Just subscribed. I'm an old electronics engineer (in my 60's) and I find what you are doing, fascinating. Back in the early days, all the microchips only had 8 legs, and I could see them all without a magnifying glass. 😁
Yea, I remember that… they also mostly had a single function and you could look at the board and figure out what it’s purpose was! Now I need a damn scanning electron microscope to figure anything out :)
That made me smile Larry, thanks. I found a RUclips, (I think), clip at one point where someone asked how big would a modern day computer be if it was built using valve technology. Whoever made the calculation used as a base model the last computer ever to be built by IBM, again I think, which used valve technology. He then used the tech data for that computer, how powerful it was and how large it was and then multiplied it up to fit the tech data of a modern super computer and the estimate finally came out at around 340 acres, fantastically unbelievable.
@@richardchurch9709 Imagine the power draw on something that size! I wonder if he factored in the massive power generation plants that would be required
@@richardchurch9709 And, besides the physical size and electrical power requirements, the thing would never be stable (or even work at all) due to the sheer distances of all the wiring, which would induce signal delay, be susceptible to noise, etc.
I work alongside energy providers. A UK industry approved electric smart meter has 3 anti tamper switches built in. It sends a signal if any tamper is detected. It also flags if the meter doesn't pole within a given time frame. When it flags up we get the job to attend and investigate.
There is literally so much to hack and so much to learn! By the time I get close to done, they will install a new system and I get to attack all over again!
The local power company swapped out my meter to a smart meter a few months ago. For over 20 years I have always consumed between 205-270 kwh per month. First bill with the smart meter was 280 kwh, second 285. Two highest months I've ever had in 22 years here! Instead of electronically attacking the meter, I just pieced together everything I need to go off grid. I'm curious what the meter will read in a few months with my main breaker turned off!
Because 2nd ver of smart allows meters to "Factor". . .they easily know load on any branch, Factor function is adjustable, causing meter to indicate anything. Instead of 1, meter may indicate 1.001, or any value. You pay for a factored reading, not actual. The excuses for doing this vary from company . . .or state.
I built free energy devices I'm telling you you just take a toll and they still charge you taxes like probably $43 a month it's ridiculous they are on top of things and a lot of times just keep charging the same amount 140 or $259.61 it was one month and it'll be almost the same the next month which is completely impossible and ridiculous the thing is look at the killer watch and you can see it's half is less that month because of the device that I have hooked up and it'll say oh well the computer didn't get it will be sending you a check
You got to look at the kilowatts on the bottom part of the bill otherwise I'll just keep charging the same amount every month which is I know they're lying they just take a toll and if you call them on it you see the kilowatts is different and it still charging the same amount here's what they say oh the computer didn't get it yet so we'll be sending you a check for all those months
This is way above my head how you work it out but interesting what you are doing, and yeah i really do think we should know what kind of data is being shared with these companies 👍🏾
Great success! I've noticed my Aussie ones have an IR IO for the meter reader, but commonly now they have a 3G or 4G modem in them. Happy to solder up something myself for you to test.
@@RECESSIM I'm an electrician and can get access to plenty of them, noticed too on those modems they're just serial rx tx from the meter so that might be another non destructive way in!
They might be entirely relying on the cellular network for any encryption and just sending raw unencrypted data via serial port. Or perhaps no encryption and just hoping no one can see... :)
I remember hearing about that technique back then but never knew how it worked in-depth. Look forward to sharing exactly how it works over the next few videos!
I remember as well. They were called Unloopers. When your card was looped, it meant the death of it in the old smart card readers. The one way to fix it was to glitch it in an unlooper. They were expensive at first, but eventually cheap and necessary. Everyone had their favorite glitch settings, it was fun.
Even though I don't use these systems unless I flip on a switch in someone's establishment. I have to say. This is the very thing that everyone should get involved in. I have several ideas in this reversed engineering concept which we could all use today. However there are not but a hand full of electrical engineers that have the honor and integrety to take on these tasks. I wish I could work with this man on projects like this. Even though my cousin is the inventor of the FIRST IC. I was never afforded training in electrical engineering, so I'm only an inventor. But.....EVERYTHING STARTS IN THE MINDS UNDERSTANDING. keep up the great work 👍 I'll be watching. Peace ,✌
@@CKILBY-zu7fq I never met Jack Kilby. I did shake hands with J Fred and Mark Shepard while they were passing thru on goodwill tours, and I got a tour of the CIC computer system in Dallas (as I recall, 127 mag tape drives, tape numbers up in the 5 digits, 4 mainframe back-to-back redundant pairs each with about 4 MB of RAM (or maybe more, not sure, but RAM was small 4 decades ago), and a truck-size hole in the centre of the floor where they had to extend down to the floor below when they ran out of space, with hundreds of big black cables running down thru the hole). I never got to see the ASC. I was in Austin the weekend the gold was stolen (wasn't me!!!) and watched cars pass by with gold badgers going to investigate. I remember the deer in the grounds wore company badges, as did the automated mail delivery robot. Due to delays, our rental car was late being returned, so National Car Rental had informed the police to watch out for it, which may have tied in with suspicions about the gold heist.
@@dakrontu wow brother. Thats awesome, so. How long did you work there.? These are the stories. So I have never been to the KILBY MUSEUM, have you been? I would like to go one day. Its so cool to chat with you. You know????? The gold went missing at the TRADE TOWER event. They claimed it was evaporated. But it impossible, otherwise the city would be covered in gold just like they coat glass. SO.... I BELIEVE WE SEE THE USE OF THAT GOLD EACH DAY THIS TYPE OF PEOPLE IN OFFICE FIND WAY MORE MONEY THEN ANYONE ELSE. So, it makes me wonder, who where why and how. PEACE BRO.✌
@@CKILBY-zu7fq 8 years. As a software developer. Us softies were always treated as leftie 5th-columnists by the hardies. It was my time in the fast lane, travelling a lot. TI, the hire'em fire'em company, was boot camp for many new engineers. If you worked there and thrived, you were sought after. One of my colleagues was the guy who got company policy changed so he could wear Bermuda shorts to work. Engineering was a seat-of-the-pants activity back then. Today it is much more formalised.
Thanks! Glad you enjoyed it. Working on the next one now to show how we control the glitch in time to go from random effects to controlled disruptions with repeatable results.
I am a magnetics and different forms of electricity specialist. I have also noted weird behavior when using some specialized transmitting equipment not even too near to computers... Yes, you are very right on your approach. ... Have you watched Ben Gurion university hacks? They also boast a lot of different types of attack possibilities. I am very interested in this reserach you are conducting as it is one of the key areas of the fabric :) . I have created self charging power sources and quite some other types of more exotic devices so I am always open to watching new avenues. This Smartmeter hacking is very tantalizing. You hit right on spot with the importance of this project. Congratulations!
The special cable you need. Is an IR input output cable. On the front right of the meter you’ll see 2 round IR diodes. One is output one input. That’s how they communicate to a laptop. It’s basically the smart meter network cable. The plastic cover normally has a triangle directly in front of the IR port. It’s what aligns and holds the programming cable to the meter. They plug in via usb to the laptop. The program sends the information @ 9600 baud and the same 16 bit data you already have created.
A bit of addition to "38911bytefree": there is no real requirement to keep the meter's firmware secret (mainly IP protection). As part of the security certification, the certifier may even get access to the source code to search for vulnerabilities. And in many cases, even the commented source code is pretty incomprehensible for the uninitiated. The main protection is that every meter has individual cryptographic keys. As smart meters are a very cost-sensitive product, all unnecessary functions are omitted (memory costs money). Often not more than an RTE such as a stripped-down ThreadX or embos. The attack surface is small, the devices use only one protocol (ANSI in the USA, DLMS in pretty much the rest of the world).
Now this has me pondering if there would be any useable benefits to employing such a method as this to automotive applications? Fascinating video sir and though, in the words of Sgt. Schultz, "I know nothing", I'll definitely be tagging along for this one. Thank you for the video!
@@saxtonhine4843 No doubt about it I agree! To some degree though we've been doing a form of it for years, it just been called "modifying". At least from an analog standpoint haha! Where I am at with it is having the ability to flash a PCM/ECU for updates instead of taking a vehicle to a stealership. Honda already offers them for free for most of their's as far as I am aware. One just needs a VAG OBD cable I reckon and a laptop and they can perform drivetrain updates on them.
You can catch up to see if they're skimming and they usually are because how could the power bill be the same amount 25169 and 251 60 next month completely impossible
I wrote software for two of these types of meters. They have two basic functions, to meter the power being used and to send it upstream to the power company. The former you can easily do without messing with the meter simply by hooking an ammeter arrangement up to (say) a Raspberry PI. You can even do that without breaking the circuit (non-contact ammeter). If you are interested in verifying your power bill is correct, that is the way to go. The other purpose would be breaking into the billing part to scam the power company. It would be a lot of work to do, and the power company can do things like tally the individual meters against the power consumption for the whole neighborhood to trace down who has broken into their meter, resulting in anything from having your power cut off to jail time.
I agree with Scott just use an amp meter and record everything that the power is being used in the dally up to see if it lines up with the bill if they're charging you
Here's something I build free energy devices that work in the first state of matter and the thing is that these devices condition the house and save electricity about probably up to 60% sometimes the deal is they're not illegal or anything and they work well and sometimes I have to call him and tell him look the kilowatts is different but why you charge me the same amount and then they say well the computer didn't catch it yet and will be sending you a check
I agree with Scott. I would just comment that most smart meters also allow the provider to Factor the meter. Pick any value you wish, ie 1.10, which would have your meter read 1100 instead of 1000. The excuses are many, from fuel adjustment to peak-vs- non-peak periods. The factor can be changed at any time, easily handled by an algorithm in the program. It can be set to gradually increase the factor as a user consumes various levels; the first 1000KWh can be at a base-rate, then factor-up for usage beyond that level. The first line of defense is "Our meters are very accurate. We constantly test to assure customer confidence in our product and service " You can feel free to change the boiler-plate verbage as you wish.
When I was growing up. I remember my mother had a friend come over and pull the power meter out and turn it upside down and plugged it back in. So we could use the crap out of the power for 2 weeks . The meter was running backwards.. Then the guy came back and pulled it out and turned it right side up and plugged it back in. So we could use the crap out of the power again. Sorry but my dad wouldn’t pay my mother child support. Why? Because they didn’t have that program back then.
First video of yours I've clicked on. Very intriguing subject. I definitely dig both the technical challenge and the phreaking. But, I'm 98% certain the current reading of the laws could put using this type of device to tamper with the truthful readings of an electric meter firmly in the illegal category... That said... Good stuff. Subscribed! 👍
98%? Ummmm 100 percent certain it’s illegal to do this to the meter one is using on their house! Anything used to defraud a utility….. well anyone really is illegal.
