Just subscribed. I'm an old electronics engineer (in my 60's) and I find what you are doing, fascinating. Back in the early days, all the microchips only had 8 legs, and I could see them all without a magnifying glass. 😁

I love how far this is going! I can't wait to see the final steps one day!

I work alongside energy providers. A UK industry approved electric smart meter has 3 anti tamper switches built in. It sends a signal if any tamper is detected. It also flags if the meter doesn't pole within a given time frame. When it flags up we get the job to attend and investigate.

Awesome explanation! Thanks for sharing your learnings with us!

I have friends working on smart meter head-end APIs here in New Zealand who are quite interested in your vids funnily enough ;) Thanks for sharing!

Great progress on this. Can't wait to see what happens next :)

You mean the built in back door they engineered into all our chips. Gotcha...

your process reveals a ton of info, thank you

This is way above my head how you work it out but interesting what you are doing, and yeah i really do think we should know what kind of data is being shared with these companies 👍🏾

Great success! I've noticed my Aussie ones have an IR IO for the meter reader, but commonly now they have a 3G or 4G modem in them. Happy to solder up something myself for you to test.

My man! Excellent clip from Sneakers!

The local power company swapped out my meter to a smart meter a few months ago. For over 20 years I have always consumed between 205-270 kwh per month. First bill with the smart meter was 280 kwh, second 285. Two highest months I've ever had in 22 years here! Instead of electronically attacking the meter, I just pieced together everything I need to go off grid. I'm curious what the meter will read in a few months with my main breaker turned off!

No idea where this is gonna take you but I had to subscribe. Too damn cool!

Their lawyers are working full time.

Very cool. Having read Colin O'Flynn's new book, I'm looking forward to seeing you put some of those techniques to work. Good luck!

First video of yours I've clicked on. Very intriguing subject. I definitely dig both the technical challenge and the phreaking. But, I'm 98% certain the current reading of the laws could put using this type of device to tamper with the truthful readings of an electric meter firmly in the illegal category... That said... Good stuff. Subscribed! 👍

I remember glitching from the days when I glitched DTV cards! very cool.

really diggin' this.

do these run an interface on a handset that accepts commands like an ip camera?(does it have a webserver for meter readers to use the handset?) sometimes those commands are passed as system and you can make it do interesting things like keep cycling a reboot until it goes to a debug mode where you can pull the entire file directory all firmware and drivers

This is so interesting!

Wow. You are providing a great service. Love the movie clip

This is very interesting. Thank you

Very interesting. My city currently does not have smart meters. The one on my place is digital but not connected to anything else and quite a few around town are the old analog ones. They are wanting to change that so they can do prepay, monthly average billing, and a few other things. I have heard that the way the digital ones figure a KWH is different than the old analog ones but have no clue. I have my own meter based off of an ESP32 running ESPHome hooked up to the main panel feeding data into HomeAssistant so it will be interesting if there is a difference from the old meter to the new ones if they are put in.

I am now hooked!

Nice work fella. Keep on a working with 0's and 1's for total control.

Loving this

Amazing video, so detailed! Just curious, how do you get so much time to do such deep work on this? Are you a full-time cybersecurity analyst for smart meters or is this a personal interest/hobby?

A bit of addition to "38911bytefree": there is no real requirement to keep the meter's firmware secret (mainly IP protection). As part of the security certification, the certifier may even get access to the source code to search for vulnerabilities. And in many cases, even the commented source code is pretty incomprehensible for the uninitiated. The main protection is that every meter has individual cryptographic keys. As smart meters are a very cost-sensitive product, all unnecessary functions are omitted (memory costs money). Often not more than an RTE such as a stripped-down ThreadX or embos. The attack surface is small, the devices use only one protocol (ANSI in the USA, DLMS in pretty much the rest of the world).

Even though I don't use these systems unless I flip on a switch in someone's establishment. I have to say. This is the very thing that everyone should get involved in. I have several ideas in this reversed engineering concept which we could all use today. However there are not but a hand full of electrical engineers that have the honor and integrety to take on these tasks. I wish I could work with this man on projects like this. Even though my cousin is the inventor of the FIRST IC. I was never afforded training in electrical engineering, so I'm only an inventor. But.....EVERYTHING STARTS IN THE MINDS UNDERSTANDING. keep up the great work 👍 I'll be watching. Peace ,✌

This is great!

You're amazing dude.

you are a national asset.

