Just subscribed. I'm an old electronics engineer (in my 60's) and I find what you are doing, fascinating. Back in the early days, all the microchips only had 8 legs, and I could see them all without a magnifying glass. 😁
Yea, I remember that… they also mostly had a single function and you could look at the board and figure out what it’s purpose was! Now I need a damn scanning electron microscope to figure anything out :)
That made me smile Larry, thanks. I found a TH-cam, (I think), clip at one point where someone asked how big would a modern day computer be if it was built using valve technology. Whoever made the calculation used as a base model the last computer ever to be built by IBM, again I think, which used valve technology. He then used the tech data for that computer, how powerful it was and how large it was and then multiplied it up to fit the tech data of a modern super computer and the estimate finally came out at around 340 acres, fantastically unbelievable.
@@richardchurch9709 Imagine the power draw on something that size! I wonder if he factored in the massive power generation plants that would be required
@@richardchurch9709 And, besides the physical size and electrical power requirements, the thing would never be stable (or even work at all) due to the sheer distances of all the wiring, which would induce signal delay, be susceptible to noise, etc.
There is literally so much to hack and so much to learn! By the time I get close to done, they will install a new system and I get to attack all over again!
I work alongside energy providers. A UK industry approved electric smart meter has 3 anti tamper switches built in. It sends a signal if any tamper is detected. It also flags if the meter doesn't pole within a given time frame. When it flags up we get the job to attend and investigate.
This is way above my head how you work it out but interesting what you are doing, and yeah i really do think we should know what kind of data is being shared with these companies 👍🏾
The local power company swapped out my meter to a smart meter a few months ago. For over 20 years I have always consumed between 205-270 kwh per month. First bill with the smart meter was 280 kwh, second 285. Two highest months I've ever had in 22 years here! Instead of electronically attacking the meter, I just pieced together everything I need to go off grid. I'm curious what the meter will read in a few months with my main breaker turned off!
Because 2nd ver of smart allows meters to "Factor". . .they easily know load on any branch, Factor function is adjustable, causing meter to indicate anything. Instead of 1, meter may indicate 1.001, or any value. You pay for a factored reading, not actual. The excuses for doing this vary from company . . .or state.
I built free energy devices I'm telling you you just take a toll and they still charge you taxes like probably $43 a month it's ridiculous they are on top of things and a lot of times just keep charging the same amount 140 or $259.61 it was one month and it'll be almost the same the next month which is completely impossible and ridiculous the thing is look at the killer watch and you can see it's half is less that month because of the device that I have hooked up and it'll say oh well the computer didn't get it will be sending you a check
You got to look at the kilowatts on the bottom part of the bill otherwise I'll just keep charging the same amount every month which is I know they're lying they just take a toll and if you call them on it you see the kilowatts is different and it still charging the same amount here's what they say oh the computer didn't get it yet so we'll be sending you a check for all those months
Thanks! Glad you enjoyed it. Working on the next one now to show how we control the glitch in time to go from random effects to controlled disruptions with repeatable results.
I remember hearing about that technique back then but never knew how it worked in-depth. Look forward to sharing exactly how it works over the next few videos!
I remember as well. They were called Unloopers. When your card was looped, it meant the death of it in the old smart card readers. The one way to fix it was to glitch it in an unlooper. They were expensive at first, but eventually cheap and necessary. Everyone had their favorite glitch settings, it was fun.
Great success! I've noticed my Aussie ones have an IR IO for the meter reader, but commonly now they have a 3G or 4G modem in them. Happy to solder up something myself for you to test.
@@RECESSIM I'm an electrician and can get access to plenty of them, noticed too on those modems they're just serial rx tx from the meter so that might be another non destructive way in!
They might be entirely relying on the cellular network for any encryption and just sending raw unencrypted data via serial port. Or perhaps no encryption and just hoping no one can see... :)
Even though I don't use these systems unless I flip on a switch in someone's establishment. I have to say. This is the very thing that everyone should get involved in. I have several ideas in this reversed engineering concept which we could all use today. However there are not but a hand full of electrical engineers that have the honor and integrety to take on these tasks. I wish I could work with this man on projects like this. Even though my cousin is the inventor of the FIRST IC. I was never afforded training in electrical engineering, so I'm only an inventor. But.....EVERYTHING STARTS IN THE MINDS UNDERSTANDING. keep up the great work 👍 I'll be watching. Peace ,✌
@@CKILBY-zu7fq I never met Jack Kilby. I did shake hands with J Fred and Mark Shepard while they were passing thru on goodwill tours, and I got a tour of the CIC computer system in Dallas (as I recall, 127 mag tape drives, tape numbers up in the 5 digits, 4 mainframe back-to-back redundant pairs each with about 4 MB of RAM (or maybe more, not sure, but RAM was small 4 decades ago), and a truck-size hole in the centre of the floor where they had to extend down to the floor below when they ran out of space, with hundreds of big black cables running down thru the hole). I never got to see the ASC. I was in Austin the weekend the gold was stolen (wasn't me!!!) and watched cars pass by with gold badgers going to investigate. I remember the deer in the grounds wore company badges, as did the automated mail delivery robot. Due to delays, our rental car was late being returned, so National Car Rental had informed the police to watch out for it, which may have tied in with suspicions about the gold heist.
@@dakrontu wow brother. Thats awesome, so. How long did you work there.? These are the stories. So I have never been to the KILBY MUSEUM, have you been? I would like to go one day. Its so cool to chat with you. You know????? The gold went missing at the TRADE TOWER event. They claimed it was evaporated. But it impossible, otherwise the city would be covered in gold just like they coat glass. SO.... I BELIEVE WE SEE THE USE OF THAT GOLD EACH DAY THIS TYPE OF PEOPLE IN OFFICE FIND WAY MORE MONEY THEN ANYONE ELSE. So, it makes me wonder, who where why and how. PEACE BRO.✌
@@CKILBY-zu7fq 8 years. As a software developer. Us softies were always treated as leftie 5th-columnists by the hardies. It was my time in the fast lane, travelling a lot. TI, the hire'em fire'em company, was boot camp for many new engineers. If you worked there and thrived, you were sought after. One of my colleagues was the guy who got company policy changed so he could wear Bermuda shorts to work. Engineering was a seat-of-the-pants activity back then. Today it is much more formalised.
When I was growing up. I remember my mother had a friend come over and pull the power meter out and turn it upside down and plugged it back in. So we could use the crap out of the power for 2 weeks . The meter was running backwards.. Then the guy came back and pulled it out and turned it right side up and plugged it back in. So we could use the crap out of the power again. Sorry but my dad wouldn’t pay my mother child support. Why? Because they didn’t have that program back then.
A bit of addition to "38911bytefree": there is no real requirement to keep the meter's firmware secret (mainly IP protection). As part of the security certification, the certifier may even get access to the source code to search for vulnerabilities. And in many cases, even the commented source code is pretty incomprehensible for the uninitiated. The main protection is that every meter has individual cryptographic keys. As smart meters are a very cost-sensitive product, all unnecessary functions are omitted (memory costs money). Often not more than an RTE such as a stripped-down ThreadX or embos. The attack surface is small, the devices use only one protocol (ANSI in the USA, DLMS in pretty much the rest of the world).
The special cable you need. Is an IR input output cable. On the front right of the meter you’ll see 2 round IR diodes. One is output one input. That’s how they communicate to a laptop. It’s basically the smart meter network cable. The plastic cover normally has a triangle directly in front of the IR port. It’s what aligns and holds the programming cable to the meter. They plug in via usb to the laptop. The program sends the information @ 9600 baud and the same 16 bit data you already have created.
I am a magnetics and different forms of electricity specialist. I have also noted weird behavior when using some specialized transmitting equipment not even too near to computers... Yes, you are very right on your approach. ... Have you watched Ben Gurion university hacks? They also boast a lot of different types of attack possibilities. I am very interested in this reserach you are conducting as it is one of the key areas of the fabric :) . I have created self charging power sources and quite some other types of more exotic devices so I am always open to watching new avenues. This Smartmeter hacking is very tantalizing. You hit right on spot with the importance of this project. Congratulations!
Now this has me pondering if there would be any useable benefits to employing such a method as this to automotive applications? Fascinating video sir and though, in the words of Sgt. Schultz, "I know nothing", I'll definitely be tagging along for this one. Thank you for the video!
@@saxtonhine4843 No doubt about it I agree! To some degree though we've been doing a form of it for years, it just been called "modifying". At least from an analog standpoint haha! Where I am at with it is having the ability to flash a PCM/ECU for updates instead of taking a vehicle to a stealership. Honda already offers them for free for most of their's as far as I am aware. One just needs a VAG OBD cable I reckon and a laptop and they can perform drivetrain updates on them.
You can catch up to see if they're skimming and they usually are because how could the power bill be the same amount 25169 and 251 60 next month completely impossible
I have been refusing smart meters for years now. Never was I going to let something like this even near my home. Until now. Now I wanna explore these evil things. 😂
Amazing video, so detailed! Just curious, how do you get so much time to do such deep work on this? Are you a full-time cybersecurity analyst for smart meters or is this a personal interest/hobby?
I’ve just loved electronics, programming and reverse engineering since I was a kid. I keep trying to learn something new every day and over time it adds up. I don’t have a particular draw to smart meters other than they are a fun target with RF, microcontrollers, lack of documentation and they’re deployed everywhere for long periods of time. A fun way to do black-box attacks… Like playing Chess ♟️
Oh thank heavens. You stil need physical access for attacks like this, so I'm fine with those. It's the potential for remote attacks that concern me most.
First video of yours I've clicked on. Very intriguing subject. I definitely dig both the technical challenge and the phreaking. But, I'm 98% certain the current reading of the laws could put using this type of device to tamper with the truthful readings of an electric meter firmly in the illegal category... That said... Good stuff. Subscribed! 👍
98%? Ummmm 100 percent certain it’s illegal to do this to the meter one is using on their house! Anything used to defraud a utility….. well anyone really is illegal.
