I recently had the opportunity to test a theory I've had bouncing around in my noggin' for some time.

Thermal energy (heat) cannot be seen by PIR or TI through water. I've seen pictures of people in pools as viewed through TI and they are invisible below water level. I'll skip the technical explaination as to why, and just leave it at the fact that it is a fact. :)

Now, how to exploit this?

Well, I've got a PIR installed in my house, courtesy of the previous owner who had that emblem of middle-class security, ADT. The thing works pretty good as it will detect an arm waved across an open doorway from more than 20 feet away. So it's adequate for testing out my theory.

The theory is this:

Water blocks IR energy. Bubbles (yes, bubbles) are composed of mainly water, with a little soap and air added in. Bubbles stay where you put them, and they can float up or sink down, as needed.

Having previously experimented with polymeric bubbles (see thread in the NBC section by me), I thought that bubbles would make a good screen against detection by a PIR by blocking its field of view and diffusing/absorbing any IR energy that may be detectable by it.

So....I whipped up some bubbles using a straw and some water with dishwashing soap in it and slathered over the PIR. After going off (used warm water :o), it reset, and thereafter wouldn't go off from waving my hand 3" from it. :)

The bubbles were dense enough that I couldn't see anything but the red light of the PIR through it, and in a layer about 1" thick over the sensor.

When I tried the experiment again, using straw blown bubbles, the PIR would go off as usual. This time, the bubbles were large enough that I could see the sensor through a 3" thick layer of them.

So, my theory is that the bubbles are only as effective in obscuring the IR energy as they are in obsuring the vision of the observer. If you can see the PIR clearly, it can see you (or, rather, your heat) just as clearly. If it's invisible under a layer of foamy bubbles, so are you. :D

Now, since PIR's are usually located on the ceilings and far end of hallways, the problem becomes one of getting the foam over the sensors without being detected in the first place.

To reach the ceiling mounted sensors from ground level, you would use a lighter-than-air gas such as helium or ammonia, from a cooled (below ambient) cylinder.

To reach the same sensors mounted on a wall, only through a hole drilled through the roof, you may wish to use CO2, which will be self-cooling. If the sensor is one the ceiling, and you're coming in through the roof, you'll still need the light gases.

For reaching sensors at the end of hallways, the idea that I had was to use a reel of stiff (and cold) plastic strip (think measuring tape sort) that you would unreel along the floor till it's underneath the sensor. Attached to the strip are two hoses, one for gas and the other foam solution, which generates the foam underneath the sensor which rises up and smothers it.

Other ideas, though much more exotic, would be to construct a kind of "gun" that would use a vortex ring of air to carry a blob of foam to the sensor, or a kind of "flamethrower" that would use high-pressure gas to blow a dense stream of foam onto the sensor.

Once covered, you are free to move about.

Or you could build a "shield wall" against the PIR (not giant sand worms! :p) by having a high volume-low pressure fan pushing air through a fine mesh screen that has bubble solution sprayed on it, and directing the foam to seal open doorways and other opening which you would have to pass on your way in/out that are within view of a PIR, but either not reachable or that are too risky to tamper with.

One really far out idea is to make a "tunnel" out of fine nylon mesh in the form of a tube, and saturate it with the bubble mix. It would be extended by inflating the tube using the fan, which would not only slowly unroll it, but also cover it with bubbles. Once the tube was fully inflated and extended, a person could roll down the tube by lying on a skateboard and pulling themselves through. If nothing else this'd make for an interesting scene in some hi-tech caper movie! :D

I haven't had the chance to test the polymeric foam out yet, so I don't know if it would work as well as water-based foams, but if it does then that'd be the one to use. Polymeric foam would last for hours, and not be affected by humidity and dust like water-based foam is. It would stick instantly to whatever it touched, and wouldn't risk any water dripping into the sensor, causing a fault that could set off the alarm.

Then the problem becomes one of how do you remove the foam so as not to leave any trace of how you tricked out the PIR?

See, if the jeweler or bank opened up in the morning and found that they'd been cleared out, and the PIR's covered with foam, how long would it take for the PIR manufacturers to modify the design to prevent it from working in the future? Or, worse yet, sending out notices and work-arounds to existing customers, ruining a good thing in short order? :(

Water based foam would turn back into soap water in a few minutes, but that would limit your time unless you constantly kept refreshing the foam, and who wants to be bothered with that while you're looting and pillaging? ;) It'd also leave annoying little puddles that could give the game away.

The polymeric foam turns into a dry and nearly invisible film when it decomposes, which would be good, but it would be better if it turned into a non-adhering powder that would float off like dust when it dried out, and it'd have to do it reliably within a few hours.

Suggestions?

I suspect the dense foam worked more because of the scattering effect than IR absorbtion. Bubble walls are so thin I'd have thought there would be little attenuation of IR. (try blowing a coloured bubble).

For those who don't know, a PIR sensor is usually split into two or four sections, with multiple lenses in front, creating multiple images spread across the sensitive sections. The output from each section depends on the total IR falling on it. The electronics detects movement by looking for changes in the outputs of each section. If you can completely blur the images then all the sections will show the same output all the time and the sensor will not trigger - I think this is what happened with the foam, along with some IR blocking as well.

