Flipper Zero Kills Smart Meter?? - Reverse Engineering News - June 13th 2023

Peter wasn't expecting you lol

1) Bunny is a legend!
2) It's always a "feature".
3) I call BS

An other way to debunk that he was using the meter to control the power is that even if the meter has a disconnect relay in it the meter will still be powered up and the display will be on when it disconnects service. The meter get's it's power from the line side of the meter socket prior to any measurement or disconnection circuits so that the meter doesn't measure the power required to run itself and so that if the service is disconnected the meter is powered up to listen for the signal to reconnect the power.

Did he just say "Chooch"?
😂😂😂
Subscribed.

Thank you for reporting on using IR to look through silicon. I absolutely enjoy viewing silicon chips through a microscope but find it tough to find viewable specimens. Im going to study his paper and give it a try.

This news segment you're doing is incredibly good. Very entertaining. Thanks.

Absolutely loved this video, the news segments and the dry humor. Don't ever change!

When I was a kid I used my dads camera and the IR feature to see in the dark and troll my friend. I noticed I could see through silicon when I looked at my see through game boy colour chips. I didnt realize this was an undiscovered thing. Imagine how many people have seen something similar not understanding no one seen or noticed it before?

I work on testing those old elster meters and me and my coworkers immediately knew it was fake since even if you did disconnect service to someone's house, the display should still be on. And like you said that particular meter doesn't even have a relay, as we noticed from the 6th field in the style number.
Interestingly enough, the energy axis radio was installed in that meter, so even if you could capture the c12.22 packets coming out of it, you wouldn't be able to read it since it had wan encryption enabled by default (unless Ameren disabled it)
Finally, that particular meter wasn't even sold to Ameren (looked up the serial number on our db) so I'm not even sure how that sticker got there. It was actually sold to some research group in the US.

I used to work for Schneider Electric in the power meter division and while the Ion meter had some strange and wonderful features, turning the power off to the panel wasn't one of them. Just like you said, you could drive outputs, but those outputs would have to be wired to a relay that did the shutting off of the panel.
Ion meters had Telnet available for use (some 15 years ago, so don't get too excited), and sure enough, someone came up with a hack. Schneider came out with a bulletin lamenting the world that we live in where innocent hardware gets hacked. I -imagine- hope that it has been fixed since then.

Great format, good information, and no flashy noise/junk for the intro or outro. Subscribed!

Absolutely loving the new News segment! ❤

Great episode Hash - appreciate you boiling things down for us - concise and enjoyable - nice work!! Keep it up!

Yes, a Peter Fairlie video (not the one in your segment) was the one I had pointed out. Although, I will admit, I believed he was actually controlling or resetting the meter with his Flipper Zero.
Great episode!

In New Zealand the extra contacts are used to turn off the water heaters and "Night store" heaters in houses to shed load during peak load times, though they are almost never used by the power supplier. Usually on a seperate meter than the main house meter, they charge you a lower kwh rate for having it setup.

love these news segments, keep up the good work!

If you’re glitching around with your power meter the electric company will know because as it’s running, it sends a check signal every few minutes to the tower and if it doesn’t receive that signal within a day or so, you will get a technician showing up to check the meter there is even a gas meter for natural gas that does the same thing and the power company well where I live can turn off your electricity just by punching it into the computer, but within a few days, a technician will show up, pull the meter and put insulators on the socket and then re-apply the meter until you pay the bill

Seeing through silicon? That's trippy man!

First video I have seen on your channel. I suspect that you've just earned a sub.

You do a good job of seeing through the haze and calling things out for what they are!

Thank you for finally exposing that last one; I have a Flipper Zero and was experimenting after seeing that video thinking, wow, I have a Flipper, I wonder if I...
Never could I find a shred of code or idea anywhere on how this was done. Was so confused!

props on the gps dox. I know some of those prefab houses have them like that for the fire department so they can shut them off remotely for insurance purposes if it's like a townhouse or apartment's building. I lived in one where the power would go out on purpose if there was a fire to lower the chances of electrocution when the sprinklers turned on.

I attuly just came across his channel this afternoon and seen you're video this afternoon..., thanks for clearing this up... 🤠👌.

I've had that book for years... Good read!

You're actually quite good at this news show stuff, I'm liking the humour. 😉

an important aspect of the WCH thing was the second firmware from their OTA process. it's interesting that the response was that it's a time saving feature, since there's like no valid use for a partially readable firmware under lockdown; maybe they meant erase was slow? there's stuff to speed it up in chips where the entire flash is lost if the protection bit changes, like they set a flag and the old content is just gone

Great stuff love the format 👍🏻👍🏻

Peter is a radio amateur and has another service line coming into his house to run high power amplifiers! The noise you hear is a relay coming from the box next to the meter!

