decrypt GMAC data / DLMS cosem

Question

I'm trying to get data from my meter but the process to establish a connection requires to follow 4 steps of securities check. i successfully pass the 3 first step but the last one fail because the client (me) doesn't accept the value send back by the meter. so, i did try to find out all parameters in use to compute this step.and got it from the vendor, the manufacturer says that the algorithm is GMAC but i don't think so. i want to find a simulator for GMAC algorithm and check these parameters i got are the correct one.

i sniff data between the manufacturer software and the client and i get i the data i need just don't find a GMAC simulator.

Answer 1

During application association (AA) establishment the client and server needs to identify themselves. DLMS supports several authentication mechanisms - 'No authentication', 'Low level security (LLS)' or 'High level security (HLS)'. Since you mentioned 4 steps during association, it should be HLS authentication mechanism. Now there are several HLS auth mechanisms possible (in total 6 as of today). Since your manufacturer mentioned GMAC, it should be mechanism_id(5).

Now in order to associate with the meter, you would need to know the following:

1. Client id from which you are trying to associate (Public client will not work)
2. authentication_mechanism_name (class 15, attrib 6)
3. client_system_title, security_suite and security_policy (class 64, attrib 4, 3, 2) for the given client
4. And finally assuming sysmmetric key algo is used, you would need keys for this client (GUEK and GAK)

You can refer chapter 9.2 from Green Book Ed.10 (DLMS UA 1000-2 Ed.10) and class 15 and class 64 from Blue Book (DLMS UA 1000-1) for more details.