There is a guy who did a similar technique to break into a bit coin wallet, did you see that video?

Eagerly waiting for the next update 😬

Good Ole HP48G ! Loved that thing. Now I need a backlight, so went with that HP.

but can you glitch automated fuel station to trigger plc to activate fuel pump relay

What app are you using to get the data sheets? Is it free, or what is the cost?

Now this has me pondering if there would be any useable benefits to employing such a method as this to automotive applications? Fascinating video sir and though, in the words of Sgt. Schultz, "I know nothing", I'll definitely be tagging along for this one. Thank you for the video!

Great work, You have invested many hours! Do You have any idea on how people inject a frecuency thru a capacitor yo isiste from the 220 volts backwards tord the meter, I meen from inside a house and it confuses the meters sensor? Cheers from SOUTH AMÉRICA

Any idea how I can use a flipper zero on my meter ?

0:29 - Anybody remember how to defeat an electronic keypad from the 90s ? - Don't even joke about that Martin, those things are impossible... X'D

Since we are in real danger of an EMP attack, how would that effect these smart meters verses the older mechanical one?

Lol...video brought back memories. I remember "glitching" HU satellite cards back in the early 2000s.

Really like your videos, thanks for uploading them. Is their any chance that I could get a copy of your C code and python script that you used just for my own interest. Also the chip whisperer you used. Is that the CW 1173 lite version or some other ?

Love it, go for it.

Awesome 🏴󠁧󠁢󠁥󠁮󠁧󠁿😁

is this for energy? I would love to know how to rig electricity it is so expensive

Thank you for showing the vulnerability of UK smartmeters.

I think my smart meter is picking up multiphase, var freq motors pulses and running my bill up 30+% .

I am a magnetics and different forms of electricity specialist. I have also noted weird behavior when using some specialized transmitting equipment not even too near to computers... Yes, you are very right on your approach. ... Have you watched Ben Gurion university hacks? They also boast a lot of different types of attack possibilities. I am very interested in this reserach you are conducting as it is one of the key areas of the fabric :) . I have created self charging power sources and quite some other types of more exotic devices so I am always open to watching new avenues. This Smartmeter hacking is very tantalizing. You hit right on spot with the importance of this project. Congratulations!

Reading the transmitted data would be interesting. There is a cell and a repeater network signal output. That's what an employee divulged.

I have been refusing smart meters for years now. Never was I going to let something like this even near my home. Until now. Now I wanna explore these evil things. 😂

This is awesome

ive installed a bunch of mod chips and this is so cool.

Hash, good stuff. Distributech International is in your back yard May 23-25 with every smart meter manufacturer attending - in case you're interested. 🔌

thanks very good .

It would seem that anything digital can be hacked …… in time.

Ive been curious about these smart meters and wondering if there was even a way to read my usage and compare it to my IOTaWATT. This is really cool and takes that idea to the next level. Subbed!

Why not an ICD and brute force the bit flip?

Here from. Tik tok! Love the content.. Hardwear cracking was a interest of mine!

Oh thank heavens. You stil need physical access for attacks like this, so I'm fine with those. It's the potential for remote attacks that concern me most.

I wrote software for two of these types of meters. They have two basic functions, to meter the power being used and to send it upstream to the power company. The former you can easily do without messing with the meter simply by hooking an ammeter arrangement up to (say) a Raspberry PI. You can even do that without breaking the circuit (non-contact ammeter). If you are interested in verifying your power bill is correct, that is the way to go. The other purpose would be breaking into the billing part to scam the power company. It would be a lot of work to do, and the power company can do things like tally the individual meters against the power consumption for the whole neighborhood to trace down who has broken into their meter, resulting in anything from having your power cut off to jail time.

first time watcher.. you just showed up in my list of things to watch. Love this.. Ive used voltage glitching before, I have actually seen it done purposely by a manufacturer to prevent someone from using a generic version of a device in place of their proprietary.. send a voltage "glitch" and if the processor didnt behave as they expected they assumed it was a virgin device.. ive never messed with smart meters.. my area mostly is in messing with the chinese Air conditioners (mini splits).. to make them do what i want .. they also use Atmel micros.. so ill be interested in watching more vids to see how you spring these devices open

I've got an old meter, if I install it what happens?

Hi how to get the same Model without Steel them? Its an Landisgyr E450 G3. And I guess the use a Custom FW.

