Reverse Engineering An Obsolete Security System

[Veghead] recently went to a surplus warehouse filled with VHS editing studios, IBM keyboards, electronic paraphernalia from 40 years ago, and a lot of useless crap. His haul included a wooden keypad from an old alarm system that exuded 1980s futurism, and he figured it would be cool to hook this up to an alarm system from 2015. How did he do that? With software defined radio.

After pulling apart the alarm panel, [Veghead] found only a single-sided board with a 9V battery connector. There were no screw terminals for an alarm loop, meaning this entire system was wireless – an impressive achievement for the mid-80s hardware. A quick search of the FCC website showed this alarm panel was registered to two bands, 319MHz and 340MHz, well within the range of an RTL-SDR USB TV tuner dongle.

After capturing some of the raw data and playing it back in Audacity, [Veghead] found a simple OOK protocol that sends two identical binary patterns for each key. A simple program takes the raw bit patterns for each key press and codes them into a map for each of the twelve buttons.

Although the radio still works, [Veghead] found the waveforms captured by his RTL-SDR were an abomination to RF. All the components in this security system are more than 30 years old at this point, and surely some of the components must be out of spec by now. Still, [Veghead] was able to get the thing working again, a testament to the usefulness of a $20 USB TV tuner.

Thanks [Jose] for sending this one in

31 thoughts on “Reverse Engineering An Obsolete Security System

      1. > The Microgramma Bold Extended typeface was used extensively in the Star Trek universe, such as Franz Joseph’s The Star Trek Star Fleet Technical Manual.[2] The font, in both its original and various altered forms, was incorporated into numerous displays and on ship exteriors in six of the Star Trek motion pictures, as well as depictions of “earlier technology” display screens, particularly for the Enterprise “prequel” series, during the four later television series.

        That’s the one. IF you have an 80-89s scifi movie font, it’s microgamma.

  1. Brilliant bit of reverse engineering. A fresh set of electrolytic caps might reduce the drift a bit, but in terms of ppm the drift actually doesn’t sound to bad to me, considering the age and nature of the circuitry.

    I think I would have done it differently, probably by eliminating the old radio and popping in my own microcontroller based setup. Well, at least that’s what I would have tried to do…

  2. So in 1986 they thought it would be perfectly ok to just send out the alarm arm/disarm code over the air in “plaint text”.
    Talk about replay attacks, it must have been very easy being a burglar in the 80s.

    1. You guys do remember / realize how hard it was to, say, even get information on this sort of thing on the Internet, right? Would’ve probably taken a lot of library runs, connections, phone calls, and the such to even start being able to experiment with electronics… and it probably would cost as more than what you wanted to rob to get the equipment to even start measuring the radio signals coming out of this alarm panel in the first place…

      1. *confusing wording, I meant there was no Internet in the 80s. Back then 99% of the people on HaD probably wouldn’t have had half a clue about where to even start reverse engineering this thing (or buy the parts that would let you make a circuit that would then play it back…)

  3. The interesting part would have been the receiver PCB which is where the actual security bus is..

    Either way this was a cool piece of hardware. I’ve dealt with 70s and 80s home alarm systems and never seen one with wireless anything. Most are just battery-backup PCB(usually in a closet) hardwired to audibles and a keypad and most didn’t even have shielding.

    Modern units are really only more secure because if anything drops they are connected to a call center with hardware crypto for WAN MITM protection, and there are those IR units on the LAN or PAN or intranet or whatever you want to call it..

  4. Holy balls. Hahaha. This is the keypad from an old ass sx-v panel. I hate the mothers, and if I walk in to service one I instantly swap a new panel I because of the service nightmare these things were and are. It wasn’t a totally wireless system it was an overcomplicated and PITA to program Hardwired (yes it could use wireless points) system that would eat itself if you liked at it wrong. The keypad was just some wireless Bulls hit because they thought people wanted to be able to carry it around. Belive me there is a reason we went back to stationary keypads (people like consistency and habit). Wow. Just no. Don’t bring this crap back to life, it died when it should have. And we’re just trying to kill what’s left over.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s