is that the network is not up and running yet. It would be nice to use one of the cellular hacking rigs the feds use to try and obtain info on the device. I know th3 network they are on and there is practically zero coverage where we live. One of the techs that installed the meter told me they have ongoing issues with cellular coverage and they have had to install SIM cards from another cellular provider. I am wondering if this is the reason my alarm light is constantly lit.
Today's IoT is still like the internet was in the 90s (before NAT when everyone had a valid IP and everything was without SSL 😂)
Can you send me information on how to close the connections on an AEP smart meter
This is wild...wonder if someone could reverse engineer this to add decoding meter readings like the rtl_amr could do from analog-encoder-meters? That was fun for monitoring real time usage more finely than the power-co offered (and comparing usage to others in the area)
You're hilarious. Great work! I just wished hackers supported the people and not chase money or work for big corporations.
I like your style
The people are wishing for already exist. People who find bug bounties, security researchers and "white hat" hackers, all play for the people in one way or another. It's just a shame that some of their work is ignored and warnings Unheeded
It’s under NDA which is the problem, it needs to be public… Public Shaming drives action, drives conversation and leads to change.
Doing the research and getting paid to stay quiet means you get to make some cash, but not likely anyone is going to spend the real money to actually fix it.
@TheSlyMouse I've spent the last 18 years figuring our system out, a system hacker. That is me.
We have studied banking, law, contacts, and corporations, and we have reverse engineered the system.
I'm from England, and here we have common law for human beings. I'm half Dutch and speak the language fluently. The Dutch owns all corporations.
If you could watch
Crash course world history 229
The corporation
Light bulb conspiracyplanned obsolescence
Phoebus cartel, which is now the EU
New Amsterdam City
All corporations are owned by the VOC, and the difference is we live under 2 systems of law. Civil code vs common law.
Lookup common law map of Europe duheim Canadian University research.
What we have done is removed ourselves as human beings from our land and turned into a corporation. We now live in the legal system that can be used against us. When in fact, all we must abide by is wjat is lawful.
We have been gaslighted and manipulated. Fbi, CIA, Federal reserve are all privately owned corporations in Civil law.
Corporations can't turn up in a jury court. That's the trick.
The law of reversion is our future interest in our land which we gave in loan in common law, we wish to reclaim it.
Josh Blakman property law 2017 course for free on RUclips. Everything is about land, jurisdiction, and who we are a human being or corporation.
Hackers do benefit the people, but most hackers don't even realise that this whole system in the USA and The EU with all their corporations has been setup and funded by criminal organisations.
Bitcoin was released at a Dutch hacking convention in 2009. Made by the Dutch money masters. Most things sold on the Dark Web is from Dutch sellers.
If we understand the law and implement it properly reclaiming our land, you only commit a crime if there is a victim. Corporations can not be a victim, because in reality they don't exist.
We need to work together
Their security has always been shockingly bad 😂
Very nice.
Is this for the new HAN ZigBee meters that utilities are using? The power Co here doesnt allow connection to the meter, only via their website which is a day behind and only 15 min increments. And so useless. I want my data for my home assistant. I wonder if this device would read my area....
What brand meters do they connect
It's basically SCADA.
question: didnt even now this was a thing!, but now I do, am wonding could run your own net work traffic over it?
I'm not worried by this. Living in the UK half the time our smart meter networks don't work, or we have the stupid SMETS1 meters that stop working if you switch provider. 😅
Just in theory - would you be able to tamper with these meters in a way to get free power? There are for shure easier ways to do it, for example just bypassing it. But I have heard that these meters have many ways to detect when they are tampered with. I live in Germany and my power company now starts replacing the old ones, I think it`s for exactly this reason.
what is that watch that you're wearing? i like it.
Backed it 10 years ago and it finally arrived!
www.kickstarter.com/projects/920064946/oscilloscope-watch
Are smart meters accurate in metering?
-no, they always overcharge-
yes, they are accurate
To be honest i first REW and took a look at the password type in - recognized the "ass" phrase and thought hey - is he making fool out of me? is password a password :) and i let the video continue - the best hack i had in last week :), just after finding apache beta packages repo :)
0:17 4 digit code? who thought it can protect from anything?
They figured the frequency hopping would save them… And somehow never imagined their products would be all over eBay!
What app are you using on the iPhone?
Shelly - Just an app to SSH to the Pi
Pge treats there substations like fort knox, but every computer that controls the sub is connected to the internet. The thing im waiting for is someone to take control of the voltage regulator, and crank up the voltage to 150%
Of course one would never want to do this, but for the sake of science, is it theoretically possible to spoof power usage amounts to lower a power bill?
wait til you hear about the grid you can sniff with a Low Frequency receiver
Hydro Québec LOL, it's my town (Québec not Montréal)...
I couldn't find it in the comments so here goes:
That's amazing. I've got the same combination on my luggage.
