Jump to content
Sign in to follow this  
paola2020

unblocking a car with hackrf One and gnu radio companion does not work properly

Recommended Posts

I'm new to SDR, I'm trying to perform a replay attack that consists of unlocking a blocked car with hackRF ONE and the software gnu radio companion but the problem is that when I record the unlock signal, then I run the replay attack, it locks the car if it is unlocked and does nothing if it is locked. I want to clarify that I used as a frequency of 433 Megahertz. I would have liked to share my flowgraph but my reputation does not allow me. If anyone had a similar problem or know the solution to my problem, please share with me. Thank you

Share this post


Link to post
Share on other sites

Have you considered the rolling secret key in the transmission of the signal? The original signal that you capture there is likely a secret key such as 123456788 and the next transmission that comes from the fob is 123456789. It is most likely not going to increment by one but if you capture a few different transmission you can see what bits change to identify the key and try to work out an algorithm for guessing the next key.

Share this post


Link to post
Share on other sites

Glad to hear it's not working out, honestly.

I don't want my car stolen anytime soon.

Ever.

On 8/15/2018 at 1:06 AM, e-Euler said:

Have you considered the rolling secret key in the transmission of the signal? The original signal that you capture there is likely a secret key such as 123456788 and the next transmission that comes from the fob is 123456789. It is most likely not going to increment by one but if you capture a few different transmission you can see what bits change to identify the key and try to work out an algorithm for guessing the next key.

That's true, however it's been done more cleverly.

https://www.wired.com/2015/08/hackers-tiny-device-unlocks-cars-opens-garages/

TLDR; Capture the first code before the car does, and let the second code go through (requires 2 presses on the fob) - the first code is still valid and can be replayed at any time by the device that captured it.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...