This leads to other possible defeat mechanisms :
1/ Flood the sensor with IR, from a filtered lamp.
2/ Fill the area with a water fog - an ultrasonic fogger might do the trick.

These might be best used as a way to get to the sensor to apply the foam.

Foam acts both as a lens and as a diffuser. It takes light from any angle, and splits it into it component colors. That's why bubbles are rainbow colored. :)

One bubble by itself isn't going to do shit, but when you have thousands of them, that's when it becomes effective, because the path between the heat source (you) and the PIR goes from a straight line to many hundreds of different paths, causing the IR energy to be both aborbed (by the water) and attenuated (by following many paths).

PIR's detect the variation of the IR energy in the field of view by comparing it against two sensors, each of which recieves part of the view through a frensel lens which divvies it up into multple segments.

If the rise in IR energy is even through the scene (ambient heating), then each sensor recieves the same amount of energy, thus there's no difference between the two, so no alarm.

If an intruder is moving around, then each sensor recieves a different amount of IR energy, as the intruders passes through the various "lanes" in the PIR's view created by the frensel, thus creating a difference that sets of the alarm.

Since the change in temperature has to be fairly rapid and different from the background (to prevent hypersensitivity that'd set it off all the time), even a small degree of attenuation would be sufficient to prevent the alarm from sounding.

Also, because the bubbles breaks your heat image into a thousand different spots, and coming from all directions, this levels out your heat signature from a hot spot to a fuzzy "glow" (like frosted glass) that is seen equally by both halves of the sensor. :)

Of course, as the water evaporates, it also cools the bubbles. :)

The problem, as I see it, isn't blocking the PIR from seeing your body heat (the foam takes care of that), but getting the foam onto the PIR without setting it off in the first place. Once that problem is solved, the rest falls right into place...in your pockets! ;)

I don't see how you could fill up a space like (for instance) Fries Electronics with ultrasonically created fog. The volume is huge, ultrasound very inefficient, and the time long.
An IR screening smoke is possible, but that'd set off the fire alarm, which is just as bad.

This one isn't about bubbles, but maybe it'll fit here anyway...What about aiming a powerful filtered spotlight at the PIR and using some ramp generator type circuit to SLOWLY crank up its voltage from zero to 12/110/whatever?

Getting bubbles to the target will indeed be very difficult. I am wildly speculating here but you might be able to whip up some sort of binary liquid stream in a water pistol. The agents could be something like vinegar and sodium bicarbonate solution for example (there are probably better things). When spraying, the stream can be directed like a super-soaker only when the liquid hits the target, there will be a foaming reaction creating massive amounts of small bubbles (exactly what you would want for this).

In fact, what would be even better is the same type of solution PLUS an surfactant/oil mixture. A ternary mixture so to speak. Three tanks, all pressurized and on the same trigger, having hoses leading to the main ejection tube and hence mixing, emulsifying/reacting, and then being ejected towards the target would prove a quite usable bubble covering. The emulsified mixture will stick to the detector much better than the simple water based mixture....the bubbles will last longer too!

All you have to do is aim the thing with maybe a mirror or something so you dont stick too much hand out.

I was also thinking...
I am under the impression that there are now blue lasers (pen lasers) available that have power output ratings of about 0.1 watts. Perhaps it was even up to 1 watt I can't remember. Either way, I'm guessing that the detectors do not have a very high damage threshold and could very well be damaged permanently by exposure to laser light of this intensity. If the wavelength of the laser was not detectable (or just wasn't important) you might not set the alarm off while still causing damage. That would definetly take research to confirm however. Detector heads and optical coatings have a very wide variety of performance characteristics these days...

After doing further research, I found that high-end PIRs (http://www.sdmmag.com/content/newthisweek/2003/02/MotionDetectors.htm) have a feature known as "anti-masking", which means that the alarm will sound if the PIR lenses are blocked.

But, the means which this is accomplished could actually prove to be a boon, rather than a bane. :)

See, these PIR's use an active IR system that directs a beam of IR light either:

A) Into an interior sensor through the lens from an exteriorly mounted LED

OR

B) Out through the lens from an interior LED

A works works there is something placed over the sensor by blocking the beam. B works by detecting the reflection of the IR light off of the obscuring object.

Since both A and B are actively emitting IR light, it would be easy to from beyond their detection range using NVD. :)

Plus, I don't think foam would affect the anti-masking anyways. At the very short range between the IR LED and the interior sensor (A) the light wouldn't be obscured to any great degree by the foam. While it may be diffused a bit, it'll still be visible, hopefully within the sensors tolerance range.

With B, foam acts like a sponge, absorbing light without reflecting much back. Plus, any sensors based on detecting a sudden change from ambient wouldn't be triggered by the foam, since the amount of light coming in will remain almost the same, just being scattered.

A problem with the better PIR's is the usually combination with microwave. We know microwave is absorbed by water, that's how ovens cook, but would be absorbed by the foam? Or would it be possible to include a microwave absorbing material into the foam to absorb it?

