Change ElkRP access code?

L

LaurentR

Active Member
I decided to poke a hole through my firewall to access th Elk through RP and was planning on using the RP "password" to secure the access somewhat. Beside the fact that a 6-digit code is really not secure for a publicly-exposed port, I didn't figure out at all how to change the RP password.

I tried to change it in the "account details" pane, then "send all", but it didn't seem to do anything. I changed the code several times, and it didn't seem to do anything. I read the help and the M1 manual and neither talk about changing the code after the initial setup. I am confused.

Any idea?

Note: With just a 6-digit code, it really isn't secure enough to be open to the world. Eventually, I'll change my firewall to a model with a SSL tunnel and will tunnel into RP. That'll be much more secure.

Laurent
 
Laurent said:
I decided to poke a hole through my firewall to access th Elk through RP and was planning on using the RP "password" to secure the access somewhat. Beside the fact that a 6-digit code is really not secure for a publicly-exposed port, I didn't figure out at all how to change the RP password.

I tried to change it in the "account details" pane, then "send all", but it didn't seem to do anything. I changed the code several times, and it didn't seem to do anything. I read the help and the M1 manual and neither talk about changing the code after the initial setup. I am confused.

Any idea?

Note: With just a 6-digit code, it really isn't secure enough to be open to the world. Eventually, I'll change my firewall to a model with a SSL tunnel and will tunnel into RP. That'll be much more secure.

Laurent
Click to expand...

I changed mine through the Account Details so I'm not sure why yours isn't working.

In any case, since the Virtual Keypad doesn't work for me, and several others, under certain remote conditions, and since RM says not to use it remotely because it's not secure enough, there isn't a way to access the ELK remotely (not counting the phone interface which is a last resort).

I guess ELK doesn't consider this a high enough priority to get at least one java-free external access with graphical screen working for all customers. As far as I know there is no solution to this upcoming, but I hope I'm wrong on that. It's one of the main reasons I went with the wholesale replacement of my old DSC system and this aspect of it doesn't work for all cases.

You raise a good point about the 6 digit (or less) code. It would be good to include similar features as electronic locks, e.g. it locks out all remote access attempts after say 3 failed passcode, for say 10 minutes, then progressively longer periods of lock-out for each successive failed passcode attempt. This would require some thought since it's not exactly the same considerations as a physical electronic lock, and you'd also want to protect against someone causing a remote "denial of service" even if they don't know the passcode. For example someone could do this prior to a burglary attemtpt, to be sure you couldn't remotely check on the status.

You're absolutely right there should be a higher level of security from remote brute-force (i.e. try all codes remotely from the secluded comfort of the attacker's remote location) attacks. But I think it is more complicated to get a really solid solution than it might appear.
 
Lugnut said:
I changed mine through the Account Details so I'm not sure why yours isn't working.
Click to expand...

How do you know that worked? I experimented quite a bit with this field. On a single RP install, I can change the field, Send All, disconnect, change the field again, and it still reconnects even though the code should now be different between RP and the M1G.

Better, I actually have 2 copies of RP running (desktop/laptop). I tried to cross change the RP access code between the two, and never failed to log in from either, so clearly, just entering a new code doesn't do anything. I also tried the big hammer in the options menu, and that didn't do anything either.

Now I did do one thing that seemed to actually do something. I reflashed the M1G firmware and did a send all Send All. I had a non-default code in the RP Code box in the Accounts Details pane. Now my other copy of RP didn't connect and needed to have the new code entered. But since, I have tried the cross-code changes and nothing does.

So what I think is happening is:
- The RP code is only downloaded once when the M1G is reflashed/erased on the first "send all". I am not sure when the global RP code (in the options menu) is used. Supposedly only when creating a new account (is that a new database account or a blank M1G?).
- After that, once an RP install has handshaked once with the M1G, it never uses the RP code again.

I'd like Spanky to chime in and tell us the truth about this whole thing.

