Results 1 to 8 of 8

Thread: Exploring the iButtons...

  1. #1
    Join Date
    Mar 10, 2012
    Location
    Maidenhead CN87
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Exploring the iButtons...

    Fellow techies,

    Mars has said it's OK for me to post details about my explorations of iButtons, and how they relate to Motorola products. I'm going to do so, with thanks, as I've hit the metaphorical brick wall and I'm hoping this form of impromptu 'crowd-sourcing' will have better results.

    My initial goal is to learn what, exactly, the connection is between a given iButton's hardware serial number (lasered in during manufacture) and the first eight bytes of each of the four files present on the iButton.

    What I've done along these lines, to date, is use the publicly-available development tools (http://www.maximintegrated.com/produ...e/sdk/sdks.cfm), under Windows XP, to do memory dumps of two iButton ASK's known to be coded for the same system. These dumps were then compared, side-by-side. The buttons themselves were the now-discontinued DS1994-F5. Motorola has since taken to using the DS1996-F5, which is current production.

    I find it interesting neither one of those iButton models has any sort of onboard hardware encryption (there are ones with SHA-1 built in).

    In any case, a pattern was clearly visible on the first read-through. All numeric notations are in hex.

    The first button's hardware serial: 26 00 00 00 94 88 BA 04
    The first eight bytes of each of the files looked like this: B9 58 D4 5D 82 CE 15 48

    The second button's hardware serial: 53 00 00 00 94 9B 58 04
    The first eight bytes of each file on the second button: CC 58 D4 5D 82 DD F7 48

    I find it most interesting bytes 2, 3 and 4 are identical between each iButton, as these are the positions where the hardware serial number has nothing but zeros.

    Other than seeing the bytes of the other files also be identical between buttons (with the exception of what I suspect are checksum values), this is as far as I've gotten. I invite anyone who enjoys a good brain-teaser to apply their mental gears to this stuff and see what pops out the other side.

    Happy cogitating. ;-)


  2. #2
    Join Date
    Feb 04, 2012
    Posts
    2,048
    Thanks
    257
    Thanked 937 Times in 412 Posts

    Default

    if you read the serial number backwards you will see this

    04 = product family
    BA 88 94 00 00 00 = serial number
    26 = crc

  3. #3
    Join Date
    Dec 12, 2011
    Location
    Avalon
    Posts
    1,229
    Thanks
    353
    Thanked 367 Times in 176 Posts
    Country: United States

    Default

    Your on the right track. The first 8 bytes of the files are the serial number of the ibutton they belong on, and its in the order onewireviewer shows the sn. I'll let you figure out the rest.
    "Don't worry about what I am, cause I'm a state agent so what you need to do is make sure your doing the right thing **** boy" -J. Dewitte

  4. #4
    goliathdrakken No Longer Registered

    Default

    Has anyone made any progress on this? I have a bunch of ibutton experience and would like to offer some assistance with this task.

  5. #5
    Join Date
    Dec 12, 2011
    Location
    Avalon
    Posts
    1,229
    Thanks
    353
    Thanked 367 Times in 176 Posts
    Country: United States

    Default

    I don't want to stifle discovery or experimentation here but...
    This is a Jurassic park moment, you have to sit back and not only think about can you create/hack a ASK, but also should you. I'm sure there are a few people who could explain all about the ASK and its ibutton, but they don't talk about it because nothing good can come of it. It would endanger the lives of first responders to lay it all out here and we can't allow that.

    If you want to discuss the hardware be my guest, but I don't think we can't have any further details on the ASK data. You want to talk about data then hit up refresh or flashkey's. We can have a little more leniency in that area as no lives are at risk but it would have to stop short of "how-to: hack your flashkey" because we can't be a part of costing Motorola revenue.
    "Don't worry about what I am, cause I'm a state agent so what you need to do is make sure your doing the right thing **** boy" -J. Dewitte

  6. #6
    Join Date
    Jan 19, 2013
    Location
    In Your Network
    Posts
    2,737
    Thanks
    3,114
    Thanked 1,982 Times in 1,001 Posts
    Country: Holy See

    Default

    I WOULD like to make my Segway go 60mph, though.... And it uses the exact same iButton.
    "God as my witness" - Jeremy Dewitte - Felon

  7. #7
    Join Date
    Dec 12, 2011
    Location
    Avalon
    Posts
    1,229
    Thanks
    353
    Thanked 367 Times in 176 Posts
    Country: United States

    Default

    Somewhere on the net there was a program to make your own segway keys...
    "Don't worry about what I am, cause I'm a state agent so what you need to do is make sure your doing the right thing **** boy" -J. Dewitte

  8. #8
    apco25guy No Longer Registered

    Default

    Quote Originally Posted by com501 View Post
    I WOULD like to make my Segway go 60mph, though.... And it uses the exact same iButton.
    If you find out how, please pass along the information. I'd be interested in learning that.