While searching around, I found an interesting story on an alarm installers forum about how a PIR was defeated.

The thieves broke into the business by forcing the door, rushed over to the PIR and sprayed it with laquer to cover the lens, and left. The cops and owner came, found nothing taken and assumed that the thieves were scared off by the alarm.

After everyone left the thieves came back through a hole they made in the wall and cleared the place out. :D

Sorry, blue light won't do it. The sensors have a front filter made of either silicon or germanium, which passes IR and reflects the visible band.

I just spent the last hour conducting some experiments with foam.

First, I mixed up a saturated solution of citric acid with liquid dishwashing detergent and added that to a saturated bicarb solution. Instant foam!

Problem though is that it's very short lived, as the foam is extremely wet, breaking down into liquid within a minute. Probably because of the solubility of CO2 in water.

Next, I tried using a high volume/low pressure air pump blowing through a thin solution of detergent in water, using a needle nozzle (like for airballs).

This worked very well. A milliliter or two of soap solution turned into a mass of bubbles the size of a basketball. :) It wasn't as obscuring as the acid/base foam was, but it was much dryer and lasted much longer. I would think it rather easy to make a large mass of thin bubbles, than a large mass of dense bubbles.

This would especially be good with those anti-masking PIR's since the larger bubbles wouldn't obscure the sensors at all within the couple of inches between the IR LED and the sensor. :D

I'll try using polymeric bubble mix later with the HVLP inflator and see how well that works. Fortunately, I can get the polymeric bubble mix in 4 oz. tubes at work real cheap. ;)

If there was a low boiling point freon that could be mixed in with it, than that'd work great for spraying, as the freon would volatilize and foam up the mix on target. Though I wouldn't spray the mix directly onto the sensor, rather around it (like a doughnut) so the foam will close in on it and smother it indirectly.

No laser that you can fit in a pen pointer is going to be capable of burning out anything less sensitive than your eye. Plus, if it was powerful enough to do that, it'd destroy the sensor all right, meaning an open circuit that'd sound the alarm anyways. :(

Try adding a bit of glycerine to your mix. Thats what I do for the kids to make their bubbles last longer.
An aquarium airstone would be good for making lots of tiny bubbles too.

I've done some more experimentation using polymeric bubble mix.

I dissolved as much citric acid as possible in the bubble mix, and poured that onto a solution of bicarb. It foamed up wonderfully. Unfortunately, while the bubbles lasted much longer, they were still "wet". Tossing some on the side of the sink, they slide straight down. That's not going to stick on a PIR. :(

I found that if you use a dry mix of equal volumes of citric acid and bicarb, and pour the straight polymeric bubble solution on it, nothing happens. But, once you add water and stir, the stuff foams up very rapidly and is much "dryer", sticking to the side of the sink without sliding off, and the bubbles last several minutes...long enough to do a job. :D

Also, smaller bubbles are "wetter" than larger bubbles, so larger bubbles are prefered.

Perhaps a projector would be possible, using the reaction between the dry acid and bicarb to pressurize the sprayer, and activating it by breaking a water capsule inside of it. It'd have to have a large nozzle, otherwise all the bubbles would be ruptured by shearing through the nozzle.

Instead of blowing foam all over the place, which will be very time consuming, why not use one of those mist machines that people use on music concerts ? It uses glycerine as source of mist and a smal 12 volts batery as a font of energy. The whole system will weigh only 2 kilos, with enough gliceryne to fill a room with a dense cloud.

When the IR reaches the fog, it will be refracted in many small beams, bluering the sensors, allowing a person to walk without seting of the alarm. It probably will be as refractary to light as water fog, and long lasting too.

The morning after, the only trace that be on the scene will be a small quantity of liquid gliceryne, and maybe, a little scent of strawsberry...

Fog machines used on stage vaporise a mixture of water and ethylene glycol. The water makes the fog, the glycol slows it dissolving into the air. The problem with filling a room up with fog is that you wont be able to see what you are doing.

You could use the fog jet to fill bubbles. You would still need to get the bubbles to stick to the PIR but opaque bubbles would work better than clear ones.

Some problems that will need to overcome: Stage fog will set off smoke detectors despite what the manufacturer claims. The fog is very hot as it emerges from the machine and a sudden hot jet of gas will almost certainly trigger the alarm.

If I had a PIR to play with I would try 'gooping' it with a thick water based liquid like personal lubricant. It could form a cool watery layer several millimetres thick capable of stopping IR. I'd also try adding something milky... like errr... milk to increase the diffusion.

I was stuck with toilet scrubbing this morning and the idea just popped into my head. The stuff is really bubbly. After toying around a bit I came up with a wonderful A/B compositon.

A:
1 part Lysol Bath + Tub cleaner (the blue stuff that comes in a weird shaped bottle for squirting in toilets)
1 part Dish detergent (Dawn)
2 parts mild H[sub]2[\sub]SO[sub]4[\sub] (came out of a spent battery, I would guess about 1-5% conc)

B:
1 part (same part as A) Baking Soda powder
1 part water

Mix A into B (violently as to help the mixing) and it will react quickly and produce thick, sticky, viscous bubbles ranging from the thickness of Cool Whip to clam chowder (depending on how hydrated it is) Using 1 part = 1 tablespoon yields 24 fluid oz. of thick blue bubbles. They last for at least 5 minutes (longer if you use less water)

Another idea to consider is the foam insulation polymer stuff. It comes either spray form or in A/B composite. Mix together and the stuff expands 20x, usually opaque yellow. This might obscure it too much however.