My interest in your pursuit is mundane but has benefits to all of us who use the services of the electric companies. While living in my mountain home in Costa Rica paying about $75.00 monthly one month it skyrocketed to $350. Thinking the decimal was erroneously positioned , I went to the GOVERNMENT electricity company( ICE) and waited to see an ICE rep. While in line two other people had a similar issue and we all allow could hear the ICEagent tell (accuse)both customers separately that THE CUSTOMER was responsible for the excessive monthly usage charge , claiming that the customer was having many lights on, cooking up excessive pork rinds, Ticos love making Chicharones, or that their was a short in their home electrical system and a few other made up contrivance!! Sadly the poor customer paid the bill. The EXACT accusations were leveled against me !! And under duress I paid my electric bill. In the few days following on a local FB page I noticed a lawyer named Mauricio , who spoke perfect English and was a Fan and could recite passages verbatim of the Classic Movie The Princess Bride,,, from San Jose, who has a rental property near the village of Ojochal was asking about anyone else incurring excessive electricity service charges!! Hmmmmmm. A random pattern was becoming Obvious! I'll cut to the chase ! I confronted the ICE agent with photos of my meter reading and asked for their recording of my meter reading and their reading was blatantly five times higher and apparently ICE was sporadically and without remorse continuing their fraud ! While THE Particular month's charge was adjusted they wouldn't lower or refund the previous months!! I began demonstrating through local community media how to combat this fraud and then ICE started intermittently cutting my power and also threatening for me to move my meter from my house to a half mile away ! The resulting cost of that possibility had me bite my tongue and coupled with their border customs immigration service agent threatening to not allow me back into ( PURA VIDA) Costa Rica I decided to sell and return to the US. Fast forward my to my new residence here in the Eastern Appachian foothills of Kentucky where I have a main cabin and an empty horse barn with one light in use and with a spot electric heater for a tool room I was being charged almost as much electricity for the barn as the main cabin which has all the normal appliances and then some. So I performed a simple test. I deliberately ran the spot heater ,1500 watts , in my barn for an hour observed the usage showing on the Smart Meter display and then ran the heater in the main cabin for an hour and the meter reading was 3 times higher that the main cabin meter reading!! So call my provider and alarmingly I notice similar condemnation of my usage as in Costa Rica. The agent said that the meter CANNOT be Manipulated or Hacked and I'm still waiting for a replacement meter and as of March 10th 2022 no replacement . The claims of replacement of the previous Analogue meters with the present Smart meters is to have customers be charged more equitably for usage during peak hours of The Day and less at night when usage is less ,, well that is BS . Are we to NOW supposed to cook clean bathe perform work tasks from 7pm till 5 am ?? I think your quest may be more beneficial than you think!! What do you think??
Thanks a lot for a very interesting comment! I've heard a number of stories like this, so I don't think you are alone. There are a lot of factors that could go into something like this, but regardless as a consumer I think it's hard to prove your case and have the power company care. They don't make money lowering people's bills or discovering issues that lead to less revenue!
Had a similar "glitch" with my power last winter, try deep-throating an $800 power bill... Here in Aus, most of our meters are being replaced, so no real choice in that matter, and my issues were on a 'normal' power plan. Switched to the "smart" plan for testing on my new place - at least they can give me some data! (The fact that there is a time chart can allow me to precisely quantify this shit) If you thought paying too much for power is crook, try getting a solar installation; after you generate more power than you consume, the utility stops counting the power (they USED to rack up a negative bill if you generated heaps, and managed to offset your usage + connection fee) And recently, they dropped the value of generated power - such that you continue to pay top dollar, maybe 40% less... It's funny seeing houses with all the kit necessary to run self-sufficiently, but doing the exact opposite!
Same thing happened to me. Notice that the News Consumer advocates will never cover this story about thieving utility companies and smart meters. They are too busy chasing Mexicans who cross the border illegally. They like coming after the poor and helpless who have no voice. But come after the big boys who steal a lot more. Nope. They stay away from that. Consumer advocates are worthless.
I build free energy devices that pull from the environment to work well they save about 60% they have no moving parts it just goes to show that the AC current wire is leaked current sideways here's the thing I have people that obtain these devices and it shows the kilowatts being half as much and they're still charging the same amount for the month and you they called them and ask them why it's still the same and kilowatts is different and they said oh the computer didn't get it yet so we're going to go ahead and send you a check for every month that was off on a map the kilowatts changed on the bill but they still were charging them the same amount every month
I have been refusing smart meters for years now. Never was I going to let something like this even near my home. Until now. Now I wanna explore these evil things. 😂
Hash, good stuff. Distributech International is in your back yard May 23-25 with every smart meter manufacturer attending - in case you're interested. 🔌
Oh thank heavens. You stil need physical access for attacks like this, so I'm fine with those. It's the potential for remote attacks that concern me most.
Precisely, if you are planning to let something live in the wild for a long time, you better also have a plan on how you address the inevitable vulnerabilities.
Amazing video, so detailed! Just curious, how do you get so much time to do such deep work on this? Are you a full-time cybersecurity analyst for smart meters or is this a personal interest/hobby?
I’ve just loved electronics, programming and reverse engineering since I was a kid. I keep trying to learn something new every day and over time it adds up. I don’t have a particular draw to smart meters other than they are a fun target with RF, microcontrollers, lack of documentation and they’re deployed everywhere for long periods of time. A fun way to do black-box attacks… Like playing Chess ♟️
Luckily I have a few meters to test on, but if one happens to wipe unexpectedly some protection or accidental activation of code could be the case like you mention.
Very interesting. My city currently does not have smart meters. The one on my place is digital but not connected to anything else and quite a few around town are the old analog ones. They are wanting to change that so they can do prepay, monthly average billing, and a few other things. I have heard that the way the digital ones figure a KWH is different than the old analog ones but have no clue. I have my own meter based off of an ESP32 running ESPHome hooked up to the main panel feeding data into HomeAssistant so it will be interesting if there is a difference from the old meter to the new ones if they are put in.
This meters have really complex SW models regarding SW separation to protect the legally relevant sections that are sensitive since they are related to billing. On the other side, you cant hide (to their systems) that the meter has been tampered with, and even when you are able to do that, you will trigger alarms on their systems, as they keep analizing and comparing anything with your historic. I suggest you read the current regulations for this kind of devices and how Utilities work. This is, nice as project, never attemp that on a real billing device. They can submit the meter to its manufacturer for audit when in doubt. And yes, THIS IS THING. It is way more recilient than you think.
Thanks for your detailed comment, I’m interested in the overall design and security as it relates to devices like this living in the wild for 10+ years. Not really interested in stealing energy, but any vulnerabilities in the design are definitely of interest.
@@RECESSIM I know it is not you point of interest but probably some viewer could find this "useful" LOL. Sure they have vulnerabilities ... But even if you get the code, you wont find nothing interesting on it ... believe me. The metering part could be derived from some app note (or not), but ussually full of intricate stuff, with parts in ASM, digital filters etc. The application section ... you need to understand how a multi rate meter works, rate scheduling, profiles for Energy, RMS, billing, tons of logs, alarma controls, demand control ... and when you get into the protocol part, you will fell asleep if the meter is intended to be sell in Europe ... its implementation is probably as complex as a TCP / IP stack but useless outside this industry. This protocol models a generic device with n generic objects, implementes a number of logical servers ..... BORING AS HELL. It goal was to be "interoperable" ... LOL. If meters is intended to US market, probably still dealing with old ANSI legacy stuff ... but still pretty criptic since is table based mostly works under base addr + length read and writes. If you dont have the dictonary ... good luck.
@@billynomates920 Across the years analitics have been taken an important place. The solution that manage the Smart meter on field, is actually a suite of services, with different modules you can pay extra for. And one of their modules is Non Technical losses (basically .... fraud detection). 20 years ago, the meter was the money keeper ... a little "safe". Today they keep polling the meters so the dont need to rely on the meter as a "safe" anymore. More like and audit / telemtry device IMHO. Metering part can be very complex (avawy from calculations) but security, networking, data transport, protocols are probably more bigger and complex thant metering part itself. It is like a GPRS / PLC / ETH with Metering LOL. Some meter act as gateways or repeaters, helping to build up the network. It is a network device.
If he can gather the software for the specific meter he has… then he can always delete any tamper triggers. Shit… he can even change the Ratio at which he is charged to like… .10:1 for every dial increment rather than 10:1 😂 but… idk.
first time watcher.. you just showed up in my list of things to watch. Love this.. Ive used voltage glitching before, I have actually seen it done purposely by a manufacturer to prevent someone from using a generic version of a device in place of their proprietary.. send a voltage "glitch" and if the processor didnt behave as they expected they assumed it was a virgin device.. ive never messed with smart meters.. my area mostly is in messing with the chinese Air conditioners (mini splits).. to make them do what i want .. they also use Atmel micros.. so ill be interested in watching more vids to see how you spring these devices open
Thanks! That's interesting they used glitching as a way to check for an authentic device. What sort of device was this? High dollar specialized equipment or consumer grade? Playing with glitching tools has always been interesting to me, nice to make some videos to focus the learning a bit. Glad you enjoyed it.
@@RECESSIM High dollar.. it was a Voicemail system back in the late 90s.. the Voice processing cards were sold by the manufsacturer in generic form that anyone could buy.. the particuar voicemail company wanted you to buy their OEM named card which was 3X the price.. since the interwebs were new and everyone pirated everything.. the Special firmware was easy to get and field load.. so they turned to hardware.. they actually separated 2 of the Power supply pins.. or should I say they "burnt one out" and the chip would still work except for a certain function.. so the voicemail system called on that function.. if that function succeeded they new the board was generic even if the proprietary firmware was loaded.. most people gave up when the board didnt work out of the box.. a few more tried the firmware.. but only a few went further to dig.. wow if we only had today's debugging tools back then!!
@@eldoradoboy Wow! Yea, very interesting. Equipment like Smart Meters and other stuff with a long life in the field is very interesting to me for that exact reason. The tools to attack are progressing at a rapid pace, but the equipment in the field is still using yesterdays technology that becomes more vulnerable every day.
@@RECESSIM a lot of devices are built with a probable impact of breach engineering.. exploiting a smart meter and cracking the hashes related to turning on or off the power to the building has a High impact.. but hacking the meter with the intention of reduced cost electricity has a low impact.. the power company profiling is designed and getting better at detecting pattern changes in usage.. if they come to your house and determine the meter is "bad" ie recording 10% less than actual usage, then they replace it.. and expect to see an increase of 10% over prior profiles.. smart meters are pretty well protected against physical access since you get heavily fined by the power company if you cut the tag-lock and pull the meter.. in that case as a manufacturer you would design for highly secure comms but not necessarily so much against physical breach.. so if it can be hacked and firmware replaced OTA thats a HUGE vulnerability.. but if you have to open it up and JTAG it.. thats a non issue in the real world..