Hash, good stuff. Distributech International is in your back yard May 23-25 with every smart meter manufacturer attending - in case you're interested. 🔌
My interest in your pursuit is mundane but has benefits to all of us who use the services of the electric companies. While living in my mountain home in Costa Rica paying about $75.00 monthly one month it skyrocketed to $350. Thinking the decimal was erroneously positioned , I went to the GOVERNMENT electricity company( ICE) and waited to see an ICE rep. While in line two other people had a similar issue and we all allow could hear the ICEagent tell (accuse)both customers separately that THE CUSTOMER was responsible for the excessive monthly usage charge , claiming that the customer was having many lights on, cooking up excessive pork rinds, Ticos love making Chicharones, or that their was a short in their home electrical system and a few other made up contrivance!! Sadly the poor customer paid the bill. The EXACT accusations were leveled against me !! And under duress I paid my electric bill. In the few days following on a local FB page I noticed a lawyer named Mauricio , who spoke perfect English and was a Fan and could recite passages verbatim of the Classic Movie The Princess Bride,,, from San Jose, who has a rental property near the village of Ojochal was asking about anyone else incurring excessive electricity service charges!! Hmmmmmm. A random pattern was becoming Obvious! I'll cut to the chase ! I confronted the ICE agent with photos of my meter reading and asked for their recording of my meter reading and their reading was blatantly five times higher and apparently ICE was sporadically and without remorse continuing their fraud ! While THE Particular month's charge was adjusted they wouldn't lower or refund the previous months!! I began demonstrating through local community media how to combat this fraud and then ICE started intermittently cutting my power and also threatening for me to move my meter from my house to a half mile away ! The resulting cost of that possibility had me bite my tongue and coupled with their border customs immigration service agent threatening to not allow me back into ( PURA VIDA) Costa Rica I decided to sell and return to the US. Fast forward my to my new residence here in the Eastern Appachian foothills of Kentucky where I have a main cabin and an empty horse barn with one light in use and with a spot electric heater for a tool room I was being charged almost as much electricity for the barn as the main cabin which has all the normal appliances and then some. So I performed a simple test. I deliberately ran the spot heater ,1500 watts , in my barn for an hour observed the usage showing on the Smart Meter display and then ran the heater in the main cabin for an hour and the meter reading was 3 times higher that the main cabin meter reading!! So call my provider and alarmingly I notice similar condemnation of my usage as in Costa Rica. The agent said that the meter CANNOT be Manipulated or Hacked and I'm still waiting for a replacement meter and as of March 10th 2022 no replacement . The claims of replacement of the previous Analogue meters with the present Smart meters is to have customers be charged more equitably for usage during peak hours of The Day and less at night when usage is less ,, well that is BS . Are we to NOW supposed to cook clean bathe perform work tasks from 7pm till 5 am ?? I think your quest may be more beneficial than you think!! What do you think??
Thanks a lot for a very interesting comment! I've heard a number of stories like this, so I don't think you are alone. There are a lot of factors that could go into something like this, but regardless as a consumer I think it's hard to prove your case and have the power company care. They don't make money lowering people's bills or discovering issues that lead to less revenue!
Had a similar "glitch" with my power last winter, try deep-throating an $800 power bill... Here in Aus, most of our meters are being replaced, so no real choice in that matter, and my issues were on a 'normal' power plan. Switched to the "smart" plan for testing on my new place - at least they can give me some data! (The fact that there is a time chart can allow me to precisely quantify this shit) If you thought paying too much for power is crook, try getting a solar installation; after you generate more power than you consume, the utility stops counting the power (they USED to rack up a negative bill if you generated heaps, and managed to offset your usage + connection fee) And recently, they dropped the value of generated power - such that you continue to pay top dollar, maybe 40% less... It's funny seeing houses with all the kit necessary to run self-sufficiently, but doing the exact opposite!
Same thing happened to me. Notice that the News Consumer advocates will never cover this story about thieving utility companies and smart meters. They are too busy chasing Mexicans who cross the border illegally. They like coming after the poor and helpless who have no voice. But come after the big boys who steal a lot more. Nope. They stay away from that. Consumer advocates are worthless.
I build free energy devices that pull from the environment to work well they save about 60% they have no moving parts it just goes to show that the AC current wire is leaked current sideways here's the thing I have people that obtain these devices and it shows the kilowatts being half as much and they're still charging the same amount for the month and you they called them and ask them why it's still the same and kilowatts is different and they said oh the computer didn't get it yet so we're going to go ahead and send you a check for every month that was off on a map the kilowatts changed on the bill but they still were charging them the same amount every month
I wrote software for two of these types of meters. They have two basic functions, to meter the power being used and to send it upstream to the power company. The former you can easily do without messing with the meter simply by hooking an ammeter arrangement up to (say) a Raspberry PI. You can even do that without breaking the circuit (non-contact ammeter). If you are interested in verifying your power bill is correct, that is the way to go. The other purpose would be breaking into the billing part to scam the power company. It would be a lot of work to do, and the power company can do things like tally the individual meters against the power consumption for the whole neighborhood to trace down who has broken into their meter, resulting in anything from having your power cut off to jail time.
I agree with Scott just use an amp meter and record everything that the power is being used in the dally up to see if it lines up with the bill if they're charging you
Here's something I build free energy devices that work in the first state of matter and the thing is that these devices condition the house and save electricity about probably up to 60% sometimes the deal is they're not illegal or anything and they work well and sometimes I have to call him and tell him look the kilowatts is different but why you charge me the same amount and then they say well the computer didn't catch it yet and will be sending you a check
I agree with Scott. I would just comment that most smart meters also allow the provider to Factor the meter. Pick any value you wish, ie 1.10, which would have your meter read 1100 instead of 1000. The excuses are many, from fuel adjustment to peak-vs- non-peak periods. The factor can be changed at any time, easily handled by an algorithm in the program. It can be set to gradually increase the factor as a user consumes various levels; the first 1000KWh can be at a base-rate, then factor-up for usage beyond that level. The first line of defense is "Our meters are very accurate. We constantly test to assure customer confidence in our product and service " You can feel free to change the boiler-plate verbage as you wish.
Glanced past your channel and it seems like you're more interested in the meter boards when all the juicy attack surface is on the multiple AMI chip vendors. FYI, what you're examining is simply the board that provides basic volt/amp/angle/phase info to the meter. Every single manufacturer has multiple RF/PLC chips that go into their meters. But I would hope you know that. For instance, that Landis & Gyr meter you show has no less than 20 companies making AMI chips for it. If you want to attack one, start with it's modulation interface which is always handled by the AMI vendor. You wanna reset your meter? Change the read? Disconnect/reconnect? Change the MAC address? Date/time? Intercept interval usage? Set outage notification? Voltage notifiers? Temperature? Tamper indication? All handled by the vendor chip.
Ive been curious about these smart meters and wondering if there was even a way to read my usage and compare it to my IOTaWATT. This is really cool and takes that idea to the next level. Subbed!
Precisely, if you are planning to let something live in the wild for a long time, you better also have a plan on how you address the inevitable vulnerabilities.
This meters have really complex SW models regarding SW separation to protect the legally relevant sections that are sensitive since they are related to billing. On the other side, you cant hide (to their systems) that the meter has been tampered with, and even when you are able to do that, you will trigger alarms on their systems, as they keep analizing and comparing anything with your historic. I suggest you read the current regulations for this kind of devices and how Utilities work. This is, nice as project, never attemp that on a real billing device. They can submit the meter to its manufacturer for audit when in doubt. And yes, THIS IS THING. It is way more recilient than you think.
Thanks for your detailed comment, I’m interested in the overall design and security as it relates to devices like this living in the wild for 10+ years. Not really interested in stealing energy, but any vulnerabilities in the design are definitely of interest.
@@RECESSIM I know it is not you point of interest but probably some viewer could find this "useful" LOL. Sure they have vulnerabilities ... But even if you get the code, you wont find nothing interesting on it ... believe me. The metering part could be derived from some app note (or not), but ussually full of intricate stuff, with parts in ASM, digital filters etc. The application section ... you need to understand how a multi rate meter works, rate scheduling, profiles for Energy, RMS, billing, tons of logs, alarma controls, demand control ... and when you get into the protocol part, you will fell asleep if the meter is intended to be sell in Europe ... its implementation is probably as complex as a TCP / IP stack but useless outside this industry. This protocol models a generic device with n generic objects, implementes a number of logical servers ..... BORING AS HELL. It goal was to be "interoperable" ... LOL. If meters is intended to US market, probably still dealing with old ANSI legacy stuff ... but still pretty criptic since is table based mostly works under base addr + length read and writes. If you dont have the dictonary ... good luck.
@@billynomates920 Across the years analitics have been taken an important place. The solution that manage the Smart meter on field, is actually a suite of services, with different modules you can pay extra for. And one of their modules is Non Technical losses (basically .... fraud detection). 20 years ago, the meter was the money keeper ... a little "safe". Today they keep polling the meters so the dont need to rely on the meter as a "safe" anymore. More like and audit / telemtry device IMHO. Metering part can be very complex (avawy from calculations) but security, networking, data transport, protocols are probably more bigger and complex thant metering part itself. It is like a GPRS / PLC / ETH with Metering LOL. Some meter act as gateways or repeaters, helping to build up the network. It is a network device.
If he can gather the software for the specific meter he has… then he can always delete any tamper triggers. Shit… he can even change the Ratio at which he is charged to like… .10:1 for every dial increment rather than 10:1 😂 but… idk.
