Reverse Engineer Hash Tackles Smart Meter Monitoring — with an SDR and a Faraday Cage
RECESSIM's Hash is currently working to reverse engineer smart meter mesh networks — and you can follow along on YouTube.
Pseudonymous reverse engineer "Hash" has published a series of videos demonstrating how to capture data from wireless smart meters using a low-cost software-defined radio — and how to process that data to retrieve information including meter identification tags and outages.
"We generally ignore the fact that we are surrounded by power meters," Hash explains by way of introduction to the video series, brought to our attention by RTL-SDR. "They blend into the background silently monitoring our consumption of energy. How much do they know about our daily lives? Who can access that information, and where is the technology heading?"
The answer to "who can access that information" turns out to be "Hash," thanks to a low-cost USRP B200 software-defined radio (SDR), the GNU Radio software package, and some ingenuity — plus a series of meters acquired on the second-hand market and a Faraday cage testing area, so the meters can be allowed to transmit without fouling up anyone's real-world energy readings.
In the video series, which is currently three parts long, Hash details how the smart meters set up a mesh network, how to receive their signals, how to process them to retrieve useful information, and tears down a few examples purchased from an online auction house.
The full video series is available on the RECESSIM YouTube channel — Latin for "moving backwards," Hash notes — while more information can be found on the RECESSIM wiki.