secplus
pymyq
secplus | pymyq | |
---|---|---|
6 | 3 | |
230 | 112 | |
- | - | |
7.7 | 0.0 | |
2 months ago | 7 months ago | |
Python | Python | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
secplus
-
Flipper Zero: Multi-Tool Device for Geeks
For Chamberlain brands [0] there is some research that shows that their rolling code system (Security+ and Security+ 2.0) is quite easy to decode/decrypt [1]. This feature is supported in the flipper firmware, but is restricted (you can't create a custom remote, only clone is supported) without custom firmware. However, I'm sure you could decode a raw capture file if needed in a pinch.
[0] https://chamberlaingroup.com/our-brands
[1] https://github.com/argilo/secplus
-
Home Assistant blocked from integrating with Garage Door opener API
A gentle reminder that the Security+ and Security+ 2.0 RF protocols have been reverse engineered (https://github.com/argilo/secplus). While they are not the most secure thing in the world, you can build a custom RF transmitter (remote) that is network connected.
Having done some research into Chamberlain's products, I don't recommend anyone to use them if they have the choice.
- Woman scanned my garage door??
- How to Simulate a Garage Door (not the opener)
-
X-Post r/hardwarehacking - serial communication between two micro controllers
This is not an attempt to break the RF Security+ encryption that this, and other garage doors utilize. That has already happened. https://github.com/argilo/secplus
-
Chamberlain MyQ local control options?
Here is the rolling code project: https://github.com/argilo/secplus
pymyq
-
Home Assistant blocked from integrating with Garage Door opener API
Maybe my security background is shining through here. I guess we used to have "slashdotting" but that doesn't generalize well :)
I did do some napkin math to quantify how much that bad traffic may have been: HA estimates between 6857-25576 intallations of the MyQ integration. Let's say 16k clients. HA makes it really easy to detect and "add" the integration (which counts as an installation even if it's not configured), so, that's definitely not all clients hitting the API. Let's say it's 50%, so 8k actually using it. Most users just notice myQ is broken. Let's say some fraction retry, which would look the same as an extra user from a volume perspective. Call it an even 10k users (including repeat users).
The most recent change is after they broke everything past the OAuth dance. Let's say the OAuth request is 1kB. The retry code retries up to 5 times with exponential backoff. Let's say 5 requests over 10 min.
(5 requests / 10 minutes) * 1 request/user * 10k users = 5k requests/minute, or 83 per second, amounting to 83kB/s inbound.
There's no reason to assume those requests would synchronize, but I'm sure there's something (let's say every single myQ user updated at the same time).
If what they're saying is true, sounds like actually malicious botnet wielders can ransom the living daylights out of them. Given 1Tbs DDoS attacks they'd only need 6E-7 of the full bore ion cannon! ;-)
[1]: https://github.com/arraylabs/pymyq/blob/master/pymyq/request...
- Customizing and unsupported features via the API
- Myq Is Down Again What Should We All Replace It
What are some alternatives?
rat-ratgdo - Open source schematics for ratgdo PCB
ratgdo
Ubiquiti
esphome-ratgdo - ratgdo for ESPHome
tuya-local - Local support for Tuya devices in Home Assistant
nixpkgs - Nix Packages collection & NixOS
OpenGarage-Firmware - OpenGarage: open-source WiFi-enabled garage door opener
proxmark3 - Iceman Fork - Proxmark3
myq - Go package and CLI tool for the Chamberlain / LiftMaster MyQ API