Jamming a PIR is something I have also thought about. Having installed a few alarms in my time (as favours/at cost) and having an "eye" for security systems, I can share a few tips with the forum.

Firstly, never break in through the kitchen (or anywhere else) if you can see the PIR is a longer one than normal. These are the ones that cost a lot more, and have a microwave sensor in them as well. Even with a clever masking system, if you trip the microwave system (which you will if you move towards it) the alarm will still sound. There are lots of caveats on this, of course. Sometimes the sensor is wired so that both sensors have to trip before it will sound, sometimes either. The more intelligent ones trip if one sensor goes off two or three times on it's own, too.

You can actually tell if a PIR uses microwave as well, not just from the case style, but also with your trusty radar detector. Out of your car. You could use one of those little pocket bug detectors, but they only trip when you are inches from it, generally. The radar detector is a much better idea, as it is a little directional as well. Of course, you need to have either a long line of sight, or an aperture, otherwise waving your detector will set off the PIR!

Secondly, if you can't case the place, forget it, if you know the alarm is on. You probably wouldn't see the PIR first in most small to medium houses. Modern PIRs are really good. You can get one for £7 which turns on a battery powered light, or sounds an alarm, and it is pretty darned good. Like NBK says above, you can set one off with your arm from 20 feet. This level of sensitivity is about standard, but it does depend on the lens in use, as well as the detector. Some will be set to ignore dogs, etc. at ground level, but don't rely on it!

If you can case the place, you can often "walk-test" the place at the same time. If the little lights don't come on at all, though, don't bother, as it was probably installed by someone who really knew what he was doing - some of the newer PIRs let you turn off this light, to stop people doing what you are about to!

How it works is this: Get a friend or two, pretend to be drunk. Mess about sliding along the walls, behind desks, tables, etc. so that you can tell where the PIR can see. Once you have a route between the (say) register and (say) a window, check out the window sensor. Often they won't have bothered, since the PIR should do the job. Well, maybe it did ten years ago, but it has, like all semi-conductors, deteriorated with heat and time. Come back later, and you know what to do. (Obviously, be smart - doing this in a jewellers is just going to get you on film, but in a bar, it is quite likely to work)

As for jamming with a laser pointer, it works quite well, sometimes. For better results, you would want a near IR laser, but the only place to get one is to maybe hack a CD burner or something. IR lasers tend to be powerful, but big and mains powered. You want a little diode one, hence attacking a CD player. I have no idea if it would work though. You would probably set it off when you turned it on, if it was IR, and so visible to the sensor. Of course, you could just keep tripping the PIR from over the road till they stop setting the alarm. (With a timer circuit you wouldn't even need to be in the area!)

The sensor gets a big increase in noise, so it turns the sensitivity down (afaik) so you might get away with it.

Older video cameras turn the gain right down (the same sort of thing), too, so they won't see you on the playback. Obviously, though, anyone looking, or using motion sensitive gear on the video stream, is going to know right away. Also, newer cameras tend to be better at handling this type of "attack". If you want to try it out, go to Radio Shack or whereever, then find a camera hooked to a TV and try it! You have to be preety accurate, though. A tripod would be needed from a distance. Also, with colour cameras, they can split the RGB to lose the saturated channel, and still see you (but this really needs colour and a non-compressed video recording - if they MPEG it, they won't get anything, as it will have thrown the Green and Blue away!) I am sure no-one would forget their make-up, but just in case... ;)

Hope this was informative.

p.s. Thanks for that link NBK, I have been trying to find a source for (IR) quadrant detectors for years at a reasonable cost. Now I know which PIR to strip!

[Edit: Forgot to say- you can buy cans of smoke spray. It is a large aerosol. No idea as to what effect it has as regards IR attenuation, but I will try it if I can. You would be working nearly blind, but you could cope with that under some circumstances.]

Does the image recovery require true RGB (component) video, or can it still work with composite video? I don't ever recall a VCR which could record RGB.

Ditto the smoke in a can, I saw some last night in a Maplin (ala Radioshack) catalogue, the product claims to linger in the air for 2 hours.

Those smoke cans are designed for testing smoke detectors, so unless you want the fire department showing up, I'd leave them alone;)

Anthony,

I'm not sure about the composite video thing, but I do recall seeing it on something like crimewatch. I will check that if I set this camera and PIR thing up. I have quite a few different cameras, both colour and BW, for a motion sensitive camera rig that just drops into your PCI slot on a desktop PC. If I set my desktop up, I can have a play, but currently I am on the laptop. Off the top of my head, I would think composite can be split back into the separate RGB values, though, as the TV does that to display it through the three different guns.

