Sildaekar

I remember WinZip....good times, good times.

I would love to go, and was actually planning on it but sadly the same day as the training I have a wedding I have to be at. I hope they decide to make this an annual or semi-annual thing!

Once it gets uploaded and as long as he doesn't attach an odd license to it, I will update the infusion.

That's a good theory, I had yet to think about that. The time between me recording the signal, and replaying it (up until the point it stopped working) was somewhere between 3 and 7 minutes. I'm not really sure so I'm being generous with my estimation. I'm going to try to do some more experimentation on this vehicle in the coming weeks and maybe find out if it is a specific time-frame or if it's based on uses. I have seen the new vehicles similar to the one you are speaking of, but unfortunately no one I know around here has any, I would love to get the chance to play around with a system similar to what you've mentioned. I was originally under the impression that the keyfob was continuously sending out a message so the vehicle would only unlock when it was nearby, but from a battery life perspective it would make more sense for the vehicle to probe the keyfob when a person touched the handle instead of the other way around. I'm not exactly sure on how the system syncs at the moment, cryptography isn't my forte but I do know that most systems these days do use a rolling code feature. Also, different makes, models, even years use different systems (that's completely an assumption). You are correct in the fact that they aren't transceivers, one is a transmitter and the other receiver; however, if what Cooper stated is true about newer models then they are both transceivers. Another interesting attack against newer models is the ability to continuously rebroadcast the signal being sent from the car to the keyfob in order to capture large numbers of keys (I'm thinking hackrf + RTL-SDR+Pineapple all in a backpack) you could possibly capture hundreds or thousands of keys over the course of a few hours and through that stand a better chance at decrypting the keys, it would kind of be like the replay attack using aircrack-ng on WEP :p Either way, like I said I plan on doing more research into this over the next week or so, and probably ordering a few keyless entry systems to test out and see if I can figure them out. If anyone else has looked into this, or has ideas on how to approach it I'm all ears! lol

Right that script is not needed for this one to work. To see the help screen add the "-h" option and it will give a bit more info otherwise it just runs with the default values.

LMFAO! ...wow...I honestly don't know what to say to that. Those poor uneducated souls. Ok, I didn't realize they were specifcally speaking about graphics cards, my internet connnection is a bit "touchy" (satellite Internet) so the only way I can see the linked page was by viewing the source code for some reason, and I only read bits and pieces. In that instance, yeah I would assume (as you stated) there would have to be some kind of malware to fluctuate the voltage on the card for certain data, would be easier just to image the HDD in that instance.

I'm not exactly sure what year it was made, but it's definitely between 2001 - 2009

Ok, so after getting my HackRF (about a month ago) I've been doing a lot of playing around, from messing with Fan remote controls to radio astronomy but I decided to take on Keyfobs (the kind that lock/unlock your car) about a week ago. Sadly my truck doesn't have this feature, but one of my friends (thankfully) volunteered her Toyota Sienna to me to play around with. Well I started off with the obvious, just recording the signal and looking at it figuring out it's modulation etc etc. I never was able to decode it (never really put forth the effort after I figured this next bit out) but I recorded the signal to a file and then just to play around, as I never expected it to work, I replayed the signal. It actually activated the "unlock" function about 4 -5 times before the key for it changed! This was very surprising to me, as I was under the assumption that these keyfobs "rolling code" feature changed the key every time a button was pressed but apparently they still use the same key several more times before changing it. Security failure? I think so...good job Toyota.

This is far from impossible, believe it or not this kind of stuff has been going on for years. I worked in the SIGINT and ELINT community in the military and in doing so we worked in a secure facility. We were not allowed to bring phones in, actually had to remove the battery from our phones and place the battery and phone in two separate boxes before entering the facility. The most I care to say on this (at the risk of have suits show up at my front door) is this: http://en.wikipedia.org/wiki/Tempest_%28codename%29 I'm sure doing some more googling on electronic emanations can bring about more info, also there was some chick that did a speech at Defcon and Toorcon on this exact same topic. If I remember her name or the speech I'll let y'all know. Afterthoughts: Wow this is an old threat, but I like these kinds of things so I'm gonna revive it anyways :p

Nice little setup you have there! It's just a bit out of my price range lol, best of luck selling it though.

Delorean is a python script created by "jselvi" that allows for NTP man in the middle attacks. More information about this can be found in this PDF. I take NO credit in the creation of this tool, I simply made it into a Pineapple Infusion to assist in attacks against clients using HSTS. At this moment this is only a CLI Infusion but if anyone wants to make it into a web infusion feel free to. Changelog v1.0 - Infusion created

Install OsmoSDR from here: http://sdr.osmocom.org/trac/wiki/GrOsmoSDR

Balint Seeber managed to play around with restraunt pagers using the USRP. Here's the video showing it off: Here also briefly talked about the process at Defcon in a speech called "Hacking the Wireless World with GNU Radio", and it's a great speech for much more than just this. You can look it up on youtube.