Love your channel!

Thanks for the great vid. Nice French cuffs and cufflinks.

So THATS WHY i couldnt find any information about how to do that 😂

I'm glad you've learned of the place. The 'AU' in Mississauga rhymes with _bog_ though.

Remote power off is usually reserved for seasonal cottages in Canada.

Hello. I have a question regarding smart meters if you could help me. The gist of the matter is, the company installed a smart meter at my house and i suspect that either the meter is faulty and it records wrong, or the technician did something to it to record a higher consumption than it actually is, because i got in a heated argument with them when they installed it and i'm thinking he may have done it out of spite. I tried callind them to come and evaluate the meter, but every time it's the same technician that comes to inspect it and every time he has this weird attitude. Either way, they won't replace it. My question to you is, is there something i could do to damage the unit without breaking the seals, that would warrant a replacement from them?

You nailed him. Good detective work!

Ah yes the car sets itself on fire after you buy it... YES that's a feature! No other car can do that. Like is he fr 😂
Just stumbled across ur channel and i love it. The R.E. news segment it's a awesome idea

I just saw this new format, this is awesome! I'll go back and watch the ones I missed, Damn YT

the IR thing was way more interesting than the powermeter imho.

Amazing video! Had a proper chuckle on this one!

Interesting you are very methodical in your material .. NICE.

Good job!

It's really rare that I see a video about this kind of stuff and someone has really knowledge and "IT common sense"... It goes without saying, that you earned a subscription. Your video is funny, it's informative and (as far as I can tell) it's true and you know what you are talking about. Nice!

RadioShack had the old remote control rf plug adapters. You could control lights fans whatever you want and they multiple frequencies so you control multiple plugs

@4:07 its a feature because a State Sponsored government agency can access it, its a feature to them..

Pure happenstance that I stumbled onto this channel... I LIKE THIS GUY! 👍

Very nicely explained. Thanks John

I jumped into a wood chipper and lost my legs. Now I don't have to buy new shoes. It's a feature!

Google sent me here - great episode, very interesting - subbed.

Thanks

Nice tie :)

Landis & Gyr, we have these here in the Netherlands as well!

Very good show, love it.

Cool video, as an old hacker, I love all of that!

A3 was sold with Disconnect option inside. They use BIESTABLE relays that you can varely hear even in silence and they cannot be turned on and off like in the vid, because they they are kicked from a bigcap that need to be charged using the existing PSU. Like you said, moslty a relay out controlling a contactor or something. But those outputs are used in general at industrial application to signal that the demand limit has been reached or something like that. This meters have been run over EMC tests at 30V/m (no load) and 10V/m (Inom). So, this thing has been already tested. And yes, functional deviation is allowed as soon as the REGISTERS DO NOT ADD UP (30V/m) or accuracy variation (MAX-MIN) does not exceed 2% (Inom). So send Flipper to read the IEC 62053 first because, just by entering in TEST MODE or ALT MODE, meter is not having a bad time at all. Also, the maker of the vid claims that the way it measures can be changed. Well, anything can be changed. Now, understanding ANSI is ONE thing. Making this alterations are another thing. You need to understand the meter first, then try to find the information that ELSTER have obscured up even to their own employes ... I mean, you will end trashing the measurement or stalling the DSP .... thats the most likely scernario. Now Flipper, do your homework.

Thanks for calling out the fake! Here in Australia we have all sorts of smart metering. I know you can't hack those things easily even though they have serial comms. Some of the newer smart meters I've worked on have a mini NB IoT 4G modem with a sim card, there's no way a flipper would work by design and I own one! Even with zigbee or wifi the flipper doesn't support it unless you've made some software and whipped up a prototype board.

I like your style. Just subscribed.

I found your channel accidentally. Very good content. Subbed. 😃

If the copy protection is on, the flash must be entirely erased before being able to write any firmware to it. A partial overwrite could be acceptable if there is some kind of signature to the firmware and the new one matches the old one. Ridiculous oversight.

Perhaps he's just using home assistant to shut off every single light in his house and back on again. Then maybe staged ebay meter also hooked up to home assistant sending the code controls everything in one shot. Adding in some resistors and capacitors in the second video cause the smoke to be let out of the magic bottle

The power meter shown in the "Flipper" segment is a peak power recording power accumulator. The meter is read by an electronic meter reader carried by the local walking meter man. It communicates through the infrared port on the front, through the D shaped steel plate on the front. The lever to the right will reset the peak values stored in non-volatile memory in the meter. Reverse engineering the communication protocol is hard, even if you have a reader/programmer.
Yes silicon is transparent to long-wave Infrared, but the resolution of the image is poor for recent silicon integrated circuit technologies. Current bleeding edge technology is in the range of 5nm feature sizes, and the wavelength of the IR is about 1000nm. And to access the back of the silicon you need to remove the heat spreader or remove the epoxy overfill. Most of the reflected signal is from the metal layers, and not much from the actual transistors.
As someone has commented below, a partial readout of the firmware is useless if you have erased the initial setup code on the device.