Luckily I have a few meters to test on, but if one happens to wipe unexpectedly some protection or accidental activation of code could be the case like you mention.
first time watcher.. you just showed up in my list of things to watch. Love this.. Ive used voltage glitching before, I have actually seen it done purposely by a manufacturer to prevent someone from using a generic version of a device in place of their proprietary.. send a voltage "glitch" and if the processor didnt behave as they expected they assumed it was a virgin device.. ive never messed with smart meters.. my area mostly is in messing with the chinese Air conditioners (mini splits).. to make them do what i want .. they also use Atmel micros.. so ill be interested in watching more vids to see how you spring these devices open
Thanks! That's interesting they used glitching as a way to check for an authentic device. What sort of device was this? High dollar specialized equipment or consumer grade? Playing with glitching tools has always been interesting to me, nice to make some videos to focus the learning a bit. Glad you enjoyed it.
@@RECESSIM High dollar.. it was a Voicemail system back in the late 90s.. the Voice processing cards were sold by the manufsacturer in generic form that anyone could buy.. the particuar voicemail company wanted you to buy their OEM named card which was 3X the price.. since the interwebs were new and everyone pirated everything.. the Special firmware was easy to get and field load.. so they turned to hardware.. they actually separated 2 of the Power supply pins.. or should I say they "burnt one out" and the chip would still work except for a certain function.. so the voicemail system called on that function.. if that function succeeded they new the board was generic even if the proprietary firmware was loaded.. most people gave up when the board didnt work out of the box.. a few more tried the firmware.. but only a few went further to dig.. wow if we only had today's debugging tools back then!!
@@eldoradoboy Wow! Yea, very interesting. Equipment like Smart Meters and other stuff with a long life in the field is very interesting to me for that exact reason. The tools to attack are progressing at a rapid pace, but the equipment in the field is still using yesterdays technology that becomes more vulnerable every day.
@@RECESSIM a lot of devices are built with a probable impact of breach engineering.. exploiting a smart meter and cracking the hashes related to turning on or off the power to the building has a High impact.. but hacking the meter with the intention of reduced cost electricity has a low impact.. the power company profiling is designed and getting better at detecting pattern changes in usage.. if they come to your house and determine the meter is "bad" ie recording 10% less than actual usage, then they replace it.. and expect to see an increase of 10% over prior profiles.. smart meters are pretty well protected against physical access since you get heavily fined by the power company if you cut the tag-lock and pull the meter.. in that case as a manufacturer you would design for highly secure comms but not necessarily so much against physical breach.. so if it can be hacked and firmware replaced OTA thats a HUGE vulnerability.. but if you have to open it up and JTAG it.. thats a non issue in the real world..
@@eldoradoboy Agree completely, getting the firmware is just to enable debug mode on a meter I control and to search for OTA vulnerabilities as you mention.
If you don't get it. Why are you even commenting? No, no, don't even answer. Obviously I I just made a mistake to say that. What I mean is that mabe you should gather up some comprehension and reading skills. No, no, no, obviously thats not going to help you. So.... just ignor it because I'm not going to explain anything to the one who has this type of response. Oh,, yea. .. I'm not being rude. But I can't be squandering away my time with unreachable minds. Ok peace.
You can share the ' spec sheet ' of the firmware. Do some research of the BIOS wars and how cloned BIOS was done legally. They had 2 teams, first dug in the code and created a list of data points, pointers ( with different names than the original ) and basically a ' spec sheet ' of what it did, the second team took the data, a motherboard with no ROM and made their own. The ' team two ' aspect would be the rest of the world. It's still considered Case Law in the USA, just ask AMI Bios.
Copyright law in the USA allows reverse engineering of software for the purpose of learning how it functions/behaves and to interface some new software with with the old software. So basically only the original code cannot be duplicated, but the API is fair game, and you can distribute a bit of foss (written from scratch) to access that api.
Yes that is what is known as cleanrooming, typically you would also have the companies patent lawyers looking over everything sent from the analysis team to the design team too. That is to say checking to make sure nothing slips though that would contaminate the new product, you don't want things slipping though that read like a paraphrasing of the competitors patent claims on one of the parts for example. So they are usually involved to make sure nobody opens the whole thing up to liability by being a little too on the nose with their documentation.
if you tamper with a meter, that’s theft of service. Your service will be turned off. When they catch you, you will have to pay a large deposit and a large fee and pay for the meter. You have tampered with to be replaced. after of year of behaving yourself, you will get all your money back with interest. I am retired from an electric utility company, and I worked in the field, doing investigations as well as other duties when people would move in, or move out, needed their final bill, or a beginning bill, or if they have not paid, I was sent out to turn the service off. When they paid a reconnect fee and a deposit and their entire balance., they would send me out to reconnect the service. I can’t begin to count how many theft of service situation’s I encountered . hundreds Sure there’s lots of ways People can bypass the meter... but don’t get caught… just a simple decline in your average bill year to year will trigger an investigation.. but just consider this. Would you be better off without electricity service at all?
Really like your videos, thanks for uploading them. Is their any chance that I could get a copy of your C code and python script that you used just for my own interest. Also the chip whisperer you used. Is that the CW 1173 lite version or some other ?
Correct, it’s the CW-lite. Happy to share any code, find me in discord or send me an email. The Glitchy app I have on GitHub might also be what you can use now. github.com/BitBangingBytes/Glitchy
Hell yeah. Thats what I'm saying, but we will never see this type of Independence because we are out numbered by the other part of society that are the very reason why this garbage still exists. Peace ,✌
Very interesting. My city currently does not have smart meters. The one on my place is digital but not connected to anything else and quite a few around town are the old analog ones. They are wanting to change that so they can do prepay, monthly average billing, and a few other things. I have heard that the way the digital ones figure a KWH is different than the old analog ones but have no clue. I have my own meter based off of an ESP32 running ESPHome hooked up to the main panel feeding data into HomeAssistant so it will be interesting if there is a difference from the old meter to the new ones if they are put in.
do these run an interface on a handset that accepts commands like an ip camera?(does it have a webserver for meter readers to use the handset?) sometimes those commands are passed as system and you can make it do interesting things like keep cycling a reboot until it goes to a debug mode where you can pull the entire file directory all firmware and drivers
Here's a question with a problem this video would address... My water meter is wireless and 'read' by the water company from a truck that parks across the street. Ironically, or not so much, my water minimimal water draw is usually almost exactly the same every month... but 2-4 months for the past few years the meter 'reads' almost twice or more water randomly some months... there's NOTHING that draws an extra 1000-2000 gallons a month possible around here.. not even a dishwasher or clothes washer. My theory is the guy is occasionally reading the house across the street with a family of 5 that easily uses the spiked amounts I randomly see. They say nope, that's your water bill but it's not possible to randomly change like that over the past few years. They already made a $500 error misreading 1 first number a few years ago i had to fight to reconcile, them always telling me i'm wrong... but they found my old meter and a pic of it, and I was right about a 1,000 gallon over charge. So... I bet here is where we can figure out if they guy is getting 'mixed signals' from the wireless meters, or it's the mixed signals in their head I have to straighten out once and for all. You have your mission. What say you all?
I have a couple water meters I took apart, but crossed signals doesn’t seem likely. They probably transmit a serial number followed by your reading. The ones I have show the reeding with an analog odometer looking display. I would check to see if that matches your bill. If so, perhaps you have a problem pipe or something else causing water loss. If not, then perhaps it’s the meter, but I wouldn’t jump to that as the first thing.
Ok so how many people watched this looking for a way to not have to pay a power bill and/or turn their power back on after it was cut for nonpayment of a bill... But hey peep this out: I pay my "Open Source" bills "For Educational Purposes Only" when they are due so I can keep my "Glitched" power on.
Great work, You have invested many hours! Do You have any idea on how people inject a frecuency thru a capacitor yo isiste from the 220 volts backwards tord the meter, I meen from inside a house and it confuses the meters sensor? Cheers from SOUTH AMÉRICA
How long before you hear in the news *"...today, a man was charged with fraud after an energy company discovered an Arduino wired into his smart meter..."*
I do get some interesting requests to “analyze” different smart meters… But not interested in circumventing payments, everyone has to pay their fair share in a functioning society.
@@RECESSIM You may not be interested in committing fraud, but this work will make it easier for people with dodgy morals to do so. This is not a smart move!
@@debugstore It’s the cycle of life, systems become vulnerable to more and more attacks which drives better design. No external forces, no improvement. Cellular phones are WAY more secure precisely because the initial systems were not at all and people exploited them. They would still be insecure if they weren’t attacked and those vulnerabilities shown to the public.
@@RECESSIM You are looking at a very narrow interpretation of what you are doing. I get that reversing engineering is fun but it can have adverse consequences. I know one company that went bust because its brilliant product was reverse engineering in China and the market was flooded by clones. So some customers had cheap knock-offs but the person who spend months developing the product lost his business. Is that fair?
@@debugstore That’s capitalism, whether it’s China or his neighbor if someone can make it cheaper without the consumer telling a difference they buy the cheaper item. For the history of time you could buy something, take it apart, understand it and replicate it. It’s been less than 75 years that software was even a thing, and only in the last 30-40 years that we started to protect it and make it illegal to look at or share certain parts of products. What’s happened in that timeframe? Massive disparity in wealth and control by large organizations. Feels like we should be pushing back, no?
this reminds me of the blizzard lawsuit against the "glider" bot company. blizzard (world of warcraft, back when it was the biggest online game) couldnt get the company that sold the most popular bot "Glider" to stop selling its software. the program Glider was sophisticated enough to trick blizzards industry leading cheat surveillance shadow program (called sheriff? i think). Eventually blizzard was able to bankrupt the company by getting a copyright lawsuit ruling in a lower court against the small botting company, on the basis that the way Glider operated via "injection" or something. Essentially Glider required duplicating the world of warcraft game client script and then injected itself into it on the client side such that the anticheating surveillance program sheriff recognized it as self/native and went on undetected. This all sounds so similar and im no expert on copyright law but i bet this is one of the few cases that established precedence here in what youre talking about. going to subscribe and see where youre projects end up. thanks for uploading. what i wanted to know is because blizzard had to run the Glider script inorder to figure out how it was working, didnt they too commit some kind of copyright infringement by coppying the new injected programing language on their own pc's? and therefore they likely had to break the same copyright rules they accused glider of breaking rofl.
