Electromagnetic Hypersensitivity and You
105
Wesley Wineberg B-Sides Vancouver 2015
-
Upload
synack -
Category
Technology
-
view
402 -
download
0
Transcript of Electromagnetic Hypersensitivity and You
Wesley Wineberg B-Sides Vancouver 2015
• PORT NAME: determined by OS • BAUD RATE: 115,200 • DATA BITS: 8 • STOP BITS: 1
<Command> <Name>get_device_info</Name> </Command>
<DeviceInfo> <DeviceMacId>0xFFFFFFFFFFFFFFFF</DeviceMacId> <InstallCode>0xFFFFFFFFFFFFFFFF</InstallCode> <LinkKey>0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</LinkKey> <FWVersion>{string}</FWVersion> … </DeviceInfo>
<NickName>test</NickName>
<Command> <Name>set_meter_info</Name> <NickName>testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest</NickName> </Command>
<MeterInfo> <DeviceMacId>0xd8d5b90000001e74</DeviceMacId> <MeterMacId>0x00078100008dc8e6</MeterMacId> <Nickname>testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest</Nickname> <Account>sttesttesttesttesttest</Account> <Auth></Auth> </MeterInfo>
/debug /trace
stringBuilder.AppendLine("<command>");
stringBuilder.AppendLine("<name>image_block_dump</name>"); stringBuilder.AppendLine("<offset>0x" + offset.ToString("X8") + "</offset>"); stringBuilder.AppendLine("<blksize>0x" + blksize.ToString("X2") + "</blksize>"); stringBuilder.AppendLine("</command>");
echo -e $(cut -d',' -f4 spi.txt | sed -e 's/0x\(..\)\.\?/\\x\1/g' | tr -d '\n')
JN5142 and JN5148-J01/Z01 Flash Header Bytes Word Contents 0x0000 to 0x000F 0 - 3 16-byte Boot Image Record 0x0010 to 0x0017 4 - 5 64-bit MAC address 0x0018 to 0x0027 6 - 9 Encryption Initialisation Vector (ignored if unencrypted) 0x0028 to 0x0029 10 16-bit load address for .text segment in RAM (word aligned) 0x002A to 0x002B 10 16-bit length of .text segment, in 32-bit words 0x002C to 0x002D 11 16-bit load address for .bss segment in RAM (word aligned) 0x002E to 0x002F 11 16-bit length of .bss segment in RAM, in 32-bit words 0x0030 to 0x0033 12 32-bit wake-up entry point (word aligned) – warm start 0x0034 to 0x0037 13 32-bit reset entry point (word aligned) – cold start 0x0038 to (MemA –1) 14 - .text segment MemA to (MemB-1) .data segment MemB Overlay segment
get_meter_attributes set_meter_attributes erase_halt secret
Send Beacon Request, and look for a device that has the 'join' flag enabled in its beacon.
After joining the network, wait for the Coordinator to send the network key encrypted with our link key (derived from the install code).
Look for the Key Establishment Cluster using match descriptor. Perform Key Exchange. If successful, look for the time cluster…
Source Address (8 bytes) + Frame Counter (4 bytes) + Security Control (1 byte)
https://bitbucket.org/secdev/scapy-com