I discovered the process where it only deletes the pages of flash that is needed to be erase when making the firmware that ran a lift. This is one of those things you put in a car to load boxes.
I can assure you that you would never want to remove that firmware. It also would make it so I can use the rest of the flash for storing diagnostic codes. Flash still kinda sucks if you need to erase it often. So every little thing would help.

Impressive resourcefulness.

I like the new format

Can't find his video on the gps coordinates

“So, looking at Peter’s house” lol instantly subscribed

I'm thinking a meter on rental property where the power company is capable of turning the power on and off remotely. Check on that. There are several Canadian high tech service companies that come down on service contracts that last up to a year. They usually rent houses while in the states.

I'm in Australia and had a smart meter installed without my conformation.
I got told go on it or I will have no power.
The only benefit is the old meter reader bloke doesn't have to come up to my second level balcony to read the meter, it keeps him off my land and balcony I guess.
If you put a big magnet near them they play up.
Cheers.

Wau you have killed me with your deep knowledge and super detailed investigation, you even found his address. Amazing man amazing!

This channel is the Legal Eagle of hardware hacking.

what a clever man you are,thanks for the info.🍻

That flash behaviour lies in the nature of a flash storage for many many times - the flash controller simply cant reset all of the values per se - if you want to write something it will be "flashed"/resetted at a request :) not by definition each time - clearing flash each time wastes valuable cell cycles :) macrocell macroblock refresh count. BTW the name FLASH stands behind the clearing operation and a flash of light it emitts at the zeroing in case of NOR (one'ing in case of NAND) operation

Sir, you should consider getting those shoulder divots looked at (likely due to the size of the armholes). Also, those lapels are too narrow, but that's more a matter of taste

Could that range of light passing silicon be used as an attack vector on silicon photonic chips, light being the interfiering force? Could bits be flipped by fuzzing, following quantum mechanics?

Has anybody been able to show what exactly those smart meters are sending to the power companies, I was interested as there’s are discounts if you have one installed, but nobody from the companies could explain the resolution of the data that was being log by the smart meter and sent, only that it transmitted the data once month?

2meters on single home is most likely tied to grid w solar and can monitor what he is putting back from it one reason you see people w 2 meters great vid love the book :)

Love it. It's not just cap. It's ball cap.

I'm having lots of fun with my flipper zero, probably more fun than allowed.

Nothing but Awesome! Oh nice suit!

Excellent digging work, ya the smart meters in Canada don't disconnect, at the service, they must be pulled out. They just send data.

You put a literal cap on the desk😂

Nice work keeping it real...

this was fire, no cap.

Those "flip chips" are called BGA (Ball Grid Array) mounted Integrated Circuits.

I’m not into this kind of thing but that is a strong presentation!!!!!!!

Some cool stuff.

this is a great video idea

Hash?! Like from the L0pht?! Wow, man, I made it to 2600 in like, '95. Hash, if that's really you, you look like a million bucks. Thanks for sharing all the info, man, take it easy!

well done good explanation tks you

DEPENDING ON YOUR " SOCIAL CREDIT SCORE " UTILITIES WILL DETERMINE
WHEN AND HOW MUCH POWER IS AVAILABLE

I mention you and this video on my video coming out this weekend! Hash, if you want to preview, please let me know!

There are manual cameras that have a movable internal ir filter so they can use ir film (not sure the film is made much). I have one. It is a postwar Kodak Medallist 2. It has a setting on the top select knob. The portable ir lights were In use in 43' with the Vampire so night photography was possible. That may be why the option was available.. to record WW3. Operation unthinkable and the aftermath. The military probably bought the lion's share of them.
The filter is easy to remove in disposable cameras too since they are meant to be disassembled to take the film out (some). Prolly not the resolution you're looking for, but maybe for something else.

Case use could only be remote power management for a discount. But thos go on ac units and pool heaters . Not kitchen lights

I need help with my GPS cords. They are incorrect...

A meter is literally just a coupling literally like a three pronged plug so if you're completely disconnected they put a plastic cover to block the circuit joining

can we use a faraday cage to block landys en gyr signals?

hilarious, and good content, love it

So if the meter has the ability to control other relays does this mean it can control our backup generator?

tears of laughter the guy ripping Peters hack. The guys so funny he well deserves that sub from me.

thanks Hash

I li k e this guy his therapist does a great Job. So refreshing since Most youtubers are not due medicated or counselled..