Landis+Gyr and a LOT of utilities use them, in Dallas Oncor and CoServ. You can search for BitBangingBytes on GitHub and see the gr-smart_meters code which lists a few utilities people have confirmed.
@Recessim Why don;t use quarz lighter trick? Should be working like to other electronic device? Remove quarz from a lighter, then engage electric arc from quartz near lcd side. You must find in which side. Electronics must enter to a glitch and freeze. Try that for a new video.
That's a cool idea, I have seen that method and also EMP using some other tools NewAE make. As for the first one, to trigger a glitch at a very specific time like I will need to do in order to dump the firmware I think the lighter method would be hard. I would need a way to reliably generate that spark at a specific microsecond after booting which isn't possible I think. But for general glitching I think it could work.
I work in the manufacturing of this "smart meters". The good thing about this type of meters was that the utility company didn't need to send meter reader employees.
@@KB1UIF In my country they are now working in administrative and some were reassigned in the municipalities. I don't know what the US do with your displacement workers. This type of meters were made to be the only utility meter needed in a house. It can measure water and gas consumption and send the information to the utility company.
@@RECESSIM I'm jealous of your faraday cage with gloves and viewing window. Tots cool. I think I'd like to eventually test a whole multinode mesh with a gateway which will need a little more space. ya know... get the full experience.
@@awesomedee5421 Absolutely! If you put some connectors on the side you can run large devices externally and just cable their antenna's into the box. Then run smaller devices inside the cage. Adding attenuators on the devices with antenna connections help to drop power too.
Companies are manipulate the meters. Does anyone consider that smart meter allows the power company to speed up your meter! That is why alot of people are saying the smart meters are reading more or faster.
In Australia Smart Meters are forced on all new home builders and any whom upgrade to solar. Including those who have battery backups. That said I'd like to ask you... Do you Consider the Smart meter to be a certifiable metering device?
The reason channel's like this are allowed is because it's a great way for various intelligence agencies to crowd source possible fixes for vulnerabilities, for free. I'm not saying that it's a bad thing, necessarily. Bcause at least everybody still gets to learn things they didn't already know. I'm just letting people know why certain subjects, that you'd think would've already been forbidden years ago, are allowed to stay on big platforms. These big platforms aren't just "being nice." But hey, I like learning new things, too.
So it seems like you're doing some kind of trial-and-error "brute-force" attack on the processor chip by spiking voltages with various specific input patterns and seeing how it responds. But my question is, how is that supposed to help you retrieve the full firmware on that chip exactly? Seems more likely/plausible that you'll just be interrupting normal operation with some "glitches" as you put it (which is more likely to hang/freeze the program or cause it to malfunction, surely?) - I don't see how this could actually be beneficial in a practical sense. It could take years and years of tampering and still come out with nothing, wasting all that time - right? So could you summarize the objective as follows: glitch the chip in the HOPE that by some stroke of sheer luck, the security bit be misread by the processor for enough duration that it thinks its not protected and then you can start reading the firmware with an SPI/JTAG interface? It just seems a bit far fetched that you could obtain any useful information from the chip simply by fluctuating supply voltages? What am I missing? :) This almost seems like "hollywood worthy" sci-fi fiction, lol. But respect to you for the patience to do this type of work where it may seem like you're "working in the dark" until those waveforms on the scope start to make any real sense
It's a useful method used by many people to unlock these processors. A great video to see it in action and it's explained for the most part here: th-cam.com/video/dT9y-KQbqi4/w-d-xo.html
I'm not sure what OP is going to try to do exactly, but sometimes the aim is to attempt a normal read of the internal firmware from the programming pins and just glitch out the hardware check that the code protect fuse is blown. Other possibilities are finding a timing where an address is set up to send some data externally from flash, and just keep screwing up the address over and over until it sends out something of interest. For example, if the device sends a startup message from Flash when it first boots up, that could be a prime target because the timing of it is easily accessible (it's happening in early startup, and likely the timing is identical run to run). This sort of attack gets much easier once you gain access to some of the code where you can control when it executes and then control the glitch timing against it. Like, that's to say, if you had the whole program listing in front of you, you could look through and find something interesting and say "oh, here's part where the diagnostic mode enable bit is checked, if I can convince it it's in diagnostic mode, I can just send these external commands to get control", etc. Obviously you don't have the full program listing, but if you can get a glitch to send you a part of code with something interesting in it, maybe that's enough to make more progress.
I have been able to receive and decode the transmissions of these smart meters using a device that is readily available. It's based on a SDR. Do you have specific frequencies that they use because looking at some of the data sheets of these meters they can be interrogated over radio frequencies. They may be programmable over radio too. The smart meter that was installed by the electric company in my house was done by some stupid woman that just killed the power to my house without even a warning. The next thing I hear is a banging noise as she is hammering on the old meter to get it free. I'm annoyed that the electric company can just come onto my property and install a radio transmitter without notification of any kind.
These meters by Landis+Gyr don’t work with the existing SDR tools to read meters. Working on some tools of my own though on GitHub. They operate in the 915MHz ISM band. 73
@@RECESSIM Don't hold your breath. For privacy reasons, there is the regulatory requirement that all consumption data must be encrypted. And for security reasons, commands to the meter are signed or MACed.
It is very annoying that smart meters report logging data back to base but not locally (although they do send data to the local display, so maybe one ca get useful local logging that way?) I just want logging data from my own meters. Doesn't seem unreasonable, but so far as I know is not provided.
This depends on your country and power supplier. For example, in the Netherlands, smart meters have a serial port (called "P1") that spits out the measurements every second. The UK has the option for a Zigbee-connected in-home display.
why can't you accept funds directly? There's nothing illegal about that... Because if you're worried about legality, then you should understand that even your open source software is illegal under the reverse engineering clause of the DMCA
Well I'm very excited to have ran into your channel ,your the kinda guy I personally love to learn from,and one like myself that may decide to go beyond the limits ,well you know? So anyway I'm looking forward to bumping brain cells together on this journey,and hopefully we will come up with some interesting ideas on how things work
Just subscribed.
I'm an old electronics engineer (in my 60's) and I find what you are doing, fascinating.
Back in the early days, all the microchips only had 8 legs, and I could see them all without a magnifying glass. 😁
Yea, I remember that… they also mostly had a single function and you could look at the board and figure out what it’s purpose was! Now I need a damn scanning electron microscope to figure anything out :)
That made me smile Larry, thanks. I found a TH-cam, (I think), clip at one point where someone asked how big would a modern day computer be if it was built using valve technology. Whoever made the calculation used as a base model the last computer ever to be built by IBM, again I think, which used valve technology. He then used the tech data for that computer, how powerful it was and how large it was and then multiplied it up to fit the tech data of a modern super computer and the estimate finally came out at around 340 acres, fantastically unbelievable.
@@richardchurch9709 Imagine the power draw on something that size! I wonder if he factored in the massive power generation plants that would be required
@@AndrewAHayes The mind boggles Andy.
@@richardchurch9709 And, besides the physical size and electrical power requirements, the thing would never be stable (or even work at all) due to the sheer distances of all the wiring, which would induce signal delay, be susceptible to noise, etc.
I love how far this is going! I can't wait to see the final steps one day!
There is literally so much to hack and so much to learn! By the time I get close to done, they will install a new system and I get to attack all over again!
You need at Btc wallet address on your page....
I work alongside energy providers. A UK industry approved electric smart meter has 3 anti tamper switches built in. It sends a signal if any tamper is detected. It also flags if the meter doesn't pole within a given time frame. When it flags up we get the job to attend and investigate.
I have friends working on smart meter head-end APIs here in New Zealand who are quite interested in your vids funnily enough ;) Thanks for sharing!
We’ll ALL be looking at firmware soon… 😀
This is way above my head how you work it out but interesting what you are doing, and yeah i really do think we should know what kind of data is being shared with these companies 👍🏾
The local power company swapped out my meter to a smart meter a few months ago. For over 20 years I have always consumed between 205-270 kwh per month. First bill with the smart meter was 280 kwh, second 285. Two highest months I've ever had in 22 years here! Instead of electronically attacking the meter, I just pieced together everything I need to go off grid. I'm curious what the meter will read in a few months with my main breaker turned off!
Because 2nd ver of smart allows meters to "Factor". . .they easily know load on any branch, Factor function is adjustable, causing meter to indicate anything. Instead of 1, meter may indicate 1.001, or any value. You pay for a factored reading, not actual. The excuses for doing this vary from company . . .or state.
@@jsunit5354 Clearly I've been factored and fu@ked!
I built free energy devices I'm telling you you just take a toll and they still charge you taxes like probably $43 a month it's ridiculous they are on top of things and a lot of times just keep charging the same amount 140 or $259.61 it was one month and it'll be almost the same the next month which is completely impossible and ridiculous the thing is look at the killer watch and you can see it's half is less that month because of the device that I have hooked up and it'll say oh well the computer didn't get it will be sending you a check
You got to look at the kilowatts on the bottom part of the bill otherwise I'll just keep charging the same amount every month which is I know they're lying they just take a toll and if you call them on it you see the kilowatts is different and it still charging the same amount here's what they say oh the computer didn't get it yet so we'll be sending you a check for all those months
Electronic meters and electromechanical meters react differently on distorted currents, for example from a SMPS.
Awesome explanation! Thanks for sharing your learnings with us!
Thanks! Glad you enjoyed it. Working on the next one now to show how we control the glitch in time to go from random effects to controlled disruptions with repeatable results.
I remember glitching from the days when I glitched DTV cards! very cool.
I remember hearing about that technique back then but never knew how it worked in-depth. Look forward to sharing exactly how it works over the next few videos!
Those were the Good Ole Days, the cat & mouse game was epic..
@@mrreddog agree!
I remember as well. They were called Unloopers. When your card was looped, it meant the death of it in the old smart card readers. The one way to fix it was to glitch it in an unlooper. They were expensive at first, but eventually cheap and necessary. Everyone had their favorite glitch settings, it was fun.