My interest in your pursuit is mundane but has benefits to all of us who use the services of the electric companies. While living in my mountain home in Costa Rica paying about $75.00 monthly one month it skyrocketed to $350. Thinking the decimal was erroneously positioned , I went to the GOVERNMENT electricity company( ICE) and waited to see an ICE rep. While in line two other people had a similar issue and we all allow could hear the ICEagent tell (accuse)both customers separately that THE CUSTOMER was responsible for the excessive monthly usage charge , claiming that the customer was having many lights on, cooking up excessive pork rinds, Ticos love making Chicharones, or that their was a short in their home electrical system and a few other made up contrivance!! Sadly the poor customer paid the bill. The EXACT accusations were leveled against me !! And under duress I paid my electric bill. In the few days following on a local FB page I noticed a lawyer named Mauricio , who spoke perfect English and was a Fan and could recite passages verbatim of the Classic Movie The Princess Bride,,, from San Jose, who has a rental property near the village of Ojochal was asking about anyone else incurring excessive electricity service charges!! Hmmmmmm. A random pattern was becoming Obvious! I'll cut to the chase ! I confronted the ICE agent with photos of my meter reading and asked for their recording of my meter reading and their reading was blatantly five times higher and apparently ICE was sporadically and without remorse continuing their fraud ! While THE Particular month's charge was adjusted they wouldn't lower or refund the previous months!! I began demonstrating through local community media how to combat this fraud and then ICE started intermittently cutting my power and also threatening for me to move my meter from my house to a half mile away ! The resulting cost of that possibility had me bite my tongue and coupled with their border customs immigration service agent threatening to not allow me back into ( PURA VIDA) Costa Rica I decided to sell and return to the US. Fast forward my to my new residence here in the Eastern Appachian foothills of Kentucky where I have a main cabin and an empty horse barn with one light in use and with a spot electric heater for a tool room I was being charged almost as much electricity for the barn as the main cabin which has all the normal appliances and then some. So I performed a simple test. I deliberately ran the spot heater ,1500 watts , in my barn for an hour observed the usage showing on the Smart Meter display and then ran the heater in the main cabin for an hour and the meter reading was 3 times higher that the main cabin meter reading!! So call my provider and alarmingly I notice similar condemnation of my usage as in Costa Rica. The agent said that the meter CANNOT be Manipulated or Hacked and I'm still waiting for a replacement meter and as of March 10th 2022 no replacement . The claims of replacement of the previous Analogue meters with the present Smart meters is to have customers be charged more equitably for usage during peak hours of The Day and less at night when usage is less ,, well that is BS . Are we to NOW supposed to cook clean bathe perform work tasks from 7pm till 5 am ?? I think your quest may be more beneficial than you think!! What do you think??

as a catchall, i'll just throw in "ALLEGEDLY" on your behalf :)

3 bifurcations if you want to cloak your visitors.

can someone twell me what prducts he used to hack the smart meters?

I got questions Can I hook my smart meter to a inverter .to block any data it's collecting .

I'm in the acquiring hw fase. and reading the phabulous manuals fase. this will b fun. thx

So cool.

Who's the manufacturer of the meter and what power company uses it?

Going to have to find a script to disable apps for incoming visitors!

i love ur acting buddy

WHAT IF a neighbor has weaponized your smart meter and the EC WONT listen and it is being used against you with MUCH pain? it was changed in Feb with NO knowledge of the EC...PLS HELP???

I have been able to receive and decode the transmissions of these smart meters using a device that is readily available. It's based on a SDR. Do you have specific frequencies that they use because looking at some of the data sheets of these meters they can be interrogated over radio frequencies. They may be programmable over radio too. The smart meter that was installed by the electric company in my house was done by some stupid woman that just killed the power to my house without even a warning. The next thing I hear is a banging noise as she is hammering on the old meter to get it free. I'm annoyed that the electric company can just come onto my property and install a radio transmitter without notification of any kind.