Meter readings are sorta public data anyways. You can walk up to a meter and look at it. What's the worst that could happen with exploiting this network, forge some readings? The real data is displayed on the meter itself, so any billing nonsense can get squared away. This may be the correct amount of security and management cost for this data type.
The meters have 200 Amp switches inside them and can be remotely turned on and off over RF… You can see this in my Smart Meter Hacking videos.
The worst thing I would say is someone gaining access, then flipping the switch on/off to whole neighborhoods until something bad happens.
@@RECESSIM Is there no additional authentication required to cross the boundary from monitoring to control? If so, that's indeed worrying. Didn't know power meters were also switching devices these days. Thanks for the info!
@@RECESSIM Not all meters have the ability to disconnect service. I know the units my power company uses can't turn off the power. (my meter was stolen. they could tell it was on, but not immediately locate it, and _could not turn it off._ their fraud department will hunt it down, 'tho.) You'd think the ones out in the sticks would have that capability, but they didn't. (of course, it takes seconds to bypass the meter, so why put an expensive one out there.)
_You can walk up to a meter and look at it_ Not without trespassing in most cases. Yes, some are where they can be seen from the street / sidewalk, but I can point out a great many you cannot see without entering the property. (The PoCo has a right to read the meter. _You_ don't.)
In singapore, if doing this it is illegal ! Modify any things here will get fine and jail in Changi prison !
Can somebody explain what that is what they do and why they exist
Sounds like more of a hash or parity bit than a password
I subscribed. Great video. I left a longer comment but deleted it. Our country is so vulnerable that you can’t even laugh at it. Only now do I feel like people are starting to realize how bad it is with things like the flipper zero and the social engineering of the Vegas casinos. The sickest part about all of this is the people who are going to be hurt is you and I. Yes corporations will take losses but most will recover. You on the other hand having all of that personal information like passwords, social, address, date of birth heck even your security questions could completely ruin your entire life. What is the consequence to these corporations? Maybe a fine? Free credit monitoring for a year? A slap on the wrist?
Security through obscurity. (or mistakenly _believed_ obscurity.) Most of these things have f***all for security because no one cares, because not a single person involved even cares. Why should the manufacturer when their customers don't? Their customers are utilities that know rather well how to think about physical security - i.e. stop people from stealing power, etc., but they simply have no clue when it comes to logical security. They don't understand the internet and data communications, so they don't even know it needs to be secured.
(I worked for the ISP division of a power company for a few years. I saw the magnitude of their stupidity first hand. They have gotten no better in the decades since.)
4 digit code? Ha ha ha ha ha ha ha ha ..
Oh you're serious.
My theory is there are people around using too much power and they electronicly redistribute power usage to several neighbors so the power co sees norm use and the 20 neighbors pay 2 doll more and dont notice
not possible, each meter has it's own log data and unless its physically edited not much will come from spoofing but the FCC looking for rogue transmissions.
Its possible if u have a accomplice that works for the power company and the several houses workung together
Gangs
Shoutouts to jailbroken iPhones tho.
My daily driver is a 12 pro on iOS 14.3..
..still waiting on 15.3.1 to get opened up so I can finally use my 13 pro to its full potential.
iOS 14…. Wow that’s kinda old. I’m on iOS 17. Also jailbreaking is pretty dead these days and the constant battle isn’t worth it. I use to love jailbreaking every iOS and iPhone out there.
@@cppctek idk brother..I cannot live without my jailbreaks lol..I love patching games/apps with flex/permaflex, having access to my entire file system (preferences for apps, etc), all the little quality of life tweaks I have installed (no ads systemwide or fixes for any mild annoyance I can usually think of), the fact that I can still update my emoji’s to the most recent ones, play safari video (audio) with the phone locked, download anything in any format, or get all the premium RUclips perks without supporting Google..as well as test-run any apps I’m curious about..
Anytime I switch over to my stock iPhone 13 I miss damn near everything I have on this phone..
I'm naive as to what I could use a device like this for. The tech is interesting enough, but some practical applications would be helpful.
How about knowing when someone is home?
@@BurritoMagnifico you could already do that with a SDR?
@@BurritoMagnifico just knock on the door and you will find out if they're home
@@BurritoMagnifico This was my first thought as well I live in a area that has a lot of violent crime and a lot of break-ins.
It is pretty common to see people in cars scouting out houses to see who's home at what time of day. With something this tech savvy criminals can monitor who's home at what houses and plan their break-ins more efficiently.😅
Save a snapshot, send a snapshot
I have someone hacking into my meter..changing my a/c setting,refrigerator setting.turning lights on/off..has destroyed my meter,my dest top..my a/c fuse box twice and more.. I would like to speak to you in person..thanks
This can be a federal offense, I’d be careful
But couldn't you receive all these same messages with an SDR?
Receive yes, decode into something legible, I’m not sure. The idea here was to see if the data or what’s shown is presented in a different way that could provide more clues.