@@eldoradoboy Agree completely, getting the firmware is just to enable debug mode on a meter I control and to search for OTA vulnerabilities as you mention.
Ive been curious about these smart meters and wondering if there was even a way to read my usage and compare it to my IOTaWATT. This is really cool and takes that idea to the next level. Subbed!
Glanced past your channel and it seems like you're more interested in the meter boards when all the juicy attack surface is on the multiple AMI chip vendors. FYI, what you're examining is simply the board that provides basic volt/amp/angle/phase info to the meter. Every single manufacturer has multiple RF/PLC chips that go into their meters. But I would hope you know that. For instance, that Landis & Gyr meter you show has no less than 20 companies making AMI chips for it. If you want to attack one, start with it's modulation interface which is always handled by the AMI vendor. You wanna reset your meter? Change the read? Disconnect/reconnect? Change the MAC address? Date/time? Intercept interval usage? Set outage notification? Voltage notifiers? Temperature? Tamper indication? All handled by the vendor chip.
You can share the ' spec sheet ' of the firmware. Do some research of the BIOS wars and how cloned BIOS was done legally. They had 2 teams, first dug in the code and created a list of data points, pointers ( with different names than the original ) and basically a ' spec sheet ' of what it did, the second team took the data, a motherboard with no ROM and made their own. The ' team two ' aspect would be the rest of the world. It's still considered Case Law in the USA, just ask AMI Bios.
Copyright law in the USA allows reverse engineering of software for the purpose of learning how it functions/behaves and to interface some new software with with the old software. So basically only the original code cannot be duplicated, but the API is fair game, and you can distribute a bit of foss (written from scratch) to access that api.
Yes that is what is known as cleanrooming, typically you would also have the companies patent lawyers looking over everything sent from the analysis team to the design team too. That is to say checking to make sure nothing slips though that would contaminate the new product, you don't want things slipping though that read like a paraphrasing of the competitors patent claims on one of the parts for example. So they are usually involved to make sure nobody opens the whole thing up to liability by being a little too on the nose with their documentation.
Hell yeah. Thats what I'm saying, but we will never see this type of Independence because we are out numbered by the other part of society that are the very reason why this garbage still exists. Peace ,✌
The reason channel's like this are allowed is because it's a great way for various intelligence agencies to crowd source possible fixes for vulnerabilities, for free. I'm not saying that it's a bad thing, necessarily. Bcause at least everybody still gets to learn things they didn't already know. I'm just letting people know why certain subjects, that you'd think would've already been forbidden years ago, are allowed to stay on big platforms. These big platforms aren't just "being nice." But hey, I like learning new things, too.
I would love to see the results of a complete reverse engineering of one of these damnable devices and how they are used to work with smart devices in our homes against us. This IOT technology is taking our privacy away!
damnable devices 😄 luis rossman was going on about an iot microwave. seriously. i've got two dials on my microwave. one i never use. what devilment do they pack in there? *on. cook!*
@@billynomates920 , I will not have a microwave or a TV in my house anymore. I owned a consumer electronic repair shop for many years and understand the nefarious intentions behind the new technology, I just havent studied the engineering behind the newer devices.
Not sure about your particular meter, but most smart meters don't talk to your network or your smart devices. They can, however, "listen" to your loads and try to guess what they are.
if you tamper with a meter, that’s theft of service. Your service will be turned off. When they catch you, you will have to pay a large deposit and a large fee and pay for the meter. You have tampered with to be replaced. after of year of behaving yourself, you will get all your money back with interest. I am retired from an electric utility company, and I worked in the field, doing investigations as well as other duties when people would move in, or move out, needed their final bill, or a beginning bill, or if they have not paid, I was sent out to turn the service off. When they paid a reconnect fee and a deposit and their entire balance., they would send me out to reconnect the service. I can’t begin to count how many theft of service situation’s I encountered . hundreds Sure there’s lots of ways People can bypass the meter... but don’t get caught… just a simple decline in your average bill year to year will trigger an investigation.. but just consider this. Would you be better off without electricity service at all?
do these run an interface on a handset that accepts commands like an ip camera?(does it have a webserver for meter readers to use the handset?) sometimes those commands are passed as system and you can make it do interesting things like keep cycling a reboot until it goes to a debug mode where you can pull the entire file directory all firmware and drivers
How long before you hear in the news *"...today, a man was charged with fraud after an energy company discovered an Arduino wired into his smart meter..."*
I do get some interesting requests to “analyze” different smart meters… But not interested in circumventing payments, everyone has to pay their fair share in a functioning society.
@@RECESSIM You may not be interested in committing fraud, but this work will make it easier for people with dodgy morals to do so. This is not a smart move!
@@debugstore It’s the cycle of life, systems become vulnerable to more and more attacks which drives better design. No external forces, no improvement. Cellular phones are WAY more secure precisely because the initial systems were not at all and people exploited them. They would still be insecure if they weren’t attacked and those vulnerabilities shown to the public.
@@RECESSIM You are looking at a very narrow interpretation of what you are doing. I get that reversing engineering is fun but it can have adverse consequences. I know one company that went bust because its brilliant product was reverse engineering in China and the market was flooded by clones. So some customers had cheap knock-offs but the person who spend months developing the product lost his business. Is that fair?
@@debugstore That’s capitalism, whether it’s China or his neighbor if someone can make it cheaper without the consumer telling a difference they buy the cheaper item. For the history of time you could buy something, take it apart, understand it and replicate it. It’s been less than 75 years that software was even a thing, and only in the last 30-40 years that we started to protect it and make it illegal to look at or share certain parts of products. What’s happened in that timeframe? Massive disparity in wealth and control by large organizations. Feels like we should be pushing back, no?
this reminds me of the blizzard lawsuit against the "glider" bot company. blizzard (world of warcraft, back when it was the biggest online game) couldnt get the company that sold the most popular bot "Glider" to stop selling its software. the program Glider was sophisticated enough to trick blizzards industry leading cheat surveillance shadow program (called sheriff? i think). Eventually blizzard was able to bankrupt the company by getting a copyright lawsuit ruling in a lower court against the small botting company, on the basis that the way Glider operated via "injection" or something. Essentially Glider required duplicating the world of warcraft game client script and then injected itself into it on the client side such that the anticheating surveillance program sheriff recognized it as self/native and went on undetected. This all sounds so similar and im no expert on copyright law but i bet this is one of the few cases that established precedence here in what youre talking about. going to subscribe and see where youre projects end up. thanks for uploading. what i wanted to know is because blizzard had to run the Glider script inorder to figure out how it was working, didnt they too commit some kind of copyright infringement by coppying the new injected programing language on their own pc's? and therefore they likely had to break the same copyright rules they accused glider of breaking rofl.
Really like your videos, thanks for uploading them. Is their any chance that I could get a copy of your C code and python script that you used just for my own interest. Also the chip whisperer you used. Is that the CW 1173 lite version or some other ?
Correct, it’s the CW-lite. Happy to share any code, find me in discord or send me an email. The Glitchy app I have on GitHub might also be what you can use now. github.com/BitBangingBytes/Glitchy
Well I'm very excited to have ran into your channel ,your the kinda guy I personally love to learn from,and one like myself that may decide to go beyond the limits ,well you know? So anyway I'm looking forward to bumping brain cells together on this journey,and hopefully we will come up with some interesting ideas on how things work
Landis+Gyr and a LOT of utilities use them, in Dallas Oncor and CoServ. You can search for BitBangingBytes on GitHub and see the gr-smart_meters code which lists a few utilities people have confirmed.
Great work, You have invested many hours! Do You have any idea on how people inject a frecuency thru a capacitor yo isiste from the 220 volts backwards tord the meter, I meen from inside a house and it confuses the meters sensor? Cheers from SOUTH AMÉRICA
@@RECESSIM I'm jealous of your faraday cage with gloves and viewing window. Tots cool. I think I'd like to eventually test a whole multinode mesh with a gateway which will need a little more space. ya know... get the full experience.
@@awesomedee5421 Absolutely! If you put some connectors on the side you can run large devices externally and just cable their antenna's into the box. Then run smaller devices inside the cage. Adding attenuators on the devices with antenna connections help to drop power too.
Hi, I'm in my early 50's right now, & when I was In my early teen's I had a family member, who Lived out in the country" he always use to steal Electricity, from the power, lines" when they cut his power, for not paying his bill,. 😂 😆 LOL I Really don't want to go into great detail About him, or his wife & kids. But, he has Long Since Passed away. Now, I remember one time, way-back when I was around 13 or 14 year's old, I went to visit with my cousin, who had a car & driving license..... I noticed that his meter was missing off the side of the house and the socket where the meter went had a glass or dark round window even with the metal front of the box where the meter went.... So, I told, that. " Hey" blank, I think someone took you're meter, From the box.!!! He, laughed, & told me, " Nah, I don't have a meter.!! He told us, ( Me & my cousin ) as he scooted, forward' in his old "winged back easy chiar" it set in front of A over Sized fire place, That he use to set - in & tell us- kids, made - up scary storeys. I just blurted out why not,?? Before I caught myself, He said, oh, me & the power company, don't get along".!! But then he, told me & my cousin" come on" I wanna show you something.!! And, we got up, & proceeded to follow him, as He went outside and towards the empty meter box. Dang, my cousin said, as the box, was opened, & he said, look at this,!! It was two wires, about ( AWG12 GAUGE HOUSE WIRE) That had ( L ) shaped wire's that was RAW" ON BOTH ENDS, THE installation was cut off the ends where they were bent, in an ( L ) shape on both ends of The wire's & had, installation on both, of'em in the Middle. So, as to be able to reach in & handle, them with out getting, hit with the full Force of the power from the main line. The one thing I remember clearly" is that the Two wires were, stuck into, the prong's where the meter went, But, Both wire's was ( CRISS CROSSED )!!! LIKE, AN ( X ) SHAPE.!! I stood There, staring at the box where the two Wire's was CRISS CROSSED, in it.!! But, finally I spoke-up, & asked: WHY ARE THEY CRISS CROSSED.?? He said" oh, SO" THAT IT DON'T PICK, ON ANY KINDA LEAKS IN THE LINE.... SO, WE WENT BACK IN & TALKED SOME MORE. THEN WHEN WE GOT READY TO GO" HE TOLD US" BOTH, " NOW, YOU BOY'S, DO - NOT, TELL NO ONE ABOUT WHAT YOU SAW, TODAY. WE PROMISED WE WOULDN'T, & WENT ON ABOUT OUR BUSINESS.... This is the first time I've ever told this. He did it for years, he had a pit - Bull dog, named "Rocky" and he used to Let him run loose, sometimes they would have a meter, reader, to pull in, & try to see if anything was, in the box, LOL" BUT they never, GOT OUT OF THERE, TRUCK" BECAUSE, Rocky would lay, down, between the truck & the house, And sometimes, he would jump, up into, the back of There truck ...... I laughed so hard, when he told-us, that junk..... Anyway" I'm not sure if He was ever caught., But I don't think he ever did........ Good luck with your project.
