A lot of the ringing you're seeing on the scope will be due to using the ground flylead on the scope probe - for this sort of work you really need to use an ultra-short (

Really enjoying this series! Keep it up.

Sweet. Thanks for taking the time to do this. Can’t believe you don’t have more likes

Amazing work. Been following for a while but am eager at how close you're getting.

Nice bling! A JTAG connection would be amazing :)

Love watching the work go into this, well done keep it up!

love these videos

Dude I love these videos so much !! Great and easy to understand videos. Just wish they weren't spaced out so much

One security protection against voltage glitch attacks is by manufacturing a void in only some of the layers of the PCB under the chip with a Schmitt trigger like circuit in it to provide hysteresis to the power to prevent an undervoltage condition; power only gets to the pin if it is high enough and is cut off completely when it drops. You then have to unsolder the pin in order to perform the glitch, making it impossible to glitch in the field when under a time constraint. This is particularly difficult if the chip is a BGA (many have a central area without pins) where you cannot access the power pin directly and have to unsolder the entire chip.

Amazing work!

Awesome video and great work!

very nice progress. I guess the difference in wire length can also be viewed as an impedance mismatch between the chip whisperer output and the node you pull down, if they were matched the longer cables should mostly add delay but should not change the pulse shape. A little offtopic but I really like your "oscilloscope probe tip" like extensions for your power supply wires, they seem like a useful thing to have. Looking forward to see what comes next. Are the pulse parameters a "universal constant" for this type of meter or do you need to tweak it for each unit? Since most capacitors have like +-20% tolerance, which will alter the pulse shape, I would imagine, that you have to slightly tweak them each time.

all these videos are really cool mix of reverse engineering the jokes and the smart metres combined, this is jokes and love every video, even the new ones that are hacking related, the the reverse engineering and exploitation are really neat. Cool to think about how things are made to work and how to make them work in different way that is better for you :)

Will be interesting to take a look at the bootloader once the factory flash contents is dumped. Though it might be encrypted, so you'll need to dump it from memory after boot if so.

when you finally get this done your smart meter will be an antique! I enjoy watching though 8-)

This is underrated channel❤

I understand how glitching the processor during the serial I/O operation could reset a pointer and start it dumping program memory, but the I/O function is almost certainly looking for a null to terminate transmission and the program memory is certainly going to have a good number of zero bytes in it, so won't it stop prematurely?

This is insanely interesting! Trying to glitch the processor when it is initializing the JTAG lockdown should be worth a try. Automating the check as you did with the serial output should be possible. Would it help to increase the diameter of the glitch cable so that It can drain the internal capacitors faster / more precise?

So exciting! Reminds me of early 360 days...

Interesting Stuff! I've reverse engineered / repurposed some stuff myself in the past, but I'm mainly doing youtube video's on fixing electronic stuff these days.

I live my life 100 nanoseconds at a time

Fantastic work, skills like yours are so very valuable to the human race. It would be fabulous to see you break down and reveal the internals and preferably firmware of a UK smart meter.

KZfaq recommended this video. After watching a couple videos in this series, I wonder if the "energy bridge" utility companies provide consumers to read their own meter with, would more easily give up it's secrets. mine apparently uses z wave networking. I had to "pair" the device to my meter. I wonder if the pairing process is vulnerable?

Anyone want to start a pool if an exploit can be found to disconnect power? Battle Star taught me a great lesson. If you want to secure something don't put it on a network. If you can do it remotely, so can an attacker.

What movie is featured at 3:10? I like all your other taste in movies, but don't recognize that one, even though you've used it multiple times.

The slight variation in uC startup time after reset might be an oscillator or PLL waiting to lock?

That 1uF capacitor may be too large a value for your setup. Try a 100pf capacitor first.

✌🏻

This is super interesting, too bad I don't understand anything :-)

So you actually do have the firmware now? Also, how can a puts() command print the entire firmware, I would expect it to stop once it finds a null character??

Once you get it hacked, will you be doing any tests on the wireless capability of the meter? I would like to know if theres a way to shut the wireless off completely.

What is the movie clip shown at 3:04 ?

Don't give up

WHAT IF a neighbor has weaponized your smart meter and the EC WONT listen and it is being used against you with MUCH pain in my head? it was changed by some guy in Feb with NO knowledge of the EC...PLS HELP???

they gonna be scared as hell

Had my smart meter removed.

☠️☠️☠️😭☠️😭🤣👍

So in other words, smart meters are no good?

Can't wait til an exploit is eventually found for millions of meters. Could be a wild time. Huge bills, no bills, no power... Weee

😜😜😜💦👍

I got Tinnitus from being too close to my smart meter