Share this page!

Melvin Kitnick Profile picture
Twitter logo
Aug 12 9 tweets 4 min read
THREAD - Retekess pagers reversing: Thanks to the awesome response from all of you we managed to learn more about pagers systems, fix our ( @ShotokanZH ) research and improve upon it! #AlwaysDigDeeper #flipperzero @flipperzero
@ShotokanZH @flipperzero the first thing we fixed was our interpretation of the plots and what to assign 0s and 1s to. (using 0=[n00,-m00] 1=[m00,-n00] now instead of a simmetry along the x axis) thanks to @pablollopis comments!
@gandaldf was so kind to provide us some more raw signals from a similar retekess pager system and he was able to tell me the pager number aswell for each registration
@gandaldf this means we might finally be able to actually know if the data transmitted contains the actual number on the pager or if it is a totally different id!
@gandaldf i converted the known pager numbers (4, 18, 19, 21) to binary and tried to look at the transmitted data if they would show up.. not exactly but i noticed something...
0000110000, 0011000011, 1111000011, 1100110011 are not the binaries for the ids i had BUT, if we take them by pairs, we get: 00100, 01001, 11001, 10101. that's them but mirrored!
that means that our initial bruteforcer is actually wrong, and that the last bits in the transmission are not a long footer but bits we need to bruteforce, keeping in mind that ids are doubled in pairs and mirrored
new bruteforcers will now look like this
next step will be understanding if restaurant ids are there too, we need you guys for this so go sniff some raw signals from retekess pagers :D or now here the fixed bruteforcer and a new one for the model

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Melvin Kitnick

Melvin Kitnick Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @xenobyte_

Melvin Kitnick Profile picture
Aug 1
Bruteforcing retekess t119 pagers with @ShotokanZH using @flipper_zero and how we did it! ⬇⬇⬇
Retekess is a company that makes, between many devices, pagers systems. This one in particular works on the 433.92 am 650 frequency
Our approach was to first collect many samples by reading raw signals with the flipper ( this was done on a live system so we didn't really know which signal beeped which specific paget). About 40 with many repeats were more than enough for the attack to succeed
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(