Companies are manipulate the meters. Does anyone consider that smart meter allows the power company to speed up your meter! That is why alot of people are saying the smart meters are reading more or faster.
@Recessim Why don;t use quarz lighter trick? Should be working like to other electronic device? Remove quarz from a lighter, then engage electric arc from quartz near lcd side. You must find in which side. Electronics must enter to a glitch and freeze. Try that for a new video.
That's a cool idea, I have seen that method and also EMP using some other tools NewAE make. As for the first one, to trigger a glitch at a very specific time like I will need to do in order to dump the firmware I think the lighter method would be hard. I would need a way to reliably generate that spark at a specific microsecond after booting which isn't possible I think. But for general glitching I think it could work.
Ok so how many people watched this looking for a way to not have to pay a power bill and/or turn their power back on after it was cut for nonpayment of a bill... But hey peep this out: I pay my "Open Source" bills "For Educational Purposes Only" when they are due so I can keep my "Glitched" power on.
I have been able to receive and decode the transmissions of these smart meters using a device that is readily available. It's based on a SDR. Do you have specific frequencies that they use because looking at some of the data sheets of these meters they can be interrogated over radio frequencies. They may be programmable over radio too. The smart meter that was installed by the electric company in my house was done by some stupid woman that just killed the power to my house without even a warning. The next thing I hear is a banging noise as she is hammering on the old meter to get it free. I'm annoyed that the electric company can just come onto my property and install a radio transmitter without notification of any kind.
These meters by Landis+Gyr don’t work with the existing SDR tools to read meters. Working on some tools of my own though on GitHub. They operate in the 915MHz ISM band. 73
@@RECESSIM Don't hold your breath. For privacy reasons, there is the regulatory requirement that all consumption data must be encrypted. And for security reasons, commands to the meter are signed or MACed.
It is very annoying that smart meters report logging data back to base but not locally (although they do send data to the local display, so maybe one ca get useful local logging that way?) I just want logging data from my own meters. Doesn't seem unreasonable, but so far as I know is not provided.
This depends on your country and power supplier. For example, in the Netherlands, smart meters have a serial port (called "P1") that spits out the measurements every second. The UK has the option for a Zigbee-connected in-home display.
I work in the manufacturing of this "smart meters". The good thing about this type of meters was that the utility company didn't need to send meter reader employees.
@@KB1UIF In my country they are now working in administrative and some were reassigned in the municipalities. I don't know what the US do with your displacement workers. This type of meters were made to be the only utility meter needed in a house. It can measure water and gas consumption and send the information to the utility company.
Bud I like your hacking style here on the meter but the easiest way that iv "heard" it's done to bypass the smart meter is just remove it from the service pedal cabinet and place 2 copper shunt jumpers in its place and tahaahdahh!!🎉🎉 heres your power back on with no issues. 😂😂❤ it's truly that easy but you have to be very sure you know what your doing when very carefully placing those jumper stunts.
Here's a question with a problem this video would address... My water meter is wireless and 'read' by the water company from a truck that parks across the street. Ironically, or not so much, my water minimimal water draw is usually almost exactly the same every month... but 2-4 months for the past few years the meter 'reads' almost twice or more water randomly some months... there's NOTHING that draws an extra 1000-2000 gallons a month possible around here.. not even a dishwasher or clothes washer. My theory is the guy is occasionally reading the house across the street with a family of 5 that easily uses the spiked amounts I randomly see. They say nope, that's your water bill but it's not possible to randomly change like that over the past few years. They already made a $500 error misreading 1 first number a few years ago i had to fight to reconcile, them always telling me i'm wrong... but they found my old meter and a pic of it, and I was right about a 1,000 gallon over charge. So... I bet here is where we can figure out if they guy is getting 'mixed signals' from the wireless meters, or it's the mixed signals in their head I have to straighten out once and for all. You have your mission. What say you all?
I have a couple water meters I took apart, but crossed signals doesn’t seem likely. They probably transmit a serial number followed by your reading. The ones I have show the reeding with an analog odometer looking display. I would check to see if that matches your bill. If so, perhaps you have a problem pipe or something else causing water loss. If not, then perhaps it’s the meter, but I wouldn’t jump to that as the first thing.
why can't you accept funds directly? There's nothing illegal about that... Because if you're worried about legality, then you should understand that even your open source software is illegal under the reverse engineering clause of the DMCA
Can't think of any other...Only reason why would anyone want to do this is to be able change your bills which is illegal but also very ethical at same time considering how prices going up ...😜
So it seems like you're doing some kind of trial-and-error "brute-force" attack on the processor chip by spiking voltages with various specific input patterns and seeing how it responds. But my question is, how is that supposed to help you retrieve the full firmware on that chip exactly? Seems more likely/plausible that you'll just be interrupting normal operation with some "glitches" as you put it (which is more likely to hang/freeze the program or cause it to malfunction, surely?) - I don't see how this could actually be beneficial in a practical sense. It could take years and years of tampering and still come out with nothing, wasting all that time - right? So could you summarize the objective as follows: glitch the chip in the HOPE that by some stroke of sheer luck, the security bit be misread by the processor for enough duration that it thinks its not protected and then you can start reading the firmware with an SPI/JTAG interface? It just seems a bit far fetched that you could obtain any useful information from the chip simply by fluctuating supply voltages? What am I missing? :) This almost seems like "hollywood worthy" sci-fi fiction, lol. But respect to you for the patience to do this type of work where it may seem like you're "working in the dark" until those waveforms on the scope start to make any real sense
It's a useful method used by many people to unlock these processors. A great video to see it in action and it's explained for the most part here: ruclips.net/video/dT9y-KQbqi4/видео.html
I'm not sure what OP is going to try to do exactly, but sometimes the aim is to attempt a normal read of the internal firmware from the programming pins and just glitch out the hardware check that the code protect fuse is blown. Other possibilities are finding a timing where an address is set up to send some data externally from flash, and just keep screwing up the address over and over until it sends out something of interest. For example, if the device sends a startup message from Flash when it first boots up, that could be a prime target because the timing of it is easily accessible (it's happening in early startup, and likely the timing is identical run to run). This sort of attack gets much easier once you gain access to some of the code where you can control when it executes and then control the glitch timing against it. Like, that's to say, if you had the whole program listing in front of you, you could look through and find something interesting and say "oh, here's part where the diagnostic mode enable bit is checked, if I can convince it it's in diagnostic mode, I can just send these external commands to get control", etc. Obviously you don't have the full program listing, but if you can get a glitch to send you a part of code with something interesting in it, maybe that's enough to make more progress.
Just subscribed.
I'm an old electronics engineer (in my 60's) and I find what you are doing, fascinating.
Back in the early days, all the microchips only had 8 legs, and I could see them all without a magnifying glass. 😁
Yea, I remember that… they also mostly had a single function and you could look at the board and figure out what it’s purpose was! Now I need a damn scanning electron microscope to figure anything out :)
That made me smile Larry, thanks. I found a RUclips, (I think), clip at one point where someone asked how big would a modern day computer be if it was built using valve technology. Whoever made the calculation used as a base model the last computer ever to be built by IBM, again I think, which used valve technology. He then used the tech data for that computer, how powerful it was and how large it was and then multiplied it up to fit the tech data of a modern super computer and the estimate finally came out at around 340 acres, fantastically unbelievable.
@@richardchurch9709 Imagine the power draw on something that size! I wonder if he factored in the massive power generation plants that would be required
@@AndrewAHayes The mind boggles Andy.
@@richardchurch9709 And, besides the physical size and electrical power requirements, the thing would never be stable (or even work at all) due to the sheer distances of all the wiring, which would induce signal delay, be susceptible to noise, etc.
I work alongside energy providers. A UK industry approved electric smart meter has 3 anti tamper switches built in. It sends a signal if any tamper is detected. It also flags if the meter doesn't pole within a given time frame. When it flags up we get the job to attend and investigate.
I love how far this is going! I can't wait to see the final steps one day!
There is literally so much to hack and so much to learn! By the time I get close to done, they will install a new system and I get to attack all over again!
You need at Btc wallet address on your page....
The local power company swapped out my meter to a smart meter a few months ago. For over 20 years I have always consumed between 205-270 kwh per month. First bill with the smart meter was 280 kwh, second 285. Two highest months I've ever had in 22 years here! Instead of electronically attacking the meter, I just pieced together everything I need to go off grid. I'm curious what the meter will read in a few months with my main breaker turned off!
Because 2nd ver of smart allows meters to "Factor". . .they easily know load on any branch, Factor function is adjustable, causing meter to indicate anything. Instead of 1, meter may indicate 1.001, or any value. You pay for a factored reading, not actual. The excuses for doing this vary from company . . .or state.
@@jsunit5354 Clearly I've been factored and fu@ked!
I built free energy devices I'm telling you you just take a toll and they still charge you taxes like probably $43 a month it's ridiculous they are on top of things and a lot of times just keep charging the same amount 140 or $259.61 it was one month and it'll be almost the same the next month which is completely impossible and ridiculous the thing is look at the killer watch and you can see it's half is less that month because of the device that I have hooked up and it'll say oh well the computer didn't get it will be sending you a check
You got to look at the kilowatts on the bottom part of the bill otherwise I'll just keep charging the same amount every month which is I know they're lying they just take a toll and if you call them on it you see the kilowatts is different and it still charging the same amount here's what they say oh the computer didn't get it yet so we'll be sending you a check for all those months
Electronic meters and electromechanical meters react differently on distorted currents, for example from a SMPS.
I have friends working on smart meter head-end APIs here in New Zealand who are quite interested in your vids funnily enough ;) Thanks for sharing!
We’ll ALL be looking at firmware soon… 😀
This is way above my head how you work it out but interesting what you are doing, and yeah i really do think we should know what kind of data is being shared with these companies 👍🏾
Great success! I've noticed my Aussie ones have an IR IO for the meter reader, but commonly now they have a 3G or 4G modem in them. Happy to solder up something myself for you to test.
Look forward to buying some meters used in other countries as well
@@RECESSIM I'm an electrician and can get access to plenty of them, noticed too on those modems they're just serial rx tx from the meter so that might be another non destructive way in!
They might be entirely relying on the cellular network for any encryption and just sending raw unencrypted data via serial port. Or perhaps no encryption and just hoping no one can see... :)
@@RECESSIM Modern meters do the encryption on the application level. You cannot trust the mobile network operator to do it.
