If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
In our CCC talk we plan to give a step-by-step presentation on how we analyzed and subsequently broke the Hoermann BiSecur system. This includes the following topics:
- Overall system overview
- Radio signal analysis with the CCC rad1o SDR platform
- Reverse engineering of the radio signal
- Hardware analysis of BiSecur transmitters
- Firmware extraction from the microcontroller by exploiting a security flaw in the PIC18F controller
- Firmware disassembly and reverse engineering with IDA Pro
- Analysis results providing a technical overview of how the BiSecur system operates including the encryption scheme (with AES-128 at its core) and RF operations
- Presentation of our attacks (signal cloning of genuine transmitters)
- Live-Hacking Demo with the CCC rad1o SDR platform
- Suggested security fix