@@x1xBryanx1x exactly! they got good at that
Great success! I've noticed my Aussie ones have an IR IO for the meter reader, but commonly now they have a 3G or 4G modem in them. Happy to solder up something myself for you to test.
Look forward to buying some meters used in other countries as well
@@RECESSIM I'm an electrician and can get access to plenty of them, noticed too on those modems they're just serial rx tx from the meter so that might be another non destructive way in!
They might be entirely relying on the cellular network for any encryption and just sending raw unencrypted data via serial port. Or perhaps no encryption and just hoping no one can see... :)
@@RECESSIM Modern meters do the encryption on the application level. You cannot trust the mobile network operator to do it.
@@WimTon The question is what’s deployed in the field, modern anything always fix the sins of the past.
Great progress on this. Can't wait to see what happens next :)
Me too! :)
My man! Excellent clip from Sneakers!
Love that movie!
Even though I don't use these systems unless I flip on a switch in someone's establishment.
I have to say. This is the very thing that everyone should get involved in.
I have several ideas in this reversed engineering concept which we could all use today.
However there are not but a hand full of electrical engineers that have the honor and integrety to take on these tasks.
I wish I could work with this man on projects like this.
Even though my cousin is the inventor of the FIRST IC. I was never afforded training in electrical engineering, so I'm only an inventor.
But.....EVERYTHING STARTS IN THE MINDS UNDERSTANDING.
keep up the great work 👍
I'll be watching. Peace ,✌
Wow, you are related to Jack Kilby?
@@dakrontu
Yes sir. He was my cousin.
Peace ,✌
@@CKILBY-zu7fq I never met Jack Kilby. I did shake hands with J Fred and Mark Shepard while they were passing thru on goodwill tours, and I got a tour of the CIC computer system in Dallas (as I recall, 127 mag tape drives, tape numbers up in the 5 digits, 4 mainframe back-to-back redundant pairs each with about 4 MB of RAM (or maybe more, not sure, but RAM was small 4 decades ago), and a truck-size hole in the centre of the floor where they had to extend down to the floor below when they ran out of space, with hundreds of big black cables running down thru the hole). I never got to see the ASC. I was in Austin the weekend the gold was stolen (wasn't me!!!) and watched cars pass by with gold badgers going to investigate. I remember the deer in the grounds wore company badges, as did the automated mail delivery robot. Due to delays, our rental car was late being returned, so National Car Rental had informed the police to watch out for it, which may have tied in with suspicions about the gold heist.
@@dakrontu
wow brother. Thats awesome, so. How long did you work there.?
These are the stories.
So I have never been to the KILBY MUSEUM, have you been?
I would like to go one day.
Its so cool to chat with you.
You know?????
The gold went missing at the TRADE TOWER event.
They claimed it was evaporated.
But it impossible, otherwise the city would be covered in gold just like they coat glass.
SO.... I BELIEVE WE SEE THE USE OF THAT GOLD EACH DAY THIS TYPE OF PEOPLE IN OFFICE FIND WAY MORE MONEY THEN ANYONE ELSE.
So, it makes me wonder, who where why and how.
PEACE BRO.✌
@@CKILBY-zu7fq 8 years. As a software developer. Us softies were always treated as leftie 5th-columnists by the hardies. It was my time in the fast lane, travelling a lot. TI, the hire'em fire'em company, was boot camp for many new engineers. If you worked there and thrived, you were sought after. One of my colleagues was the guy who got company policy changed so he could wear Bermuda shorts to work. Engineering was a seat-of-the-pants activity back then. Today it is much more formalised.
your process reveals a ton of info, thank you
Very cool. Having read Colin O'Flynn's new book, I'm looking forward to seeing you put some of those techniques to work. Good luck!
I really enjoyed that book as well, definitely worth the money to see state of the art attacks documented well.
Nice work fella. Keep on a working with 0's and 1's for total control.
Appreciate that! Only 10 type of people in this world, those who understand binary and those who don’t get this joke! 😀
@@RECESSIM Right on binary brother. That is what control's literally the world right now. v
No idea where this is gonna take you but I had to subscribe. Too damn cool!
This is so interesting!
Glad you enjoyed it
When I was growing up. I remember my mother had a friend come over and pull the power meter out and turn it upside down and plugged it back in. So we could use the crap out of the power for 2 weeks . The meter was running backwards.. Then the guy came back and pulled it out and turned it right side up and plugged it back in. So we could use the crap out of the power again. Sorry but my dad wouldn’t pay my mother child support. Why? Because they didn’t have that program back then.
A bit of addition to "38911bytefree": there is no real requirement to keep the meter's firmware secret (mainly IP protection). As part of the security certification, the certifier may even get access to the source code to search for vulnerabilities. And in many cases, even the commented source code is pretty incomprehensible for the uninitiated.
The main protection is that every meter has individual cryptographic keys.
As smart meters are a very cost-sensitive product, all unnecessary functions are omitted (memory costs money). Often not more than an RTE such as a stripped-down ThreadX or embos. The attack surface is small, the devices use only one protocol (ANSI in the USA, DLMS in pretty much the rest of the world).
The special cable you need. Is an IR input output cable. On the front right of the meter you’ll see 2 round IR diodes. One is output one input. That’s how they communicate to a laptop. It’s basically the smart meter network cable. The plastic cover normally has a triangle directly in front of the IR port. It’s what aligns and holds the programming cable to the meter. They plug in via usb to the laptop. The program sends the information @ 9600 baud and the same 16 bit data you already have created.
I am a magnetics and different forms of electricity specialist. I have also noted weird behavior when using some specialized transmitting equipment not even too near to computers... Yes, you are very right on your approach. ... Have you watched Ben Gurion university hacks? They also boast a lot of different types of attack possibilities. I am very interested in this reserach you are conducting as it is one of the key areas of the fabric :) . I have created self charging power sources and quite some other types of more exotic devices so I am always open to watching new avenues. This Smartmeter hacking is very tantalizing. You hit right on spot with the importance of this project. Congratulations!
Now this has me pondering if there would be any useable benefits to employing such a method as this to automotive applications? Fascinating video sir and though, in the words of Sgt. Schultz, "I know nothing", I'll definitely be tagging along for this one. Thank you for the video!
Hacking our cars to unlock features we didn't pay for but are in it anyways is 100% the future
@@saxtonhine4843 No doubt about it I agree! To some degree though we've been doing a form of it for years, it just been called "modifying". At least from an analog standpoint haha! Where I am at with it is having the ability to flash a PCM/ECU for updates instead of taking a vehicle to a stealership. Honda already offers them for free for most of their's as far as I am aware. One just needs a VAG OBD cable I reckon and a laptop and they can perform drivetrain updates on them.
@@betterthannotgoodmtb Same with toyota ;)
You can catch up to see if they're skimming and they usually are because how could the power bill be the same amount 25169 and 251 60 next month completely impossible
I have been refusing smart meters for years now. Never was I going to let something like this even near my home.
Until now. Now I wanna explore these evil things. 😂
Haha!
There is a guy who did a similar technique to break into a bit coin wallet, did you see that video?
Joe Grand? Yea, great video!
Yeah crypto is not as safe as it is supposed.
Amazing video, so detailed! Just curious, how do you get so much time to do such deep work on this? Are you a full-time cybersecurity analyst for smart meters or is this a personal interest/hobby?
I’ve just loved electronics, programming and reverse engineering since I was a kid. I keep trying to learn something new every day and over time it adds up.
I don’t have a particular draw to smart meters other than they are a fun target with RF, microcontrollers, lack of documentation and they’re deployed everywhere for long periods of time. A fun way to do black-box attacks… Like playing Chess ♟️
really diggin' this.
Glad you like it! Thanks for commenting.
Oh thank heavens. You stil need physical access for attacks like this, so I'm fine with those. It's the potential for remote attacks that concern me most.
This is all just laying the ground work for a remote attack. First is physical to gather intelligence to construct a remote attack.
First video of yours I've clicked on. Very intriguing subject. I definitely dig both the technical challenge and the phreaking. But, I'm 98% certain the current reading of the laws could put using this type of device to tamper with the truthful readings of an electric meter firmly in the illegal category... That said... Good stuff. Subscribed! 👍
98%? Ummmm 100 percent certain it’s illegal to do this to the meter one is using on their house! Anything used to defraud a utility….. well anyone really is illegal.
Hash, good stuff. Distributech International is in your back yard May 23-25 with every smart meter manufacturer attending - in case you're interested. 🔌
Thanks for the tip! Probably a great event to check out what will eventually replace what I’m playing with now.
Wow. You are providing a great service. Love the movie clip
0:29 - Anybody remember how to defeat an electronic keypad from the 90s ?
- Don't even joke about that Martin, those things are impossible...
X'D
My interest in your pursuit is mundane but has benefits to all of us who use the services of the electric companies.
While living in my mountain home in Costa Rica paying about $75.00 monthly one month it skyrocketed to $350. Thinking the decimal was erroneously positioned , I went to the GOVERNMENT electricity company( ICE) and waited to see an ICE rep. While in line two other people had a similar issue and we all allow could hear the ICEagent tell (accuse)both customers separately that THE CUSTOMER was responsible for the excessive monthly usage charge , claiming that the customer was having many lights on, cooking up excessive pork rinds, Ticos love making Chicharones, or that their was a short in their home electrical system and a few other made up contrivance!! Sadly the poor customer paid the bill. The EXACT accusations were leveled against me !! And under duress I paid my electric bill.
In the few days following on a local FB page I noticed a lawyer named Mauricio , who spoke perfect English and was a Fan and could recite passages verbatim of the Classic Movie
The Princess Bride,,, from San Jose, who has a rental property near the village of Ojochal was asking about anyone else incurring excessive electricity service charges!! Hmmmmmm. A random pattern was becoming Obvious! I'll cut to the chase ! I confronted the ICE agent with photos of my meter reading and asked for their recording of my meter reading and their reading was blatantly five times higher and apparently ICE was sporadically and without remorse continuing their fraud ! While THE Particular month's charge was adjusted they wouldn't lower or refund the previous months!!