@@WimTon The question is what’s deployed in the field, modern anything always fix the sins of the past.
I remember glitching from the days when I glitched DTV cards! very cool.
I remember hearing about that technique back then but never knew how it worked in-depth. Look forward to sharing exactly how it works over the next few videos!
Those were the Good Ole Days, the cat & mouse game was epic..
@@mrreddog agree!
I remember as well. They were called Unloopers. When your card was looped, it meant the death of it in the old smart card readers. The one way to fix it was to glitch it in an unlooper. They were expensive at first, but eventually cheap and necessary. Everyone had their favorite glitch settings, it was fun.
@@x1xBryanx1x exactly! they got good at that
Even though I don't use these systems unless I flip on a switch in someone's establishment.
I have to say. This is the very thing that everyone should get involved in.
I have several ideas in this reversed engineering concept which we could all use today.
However there are not but a hand full of electrical engineers that have the honor and integrety to take on these tasks.
I wish I could work with this man on projects like this.
Even though my cousin is the inventor of the FIRST IC. I was never afforded training in electrical engineering, so I'm only an inventor.
But.....EVERYTHING STARTS IN THE MINDS UNDERSTANDING.
keep up the great work 👍
I'll be watching. Peace ,✌
Wow, you are related to Jack Kilby?
@@dakrontu
Yes sir. He was my cousin.
Peace ,✌
@@CKILBY-zu7fq I never met Jack Kilby. I did shake hands with J Fred and Mark Shepard while they were passing thru on goodwill tours, and I got a tour of the CIC computer system in Dallas (as I recall, 127 mag tape drives, tape numbers up in the 5 digits, 4 mainframe back-to-back redundant pairs each with about 4 MB of RAM (or maybe more, not sure, but RAM was small 4 decades ago), and a truck-size hole in the centre of the floor where they had to extend down to the floor below when they ran out of space, with hundreds of big black cables running down thru the hole). I never got to see the ASC. I was in Austin the weekend the gold was stolen (wasn't me!!!) and watched cars pass by with gold badgers going to investigate. I remember the deer in the grounds wore company badges, as did the automated mail delivery robot. Due to delays, our rental car was late being returned, so National Car Rental had informed the police to watch out for it, which may have tied in with suspicions about the gold heist.
@@dakrontu
wow brother. Thats awesome, so. How long did you work there.?
These are the stories.
So I have never been to the KILBY MUSEUM, have you been?
I would like to go one day.
Its so cool to chat with you.
You know?????
The gold went missing at the TRADE TOWER event.
They claimed it was evaporated.
But it impossible, otherwise the city would be covered in gold just like they coat glass.
SO.... I BELIEVE WE SEE THE USE OF THAT GOLD EACH DAY THIS TYPE OF PEOPLE IN OFFICE FIND WAY MORE MONEY THEN ANYONE ELSE.
So, it makes me wonder, who where why and how.
PEACE BRO.✌
@@CKILBY-zu7fq 8 years. As a software developer. Us softies were always treated as leftie 5th-columnists by the hardies. It was my time in the fast lane, travelling a lot. TI, the hire'em fire'em company, was boot camp for many new engineers. If you worked there and thrived, you were sought after. One of my colleagues was the guy who got company policy changed so he could wear Bermuda shorts to work. Engineering was a seat-of-the-pants activity back then. Today it is much more formalised.
Awesome explanation! Thanks for sharing your learnings with us!
Thanks! Glad you enjoyed it. Working on the next one now to show how we control the glitch in time to go from random effects to controlled disruptions with repeatable results.
Nice work fella. Keep on a working with 0's and 1's for total control.
Appreciate that! Only 10 type of people in this world, those who understand binary and those who don’t get this joke! 😀
@@RECESSIM Right on binary brother. That is what control's literally the world right now. v
Very cool. Having read Colin O'Flynn's new book, I'm looking forward to seeing you put some of those techniques to work. Good luck!
I really enjoyed that book as well, definitely worth the money to see state of the art attacks documented well.
Great progress on this. Can't wait to see what happens next :)
Me too! :)
your process reveals a ton of info, thank you
I am a magnetics and different forms of electricity specialist. I have also noted weird behavior when using some specialized transmitting equipment not even too near to computers... Yes, you are very right on your approach. ... Have you watched Ben Gurion university hacks? They also boast a lot of different types of attack possibilities. I am very interested in this reserach you are conducting as it is one of the key areas of the fabric :) . I have created self charging power sources and quite some other types of more exotic devices so I am always open to watching new avenues. This Smartmeter hacking is very tantalizing. You hit right on spot with the importance of this project. Congratulations!
The special cable you need. Is an IR input output cable. On the front right of the meter you’ll see 2 round IR diodes. One is output one input. That’s how they communicate to a laptop. It’s basically the smart meter network cable. The plastic cover normally has a triangle directly in front of the IR port. It’s what aligns and holds the programming cable to the meter. They plug in via usb to the laptop. The program sends the information @ 9600 baud and the same 16 bit data you already have created.
There is a guy who did a similar technique to break into a bit coin wallet, did you see that video?
Joe Grand? Yea, great video!
Yeah crypto is not as safe as it is supposed.
A bit of addition to "38911bytefree": there is no real requirement to keep the meter's firmware secret (mainly IP protection). As part of the security certification, the certifier may even get access to the source code to search for vulnerabilities. And in many cases, even the commented source code is pretty incomprehensible for the uninitiated.
The main protection is that every meter has individual cryptographic keys.
As smart meters are a very cost-sensitive product, all unnecessary functions are omitted (memory costs money). Often not more than an RTE such as a stripped-down ThreadX or embos. The attack surface is small, the devices use only one protocol (ANSI in the USA, DLMS in pretty much the rest of the world).
Now this has me pondering if there would be any useable benefits to employing such a method as this to automotive applications? Fascinating video sir and though, in the words of Sgt. Schultz, "I know nothing", I'll definitely be tagging along for this one. Thank you for the video!
Hacking our cars to unlock features we didn't pay for but are in it anyways is 100% the future
@@saxtonhine4843 No doubt about it I agree! To some degree though we've been doing a form of it for years, it just been called "modifying". At least from an analog standpoint haha! Where I am at with it is having the ability to flash a PCM/ECU for updates instead of taking a vehicle to a stealership. Honda already offers them for free for most of their's as far as I am aware. One just needs a VAG OBD cable I reckon and a laptop and they can perform drivetrain updates on them.
@@betterthannotgoodmtb Same with toyota ;)
You can catch up to see if they're skimming and they usually are because how could the power bill be the same amount 25169 and 251 60 next month completely impossible
My man! Excellent clip from Sneakers!
Love that movie!
I wrote software for two of these types of meters. They have two basic functions, to meter the power being used and to send it upstream to the power company. The former you can easily do without messing with the meter simply by hooking an ammeter arrangement up to (say) a Raspberry PI. You can even do that without breaking the circuit (non-contact ammeter). If you are interested in verifying your power bill is correct, that is the way to go.
The other purpose would be breaking into the billing part to scam the power company. It would be a lot of work to do, and the power company can do things like tally the individual meters against the power consumption for the whole neighborhood to trace down who has broken into their meter, resulting in anything from having your power cut off to jail time.
I agree with Scott just use an amp meter and record everything that the power is being used in the dally up to see if it lines up with the bill if they're charging you
Here's something I build free energy devices that work in the first state of matter and the thing is that these devices condition the house and save electricity about probably up to 60% sometimes the deal is they're not illegal or anything and they work well and sometimes I have to call him and tell him look the kilowatts is different but why you charge me the same amount and then they say well the computer didn't catch it yet and will be sending you a check
I agree with Scott. I would just comment that most smart meters also allow the provider to Factor the meter. Pick any value you wish, ie 1.10, which would have your meter read 1100 instead of 1000. The excuses are many, from fuel adjustment to peak-vs- non-peak periods. The factor can be changed at any time, easily handled by an algorithm in the program. It can be set to gradually increase the factor as a user consumes various levels; the first 1000KWh can be at a base-rate, then factor-up for usage beyond that level.
The first line of defense is "Our meters are very accurate. We constantly test to assure customer confidence in our product and service "
You can feel free to change the boiler-plate verbage as you wish.
When I was growing up. I remember my mother had a friend come over and pull the power meter out and turn it upside down and plugged it back in. So we could use the crap out of the power for 2 weeks . The meter was running backwards.. Then the guy came back and pulled it out and turned it right side up and plugged it back in. So we could use the crap out of the power again. Sorry but my dad wouldn’t pay my mother child support. Why? Because they didn’t have that program back then.
0:29 - Anybody remember how to defeat an electronic keypad from the 90s ?
- Don't even joke about that Martin, those things are impossible...
X'D
First video of yours I've clicked on. Very intriguing subject. I definitely dig both the technical challenge and the phreaking. But, I'm 98% certain the current reading of the laws could put using this type of device to tamper with the truthful readings of an electric meter firmly in the illegal category... That said... Good stuff. Subscribed! 👍
98%? Ummmm 100 percent certain it’s illegal to do this to the meter one is using on their house! Anything used to defraud a utility….. well anyone really is illegal.
No idea where this is gonna take you but I had to subscribe. Too damn cool!
My interest in your pursuit is mundane but has benefits to all of us who use the services of the electric companies.
While living in my mountain home in Costa Rica paying about $75.00 monthly one month it skyrocketed to $350. Thinking the decimal was erroneously positioned , I went to the GOVERNMENT electricity company( ICE) and waited to see an ICE rep. While in line two other people had a similar issue and we all allow could hear the ICEagent tell (accuse)both customers separately that THE CUSTOMER was responsible for the excessive monthly usage charge , claiming that the customer was having many lights on, cooking up excessive pork rinds, Ticos love making Chicharones, or that their was a short in their home electrical system and a few other made up contrivance!! Sadly the poor customer paid the bill. The EXACT accusations were leveled against me !! And under duress I paid my electric bill.
In the few days following on a local FB page I noticed a lawyer named Mauricio , who spoke perfect English and was a Fan and could recite passages verbatim of the Classic Movie
The Princess Bride,,, from San Jose, who has a rental property near the village of Ojochal was asking about anyone else incurring excessive electricity service charges!! Hmmmmmm. A random pattern was becoming Obvious! I'll cut to the chase ! I confronted the ICE agent with photos of my meter reading and asked for their recording of my meter reading and their reading was blatantly five times higher and apparently ICE was sporadically and without remorse continuing their fraud ! While THE Particular month's charge was adjusted they wouldn't lower or refund the previous months!!
I began demonstrating through local community media how to combat this fraud and then ICE started intermittently cutting my power and also threatening for me to move my meter from my house to a half mile away ! The resulting cost of that possibility had me bite my tongue and coupled with their border customs immigration service agent threatening to not allow me back into ( PURA VIDA) Costa Rica I decided to sell and return to the US.
