Home

Awesome

WMBus-Sniffer-MUC

This repository contains the source code of the demonstration tools used in the Black Hat '13 presentation "Energy fraud and orchestrated blackouts: Issues with wireless metering protocols (WM-BUS)" by Cyrill Brunschwiler

Please note that this code is mainly meant as proof of concept and therefore is far away from being perfect 'nor is the little included MBus library complete.

Usage

Requirements

Setup

Get third-party packages

Before compiling you need to go get the used packages:

Setup MySQL database

After getting all required third-party packages you have to setup the MySQL database, this can be done using the shell:

Compile the application

(or just run execute.sh)

Setup the Sniffer and Commander

You have to enable the "CMD Output" (UART Settings) and set the Baud Rate to 9600 via the Amber Wireless ACC software.

Execution

The application supports multiple parameters:

ParameterDefaultDescription
snifferTTY/dev/ttyUSB0Mountpoint of sniffing device (AMB8465-AT)
senderTTY/dev/ttyUSB1Mountpoint of sending device (AMB-8465-M)
DBUserrootUsername of the DB user
DBPassrootUsername of the DB user
DBNamecapturedFramesName of the database
DemoModefalseInsert sended frames directly into the DB (in case your sender is defect)

e.g. ./sniffer -snifferTTY="/dev/ttyUSB0" -senderTTY="/dev/ttyUSB1"

The sniffer is then listening on "http://localhost:80" and the MUC on "http://localhost:8080/webui" - please be advised that this has to be executed as root as the application is using a privileged port.