I began demonstrating through local community media how to combat this fraud and then ICE started intermittently cutting my power and also threatening for me to move my meter from my house to a half mile away ! The resulting cost of that possibility had me bite my tongue and coupled with their border customs immigration service agent threatening to not allow me back into ( PURA VIDA) Costa Rica I decided to sell and return to the US.
Fast forward my to my new residence here in the Eastern Appachian foothills of Kentucky where I have a main cabin and an empty horse barn with one light in use and with a spot electric heater for a tool room I was being charged almost as much electricity for the barn as the main cabin which has all the normal appliances and then some.
So I performed a simple test. I deliberately ran the spot heater ,1500 watts , in my barn for an hour observed the usage showing on the Smart Meter display and then ran the heater in the main cabin for an hour and the meter reading was 3 times higher that the main cabin meter reading!!
So call my provider and alarmingly I notice similar condemnation of my usage as in Costa Rica. The agent said that the meter CANNOT be Manipulated or Hacked and I'm still waiting for a replacement meter and as of March 10th 2022 no replacement .
The claims of replacement of the previous Analogue meters with the present Smart meters is to have customers be charged more equitably for usage during peak hours of The Day and less at night when usage is less ,, well that is BS . Are we to NOW supposed to cook clean bathe perform work tasks from 7pm till 5 am ??
I think your quest may be more beneficial than you think!!
What do you think??
Thanks a lot for a very interesting comment! I've heard a number of stories like this, so I don't think you are alone. There are a lot of factors that could go into something like this, but regardless as a consumer I think it's hard to prove your case and have the power company care. They don't make money lowering people's bills or discovering issues that lead to less revenue!
@@RECESSIM Bypass the meter, "They steal from you , So you steal from them"
Some electricians would have no problem helping you.
Had a similar "glitch" with my power last winter, try deep-throating an $800 power bill...
Here in Aus, most of our meters are being replaced, so no real choice in that matter, and my issues were on a 'normal' power plan. Switched to the "smart" plan for testing on my new place - at least they can give me some data! (The fact that there is a time chart can allow me to precisely quantify this shit)
If you thought paying too much for power is crook, try getting a solar installation; after you generate more power than you consume, the utility stops counting the power (they USED to rack up a negative bill if you generated heaps, and managed to offset your usage + connection fee)
And recently, they dropped the value of generated power - such that you continue to pay top dollar, maybe 40% less...
It's funny seeing houses with all the kit necessary to run self-sufficiently, but doing the exact opposite!
Same thing happened to me. Notice that the News Consumer advocates will never cover this story about thieving utility companies and smart meters. They are too busy chasing Mexicans who cross the border illegally. They like coming after the poor and helpless who have no voice. But come after the big boys who steal a lot more. Nope. They stay away from that.
Consumer advocates are worthless.
I build free energy devices that pull from the environment to work well they save about 60% they have no moving parts it just goes to show that the AC current wire is leaked current sideways here's the thing I have people that obtain these devices and it shows the kilowatts being half as much and they're still charging the same amount for the month and you they called them and ask them why it's still the same and kilowatts is different and they said oh the computer didn't get it yet so we're going to go ahead and send you a check for every month that was off on a map the kilowatts changed on the bill but they still were charging them the same amount every month
I wrote software for two of these types of meters. They have two basic functions, to meter the power being used and to send it upstream to the power company. The former you can easily do without messing with the meter simply by hooking an ammeter arrangement up to (say) a Raspberry PI. You can even do that without breaking the circuit (non-contact ammeter). If you are interested in verifying your power bill is correct, that is the way to go.
The other purpose would be breaking into the billing part to scam the power company. It would be a lot of work to do, and the power company can do things like tally the individual meters against the power consumption for the whole neighborhood to trace down who has broken into their meter, resulting in anything from having your power cut off to jail time.
I agree with Scott just use an amp meter and record everything that the power is being used in the dally up to see if it lines up with the bill if they're charging you
Here's something I build free energy devices that work in the first state of matter and the thing is that these devices condition the house and save electricity about probably up to 60% sometimes the deal is they're not illegal or anything and they work well and sometimes I have to call him and tell him look the kilowatts is different but why you charge me the same amount and then they say well the computer didn't catch it yet and will be sending you a check
I agree with Scott. I would just comment that most smart meters also allow the provider to Factor the meter. Pick any value you wish, ie 1.10, which would have your meter read 1100 instead of 1000. The excuses are many, from fuel adjustment to peak-vs- non-peak periods. The factor can be changed at any time, easily handled by an algorithm in the program. It can be set to gradually increase the factor as a user consumes various levels; the first 1000KWh can be at a base-rate, then factor-up for usage beyond that level.
The first line of defense is "Our meters are very accurate. We constantly test to assure customer confidence in our product and service "
You can feel free to change the boiler-plate verbage as you wish.
I think my smart meter is picking up multiphase, var freq motors pulses and running my bill up 30+% .
Glanced past your channel and it seems like you're more interested in the meter boards when all the juicy attack surface is on the multiple AMI chip vendors. FYI, what you're examining is simply the board that provides basic volt/amp/angle/phase info to the meter. Every single manufacturer has multiple RF/PLC chips that go into their meters. But I would hope you know that. For instance, that Landis & Gyr meter you show has no less than 20 companies making AMI chips for it. If you want to attack one, start with it's modulation interface which is always handled by the AMI vendor. You wanna reset your meter? Change the read? Disconnect/reconnect? Change the MAC address? Date/time? Intercept interval usage? Set outage notification? Voltage notifiers? Temperature? Tamper indication? All handled by the vendor chip.
Are you referring to the Teridian chip in the case of these meters?
You sir! You are my new favorite channel !
you are a national asset.
Thank you for showing the vulnerability of UK smartmeters.
Eagerly waiting for the next update 😬
Thanks, will try to post sooner if only to share progress so you aren't waiting forever!
Ive been curious about these smart meters and wondering if there was even a way to read my usage and compare it to my IOTaWATT. This is really cool and takes that idea to the next level.
Subbed!
Thanks, seems a lot of people are curious like I am. We’re gonna keep digging until there’s no where left to go!
I like to find a way to make my light bill cheaper 😋
Good Ole HP48G ! Loved that thing. Now I need a backlight, so went with that HP.
Lol...video brought back memories. I remember "glitching" HU satellite cards back in the early 2000s.
It would seem that anything digital can be hacked …… in time.
Precisely, if you are planning to let something live in the wild for a long time, you better also have a plan on how you address the inevitable vulnerabilities.
Loving this
You mean the built in back door they engineered into all our chips. Gotcha...
ive installed a bunch of mod chips and this is so cool.
Look forward to EVERYONE dumping firmware!
The RGH hack for Xbox 360 lives on with this man haha!
Their lawyers are working full time.
This is great!
Sounds like fun maybe when I was much younger . Have fun and screw with the system as much as possible. They need to know we can mess with then.
I agree completely, systems of power must be checked
This meters have really complex SW models regarding SW separation to protect the legally relevant sections that are sensitive since they are related to billing. On the other side, you cant hide (to their systems) that the meter has been tampered with, and even when you are able to do that, you will trigger alarms on their systems, as they keep analizing and comparing anything with your historic. I suggest you read the current regulations for this kind of devices and how Utilities work. This is, nice as project, never attemp that on a real billing device. They can submit the meter to its manufacturer for audit when in doubt. And yes, THIS IS THING. It is way more recilient than you think.
Thanks for your detailed comment, I’m interested in the overall design and security as it relates to devices like this living in the wild for 10+ years. Not really interested in stealing energy, but any vulnerabilities in the design are definitely of interest.
@@RECESSIM I know it is not you point of interest but probably some viewer could find this "useful" LOL. Sure they have vulnerabilities ... But even if you get the code, you wont find nothing interesting on it ... believe me. The metering part could be derived from some app note (or not), but ussually full of intricate stuff, with parts in ASM, digital filters etc. The application section ... you need to understand how a multi rate meter works, rate scheduling, profiles for Energy, RMS, billing, tons of logs, alarma controls, demand control ... and when you get into the protocol part, you will fell asleep if the meter is intended to be sell in Europe ... its implementation is probably as complex as a TCP / IP stack but useless outside this industry. This protocol models a generic device with n generic objects, implementes a number of logical servers ..... BORING AS HELL. It goal was to be "interoperable" ... LOL. If meters is intended to US market, probably still dealing with old ANSI legacy stuff ... but still pretty criptic since is table based mostly works under base addr + length read and writes. If you dont have the dictonary ... good luck.
@@38911bytefree that's what i was thinking - it would be an awful lot of work to go to to get caught stealing energy anyway!
@@billynomates920 Across the years analitics have been taken an important place. The solution that manage the Smart meter on field, is actually a suite of services, with different modules you can pay extra for. And one of their modules is Non Technical losses (basically .... fraud detection). 20 years ago, the meter was the money keeper ... a little "safe". Today they keep polling the meters so the dont need to rely on the meter as a "safe" anymore. More like and audit / telemtry device IMHO. Metering part can be very complex (avawy from calculations) but security, networking, data transport, protocols are probably more bigger and complex thant metering part itself. It is like a GPRS / PLC / ETH with Metering LOL. Some meter act as gateways or repeaters, helping to build up the network. It is a network device.
If he can gather the software for the specific meter he has… then he can always delete any tamper triggers. Shit… he can even change the Ratio at which he is charged to like… .10:1 for every dial increment rather than 10:1 😂 but… idk.
Love it, go for it.
💪🏽
This is very interesting. Thank you
You need to be careful It is possible for a brownout to find reflash code and completely erase the flash in that Atmel processor.