Fast forward my to my new residence here in the Eastern Appachian foothills of Kentucky where I have a main cabin and an empty horse barn with one light in use and with a spot electric heater for a tool room I was being charged almost as much electricity for the barn as the main cabin which has all the normal appliances and then some.
So I performed a simple test. I deliberately ran the spot heater ,1500 watts , in my barn for an hour observed the usage showing on the Smart Meter display and then ran the heater in the main cabin for an hour and the meter reading was 3 times higher that the main cabin meter reading!!
So call my provider and alarmingly I notice similar condemnation of my usage as in Costa Rica. The agent said that the meter CANNOT be Manipulated or Hacked and I'm still waiting for a replacement meter and as of March 10th 2022 no replacement .
The claims of replacement of the previous Analogue meters with the present Smart meters is to have customers be charged more equitably for usage during peak hours of The Day and less at night when usage is less ,, well that is BS . Are we to NOW supposed to cook clean bathe perform work tasks from 7pm till 5 am ??
I think your quest may be more beneficial than you think!!
What do you think??
Thanks a lot for a very interesting comment! I've heard a number of stories like this, so I don't think you are alone. There are a lot of factors that could go into something like this, but regardless as a consumer I think it's hard to prove your case and have the power company care. They don't make money lowering people's bills or discovering issues that lead to less revenue!
@@RECESSIM Bypass the meter, "They steal from you , So you steal from them"
Some electricians would have no problem helping you.
Had a similar "glitch" with my power last winter, try deep-throating an $800 power bill...
Here in Aus, most of our meters are being replaced, so no real choice in that matter, and my issues were on a 'normal' power plan. Switched to the "smart" plan for testing on my new place - at least they can give me some data! (The fact that there is a time chart can allow me to precisely quantify this shit)
If you thought paying too much for power is crook, try getting a solar installation; after you generate more power than you consume, the utility stops counting the power (they USED to rack up a negative bill if you generated heaps, and managed to offset your usage + connection fee)
And recently, they dropped the value of generated power - such that you continue to pay top dollar, maybe 40% less...
It's funny seeing houses with all the kit necessary to run self-sufficiently, but doing the exact opposite!
Same thing happened to me. Notice that the News Consumer advocates will never cover this story about thieving utility companies and smart meters. They are too busy chasing Mexicans who cross the border illegally. They like coming after the poor and helpless who have no voice. But come after the big boys who steal a lot more. Nope. They stay away from that.
Consumer advocates are worthless.
I build free energy devices that pull from the environment to work well they save about 60% they have no moving parts it just goes to show that the AC current wire is leaked current sideways here's the thing I have people that obtain these devices and it shows the kilowatts being half as much and they're still charging the same amount for the month and you they called them and ask them why it's still the same and kilowatts is different and they said oh the computer didn't get it yet so we're going to go ahead and send you a check for every month that was off on a map the kilowatts changed on the bill but they still were charging them the same amount every month
You mean the built in back door they engineered into all our chips. Gotcha...
I have been refusing smart meters for years now. Never was I going to let something like this even near my home.
Until now. Now I wanna explore these evil things. 😂
Haha!
Hash, good stuff. Distributech International is in your back yard May 23-25 with every smart meter manufacturer attending - in case you're interested. 🔌
Thanks for the tip! Probably a great event to check out what will eventually replace what I’m playing with now.
Thank you for showing the vulnerability of UK smartmeters.
Oh thank heavens. You stil need physical access for attacks like this, so I'm fine with those. It's the potential for remote attacks that concern me most.
This is all just laying the ground work for a remote attack. First is physical to gather intelligence to construct a remote attack.
I think my smart meter is picking up multiphase, var freq motors pulses and running my bill up 30+% .
It would seem that anything digital can be hacked …… in time.
Precisely, if you are planning to let something live in the wild for a long time, you better also have a plan on how you address the inevitable vulnerabilities.
Eagerly waiting for the next update 😬
Thanks, will try to post sooner if only to share progress so you aren't waiting forever!
Reading the transmitted data would be interesting. There is a cell and a repeater network signal output. That's what an employee divulged.
Good Ole HP48G ! Loved that thing. Now I need a backlight, so went with that HP.
Amazing video, so detailed! Just curious, how do you get so much time to do such deep work on this? Are you a full-time cybersecurity analyst for smart meters or is this a personal interest/hobby?
I’ve just loved electronics, programming and reverse engineering since I was a kid. I keep trying to learn something new every day and over time it adds up.
I don’t have a particular draw to smart meters other than they are a fun target with RF, microcontrollers, lack of documentation and they’re deployed everywhere for long periods of time. A fun way to do black-box attacks… Like playing Chess ♟️
Lol...video brought back memories. I remember "glitching" HU satellite cards back in the early 2000s.
Their lawyers are working full time.
The RGH hack for Xbox 360 lives on with this man haha!
You need to be careful It is possible for a brownout to find reflash code and completely erase the flash in that Atmel processor.
Luckily I have a few meters to test on, but if one happens to wipe unexpectedly some protection or accidental activation of code could be the case like you mention.
Very interesting. My city currently does not have smart meters. The one on my place is digital but not connected to anything else and quite a few around town are the old analog ones. They are wanting to change that so they can do prepay, monthly average billing, and a few other things. I have heard that the way the digital ones figure a KWH is different than the old analog ones but have no clue. I have my own meter based off of an ESP32 running ESPHome hooked up to the main panel feeding data into HomeAssistant so it will be interesting if there is a difference from the old meter to the new ones if they are put in.
Here from. Tik tok! Love the content.. Hardwear cracking was a interest of mine!
Thanks for following me! If I can clarify anything or answer any questions hit me up on TikTok/Twitter.
ive installed a bunch of mod chips and this is so cool.
Look forward to EVERYONE dumping firmware!
This meters have really complex SW models regarding SW separation to protect the legally relevant sections that are sensitive since they are related to billing. On the other side, you cant hide (to their systems) that the meter has been tampered with, and even when you are able to do that, you will trigger alarms on their systems, as they keep analizing and comparing anything with your historic. I suggest you read the current regulations for this kind of devices and how Utilities work. This is, nice as project, never attemp that on a real billing device. They can submit the meter to its manufacturer for audit when in doubt. And yes, THIS IS THING. It is way more recilient than you think.
Thanks for your detailed comment, I’m interested in the overall design and security as it relates to devices like this living in the wild for 10+ years. Not really interested in stealing energy, but any vulnerabilities in the design are definitely of interest.
@@RECESSIM I know it is not you point of interest but probably some viewer could find this "useful" LOL. Sure they have vulnerabilities ... But even if you get the code, you wont find nothing interesting on it ... believe me. The metering part could be derived from some app note (or not), but ussually full of intricate stuff, with parts in ASM, digital filters etc. The application section ... you need to understand how a multi rate meter works, rate scheduling, profiles for Energy, RMS, billing, tons of logs, alarma controls, demand control ... and when you get into the protocol part, you will fell asleep if the meter is intended to be sell in Europe ... its implementation is probably as complex as a TCP / IP stack but useless outside this industry. This protocol models a generic device with n generic objects, implementes a number of logical servers ..... BORING AS HELL. It goal was to be "interoperable" ... LOL. If meters is intended to US market, probably still dealing with old ANSI legacy stuff ... but still pretty criptic since is table based mostly works under base addr + length read and writes. If you dont have the dictonary ... good luck.
@@38911bytefree that's what i was thinking - it would be an awful lot of work to go to to get caught stealing energy anyway!
@@billynomates920 Across the years analitics have been taken an important place. The solution that manage the Smart meter on field, is actually a suite of services, with different modules you can pay extra for. And one of their modules is Non Technical losses (basically .... fraud detection). 20 years ago, the meter was the money keeper ... a little "safe". Today they keep polling the meters so the dont need to rely on the meter as a "safe" anymore. More like and audit / telemtry device IMHO. Metering part can be very complex (avawy from calculations) but security, networking, data transport, protocols are probably more bigger and complex thant metering part itself. It is like a GPRS / PLC / ETH with Metering LOL. Some meter act as gateways or repeaters, helping to build up the network. It is a network device.
If he can gather the software for the specific meter he has… then he can always delete any tamper triggers. Shit… he can even change the Ratio at which he is charged to like… .10:1 for every dial increment rather than 10:1 😂 but… idk.
first time watcher.. you just showed up in my list of things to watch. Love this.. Ive used voltage glitching before, I have actually seen it done purposely by a manufacturer to prevent someone from using a generic version of a device in place of their proprietary.. send a voltage "glitch" and if the processor didnt behave as they expected they assumed it was a virgin device.. ive never messed with smart meters.. my area mostly is in messing with the chinese Air conditioners (mini splits).. to make them do what i want .. they also use Atmel micros.. so ill be interested in watching more vids to see how you spring these devices open
Thanks! That's interesting they used glitching as a way to check for an authentic device. What sort of device was this? High dollar specialized equipment or consumer grade? Playing with glitching tools has always been interesting to me, nice to make some videos to focus the learning a bit. Glad you enjoyed it.
@@RECESSIM High dollar.. it was a Voicemail system back in the late 90s.. the Voice processing cards were sold by the manufsacturer in generic form that anyone could buy.. the particuar voicemail company wanted you to buy their OEM named card which was 3X the price.. since the interwebs were new and everyone pirated everything.. the Special firmware was easy to get and field load.. so they turned to hardware.. they actually separated 2 of the Power supply pins.. or should I say they "burnt one out" and the chip would still work except for a certain function.. so the voicemail system called on that function.. if that function succeeded they new the board was generic even if the proprietary firmware was loaded.. most people gave up when the board didnt work out of the box.. a few more tried the firmware.. but only a few went further to dig.. wow if we only had today's debugging tools back then!!
@@eldoradoboy Wow! Yea, very interesting. Equipment like Smart Meters and other stuff with a long life in the field is very interesting to me for that exact reason. The tools to attack are progressing at a rapid pace, but the equipment in the field is still using yesterdays technology that becomes more vulnerable every day.
@@RECESSIM a lot of devices are built with a probable impact of breach engineering.. exploiting a smart meter and cracking the hashes related to turning on or off the power to the building has a High impact.. but hacking the meter with the intention of reduced cost electricity has a low impact.. the power company profiling is designed and getting better at detecting pattern changes in usage.. if they come to your house and determine the meter is "bad" ie recording 10% less than actual usage, then they replace it.. and expect to see an increase of 10% over prior profiles.. smart meters are pretty well protected against physical access since you get heavily fined by the power company if you cut the tag-lock and pull the meter.. in that case as a manufacturer you would design for highly secure comms but not necessarily so much against physical breach.. so if it can be hacked and firmware replaced OTA thats a HUGE vulnerability.. but if you have to open it up and JTAG it.. thats a non issue in the real world..