Laurent
 
I see what you mean. I hadn't really thought about it before now. Without a separate passcode change and passcode entry box you can't really know that the single combined box is having any effect if you're just running RP from a single computer. In effect, by trying it on 2 separate computers you are emulating separate passcode change and entry boxes so it sure sounds like a telling test that something is not quite right to me.
 
Lugnut said:
I see what you mean. I hadn't really thought about it before now. Without a separate passcode change and passcode entry box you can't really know that the single combined box is having any effect if you're just running RP from a single computer. In effect, by trying it on 2 separate computers you are emulating separate passcode change and entry boxes so it sure sounds like a telling test that something is not quite right to me.
Click to expand...

As for your question about the RP Access Code, it is designed to keep out any unauthorized persons or alarm company competitors which might happen have a copy of the RP software. But it also has safeguards to prevent locking you out of your own control and these safeguards are making it appear to you that it isn't doing anything.

The Accts Details field where you are allowed to manually change the code is always considered the current code. So just how does RP go about connecting to a control and making a change from the previous code to your new code?

RP actually hides three 3 copies of the RP Access code in its database for each account. Code #1 is the currently displayed code. Code #2 is the code which RP previously used to access that control. Code #3 is the code which RP used 2 generations ago to access that control. Why? Well, if you were to open RP and immediately change the displayed code prior to connecting, then once you try to connect with the control it would reject your new 'displayed' code. After all, the control doesn’t yet know about your new code! You could not connect without going back to the old code! However, thanks to the smarts built into RP, if it fails to connect with code #1, it automatically looks in its database and uses code #2 . In most cases code #2 (the most recent old code) is valid and the control lets you in. RP then automatically updates the control with the new (current) code #1. It also saves the new code in the database, even if you failed to save the account info. Now the control and the RP are in sync. RP stores code #3 as a backup to code #2. Of course none of this would be valid if you attempted to use a computer which had never connected to that control before.

I believe that in the case where you jogged back and forth between two copies of RP you were never more than 2 generations old. But, since you can’t actually see all this happening it may appear that the code wasn’t functioning properly.

BTW: Defaulting the control does NOT reset the RP Access Code.
 
bphillips said:
BTW: Defaulting the control does NOT reset the RP Access Code.
Click to expand...

So, what does reset or default the Access Code?????????? I obviously lost mine since I didn't log in for the last two years or so. I constantly get a message telling me that the System rejected the Remote Programming Access Code.

I reset the complete unit and that didn't help like you stated above. I have a good connection since I see data using hyperterm. I also got my serial number correct.

Please help!
 
Richard Naninck said:
bphillips said:
BTW: Defaulting the control does NOT reset the RP Access Code.
Click to expand...

So, what does reset or default the Access Code?????????? I obviously lost mine since I didn't log in for the last two years or so. I constantly get a message telling me that the System rejected the Remote Programming Access Code.

I reset the complete unit and that didn't help like you stated above. I have a good connection since I see data using hyperterm. I also got my serial number correct.

Please help!
Click to expand...

I see from our ELK forum that you've found your RP access code and have resolved your problem. But to answer your latest question about what does reset or default the RP Access Code the answer is: Only by sending the panel back to factory the RP Access Code be reset or defaulted. Locally defaulting the panel does NOT reset the RP Access Code.
 
You must log in or register to reply here.

Similar threads

pete_c
PFSense + Teardop (VPS) and OpenVPN
2 3
Replies
35
Views
2K
pete_c
pete_c
C
ELK M1XEP will not connect and keypad will not allow programming
Replies
2
Views
863
TrojanHorse
T
pete_c
Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps
Replies
0
Views
538
pete_c
pete_c
O
M1xep died/ replacement rejects the remote programming access code
Replies
2
Views
475
Del91574
D
StarTrekDoors
PC Access 3.17.0.843 Update Release Notes
Replies
0
Views
3K
StarTrekDoors
StarTrekDoors
Back
Top