paola2020 Posted August 14, 2018 Posted August 14, 2018 I'm new to SDR, I'm trying to perform a replay attack that consists of unlocking a blocked car with hackRF ONE and the software gnu radio companion but the problem is that when I record the unlock signal, then I run the replay attack, it locks the car if it is unlocked and does nothing if it is locked. I want to clarify that I used as a frequency of 433 Megahertz. I would have liked to share my flowgraph but my reputation does not allow me. If anyone had a similar problem or know the solution to my problem, please share with me. Thank you Quote
DavesNotHere Posted December 6, 2018 Posted December 6, 2018 (edited) Just browsing and stumbled across this. Newer cars use a rolling code that will not unlock for a replay attack. Is it possible your's is rolling? The locking part is interesting. It might make sense to design the car security to always lock when encountering a replay. Just speculation on my part. Edited December 6, 2018 by DavesNotHere Quote
i8igmac Posted December 6, 2018 Posted December 6, 2018 (edited) Yah I think this attack works on semi old cars. I read a artivle about Volkswagen using the same key FOB certificate on millions of cars. Try this attack on a vw... or bmw might also fit in the category. If you have success. Post your results. Edited December 6, 2018 by i8igmac Quote
Newbier Posted December 7, 2018 Posted December 7, 2018 See if this video from Samy Kamkar can help you out Quote
icarus255 Posted February 15, 2019 Posted February 15, 2019 I looked into this a couple of years back and I came across some articles that talked about what all the car thieves in europe were doing. Basically if you want to boost anything decent then you will need a couple of radios for an amplification attack. One radio will amplify the signal from the key fob to the other radio that's amplifying all the signals from the car. The signals need to be transmitted in sequence to complete the handshake so there are a few technical steps in between but that's the essence of the attack. I couldn't find anything detailed or even discussions on how to set up the radio equipment so I never pursued it but might be worth a look to see if anything leaked since then. Let me know if you have some success because I was thinking about replacing my car some time soon. Cheers 😉 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.