As for the smoke in Maplin, that's the same stuff. I wasn't that impressed by the density the only time I used it, but it hung around for a while. A longer blast would have done more. It didn't set off my smoke alarm, so I don't know if it would. I will test that too, as the kitchen one we have is stupidly sensitive.

Tuatara, in the UK it is pretty rare for the fire alarm to be wired to the main alarm. They tend to just be a battery powered screamer and sensor package. Just wear earplugs, and odds are no-one outside will even hear it. Stick a bit of tape over the grill, and you wreck the peizo units' resonance, so the noise goes down quite a lot straight away. Then take it off the wall and stamp on it, or take the battery out. People will think it is a car alarm two streets away, and ignore it...

Are you refering to all smoke alarms or just domestic ones? Around here commercial properites have smoke alarms that automatically call the fire department, its a legal requirement IIRC. One place I worked at we didn't need fire drills because so many idiots kept on tripping the smoke detectors - we'd all pile on outside and a big shiny firetruck would turn up. :D

My house has a monitored intruder alarm, with a smoke detector attached. Smoke detector trips -> alarm calls security company -> they verify alarm, then call fire dept. Nice peace of mind when away from the house.

I can honestly say that I have never seen a domestic system in the UK that is wired up like that. I know that some of the high end alarms do it. The alarms in both my houses don't they have standard seperate ones, B&Q, etc. don't tend to stock them, and so on. Even the ranges I frequent (which almost all have monitored alarms) don't have a combined fire and security alarm, except one that is on council premises (now closed actually).

Commercial ones would be wired to an all-singing, all-dancing one, which may or may not be monitored. Generally, these would be found in newer buildings, and offices, due to the fire regulations. However, out of hours, I suspect they wouldn't phone in, since they don't anyway. The alarm goes off, and the truck turns up, regardless. I have noticed, however, that almost none of these places use PIR, since they have patroling guards. They tend to use electronic door locks that alarm if forced, but happily let you in almost any time without problems.

You can buy radio-equipped smoke detectors in the UK that automatically set off all the other standard smoke alarms if one goes off. I doubt they are in common use, though. The idea is that the fire sets off the alarm in the kitchen, and sounds the one upstairs at the same time. No wires, though.

A lot of the newer alarms are wireless now, too. You just pop a 9v battery into the PIRs, wire the alarm box to the control panel, and plug in. You can even have a radio alarm setter and unsetter, like in your car. We brainstormed how to defeat one of these systems in work Monday. I explained about car security systems, and the newer scrolling key systems. Another guy came up with the solution:

If you send a valid code, the system ignores anything that should have been before that in the list, as well as a repeat of that code. So, to defeat it, you need both a scanner with recording and playback facility, equipped with a pretty directional aerial, and a jammer of fairly good power and small size, which can be remotely turned on and off. The jammer goes near the system, while the scanner goes such that the directional aerial looks at the mark, and not the jammer.

How it works is this:
As the mark approaches the car/house, they press the button. However, you are jamming the signal, so the system never receives it. However, you record it, and save it. You record the next two, as well. Now, you quickly toggle the jammer off, and play back the first signal. This unlocks, leaving you with the next two unlock codes!

Obviously, this will only work if the codes aren't on the same list with the locking codes. If they are, jam again when it is being locked, and play with the signal so that it works.

Note that this is theory only, and might not work.

Interesting theory! The hard part is going to be recording a weak signal, while transmitting a strong one. I think you would need the jammer and receiver linked so you can correlate the jamming signal with the received one and extract the difference, which will be the signal from the remote. Your window of opportunity will be very small - just until the user presses a button on their remote again, after which your recorded codes will be useless. Still, a small window is a lot bigger than no window.

Looks like a UK market opportunity exists for a low-end security/fire alarm!

BTW I am currently designing a car alarm as part of my job.

play with the signal so that it works

It wont work. In my alarm the code is 64bits long and is encrypted in such a way that a single bit change in the transmitted data causes about half the encrypted bits to change. This is based on an off-the-shelf transmitter, not something I've thought up. The odds of hitting the right combo are very, very small.

Oh. So the whole key is encrypted, and they are all pulled from the same list?

If so, how does the car know whether it is being unlocked or locked, or the boot opened?

I assumed that either the encrypted key would authorise a none encrypted part, which would state the action, or that there would be just one long key list.

If I unlock a car with the first stolen key, surely the second stolen key is valid until the car is UNlocked again? Otherwise, how does the car alarm know which action to perform? Or have they thrown lots of silicon at it, and have three separate lists?

I was talking about linking the jammer to the scanner system, as you need to be able to turn it off at a very precise time, just before you unlock the car. The high-gain aerial wasn't designed to boost the signal, but rather to (help) prevent the jammer signal from overwhelming the scanner. (EDIT: If it wasn't clear above, the jammer is omni-directional or pointed towards the target receiver, whereas the scanner is physically remote, with a high gain ant. pointing at the target transmitter) As you point out, of course, if you jam with a known signal, you can subtract it from the scanner input and hopefully get your unlock codes, you just need to keep inside the dynamic range of your scanner system. If the jammer pulses totally swamp the other signal there, you won't be able to get it back. Unless you could do something clever with polarisation?

