Hacker Uncovers Security Holes At CSL Dualcom

November 26, 2015 by Will Sweatman 14 Comments

CSL Dualcom, a popular maker of security systems in England, is disputing claims from [Cybergibbons] that their CS2300-R model is riddled with holes. The particular device in question is a communications link that sits in between an alarm system and their monitoring facility. Its job is to allow the two systems to talk to each other via internet, POT lines or cell towers. Needless to say, it has some heavy security features built in to prevent tampering. It appears, however, that the security is not very secure. [Cybergibbons] methodically poked and prodded the bits and bytes of the CS2300-R until it gave up its secrets. It turns out that the encryption it uses is just a few baby steps beyond a basic Caesar Cipher.

A Caesar Cipher just shifts data by a numeric value. The value is the cipher key. For example, the code IBDLBEBZ is encrypted with a Caesar Cipher. It doesn’t take very much to see that a shift of “1” would reveal HACKADAY. This…is not security, and is equivalent to a TSA lock, if that. The CS2300-R takes the Caesar Cipher and modifies it so that the cipher key changes as you move down the data string. [Cybergibbons] was able to figure out how the key changed, which revealed, as he put it – ‘the keys to the kingdom’.

There’s a lot more to the story. Be sure to read his detailed report (pdf) and let us know what you think in the comments below.

We mentioned that CSL Dualcom is disputing the findings. Their response can be read here.

The Solution To The 10th Anniversary Code

October 27, 2014 by Brian Benchoff 16 Comments

A few weeks ago, [1o57], a.k.a. [Ryan Clarke] gave a talk about puzzles, DEFCON, and turning crypto puzzles into an art form at our 10th anniversary party. Ever the trickster, [1o57] included a crypto challenge in his talk, and a few days after our little shindig, nobody had yet solved the puzzle. Finally, someone bothered to sit down and figure it out. We don’t know what [tahnok] won, but as [1o57] said, solving it is its own reward.

Some of the slides in the presentation had a few characters sitting off to the side for no apparent reason. [tahnok] put these together and came up with:

DOXIYLDCYVDKIKNKUMKRYDNBYGONYMNXOC

In cases like this, you might try a Caesar cipher, or just shifting characters to the left or right a certain number of places. Since [1o57] noted this was the tenth anniversary of Hackaday, [tahnok] tried that first:

TENYOBTSOLTAYADAKCAHOTDROWEDOCDNES

It doesn’t look like much, but that’s only because the string is backwards. Tricky, tricky. tricky. With instructions to send a codeword to an email address, [tahnok] now needed to find a code word. There was one picture [1o57] put up on twitter that was still an unsolved part of the puzzle:

With no idea what these little stickmen are, he scoured google with variants of ‘stickmen code’ and ‘semaphore’ until he hit upon the Sherlock Holmes story, The Adventure of the Dancing Men. It’s a simple substitution cypher, translated to, “codeword psychobilly ciphers”

And that’s the entire puzzle. As far as we know, this took about a month to solve, and compared to the DEFCON challenges, was fairly simple. [1o57] will probably chime in down in the comments to tell everyone how many people have picked up on the clues and sent an email.