Luckily I have a few meters to test on, but if one happens to wipe unexpectedly some protection or accidental activation of code could be the case like you mention.
first time watcher.. you just showed up in my list of things to watch. Love this.. Ive used voltage glitching before, I have actually seen it done purposely by a manufacturer to prevent someone from using a generic version of a device in place of their proprietary.. send a voltage "glitch" and if the processor didnt behave as they expected they assumed it was a virgin device.. ive never messed with smart meters.. my area mostly is in messing with the chinese Air conditioners (mini splits).. to make them do what i want .. they also use Atmel micros.. so ill be interested in watching more vids to see how you spring these devices open
Thanks! That's interesting they used glitching as a way to check for an authentic device. What sort of device was this? High dollar specialized equipment or consumer grade? Playing with glitching tools has always been interesting to me, nice to make some videos to focus the learning a bit. Glad you enjoyed it.
@@RECESSIM High dollar.. it was a Voicemail system back in the late 90s.. the Voice processing cards were sold by the manufsacturer in generic form that anyone could buy.. the particuar voicemail company wanted you to buy their OEM named card which was 3X the price.. since the interwebs were new and everyone pirated everything.. the Special firmware was easy to get and field load.. so they turned to hardware.. they actually separated 2 of the Power supply pins.. or should I say they "burnt one out" and the chip would still work except for a certain function.. so the voicemail system called on that function.. if that function succeeded they new the board was generic even if the proprietary firmware was loaded.. most people gave up when the board didnt work out of the box.. a few more tried the firmware.. but only a few went further to dig.. wow if we only had today's debugging tools back then!!
@@eldoradoboy Wow! Yea, very interesting. Equipment like Smart Meters and other stuff with a long life in the field is very interesting to me for that exact reason. The tools to attack are progressing at a rapid pace, but the equipment in the field is still using yesterdays technology that becomes more vulnerable every day.
@@RECESSIM a lot of devices are built with a probable impact of breach engineering.. exploiting a smart meter and cracking the hashes related to turning on or off the power to the building has a High impact.. but hacking the meter with the intention of reduced cost electricity has a low impact.. the power company profiling is designed and getting better at detecting pattern changes in usage.. if they come to your house and determine the meter is "bad" ie recording 10% less than actual usage, then they replace it.. and expect to see an increase of 10% over prior profiles.. smart meters are pretty well protected against physical access since you get heavily fined by the power company if you cut the tag-lock and pull the meter.. in that case as a manufacturer you would design for highly secure comms but not necessarily so much against physical breach.. so if it can be hacked and firmware replaced OTA thats a HUGE vulnerability.. but if you have to open it up and JTAG it.. thats a non issue in the real world..
@@eldoradoboy Agree completely, getting the firmware is just to enable debug mode on a meter I control and to search for OTA vulnerabilities as you mention.
If you don't get it. Why are you even commenting?
No, no, don't even answer. Obviously I I just made a mistake to say that.
What I mean is that mabe you should gather up some comprehension and reading skills.
No, no, no, obviously thats not going to help you.
So.... just ignor it because I'm not going to explain anything to the one who has this type of response.
Oh,, yea. ..
I'm not being rude. But I can't be squandering away my time with unreachable minds.
Ok peace.
Reading the transmitted data would be interesting. There is a cell and a repeater network signal output. That's what an employee divulged.
You can share the ' spec sheet ' of the firmware. Do some research of the BIOS wars and how cloned BIOS was done legally. They had 2 teams, first dug in the code and created a list of data points, pointers ( with different names than the original ) and basically a ' spec sheet ' of what it did, the second team took the data, a motherboard with no ROM and made their own. The ' team two ' aspect would be the rest of the world. It's still considered Case Law in the USA, just ask AMI Bios.
Thanks for reminding me of this, I remember reading about that.
Copyright law in the USA allows reverse engineering of software for the purpose of learning how it functions/behaves and to interface some new software with with the old software. So basically only the original code cannot be duplicated, but the API is fair game, and you can distribute a bit of foss (written from scratch) to access that api.
Yes that is what is known as cleanrooming, typically you would also have the companies patent lawyers looking over everything sent from the analysis team to the design team too. That is to say checking to make sure nothing slips though that would contaminate the new product, you don't want things slipping though that read like a paraphrasing of the competitors patent claims on one of the parts for example. So they are usually involved to make sure nobody opens the whole thing up to liability by being a little too on the nose with their documentation.
@@seraphina985 Thanks for the additional information, that’s very interesting!
if you tamper with a meter, that’s theft of service. Your service will be turned off. When they catch you, you will have to pay a large deposit and a large fee and pay for the meter. You have tampered with to be replaced.
after of year of behaving yourself, you will get all your money back with interest.
I am retired from an electric utility company, and I worked in the field, doing investigations as well as other duties when people would move in, or move out, needed their final bill, or a beginning bill, or if they have not paid, I was sent out to turn the service off. When they paid a reconnect fee and a deposit and their entire balance., they would send me out to reconnect the service.
I can’t begin to count how many theft of service situation’s I encountered .
hundreds
Sure there’s lots of ways People can bypass the meter... but don’t get caught… just a simple decline in your average bill year to year will trigger an investigation..
but just consider this. Would you be better off without electricity service at all?
I am now hooked!
Really like your videos, thanks for uploading them. Is their any chance that I could get a copy of your C code and python script that you used just for my own interest. Also the chip whisperer you used. Is that the CW 1173 lite version or some other ?
Correct, it’s the CW-lite. Happy to share any code, find me in discord or send me an email. The Glitchy app I have on GitHub might also be what you can use now.
github.com/BitBangingBytes/Glitchy
"Smart Meters are Vulnerable to this Attack..."
"What is a claw hammer?"
DING DING DING!
Hell yeah. Thats what I'm saying, but we will never see this type of Independence because we are out numbered by the other part of society that are the very reason why this garbage still exists.
Peace ,✌
@@CKILBY-zu7fq I don't know what you are talking about. I am not being sarcastic or rude, I just have no idea what your point is.
@@theephemeralglade1935
Another 💩🤡?
It is great how bad ass I feel, just by drinking half a bottle of sweet white wine and watching one reverse engineering hacking video on youtube...
Save the other half of the bottle for the next video I should have up in a day or two! Badass^2
If the meter is really smart it will report the tamper attempt before you could even start glitching it.
Definitely it would, but these are meters I purchased myself to play with so they won’t be reporting anything back to anyone 🤫
@@RECESSIM If you are already inside the meter, why not jtag it and download the firmware?
@@TheVirtualWatcher They set the security bit so JTAG and SWD are locked, can’t access the chip at all.
@@RECESSIM 🙂
@@TheVirtualWatcher Don’t worry though, it’s just a matter of pressure and time… I will be applying both 😉
Very interesting. My city currently does not have smart meters. The one on my place is digital but not connected to anything else and quite a few around town are the old analog ones. They are wanting to change that so they can do prepay, monthly average billing, and a few other things. I have heard that the way the digital ones figure a KWH is different than the old analog ones but have no clue. I have my own meter based off of an ESP32 running ESPHome hooked up to the main panel feeding data into HomeAssistant so it will be interesting if there is a difference from the old meter to the new ones if they are put in.
Sharing software in this case is not copyright related but it can still get you into trouble. Just doing it can get you into trouble.
do these run an interface on a handset that accepts commands like an ip camera?(does it have a webserver for meter readers to use the handset?) sometimes those commands are passed as system and you can make it do interesting things like keep cycling a reboot until it goes to a debug mode where you can pull the entire file directory all firmware and drivers
Here's a question with a problem this video would address... My water meter is wireless and 'read' by the water company from a truck that parks across the street. Ironically, or not so much, my water minimimal water draw is usually almost exactly the same every month... but 2-4 months for the past few years the meter 'reads' almost twice or more water randomly some months... there's NOTHING that draws an extra 1000-2000 gallons a month possible around here.. not even a dishwasher or clothes washer. My theory is the guy is occasionally reading the house across the street with a family of 5 that easily uses the spiked amounts I randomly see. They say nope, that's your water bill but it's not possible to randomly change like that over the past few years. They already made a $500 error misreading 1 first number a few years ago i had to fight to reconcile, them always telling me i'm wrong... but they found my old meter and a pic of it, and I was right about a 1,000 gallon over charge. So... I bet here is where we can figure out if they guy is getting 'mixed signals' from the wireless meters, or it's the mixed signals in their head I have to straighten out once and for all. You have your mission. What say you all?
I have a couple water meters I took apart, but crossed signals doesn’t seem likely. They probably transmit a serial number followed by your reading. The ones I have show the reeding with an analog odometer looking display. I would check to see if that matches your bill. If so, perhaps you have a problem pipe or something else causing water loss. If not, then perhaps it’s the meter, but I wouldn’t jump to that as the first thing.
i love ur acting buddy
🙏
Ok so how many people watched this looking for a way to not have to pay a power bill and/or turn their power back on after it was cut for nonpayment of a bill...
But hey peep this out: I pay my "Open Source" bills "For Educational Purposes Only" when they are due so I can keep my "Glitched" power on.
Great work, You have invested many hours! Do You have any idea on how people inject a frecuency thru a capacitor yo isiste from the 220 volts backwards tord the meter, I meen from inside a house and it confuses the meters sensor? Cheers from SOUTH AMÉRICA
How long before you hear in the news
*"...today, a man was charged with fraud after an energy company discovered an Arduino wired into his smart meter..."*
I do get some interesting requests to “analyze” different smart meters… But not interested in circumventing payments, everyone has to pay their fair share in a functioning society.
@@RECESSIM You may not be interested in committing fraud, but this work will make it easier for people with dodgy morals to do so. This is not a smart move!
@@debugstore It’s the cycle of life, systems become vulnerable to more and more attacks which drives better design. No external forces, no improvement. Cellular phones are WAY more secure precisely because the initial systems were not at all and people exploited them. They would still be insecure if they weren’t attacked and those vulnerabilities shown to the public.