Failing that, mug them for the key. This is now the preferred way in the UK, often starting with a home invasion(!) to steal high-end cars.

Well, we're way off topic now, (sorry NBK) but anyway.

In short the message from the remote consists of : a serial number (usually 28 bits or more), button data, rolling code (at least 16 bits), and a check code. This all gets encrypted (with a 64 bit key in my alarm) and sent. The receiver decrypts with its key, checks the check code for a valid decrypt, checks for a valid serial number, checks for a valid rolling code, and if all is good it acts on the button data (lock, unlock, boot open, whatever). There are no lists involved - the rolling code counter just counts up by one each keypress, and the encryption takes care of the data scrambling, so that the counter can't be 'seen' in the raw encrypted message.

I understand your antenna setup - trouble is for the kind of directivity you would need, the antennas would have to be something like 50 element Yagi's - rather unwieldy for a covert operation. And there will be evironmental reflections to contend with too. Hence the correlator. If you can get that bit to work, then the jam/grab/transmit scheme would work.

Nicking the keys is far easier :D

I think NBK2000 will find this interesting. :)

By a "list" I meant that the rolling code that was used last time won't work this time, nor will any code used in the past. The list, would, in effect, be the after-everthing code that was transmitted.

Anyway, enough! You have convinced me that we didn't find an easy way round the system, but we also determined that if we do grab a code, then jam until the user goes away, then replay it, it will work, but if they drive away then lock the car, all the captured codes won't work anymore.

Now, anyone got anything to say about beating IR? ;)

not really related to soap bubbles but is related to motion sensors.

I once experimented with several motion detectors with some neoprene. I was able to pass my hand by the motion detectors, several times (slowly, fast, even held my hand in front of it), with out detection.

I sat and thought about this all last night and I think I have a workable idea. I have not tried it becasue I don't have any IR devices so if any of you can test it great!!!

Ok. instead of trying to do someting to the IR device which could be hard in some places, why not do something to yourself instead. To get past an IR device which is putting out IR light and then reciving it try dressing in IR absorbent clothing. The ink that a barcode is made out of absorbs IR light (like a stealth bomber does with sound waves, yes it deflects some as well but that is not the point.) and the laser reads the spaces between the lines. SO, if you dye a flight suit or another full body type suit, you should be able to walk past a detector without reflecting back any IR light to the detector, resulting in no alarm.

To get past one that detects body heat try wearing a wetsuit which you have sewed pockets into which you can place ice packs into to disrupt you body heat signal. Another idea for this is a product called "Insta-Ice". It is an aresol product found in some first aid kits. Again if you wear a full body suit, spray this on and it should hide the heat signal as well. Also you can't spray insta-ice on your skin becasue it is to cold and can freeze burn you.

If you test these ideas please tell me. I would love the know the results.

udtst,

This plan, whilst good, won't work. The detectors pick up changes, not images. That's why they have the funny angular lenses, to enhance the effect of subtle changes at the boundaries.

Unless the background was a uniform cold, you would be blocking hot areas by moving a cold area across it.

However, I will get my PIR and try it tomorrow.

I am posting this while serving my 2 week probation period so...here goes!
Nbk your idea with soap bubbles is an interesting concept. Although the delivery of bubbles to distant PIR's is seemingly impossible...unless one could simply walk up to one and either disable it
or apply a foam coating.
I have pondered for some time now, tossing up the very idea of disabling PIR waves or to somehow become "invisible" to them.
You may have heard of "Emergency Blankets" or "thermal blankets".
They are of shiny metallic appearance and are used to prevent hypothermia or exposure.
They do this by trapping or reflecting bodyheat (95% to be exact), when the blanket is covering you.
Preliminary tests involving wrapping blanket around my hand proved successful. EG the PIR device i rigged up did not "see" my covered fingers obstructing its field of view.
Which led me to conclude that if i designed and constructed a body suit made from the thermal blanket, i could theoretically evade a PIR. Things that have to be taken into consideration is the outlet vents for bodyheat. Obviously by its nature, it will "creep" and will always look for a way out. Excuse my layman principle :) Anyways, the cuffs, ankles and neckline have to be secure, not to mention the entire stitching. So no bodyhyeat will "leak" disrupt the PIR lense.
I am still debating on the best way to make a pair of gloves to suit and/or boot covers.
A detachable hood will be necessary also and i am thinking something along the lines of a zipper; so long as i can line the inside of the zipper track with (thermal) material so as no heat escapes through the (ordinary) fabric. For the record blankets cost between $5-30 depending on size and quality. $30 will get you about 4x4 ft of quality material. (i should know, i used to sell them;)
Well i am very much accustomed to comments/critiscism so by all means, fire away.
Any input, advice or questions will be welcomed and answered accordingly.

Surely you'd still disrupt the background area? For example, if you walk between the PIR and a storage heater, would that not still set the alarm off?

If it did work, you'd have limited operating time in the suit, as you'd literally start cooking...

