This repository contains the source code of the demonstration tools used in the Black Hat '13 presentation "Energy fraud and orchestrated blackouts: Issues with wireless metering protocols (WM-BUS)" by Cyrill Brunschwiler
Please note that this code is mainly meant as proof of concept and therefore is far away from being perfect 'nor is the little included MBus library complete.
- AMB8465-M (Commander)
- AMB8465-AT (Sniffer)
-
= Go 1.0
- MySQL database
- Chromium / Chrome
- Linux
Before compiling you need to go get the used packages:
go get github.com/tarm/goserialgo get github.com/ziutek/serialgo get code.google.com/p/go.net/websocketgo get github.com/go-sql-driver/mysql
After getting all required third-party packages you have to setup the MySQL database, this can be done using the shell:
cd WMBus-Sniffer-MUC/cat database.sql | mysql -u YourUsername -p
go build -o snifferchmod a+x ./sniffer
(or just run execute.sh)
You have to enable the "CMD Output" (UART Settings) and set the Baud Rate to 9600 via the Amber Wireless ACC software.
The application supports multiple parameters:
| Parameter | Default | Description |
|---|---|---|
| snifferTTY | /dev/ttyUSB0 | Mountpoint of sniffing device (AMB8465-AT) |
| senderTTY | /dev/ttyUSB1 | Mountpoint of sending device (AMB-8465-M) |
| DBUser | root | Username of the DB user |
| DBPass | root | Username of the DB user |
| DBName | capturedFrames | Name of the database |
| DemoMode | false | Insert sended frames directly into the DB (in case your sender is defect) |
e.g. ./sniffer -snifferTTY="/dev/ttyUSB0" -senderTTY="/dev/ttyUSB1"
The sniffer is then listening on "http://localhost:80" and the MUC on "http://localhost:8080/webui" - please be advised that this has to be executed as root as the application is using a privileged port.