Page 2 of 2

Re: Electronic Lock - Torn Down and "Manipulated"

PostPosted: Sat Mar 21, 2015 8:23 pm
by escapenrv
Nice work. makes me want to get out my old logic probe and see what I can get into. I have not done a lot of that since my KIM-1 days. (Yes, I am old.)
Puzzles are always neat to my way of thinking. Keep up the good work......

Steve

Re: Electronic Lock - Torn Down and "Manipulated"

PostPosted: Sun Mar 22, 2015 7:18 pm
by rohare
escapenrv wrote:Nice work. makes me want to get out my old logic probe and see what I can get into. I have not done a lot of that since my KIM-1 days. (Yes, I am old.)
Puzzles are always neat to my way of thinking. Keep up the good work......

Steve


Sweet. I had to look it up, but the KIM-1 was a nice piece of work. And the day after I read up on it, Chuck Peddle, one of the lead designers of the KIM-1 did a really interesting interview. Check out http://www.theamphour.com/241-an-interv ... oryphaeus/ for some nostalgia.

Re: Electronic Lock - Torn Down and "Manipulated"

PostPosted: Wed Aug 03, 2016 6:13 pm
by mbpick34
Most of these cheap electronic "safes" ship with BJ8P153 micro controller.

Re: Electronic Lock - Torn Down and "Manipulated"

PostPosted: Wed Jun 07, 2017 12:47 am
by madsamurai
Agree with Jaakko... I can think of quite a few very good reasons to go with a mechanical dial over an electronic lock unless you're in a situation where multiple people need access and combinations need to be changed frequently, like a business. I would agree that some high-end electronic locks may be more secure than many mechanical dial locks, but the electronic locks currently sold in the majority of consumer-level safes right now are not those locks. There's almost no security advantage and a whole lot more potential for failure of at least one part within the first few years... If the chinese solenoid actuator fails, you're SOL and looking for a guy with a drill... the bubble-buttons on the face crack within a few years, sooner if it's in your garage or basement... the wire can get cut or broken, especially on elocks with removable faces, and that's potentially also a drill-remedied problem. I also learned today there are override codes that sales reps have access to (we had a big-brand rep in today to open one of our safes where a customer had changed the combo on us) that will open a particular brand or model... that kinda surprised me, I expected a hardware tool would be needed.

Anyway, a good group 2M or even group 1 mechanical lock is probably going to cost roughly the same, will keep out all but the very best manipulators (and likely take them hours), and should easily last 30 years plus without issue. Unless you're in a business situation and need to manage or log employee access, or you have some physical problem that keeps you from being able to turn a dial, I have yet to hear a legitimate good reason to go digital over mechanical.

Re: Electronic Lock - Torn Down and "Manipulated"

PostPosted: Fri Oct 11, 2019 4:56 pm
by TeamStarlet
Sorry for Grave Robbing this old thread!

Not sure if you're still working on this but I've got quite a bit of experience with reverse engineering complicated electronic locks so feel free to hit me up with any questions!

There is some simple code that will enable to you connect some probes to the pins on the EEPROM and read all the data. Unless there is read-protection enabled or other anti-tamper measures you should be able to dump the entire contents.

A small logic analyzer like this will also allow you to read exactly what is being transmitted in real time and the software will even decode the SPI and I2C protocols on the fly.

Re: Electronic Lock - Torn Down and "Manipulated"

PostPosted: Tue Oct 15, 2019 12:34 pm
by 10ringo10
TeamStarlet wrote:Sorry for Grave Robbing this old thread!

Not sure if you're still working on this but I've got quite a bit of experience with reverse engineering complicated electronic locks so feel free to hit me up with any questions!

There is some simple code that will enable to you connect some probes to the pins on the EEPROM and read all the data. Unless there is read-protection enabled or other anti-tamper measures you should be able to dump the entire contents.

A small logic analyzer like this will also allow you to read exactly what is being transmitted in real time and the software will even decode the SPI and I2C protocols on the fly.


Sounds cool and not that far fetched - chip after all said and done ... Any dump or address photo post them up !

thanks for sharing.... anymore info on this moving forward is appreciated

Re: Electronic Lock - Torn Down and "Manipulated"

PostPosted: Sun Oct 20, 2019 8:04 pm
by Werewolf
TeamStarlet wrote:A small logic analyzer like this will also allow you to read exactly what is being transmitted in real time and the software will even decode the SPI and I2C protocols on the fly.


Thanks for the tip.
Why didn't i think of that ? It make so much sense.
Earlier this year, i've been probing a Burg Wachter Secutronic with a logic analyzer. I hooked it up between the keypad and the lock.
But i kind of put it aside after i couldn't get the Manchester encoding to work with zero to little effort. Haven't went back to it since.

I never tought of reading the on board EEPROM.
So, armed with this knowledge i spend this afternoon reading EEPROMS from secutronic safes. I have a few, different generations, lying around.

Long story short: i can now recover the code if i can access the EEPROM (it's on the inside of the safe).

*edit: after looking around for a short while, i found a Manchester decoder for my software. Looks like many sleepless nights ahead.

**Placeholder for pics and download links**