At last COJ have started rolling out the soft updates for the prepaid meters.
When you buy a token you get THREE numbers to input. The first two perform the TID update, the third is the credit and will only work on the updated meter.
I did this yesterday. I bought a small amount through FNB as per usual, and got a message with three numbers (as is supposed to happen).
Punched them in one at a time and got the amount I paid for. The existing credit balance was retained, and the meter serial number did not change.
Go to @CitypowerJhb on X and look for the announcements that were sent out RE the TID upgrade. The upgrade window is date limited and the dates are different for each area. Midrand, for example, is open from 15th until the end of the month. Where I live opened yesterday and is open for one week. Don’t ask, I don’t know.
Hah! Thanks for that. For some reason when I saw our area open for it from the 21st I thought that’s today as it makes sense to have it from the Monday and realised earlier that it’s already the 22nd.
I’ll go buy some now as I want to buy the whole 350 block this month and next to bank some for the upcoming price increase.
Correct. The TID is the minutes elapsed since 1 January 1993, and is a 24-bit number. 0xFFFFFF (the largest 24 bit number) is 16777215 minutes, which gets you to…
To fix that, they need to update the base date to something more recent than 1993, but if you do that, then old token numbers become valid again, so they also need to change the encryption key.
This discussion suddenly made me wonder how hard it would be to “crack” the code. A bit of googling finds the technical detail of how the encryption works. The algorithm doesn’t appear to be particularly hard to break (it would probably take no more effort than DES, since it is based on DES). It essentially shuffles the bits around in a way that is really hard to figure out, but is entirely deterministic and can be easily reversed in even fairly cheap hardware (which is the point).
It uses symmetric key encryption, which means the meter and the supplier both has the same key stored somewhere, and if you could read that key somehow, you could in theory vend your own tokens.
The reason nobody bothers… probably… is because figuring out the key only allows vending tokens for that one meter you cracked, and your supplier will fairly soon figure out what you’ve done. It would probably also take a not insubstantial amount of bought credit to obtain enough data to reverse engineer. It will be cheaper to just pay for your electricity.
In short, the encryption is not very strong, because it doesn’t need to be.
Also interesting that the TID rollover was anticipated and designed into the system. There is a flag on the management message (used to change the key) that tells the meter that the key change is for a TID rollover, and the meter than additionally clears the memory where old token numbers are stored.
My local window opened yesterday, but I was going to put it off until the Monday because, I told myself, City Power will muck it up and not implement on the weekend.
But I was wrong! And when a couple of people around here confirmed that they had done the update and it was painless, I decided to get it over and done with.
Presumably the vendor needs to know the base date for your meter, so letting them issue the reset codes makes sense. Then meter and vendor are on the same page.