@@eldoradoboy Agree completely, getting the firmware is just to enable debug mode on a meter I control and to search for OTA vulnerabilities as you mention.
Ive been curious about these smart meters and wondering if there was even a way to read my usage and compare it to my IOTaWATT. This is really cool and takes that idea to the next level.
Subbed!
Thanks, seems a lot of people are curious like I am. We’re gonna keep digging until there’s no where left to go!
I like to find a way to make my light bill cheaper 😋
really diggin' this.
Glad you like it! Thanks for commenting.
Glanced past your channel and it seems like you're more interested in the meter boards when all the juicy attack surface is on the multiple AMI chip vendors. FYI, what you're examining is simply the board that provides basic volt/amp/angle/phase info to the meter. Every single manufacturer has multiple RF/PLC chips that go into their meters. But I would hope you know that. For instance, that Landis & Gyr meter you show has no less than 20 companies making AMI chips for it. If you want to attack one, start with it's modulation interface which is always handled by the AMI vendor. You wanna reset your meter? Change the read? Disconnect/reconnect? Change the MAC address? Date/time? Intercept interval usage? Set outage notification? Voltage notifiers? Temperature? Tamper indication? All handled by the vendor chip.
Are you referring to the Teridian chip in the case of these meters?
You can share the ' spec sheet ' of the firmware. Do some research of the BIOS wars and how cloned BIOS was done legally. They had 2 teams, first dug in the code and created a list of data points, pointers ( with different names than the original ) and basically a ' spec sheet ' of what it did, the second team took the data, a motherboard with no ROM and made their own. The ' team two ' aspect would be the rest of the world. It's still considered Case Law in the USA, just ask AMI Bios.
Thanks for reminding me of this, I remember reading about that.
Copyright law in the USA allows reverse engineering of software for the purpose of learning how it functions/behaves and to interface some new software with with the old software. So basically only the original code cannot be duplicated, but the API is fair game, and you can distribute a bit of foss (written from scratch) to access that api.
Yes that is what is known as cleanrooming, typically you would also have the companies patent lawyers looking over everything sent from the analysis team to the design team too. That is to say checking to make sure nothing slips though that would contaminate the new product, you don't want things slipping though that read like a paraphrasing of the competitors patent claims on one of the parts for example. So they are usually involved to make sure nobody opens the whole thing up to liability by being a little too on the nose with their documentation.
@@seraphina985 Thanks for the additional information, that’s very interesting!
It is great how bad ass I feel, just by drinking half a bottle of sweet white wine and watching one reverse engineering hacking video on youtube...
Save the other half of the bottle for the next video I should have up in a day or two! Badass^2
Wow. You are providing a great service. Love the movie clip
Sounds like fun maybe when I was much younger . Have fun and screw with the system as much as possible. They need to know we can mess with then.
I agree completely, systems of power must be checked
I think I've been watching ur tiktoks for awhile
Thanks for checking out the RUclips channel
"Smart Meters are Vulnerable to this Attack..."
"What is a claw hammer?"
DING DING DING!
Hell yeah. Thats what I'm saying, but we will never see this type of Independence because we are out numbered by the other part of society that are the very reason why this garbage still exists.
Peace ,✌
@@CKILBY-zu7fq I don't know what you are talking about. I am not being sarcastic or rude, I just have no idea what your point is.
@@theephemeralglade1935
Another 💩🤡?
This is so interesting!
Glad you enjoyed it
Sharing software in this case is not copyright related but it can still get you into trouble. Just doing it can get you into trouble.
The reason channel's like this are allowed is because it's a great way for various intelligence agencies to crowd source possible fixes for vulnerabilities, for free. I'm not saying that it's a bad thing, necessarily. Bcause at least everybody still gets to learn things they didn't already know. I'm just letting people know why certain subjects, that you'd think would've already been forbidden years ago, are allowed to stay on big platforms. These big platforms aren't just "being nice." But hey, I like learning new things, too.
Gotta start a Patreon with a three-letter-agency subscription tier 😀
@@RECESSIM that's hilarious
Loving this
I would love to see the results of a complete reverse engineering of one of these damnable devices and how they are used to work with smart devices in our homes against us. This IOT technology is taking our privacy away!
damnable devices 😄 luis rossman was going on about an iot microwave. seriously. i've got two dials on my microwave. one i never use. what devilment do they pack in there? *on. cook!*
@@billynomates920 , I will not have a microwave or a TV in my house anymore. I owned a consumer electronic repair shop for many years and understand the nefarious intentions behind the new technology, I just havent studied the engineering behind the newer devices.
Not sure about your particular meter, but most smart meters don't talk to your network or your smart devices. They can, however, "listen" to your loads and try to guess what they are.
as a catchall, i'll just throw in "ALLEGEDLY" on your behalf :)
If the meter is really smart it will report the tamper attempt before you could even start glitching it.
Definitely it would, but these are meters I purchased myself to play with so they won’t be reporting anything back to anyone 🤫
@@RECESSIM If you are already inside the meter, why not jtag it and download the firmware?
@@TheVirtualWatcher They set the security bit so JTAG and SWD are locked, can’t access the chip at all.
@@RECESSIM 🙂
@@TheVirtualWatcher Don’t worry though, it’s just a matter of pressure and time… I will be applying both 😉
Since we are in real danger of an EMP attack, how would that effect these smart meters verses the older mechanical one?
you are a national asset.
if you tamper with a meter, that’s theft of service. Your service will be turned off. When they catch you, you will have to pay a large deposit and a large fee and pay for the meter. You have tampered with to be replaced.
after of year of behaving yourself, you will get all your money back with interest.
I am retired from an electric utility company, and I worked in the field, doing investigations as well as other duties when people would move in, or move out, needed their final bill, or a beginning bill, or if they have not paid, I was sent out to turn the service off. When they paid a reconnect fee and a deposit and their entire balance., they would send me out to reconnect the service.
I can’t begin to count how many theft of service situation’s I encountered .
hundreds
Sure there’s lots of ways People can bypass the meter... but don’t get caught… just a simple decline in your average bill year to year will trigger an investigation..
but just consider this. Would you be better off without electricity service at all?
do these run an interface on a handset that accepts commands like an ip camera?(does it have a webserver for meter readers to use the handset?) sometimes those commands are passed as system and you can make it do interesting things like keep cycling a reboot until it goes to a debug mode where you can pull the entire file directory all firmware and drivers
How long before you hear in the news
*"...today, a man was charged with fraud after an energy company discovered an Arduino wired into his smart meter..."*
I do get some interesting requests to “analyze” different smart meters… But not interested in circumventing payments, everyone has to pay their fair share in a functioning society.
@@RECESSIM You may not be interested in committing fraud, but this work will make it easier for people with dodgy morals to do so. This is not a smart move!
@@debugstore It’s the cycle of life, systems become vulnerable to more and more attacks which drives better design. No external forces, no improvement. Cellular phones are WAY more secure precisely because the initial systems were not at all and people exploited them. They would still be insecure if they weren’t attacked and those vulnerabilities shown to the public.
@@RECESSIM You are looking at a very narrow interpretation of what you are doing. I get that reversing engineering is fun but it can have adverse consequences. I know one company that went bust because its brilliant product was reverse engineering in China and the market was flooded by clones. So some customers had cheap knock-offs but the person who spend months developing the product lost his business. Is that fair?
@@debugstore That’s capitalism, whether it’s China or his neighbor if someone can make it cheaper without the consumer telling a difference they buy the cheaper item. For the history of time you could buy something, take it apart, understand it and replicate it. It’s been less than 75 years that software was even a thing, and only in the last 30-40 years that we started to protect it and make it illegal to look at or share certain parts of products. What’s happened in that timeframe? Massive disparity in wealth and control by large organizations.
Feels like we should be pushing back, no?
this reminds me of the blizzard lawsuit against the "glider" bot company. blizzard (world of warcraft, back when it was the biggest online game) couldnt get the company that sold the most popular bot "Glider" to stop selling its software. the program Glider was sophisticated enough to trick blizzards industry leading cheat surveillance shadow program (called sheriff? i think). Eventually blizzard was able to bankrupt the company by getting a copyright lawsuit ruling in a lower court against the small botting company, on the basis that the way Glider operated via "injection" or something. Essentially Glider required duplicating the world of warcraft game client script and then injected itself into it on the client side such that the anticheating surveillance program sheriff recognized it as self/native and went on undetected. This all sounds so similar and im no expert on copyright law but i bet this is one of the few cases that established precedence here in what youre talking about. going to subscribe and see where youre projects end up. thanks for uploading.
what i wanted to know is because blizzard had to run the Glider script inorder to figure out how it was working, didnt they too commit some kind of copyright infringement by coppying the new injected programing language on their own pc's? and therefore they likely had to break the same copyright rules they accused glider of breaking rofl.
Really like your videos, thanks for uploading them. Is their any chance that I could get a copy of your C code and python script that you used just for my own interest. Also the chip whisperer you used. Is that the CW 1173 lite version or some other ?
Correct, it’s the CW-lite. Happy to share any code, find me in discord or send me an email. The Glitchy app I have on GitHub might also be what you can use now.
github.com/BitBangingBytes/Glitchy
Well I'm very excited to have ran into your channel ,your the kinda guy I personally love to learn from,and one like myself that may decide to go beyond the limits ,well you know? So anyway I'm looking forward to bumping brain cells together on this journey,and hopefully we will come up with some interesting ideas on how things work
Who's the manufacturer of the meter and what power company uses it?
Landis+Gyr and a LOT of utilities use them, in Dallas Oncor and CoServ. You can search for BitBangingBytes on GitHub and see the gr-smart_meters code which lists a few utilities people have confirmed.
You sir! You are my new favorite channel !
Going to have to find a script to disable apps for incoming visitors!
Yah got me in the mood to rewatch sneakers
Such a great movie
Great work, You have invested many hours! Do You have any idea on how people inject a frecuency thru a capacitor yo isiste from the 220 volts backwards tord the meter, I meen from inside a house and it confuses the meters sensor? Cheers from SOUTH AMÉRICA
I'm in the acquiring hw fase. and reading the phabulous manuals fase. this will b fun. thx
Very cool, I've yet to meet a piece of hardware I didn't want to buy!
@@RECESSIM I'm jealous of your faraday cage with gloves and viewing window. Tots cool. I think I'd like to eventually test a whole multinode mesh with a gateway which will need a little more space. ya know... get the full experience.
@@awesomedee5421 Absolutely! If you put some connectors on the side you can run large devices externally and just cable their antenna's into the box. Then run smaller devices inside the cage. Adding attenuators on the devices with antenna connections help to drop power too.
nice scope man
Thanks, recently upgraded and it’s nice to have some newer features like connecting to it via computer
I am now hooked!