Now I dont know how 'inline' with this thread this is, but firstly those 'sensor lights' that get installed on the ends of houses and when someone walks across the back lawn the light comes on? Well, ages ago I was walking towards my house and the light came on, I had my trusty mag light with me and when the light came on I stopped, then I shone(sp?) pointed the beam of the torch at the sensor and then resumed walking towards my house and the light never came on as long as I didnt take the beam of light from the torch off the sensor. I later tryed this at school also,except using a 6volt lantern torch pointed at the sensor, I smashed a window, picked up some things and left without any alarm or the little red light that comes on when the sensor picks up movement.
Secondly, I would really appreciate it if some other members could try this with sensor lights and PIR sensors? and let me know how it goes because I am wondering if it was just luck or if I have found something useful here.

I just tried this with a SureFire G2 (read very bright light indeed), both with and without IR filter, and my el-cheapo PIR sensor light worked as normal..

I then whipped out my 2 million candlepower spotlight and tried it, same effect. (zilch)

I think you just got lucky :)

Oh bummer :( thought I might have been onto something although I just remembered it was night time and fully dark outside, so that might have had something to do with it. Further tests might be called for.

It might be his sensor had a photocell on it that turns it off during the day, and the bright light fooled it into thinking it was daytime, thus turning it off.

I saw an electric leaf blower recently, and thought how perfect that'd be for blowing bubbles en mass. At 500 cubic feet per minute, you could fill a room in just a few minutes, defeating not only the PIR but also any cameras. Or you could "shoot" the bubbles towards the PIR since it blows air at 200MPH.

Only problem with a room full of bubbles is that you can't see squat so you'd better know where everything is ahead of time.

I found mention of aqueous foam being used to suppress noise from firing off explosive charges.

It said that, large or small, bubbles suppress the noise up to 14 decibels, and firing off charges in boreholes with foam adds another 2 or 3decibels of sound reduction.

So, not only could you avoid the PIR alarm, but then proceed to blow a charge and squash the noise in the process. :)

You can order IR lasers from here. (http://www.sovietbazaar.co.uk/laser.htm) They have a wavelength of 815 nm, but this may be unsuitable for use with a PIR, seeing as a PIR is tuned to around 10 µm.

This site (http://www.sensorsmag.com/articles/0403/35/main.shtml) claims that PIRs can be defeated not only by someone moving extremely slow, but also extremely fast. I guess that stops it from going off every time an insect runs across the lens.

This site (http://www.lightsearch.com/resources/lightguides/sensors.html) says that there are blind spots created by the faceted lens on a PIR. It also has some info on ultrasound detectors.

There's a building near me that has microwave detectors on the inside of the building. When the building was being extended, you could walk by the plywood that boarded off the building work, and set off the alarm. This resulted in the staff having to spend 2 hours waiting for a technician to check the building and reset the alarm :D

While I was pondering the PIR detector the other night I stumbled onto something that might work. Silly string. you can shoot it from medium to long distance and from underneath.

I just got my PIR and blower out of storage, as well as the digital camcorder, so video is near. :)

Right, I have tried the "silly string" idea, and found it rather lacking. The PIR went off every time, regardless of the length of the burst, distance, etc. The protective plastic had no negative effect on performance, but this would help the SS, rather than hinder.

It was found that even one small line of it was enough to set it off, if it shifted even slightly across the lense. However, if you sprayed it whilst the PIR was on a non-alarming setting, it would be ok, since the silly string blocked the IR, even when a bright light and shadow were used. Note that anti-smother sensors would be tripped.

Note that it may impact on the brightness/dusk sensor, depending on ambient light, etc. which would cause the light to become active during the day if coverage was partial.

Free downloads of the EU standards for various security devices. This gives you the standard against which you must plan for. ;)

http://www.brecertification.co.uk/standards.jsp

I have used helmet mounted Thermal Imaging equipment in the Fire Service. It will detect 1/10th of 1 degree Fahrenheit difference. It will show a wire carrying current out of a fuse box, by the slight temperature difference! Who ever mentioned the difference is what is detected is right on the money. Even the small unit I used set it's gray scale level by the temperature average. Water looks black in thermal imaging because it is almost always cooler than the air, but hot water out of a tap looks white. Being under the water means your skin is at the water's temperature. Smooth metal reflects the heat image, just like aluminum foil reflects a light bulb. The brushed stainless used in kitchens reflected my own image in the unit. The longer wavelength of the IR saw the metal as being smooth. The thermal image will not go through glass. The lens on the thermal imager was Germanium and looked like a gray glass. The hardest thing to see was someone wearing a LOT of clothes with a facial cover or hood, and had been in the area long enough to come to thermal equilibrium. Birds were almost invisible until they took wing, and then you could see warmth under their wings. The sky always looks dark, even in the daylight. It was easiest to see people in rooms with good air conditioning or in cool rooms of uniform temperature. I'd hate to bet that you could hide from a good TI unit with a competent operator. The problem with the helmet mounted units was the very narrow field of view, it was like looking through a toilet paper tube, and very easy to get disoriented without your normal peripheral vision. I'm sure they have better units now.