@@RECESSIM I must have misunderstood. I thought you said the data was unencrypted
❤
I use sdr.
Your voice is weirdly hypnotic. You're the Bob Ross of reverse engineering.
Out here finding happy little accidents in the power grid…
don't panic
everything's fine
I'm just off the fone with them - and - they say they are gonna change it to a 5 digit code ASAP
problem solved huh?
Are you sure, I’m guessing just a different 4 digit code 😂
Super old news. Which makes this even more sad.
Perhaps I just make a video every three months until they actually upgrade the system 😂
Must be a Microsoft subsidiary - that'd explain why the power needs to go off/on regularly.
Rebooting is always the answer
@@RECESSIM I presume you know Why that is and Who is to blame ?
If not, prepare for Enlightenment !
I dont get it why this is hacking. I mean, I can see the serial com there. debugging the serial will be easier connecting on those serial comms. and the password on each serial device has a default passwords just like a wifi modem that is stored in plain text on eprom. yes, you can read the master serial giving signal but serial handshake requires the id of slave serial device to be verified by the master serial device or scada plant manager white list, if the slave id is sketchy they send an alarm to plant operator informing them of that sketchy id serial device or banned that sketchy serial device out.
So why not just receive a known ID, change the ID of this device to match and cause mayhem?
@@RECESSIM the way serial comms are configured for master and slave communication is a slave serial device is configured for a specific area master serial device. the maximum number of slave device to a single master device are 127. if that master device is already full your are out of luck inserting another device there, if you can insert a slave device it needs to be white listed or registered first to that specific master device by the control engineers first. and the white list is not just registered to a single master device it is registered to all master device on that scada cluster. the real tricky part is not accessing the master device but accessing the jtag lock on those master devices and if a single master device went offline another redundant master device for that area will go up and alerting the scada operator something went down. assuming first you know the baud rate for the serial handshake. side note: dont confuse a serial pass thru for a master device a smart electronic engineer will plant a booby trap in a cluster to know if his network is being tampered with or to protect the most critical junction of his network.
Where did you get your hacker-watch? 😉
Oh, the Oscilloscope Watch by Gabriel Anzziani… Glad you asked! 😀
Oops, looks like you leaked a few SSID's, on a map they are just outside dallas, tx.
Be careful leaking access points like that.
2304 Aberdeen Ave, McKinney, TX 75072, USA
...SSIDs are broadcast. Not only are they not secret, they're literal advertisements.
@@dawnfire82Networks set to "Hidden" dont broadcast the SSID, you either have to know what it is, or listen for devices that have already connected to that access point, those say "hey im looking for this SSID" and give it away
China taking notes
what's the 4 digit code for free power?
u812
1776
fed?
OR you can google the fk out of the device and the protocol instead of hitting this patreon paywall. No insult to the guy in the video but it's kinda gatekeeping and I'm sure there's a github somewhere with ALL of this info already FREE to the public.
Please share it with us if you find it!
Will do! @@RECESSIM
How about this as a start.... usermanual.wiki/Landis-Gyr-Technology/IWRP1/html@@RECESSIM
just join the kemono party like everybody else does.
That’s good, what we need is the software they use… Or documents on how the proprietary protocol is constructed.
All the docs like that available on FCC or usermanuals don’t have any of that information. If you can find out how the low level protocol works that’s GOLD. I have what I have figured out openly documented on the RECESSIM wiki.
wiki.recessim.com/view/Landis%2BGyr_GridStream_Protocol
So, what you're saying is that anyone with some time, money, and knowledge could potentially drive around, sniff, then use that information to turn off power meters? If so, that could be a very bad thing.
Some potential scenarios: criminal turns off power to a target home to disable security, troll turns off power to people they don't like, meanies turn off power to hospitals or whole apartment complexes or grocery stores.
1337
It doesnt help you with nothing. You just entered in the "console" of a smart meter. If the company see that the equipament was jamed, you have to pay for all your shit that plug in in your house. I supose some people will pay to learn to do..nothing :))
Butthurt..? It does help, you just don't understand how big this is.
How
@@designerspubannadovinos7983 go
You're dead right - "It doesn't help you with nothing". That means it helps you with something. Well done.
You're welcome to explain WHY this is useless. I don't think it's a very interesting "HACK" due to there being log data and record keeping. It would only be usefull if you overload a network with rogue devices. not fun either just a waste of time.
You just described how crypto works "you feed it one code and it gives you another" 😂 so your promoting a device to build that no one is going to get to work for what reason? I mean what's the purpose of any of this? Even if someone could get this to work what could they do?
You dishonor your namesake.
I call bull crap, the concept is good but what you are demonstrating here is very fishy!
What’s bull crap about it?
Hmm on the search for this stuff with a Certain Siemens Smart Meter..
Hash...terri is trying to reach you. Your email is bouncing
Thanks, I reached out to her via a different email address.