Hi, I'm in my early 50's right now, & when I was
In my early teen's I had a family member, who
Lived out in the country" he always use to steal Electricity, from the power, lines" when they cut his power, for not paying his bill,. 😂 😆 LOL
I Really don't want to go into great detail
About him, or his wife & kids. But, he has Long
Since Passed away. Now, I remember one time, way-back when I was around 13 or 14 year's old, I went to visit with my cousin, who had a car & driving license..... I noticed that his meter was missing off the side of the house and the socket where the meter went had a glass or dark round window even with the metal front of the box where the meter went.... So, I told, that.
" Hey" blank, I think someone took you're meter,
From the box.!!! He, laughed, & told me,
" Nah, I don't have a meter.!! He told us,
( Me & my cousin ) as he scooted, forward' in his old "winged back easy chiar" it set in front of
A over Sized fire place, That he use to set - in & tell us- kids, made - up scary storeys. I just blurted out why not,?? Before I caught myself,
He said, oh, me & the power company, don't get along".!! But then he, told me & my cousin" come on" I wanna show you something.!!
And, we got up, & proceeded to follow him, as
He went outside and towards the empty meter box. Dang, my cousin said, as the box, was opened, & he said, look at this,!! It was two wires, about ( AWG12 GAUGE HOUSE WIRE)
That had ( L ) shaped wire's that was RAW" ON BOTH ENDS, THE installation was cut off the ends where they were bent, in an ( L ) shape on both ends of The wire's & had, installation on both, of'em in the Middle. So, as to be able to reach in & handle, them with out getting, hit with the full Force of the power from the main line.
The one thing I remember clearly" is that the
Two wires were, stuck into, the prong's where the meter went, But, Both wire's was ( CRISS CROSSED )!!! LIKE, AN ( X ) SHAPE.!!
I stood There, staring at the box where the two
Wire's was CRISS CROSSED, in it.!! But, finally
I spoke-up, & asked: WHY ARE THEY CRISS
CROSSED.?? He said" oh, SO" THAT IT
DON'T PICK, ON ANY KINDA LEAKS IN THE
LINE.... SO, WE WENT BACK IN & TALKED SOME MORE. THEN WHEN WE GOT READY TO GO" HE TOLD US" BOTH, " NOW, YOU BOY'S, DO - NOT, TELL NO ONE ABOUT WHAT YOU SAW, TODAY.
WE PROMISED WE WOULDN'T, & WENT ON ABOUT OUR BUSINESS.... This is the first time
I've ever told this. He did it for years, he had a pit - Bull dog, named "Rocky" and he used to
Let him run loose, sometimes they would have a meter, reader, to pull in, & try to see if anything was, in the box, LOL" BUT they never, GOT OUT OF THERE, TRUCK" BECAUSE, Rocky would lay, down, between the truck & the house, And sometimes, he would jump, up into, the back of There truck ...... I laughed so hard, when he told-us, that junk..... Anyway" I'm not sure if
He was ever caught., But I don't think he ever did........ Good luck with your project.
That was a wild ride!
in my country there is no smarmeter network. they just dump prepaid meters. you enter code and enables more eletricty units
This is very interesting. Thank you
Companies are manipulate the meters. Does anyone consider that smart meter allows the power company to speed up your meter! That is why alot of people are saying the smart meters are reading more or faster.
Smart guy, you'd have thought he'd know how to pronounce solder though! Who fights in your army? Soddiers? If you sell your house is it sod?
@Recessim Why don;t use quarz lighter trick? Should be working like to other electronic device? Remove quarz from a lighter, then engage electric arc from quartz near lcd side. You must find in which side. Electronics must enter to a glitch and freeze. Try that for a new video.
That's a cool idea, I have seen that method and also EMP using some other tools NewAE make. As for the first one, to trigger a glitch at a very specific time like I will need to do in order to dump the firmware I think the lighter method would be hard.
I would need a way to reliably generate that spark at a specific microsecond after booting which isn't possible I think. But for general glitching I think it could work.
@@RECESSIM Just discharge. Thats all. In first minute of this video, you see the ideea. ruclips.net/video/N31kQzxk7BQ/видео.html
@@ciobanurivelino3844 You missed his point, how do you time the discharge exactly at the required time after a processor reset?
If that works, the designer did a bad job ...
Too less energy! One of the tricks I heard off, was to put a coil of a few turns in series with the flashbulb of a single-use camera.
3 bifurcations if you want to cloak your visitors.
Ok so how many people watched this looking for a way to not have to pay a power bill and/or turn their power back on after it was cut for nonpayment of a bill...
But hey peep this out: I pay my "Open Source" bills "For Educational Purposes Only" when they are due so I can keep my "Glitched" power on.
I have been able to receive and decode the transmissions of these smart meters using a device that is readily available. It's based on a SDR. Do you have specific frequencies that they use because looking at some of the data sheets of these meters they can be interrogated over radio frequencies. They may be programmable over radio too.
The smart meter that was installed by the electric company in my house was done by some stupid woman that just killed the power to my house without even a warning. The next thing I hear is a banging noise as she is hammering on the old meter to get it free. I'm annoyed that the electric company can just come onto my property and install a radio transmitter without notification of any kind.
These meters by Landis+Gyr don’t work with the existing SDR tools to read meters. Working on some tools of my own though on GitHub. They operate in the 915MHz ISM band. 73
@@RECESSIM Great thanks for that info. I'm looking forward to trying out any new software in the near future. Thanks again. 73.
@@RECESSIM Don't hold your breath. For privacy reasons, there is the regulatory requirement that all consumption data must be encrypted. And for security reasons, commands to the meter are signed or MACed.
It is very annoying that smart meters report logging data back to base but not locally (although they do send data to the local display, so maybe one ca get useful local logging that way?) I just want logging data from my own meters. Doesn't seem unreasonable, but so far as I know is not provided.
This depends on your country and power supplier. For example, in the Netherlands, smart meters have a serial port (called "P1") that spits out the measurements every second. The UK has the option for a Zigbee-connected in-home display.
I work in the manufacturing of this "smart meters".
The good thing about this type of meters was that the utility company didn't need to send meter reader employees.
So it put someone out of work!! Is that really a good thing ?
@@KB1UIF
In my country they are now working in administrative and some were reassigned in the municipalities. I don't know what the US do with your displacement workers.
This type of meters were made to be the only utility meter needed in a house. It can measure water and gas consumption and send the information to the utility company.
@@KB1UIF yes, especially when the city is a pain about any solar that isn’t tied into their net-metering.
Bud I like your hacking style here on the meter but the easiest way that iv "heard" it's done to bypass the smart meter is just remove it from the service pedal cabinet and place 2 copper shunt jumpers in its place and tahaahdahh!!🎉🎉 heres your power back on with no issues. 😂😂❤ it's truly that easy but you have to be very sure you know what your doing when very carefully placing those jumper stunts.
Here's a question with a problem this video would address... My water meter is wireless and 'read' by the water company from a truck that parks across the street. Ironically, or not so much, my water minimimal water draw is usually almost exactly the same every month... but 2-4 months for the past few years the meter 'reads' almost twice or more water randomly some months... there's NOTHING that draws an extra 1000-2000 gallons a month possible around here.. not even a dishwasher or clothes washer. My theory is the guy is occasionally reading the house across the street with a family of 5 that easily uses the spiked amounts I randomly see. They say nope, that's your water bill but it's not possible to randomly change like that over the past few years. They already made a $500 error misreading 1 first number a few years ago i had to fight to reconcile, them always telling me i'm wrong... but they found my old meter and a pic of it, and I was right about a 1,000 gallon over charge. So... I bet here is where we can figure out if they guy is getting 'mixed signals' from the wireless meters, or it's the mixed signals in their head I have to straighten out once and for all. You have your mission. What say you all?
I have a couple water meters I took apart, but crossed signals doesn’t seem likely. They probably transmit a serial number followed by your reading. The ones I have show the reeding with an analog odometer looking display. I would check to see if that matches your bill. If so, perhaps you have a problem pipe or something else causing water loss. If not, then perhaps it’s the meter, but I wouldn’t jump to that as the first thing.
my smart meter goes over the vodafone 3g network, and an IR port
Wonder how long the 3G network stays running
Love it, go for it.
💪🏽
I need you to invent a smart Meter hack to reduce my bil lol
well that took about 30 seconds for me to figure out that I was way out of my depth
What app are you using to get the data sheets? Is it free, or what is the cost?
why can't you accept funds directly? There's nothing illegal about that...
Because if you're worried about legality, then you should understand that even your open source software is illegal under the reverse engineering clause of the DMCA
This is great!
Can't think of any other...Only reason why would anyone want to do this is to be able change your bills which is illegal but also very ethical at same time considering how prices going up ...😜
So it seems like you're doing some kind of trial-and-error "brute-force" attack on the processor chip by spiking voltages with various specific input patterns and seeing how it responds. But my question is, how is that supposed to help you retrieve the full firmware on that chip exactly? Seems more likely/plausible that you'll just be interrupting normal operation with some "glitches" as you put it (which is more likely to hang/freeze the program or cause it to malfunction, surely?) - I don't see how this could actually be beneficial in a practical sense. It could take years and years of tampering and still come out with nothing, wasting all that time - right? So could you summarize the objective as follows: glitch the chip in the HOPE that by some stroke of sheer luck, the security bit be misread by the processor for enough duration that it thinks its not protected and then you can start reading the firmware with an SPI/JTAG interface? It just seems a bit far fetched that you could obtain any useful information from the chip simply by fluctuating supply voltages? What am I missing? :) This almost seems like "hollywood worthy" sci-fi fiction, lol. But respect to you for the patience to do this type of work where it may seem like you're "working in the dark" until those waveforms on the scope start to make any real sense
It's a useful method used by many people to unlock these processors. A great video to see it in action and it's explained for the most part here: ruclips.net/video/dT9y-KQbqi4/видео.html
I'm not sure what OP is going to try to do exactly, but sometimes the aim is to attempt a normal read of the internal firmware from the programming pins and just glitch out the hardware check that the code protect fuse is blown. Other possibilities are finding a timing where an address is set up to send some data externally from flash, and just keep screwing up the address over and over until it sends out something of interest. For example, if the device sends a startup message from Flash when it first boots up, that could be a prime target because the timing of it is easily accessible (it's happening in early startup, and likely the timing is identical run to run).
This sort of attack gets much easier once you gain access to some of the code where you can control when it executes and then control the glitch timing against it. Like, that's to say, if you had the whole program listing in front of you, you could look through and find something interesting and say "oh, here's part where the diagnostic mode enable bit is checked, if I can convince it it's in diagnostic mode, I can just send these external commands to get control", etc. Obviously you don't have the full program listing, but if you can get a glitch to send you a part of code with something interesting in it, maybe that's enough to make more progress.