Looks like the errors it's screaming is because there is now UI present. Does GnuRadio run without the companion? What errors are you getting when you try to start X? Have you tried just doing a fresh install?

I had some issues getting the hackrf to run on Kali here's a few things to try: Make sure all required libraries are installed Make sure the hackrf software is installed (hackrf-tools, and the other one can't think of it's name right now) Run "sudo hackrf_info" if it's still spitting this error at you run "sudo rmmod hackrf" then try the hackrf_info command again. Best of luck and remember google google google! lol

Oh wow, that sucks, they are still legal here in my state, I forget sometimes that not everyone is in the USA and some people have different laws :p

haha! Thanks Cooper you're awesome! I remember now that the city put up a webcam at the welcome center to watch the intersection across the road from it, I bet that's probably what it is. Thanks again man!

So, since I've gotten into SDR I've been checking out various frequencies, this is one that I found while at the park earlier today and can't for the life of me figure out what it is. When I was capturing it, it almost looked like APT but it gives off no audible tone/noise. Here are the specs: Frequency: ~480.02MHz Bandwidth: ~120KHz (If I remember correctly) Here is a screenshot of the waterfall from GNURadio without any filters applied: Obviously you can see the main band there in the center, and there are a few more off to each side (cut off by the waterfall's field of view). My best guess is maybe some sort of telemetry data on the side bands, but I'm not sure. I don't know what was transmitting this signal but I was fairly close, it was either the little "welcome center" we have here in town or it could have been the arms that come down over the train tracks when an oncoming train is detected as these were replaced a few months ago and are wireless as well. Anyone have any ideas on what it could be?

Haha, that would be fun...just watch the laws, intentionally interfereing with another person's transmission is illegal, so you would have to be careful...also, monitoring freqs is completely legal but attempting to crack any form of encryption is illegal...just be careful ;)

Gotta love rtl-sdr.com, they have some great articles, and I absolutely love their signal ID guide (wish there was a more comprehensive one around). That website is actually what got me curious on SDR I'd suggest everyone go there and look at their "Featured Articles". They are a great read if nothing else.

Yeah, I want to check out the GOES satellites, pretty much the same as the NOAA's but they are geostationary so we can receive them 24/7 instead of waiting for that 10 minute window that comes twice a day But...the GOES sats have a bandwidth of ~8.7MHz (well outside the range of my little dongle). EDIT: Missed where you were talking about the frequency. The reason we use low freqs to communicate long distances here on Earth are due to their propagation methods, they bounce off of the ionosphere very easy with little loss. However higher frequencies have a tendency to "punch through" it easier than lower frequencies. But there again, a lot more goes into it than just the frequency, you also have to look at polarization, transmitter power, sun spots, the time of day/night, etc etc etc.... No problem man :) Yeah, I know what you mean, I plan on ordering 1 at the beginning of the month (payday), and I may get another down the line. I'm pretty sure it's the "most frequencies with just one amplifier" scenario but I could be wrong. I've only been experimenting with SDR for about 3 weeks now so I'm still new to it as well. As far as the down-converter goes, I'm almost 100% positive that that is only for receiving, but HackRF goes from ~10Mhz - 6GHz so it should cover all of the bands, at least the ones that your technician license will cover (once you get it). Just throw in a decent amplifier between the Tx port on the HackRF and your antenna and all should be good. You probably will need to get a more "specialized" radio when you get further into ham, but I think the HackRF will be able to cover pretty much all of your bases until you are ready to dive into the deep end. This is one of the reasons I love the HackRF and can't wait to get mine...so much to do, so little time. On a side note: Another reason I can't wait to get my HackRF...McDonalds headsets (and other fast-food places) operate on public bands....would be funny to chime in and talk to them

Not a stupid question at all. This really all depends upon your needs. The main thing limiting you with the $20 dongle is the frequency range, and the bandwidth. I tested my dongle a few days ago and it got about 26MHz - 1.7GHz, with a bandwidth of about 250khz where as the HackRF goes from 10MHz - 6GHz and a bandwidth of 20MHz. If you are only working within the frequency range and bandwidth range of your dongle then you can use just it and 1 HackRF, but I would personally use two HackRFs due to the larger bandwidth. Once I get my hackrf in I plan on using it to receive signals from geostationary satellites though (GOES) in the same manner I do with the NOAA satellites.

Learn assembly http://www.tutorialspoint.com/assembly_programming/

Looks like an unidentified aircraft, could be a small private plane with no call-sign, or you could have gotten an incomplete beacon (due to distance, interference, etc.)