| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
| megacode [2014/12/28 22:05] – [ACT-34B] kingkevin | megacode [2014/12/30 14:46] – at 31c3 talk kingkevin |
|---|
| The [[http://www.linearcorp.com/|Linear]] [[http://www.linearcorp.com/radio_control.php|remote control]] solution from the [[http://www.linearcorp.com/radio_control.php#megacode|MegaCode series]] was used in the facility complex I was living for a short while, and I wanted to know how secure it is. Thus I reverse engineered it. | The [[http://www.linearcorp.com/|Linear]] [[http://www.linearcorp.com/radio_control.php|remote control]] solution from the [[http://www.linearcorp.com/radio_control.php#megacode|MegaCode series]] was used in the facility complex I was living for a short while, and I wanted to know how secure it is. Thus I reverse engineered it. |
| |
| | At [[https://events.ccc.de/congress/2014/Fahrplan/events/6462.html|31c3]] I gave a [[https://media.ccc.de/browse/congress/2014/31c3_-_6462_-_en_-_saal_2_-_201412292245_-_megacode_to_facility_gates_-_kevin_redon.html#video|short talk]] about how to clone and record codes. |
| In [[https://www.cuvoodoo.info/?post_type=podcast&p=69|episode #004]] I presented how the transmitting part works, and how to clone the radio remote controls. In [[https://www.cuvoodoo.info/?post_type=podcast&p=41|episode #005]] I presented how the receiving part works, so to record codes and analyze them. | In [[https://www.cuvoodoo.info/?post_type=podcast&p=69|episode #004]] I presented how the transmitting part works, and how to clone the radio remote controls. In [[https://www.cuvoodoo.info/?post_type=podcast&p=41|episode #005]] I presented how the receiving part works, so to record codes and analyze them. |
| |
| All codes are read out over I²C when the board is powered up. | All codes are read out over I²C when the board is powered up. |
| They can be recorded/transferred on the PC using a logic analyzer. | They can be recorded/transferred on the PC using a logic analyzer. |
| | |
| | The original way the codes are recorded by the device in the EEPROM is described in the [[https://git.cuvoodoo.info/kingkevin/megacode/blob/master/README.md|README]] |
| | ==== MDR-U ==== |
| | |
| | The MDR-U is basically the same as the MDR. |
| | The board is different, but the peripheral and connections around the micro-controller. |
| | It uses more surface mount components. |
| | It is powered through the mains (CAUTION: neutral is used as 0V). |
| | |
| | Same as for the MDR, I de-soldered the PIC16C54A micro-controller and replaced it with a pin compatible PIC16F1847 (SOIC version). |
| | The firmware is the same as the MDR. |