You need to be careful It is possible for a brownout to find reflash code and completely erase the flash in that Atmel processor.

last week another seeminly routine automatic windows10 update crashed my hard drive. to save updates it shut down came back on but this time error codes popping up nonstop. stop code system service exception, unexpected store exception, unexpected kernal mode, kernal data inpage error, error 87 & cleanup image is unknown. i googled the repair was directed to defaults in command software and had to set moduals installed to manual. somehow the update set it to auto. i got pc back to 70% working but anytime i try to google anything hardrive crashes again & again. its pooched

in my country there is no smarmeter network. they just dump prepaid meters. you enter code and enables more eletricty units

Glanced past your channel and it seems like you're more interested in the meter boards when all the juicy attack surface is on the multiple AMI chip vendors. FYI, what you're examining is simply the board that provides basic volt/amp/angle/phase info to the meter. Every single manufacturer has multiple RF/PLC chips that go into their meters. But I would hope you know that. For instance, that Landis & Gyr meter you show has no less than 20 companies making AMI chips for it. If you want to attack one, start with it's modulation interface which is always handled by the AMI vendor. You wanna reset your meter? Change the read? Disconnect/reconnect? Change the MAC address? Date/time? Intercept interval usage? Set outage notification? Voltage notifiers? Temperature? Tamper indication? All handled by the vendor chip.

What khz do they transmit on?

Reminds me of the old Directv HU card days.

I think I've been watching ur tiktoks for awhile

SUBSCRIBED

well that took about 30 seconds for me to figure out that I was way out of my depth

Sounds like fun maybe when I was much younger . Have fun and screw with the system as much as possible. They need to know we can mess with then.

After a few minutes thinking about that meter and the way that guy is trying to hack it... I will try to smash that thing with a steel bar

Google tracking is using proximity as well..targeting visitors to your home.

Sharing software in this case is not copyright related but it can still get you into trouble. Just doing it can get you into trouble.

nice scope man

The RGH hack for Xbox 360 lives on with this man haha!

"Smart Meters are Vulnerable to this Attack..." "What is a claw hammer?" DING DING DING!

Nice...

My electricity supplier has pestered me for years to have a smart meter installed. I don't have to go further than near neighbours to discover the problems that can arise. So it's never going to happen. I'll install a generator first.

This meters have really complex SW models regarding SW separation to protect the legally relevant sections that are sensitive since they are related to billing. On the other side, you cant hide (to their systems) that the meter has been tampered with, and even when you are able to do that, you will trigger alarms on their systems, as they keep analizing and comparing anything with your historic. I suggest you read the current regulations for this kind of devices and how Utilities work. This is, nice as project, never attemp that on a real billing device. They can submit the meter to its manufacturer for audit when in doubt. And yes, THIS IS THING. It is way more recilient than you think.

♥️

Well I'm very excited to have ran into your channel ,your the kinda guy I personally love to learn from,and one like myself that may decide to go beyond the limits ,well you know? So anyway I'm looking forward to bumping brain cells together on this journey,and hopefully we will come up with some interesting ideas on how things work

Here's a question with a problem this video would address... My water meter is wireless and 'read' by the water company from a truck that parks across the street. Ironically, or not so much, my water minimimal water draw is usually almost exactly the same every month... but 2-4 months for the past few years the meter 'reads' almost twice or more water randomly some months... there's NOTHING that draws an extra 1000-2000 gallons a month possible around here.. not even a dishwasher or clothes washer. My theory is the guy is occasionally reading the house across the street with a family of 5 that easily uses the spiked amounts I randomly see. They say nope, that's your water bill but it's not possible to randomly change like that over the past few years. They already made a $500 error misreading 1 first number a few years ago i had to fight to reconcile, them always telling me i'm wrong... but they found my old meter and a pic of it, and I was right about a 1,000 gallon over charge. So... I bet here is where we can figure out if they guy is getting 'mixed signals' from the wireless meters, or it's the mixed signals in their head I have to straighten out once and for all. You have your mission. What say you all?

So it seems like you're doing some kind of trial-and-error "brute-force" attack on the processor chip by spiking voltages with various specific input patterns and seeing how it responds. But my question is, how is that supposed to help you retrieve the full firmware on that chip exactly? Seems more likely/plausible that you'll just be interrupting normal operation with some "glitches" as you put it (which is more likely to hang/freeze the program or cause it to malfunction, surely?) - I don't see how this could actually be beneficial in a practical sense. It could take years and years of tampering and still come out with nothing, wasting all that time - right? So could you summarize the objective as follows: glitch the chip in the HOPE that by some stroke of sheer luck, the security bit be misread by the processor for enough duration that it thinks its not protected and then you can start reading the firmware with an SPI/JTAG interface? It just seems a bit far fetched that you could obtain any useful information from the chip simply by fluctuating supply voltages? What am I missing? :) This almost seems like "hollywood worthy" sci-fi fiction, lol. But respect to you for the patience to do this type of work where it may seem like you're "working in the dark" until those waveforms on the scope start to make any real sense