@@RECESSIM You are looking at a very narrow interpretation of what you are doing. I get that reversing engineering is fun but it can have adverse consequences. I know one company that went bust because its brilliant product was reverse engineering in China and the market was flooded by clones. So some customers had cheap knock-offs but the person who spend months developing the product lost his business. Is that fair?
@@debugstore That’s capitalism, whether it’s China or his neighbor if someone can make it cheaper without the consumer telling a difference they buy the cheaper item. For the history of time you could buy something, take it apart, understand it and replicate it. It’s been less than 75 years that software was even a thing, and only in the last 30-40 years that we started to protect it and make it illegal to look at or share certain parts of products. What’s happened in that timeframe? Massive disparity in wealth and control by large organizations.
Feels like we should be pushing back, no?
this reminds me of the blizzard lawsuit against the "glider" bot company. blizzard (world of warcraft, back when it was the biggest online game) couldnt get the company that sold the most popular bot "Glider" to stop selling its software. the program Glider was sophisticated enough to trick blizzards industry leading cheat surveillance shadow program (called sheriff? i think). Eventually blizzard was able to bankrupt the company by getting a copyright lawsuit ruling in a lower court against the small botting company, on the basis that the way Glider operated via "injection" or something. Essentially Glider required duplicating the world of warcraft game client script and then injected itself into it on the client side such that the anticheating surveillance program sheriff recognized it as self/native and went on undetected. This all sounds so similar and im no expert on copyright law but i bet this is one of the few cases that established precedence here in what youre talking about. going to subscribe and see where youre projects end up. thanks for uploading.
what i wanted to know is because blizzard had to run the Glider script inorder to figure out how it was working, didnt they too commit some kind of copyright infringement by coppying the new injected programing language on their own pc's? and therefore they likely had to break the same copyright rules they accused glider of breaking rofl.
I think I've been watching ur tiktoks for awhile
Thanks for checking out the TH-cam channel
Yah got me in the mood to rewatch sneakers
Such a great movie
Who's the manufacturer of the meter and what power company uses it?
Landis+Gyr and a LOT of utilities use them, in Dallas Oncor and CoServ. You can search for BitBangingBytes on GitHub and see the gr-smart_meters code which lists a few utilities people have confirmed.
@Recessim Why don;t use quarz lighter trick? Should be working like to other electronic device? Remove quarz from a lighter, then engage electric arc from quartz near lcd side. You must find in which side. Electronics must enter to a glitch and freeze. Try that for a new video.
That's a cool idea, I have seen that method and also EMP using some other tools NewAE make. As for the first one, to trigger a glitch at a very specific time like I will need to do in order to dump the firmware I think the lighter method would be hard.
I would need a way to reliably generate that spark at a specific microsecond after booting which isn't possible I think. But for general glitching I think it could work.
@@RECESSIM Just discharge. Thats all. In first minute of this video, you see the ideea. th-cam.com/video/N31kQzxk7BQ/w-d-xo.html
@@ciobanurivelino3844 You missed his point, how do you time the discharge exactly at the required time after a processor reset?
If that works, the designer did a bad job ...
Too less energy! One of the tricks I heard off, was to put a coil of a few turns in series with the flashbulb of a single-use camera.
What app are you using to get the data sheets? Is it free, or what is the cost?
as a catchall, i'll just throw in "ALLEGEDLY" on your behalf :)
I work in the manufacturing of this "smart meters".
The good thing about this type of meters was that the utility company didn't need to send meter reader employees.
So it put someone out of work!! Is that really a good thing ?
@@KB1UIF
In my country they are now working in administrative and some were reassigned in the municipalities. I don't know what the US do with your displacement workers.
This type of meters were made to be the only utility meter needed in a house. It can measure water and gas consumption and send the information to the utility company.
@@KB1UIF yes, especially when the city is a pain about any solar that isn’t tied into their net-metering.
I'm in the acquiring hw fase. and reading the phabulous manuals fase. this will b fun. thx
Very cool, I've yet to meet a piece of hardware I didn't want to buy!
@@RECESSIM I'm jealous of your faraday cage with gloves and viewing window. Tots cool. I think I'd like to eventually test a whole multinode mesh with a gateway which will need a little more space. ya know... get the full experience.
@@awesomedee5421 Absolutely! If you put some connectors on the side you can run large devices externally and just cable their antenna's into the box. Then run smaller devices inside the cage. Adding attenuators on the devices with antenna connections help to drop power too.
Companies are manipulate the meters. Does anyone consider that smart meter allows the power company to speed up your meter! That is why alot of people are saying the smart meters are reading more or faster.
Since we are in real danger of an EMP attack, how would that effect these smart meters verses the older mechanical one?
In Australia Smart Meters are forced on all new home builders and any whom upgrade to solar. Including those who have battery backups. That said I'd like to ask you... Do you Consider the Smart meter to be a certifiable metering device?
The reason channel's like this are allowed is because it's a great way for various intelligence agencies to crowd source possible fixes for vulnerabilities, for free. I'm not saying that it's a bad thing, necessarily. Bcause at least everybody still gets to learn things they didn't already know. I'm just letting people know why certain subjects, that you'd think would've already been forbidden years ago, are allowed to stay on big platforms. These big platforms aren't just "being nice." But hey, I like learning new things, too.
Gotta start a Patreon with a three-letter-agency subscription tier 😀
@@RECESSIM that's hilarious
Here from. Tik tok! Love the content.. Hardwear cracking was a interest of mine!
Thanks for following me! If I can clarify anything or answer any questions hit me up on TikTok/Twitter.
Awesome 🏴😁
nice scope man
Thanks, recently upgraded and it’s nice to have some newer features like connecting to it via computer
in my country there is no smarmeter network. they just dump prepaid meters. you enter code and enables more eletricty units
So it seems like you're doing some kind of trial-and-error "brute-force" attack on the processor chip by spiking voltages with various specific input patterns and seeing how it responds. But my question is, how is that supposed to help you retrieve the full firmware on that chip exactly? Seems more likely/plausible that you'll just be interrupting normal operation with some "glitches" as you put it (which is more likely to hang/freeze the program or cause it to malfunction, surely?) - I don't see how this could actually be beneficial in a practical sense. It could take years and years of tampering and still come out with nothing, wasting all that time - right? So could you summarize the objective as follows: glitch the chip in the HOPE that by some stroke of sheer luck, the security bit be misread by the processor for enough duration that it thinks its not protected and then you can start reading the firmware with an SPI/JTAG interface? It just seems a bit far fetched that you could obtain any useful information from the chip simply by fluctuating supply voltages? What am I missing? :) This almost seems like "hollywood worthy" sci-fi fiction, lol. But respect to you for the patience to do this type of work where it may seem like you're "working in the dark" until those waveforms on the scope start to make any real sense
It's a useful method used by many people to unlock these processors. A great video to see it in action and it's explained for the most part here: th-cam.com/video/dT9y-KQbqi4/w-d-xo.html
I'm not sure what OP is going to try to do exactly, but sometimes the aim is to attempt a normal read of the internal firmware from the programming pins and just glitch out the hardware check that the code protect fuse is blown. Other possibilities are finding a timing where an address is set up to send some data externally from flash, and just keep screwing up the address over and over until it sends out something of interest. For example, if the device sends a startup message from Flash when it first boots up, that could be a prime target because the timing of it is easily accessible (it's happening in early startup, and likely the timing is identical run to run).
This sort of attack gets much easier once you gain access to some of the code where you can control when it executes and then control the glitch timing against it. Like, that's to say, if you had the whole program listing in front of you, you could look through and find something interesting and say "oh, here's part where the diagnostic mode enable bit is checked, if I can convince it it's in diagnostic mode, I can just send these external commands to get control", etc. Obviously you don't have the full program listing, but if you can get a glitch to send you a part of code with something interesting in it, maybe that's enough to make more progress.
I have been able to receive and decode the transmissions of these smart meters using a device that is readily available. It's based on a SDR. Do you have specific frequencies that they use because looking at some of the data sheets of these meters they can be interrogated over radio frequencies. They may be programmable over radio too.
The smart meter that was installed by the electric company in my house was done by some stupid woman that just killed the power to my house without even a warning. The next thing I hear is a banging noise as she is hammering on the old meter to get it free. I'm annoyed that the electric company can just come onto my property and install a radio transmitter without notification of any kind.
These meters by Landis+Gyr don’t work with the existing SDR tools to read meters. Working on some tools of my own though on GitHub. They operate in the 915MHz ISM band. 73
@@RECESSIM Great thanks for that info. I'm looking forward to trying out any new software in the near future. Thanks again. 73.
@@RECESSIM Don't hold your breath. For privacy reasons, there is the regulatory requirement that all consumption data must be encrypted. And for security reasons, commands to the meter are signed or MACed.
Going to have to find a script to disable apps for incoming visitors!
It is very annoying that smart meters report logging data back to base but not locally (although they do send data to the local display, so maybe one ca get useful local logging that way?) I just want logging data from my own meters. Doesn't seem unreasonable, but so far as I know is not provided.
This depends on your country and power supplier. For example, in the Netherlands, smart meters have a serial port (called "P1") that spits out the measurements every second. The UK has the option for a Zigbee-connected in-home display.
S.M.A.R.T. S.ecret M.ilitary A.rmaments in R.esidential T.echnilogies
♥️
This is awesome
why can't you accept funds directly? There's nothing illegal about that...
Because if you're worried about legality, then you should understand that even your open source software is illegal under the reverse engineering clause of the DMCA
Smart guy, you'd have thought he'd know how to pronounce solder though! Who fights in your army? Soddiers? If you sell your house is it sod?
Same technique (glitch) used to access a crypto hardware wallet already done on TH-cam.
Yea, Joe Grand, a great video to watch.
Well I'm very excited to have ran into your channel ,your the kinda guy I personally love to learn from,and one like myself that may decide to go beyond the limits ,well you know? So anyway I'm looking forward to bumping brain cells together on this journey,and hopefully we will come up with some interesting ideas on how things work