I worked at a store about 15 years ago that had an alarm system that was either heat or IR activated (I wish I could remember.). It would get extremely hot in that place during the summer because of huge south-facing windows and no AC. I went in on a holiday to do some work and totally forgot to turn off the alarm. No beeping to remind me since there was no trip sensor on the door I used, just a sensor pointed at it. I walked all around the front showroom and never set it off but I walked to all the doors and left them wide open to cool it down in there and went to work where I could see them all. About 45 minutes later I got up from my desk and headed for the men's room and then the alarm (not just the remind beep) went off and scared the hell out of me. It was 100+ degreesF in there when I arrived and it never saw me. It was about 80F when it went off.
The sensor boxes did have a light that came on when someone moved and I think it was state-of-the-art for the time so it was likely IR. I seem to remember testing it once in awhile after that experience by moving very slowly and watching the light.
It always depended on the ambient temperature how successful I was at avoiding detection.
Maybe this is outdated info by now but you never know....

Ah yes, digging this thread up after 3 years...

Since the temperature difference is what is detected, it is easy to hide a warm body in a warm room. If you had grabbed a cold drink out the fridge, the opening of the door probably would have set the sensor off, likewise a hot drink would have done the same, though the heat change of the kettle would likely have been too slow to trip anything.

Since we last visited this thread, I've read about people drilling holes through the wall to destroy the sensor with expanding foam. I've also seen a very neat design with an anti-tamper switch which is tripped if you undo the screws or if you pull the box from the wall.

I still don't know any great ways past these, except for walking rather slowly, and even then, the faceted lens will (generally) pick up your motion as you move from one sector of it to another, as they are designed to dramatically increase the rate of image change at the sensor.

I've never heard of one not going off due to moving fast. By "Fast" it probably means transient flashes of sunlight through windows and things like them, rather than people running past. Certainly flashing your hand past the front sets the sensor I have off every time, and no human could run that fast. Insects are cold and at room temperature, so wouldn't set off the sensor unless they blocked a heat or cold source.

Well if I had know you were going to exhume this thread, I wouldn't have made my own...

So it's given that PIRs utilize external sources of IR light (i.e. body heat) to detect changes in a system. I remember an idea about filling a room protected by a heat sensor with hot air, over time, until a human could walk through without posing a change to the room temperature.

How about if one were to install a covert IR flood light designed to emit the same amout of IR light a human body does in a PIR protected room? A remote switch activates the light right before the owner activates the sensors, and a person is free to move about.

Or would a beam focused on the sensor(s) be enough to "saturate" the sensor?

From what I've read about fresnel lenses used in most sensors is that they reduce the quality of the "image" magnified; perhaps enough to further blend a body's IR emission into the camouflage light.

Truth be told, I very little understanding of how the first idea would work out. Would flooding a closed room with randomly deflecting IR rays actually flood any sensors? Would the pre-existent IR rays interfere or effect the expected out come?

I'd place more money into flooding a sensor, but that also have the negative of creating a line of IR light between the sensor and the light source which would essentially become a dangerous trip wire.


On another note...
If one were to enter the protected room using some sort of insulated shield (i.e. a large and thick cardboard box wrapped in thermal cloth/plastic) which was previously naturalized to the temperature of the the room, one could use NBK's "foam" idea to spray room temperature foam on each sensor. Perhaps using an external stick with a sting tied to the foam trigger. Also, some sort of mildly cold substance, like ice, could be used to absorb much of the "seeping" heat of the body, preventing early detection.

How about if one were to install a covert IR flood light designed to emit the same amout of IR light a human body does in a PIR protected room?

Well if your going to be hiding light emmiters in the room what about hiding several randomly blinking IR emitters in the room to set the detector off at random intervals, the people monitoring the alarm would become so frustated that they would ignore any real alarm as just another false one.

I know MythBusters is some kind of TV show rather than a documentary and many people dispute credibility of their "supposedly" scientific experiments, but in an episode they tested vulnerability of various (PIR and ultrasonic) motion detectors.

Many myths (including bubbles) have been busted in the episode but using a fireresistant outfits that volcanologists wear, they past the PIR detector and by using a fleecy (sp?) blanket, they bypass the ultrasonic one too. Regards

re Mythbusters: Huh, IIRC the blanket was just for the motion detector. I think they stuck a pane of glass on a frame in front of the IR camera. Also the wetsuit and the fire extinguisher were less than satisfactory.
I think the way to do deliberately trip automated IR devices would be to generate a signal long and bright enough to trip the alarms but small and weak enough to avoid human notice. Which would only work if the display generator lacks a nifty device to point out where the trigger is (ala those astronomy photos and what not)

I've just had an idea. I shall have to test it over the weekend.

You can buy, for outdoor work, electrical heaters that are basically IR heat beams. The idea is, the wind cannot steal the warmth, as it is sent as radiation. Pointing one of these at a PIR should jam it. Of course, it will trip when it is turned on, but I think it is worth a shot. If it only trips once, then mostly it will ignore it as a reflection or noise error.

Or one could turn thos IR-heaters on slowly with a power controller. I have seen em' and feeld how they warm you. It is really strange, just heat, no air flow, nothing.
They even make "sauna's" with IR-heating.
But ramping up the IR heater over a priod of 2 hours should be enough.