HACK AND CLONE CAR KEY FOB, MY EPIC FAILURE...!!

-

In this blog post i'm sharing my experience on cloning the my car key fob signal and how to do it properly.

first things frist the cars now a days comes with a wireless remote key where u get atleast 2 or 3 options like lock,unlocking ,trunk(we call it as dickey!!!).....these options let your car access wirelessly and some cars are completly keyless for even driving.

the keys of the cars are actually communicating with certain frequency like 433.xxxMHz or some countries uses 315.xxxMHz...the car companies uses an algorithm called "ROLLING CODES"...these are not that esay to crack cause they change every time u press key and once the key transmitted it cannot be used again...

but a hacker named "samy kamakar" demonstrated an attack called REPLAY ATTACK where u simply transmitt the signal by recording the key fob away from car or blocking the signal and then recording.

so this is how i've tried it..frist i needed to listen to the signals as possible in 10KHz bandwidth...the car reciver also have wide range of reciving capablity for reciption cause of key fob holds different battery levels through time.here is some link on sdr based contents

I've the RTL_SDR for this job for reciving and analyse the RF signal...i had old 2GHz transiciver antennas lying around so i've used them cause they have balun connectors.....or u can buy a telescope antenna for the job..

i found a program called SDR_SHARP works like a charm for spectrum analysing...and to decode the signal recived i've used universal radio hacker for recording and analysing the rf signal...

these key fobs uses a modulation technique called "ASK" or "OOK"......unfortunatly my sdr can only listen to signals and can't transmit them....

so next thing i've brought a 433MHz transcivier which are used with arduino to transmit the signal..

after some analysing the signal using rtl_sdr i've learned my key sending the following code

here is te code i wrote using Dpin 2 with "BITBANGING"

code:

#include<stdint.h>

#include <avr/io.h>

#include <util/delay.h>

#define  FS1000A_DATA_PIN    2

void setup() {                

  pinMode(FS1000A_DATA_PIN, OUTPUT);

      delay(1021);
    
}

void loop() {

    
    digitalWrite(FS1000A_DATA_PIN,HIGH);

    delay(124);

    digitalWrite(FS1000A_DATA_PIN,LOW);

    delay(80);

    digitalWrite(FS1000A_DATA_PIN,HIGH);

    delay(124);

     digitalWrite(FS1000A_DATA_PIN,LOW);

    delay(80);

     digitalWrite(FS1000A_DATA_PIN,HIGH);

    delay(123);

    digitalWrite(FS1000A_DATA_PIN,LOW);

    delay(124);

    digitalWrite(FS1000A_DATA_PIN,LOW);

    delay(124);

    digitalWrite(FS1000A_DATA_PIN,LOW);

    delay(124);
 
}  // endo of main loop



so far the code mimics the actual code but with different pluse timing....so it doesn't worked but i'm planing to send the signal using RPI with some RPITX tricks...

Comments

Post a Comment

Popular posts from this blog

"Kernel Panic” error After upgrading Parrot OS

-
Image
This guide will walk you through the steps of resolving the kernel panic error that you may encounter after upgrading your Parrot OS kernel to version 5.6.0. Step 1: Enter Recovery Mode Restart your computer and enter the GRUB menu by pressing the appropriate key during the boot process. The specific key may vary depending on your computer's manufacturer and BIOS settings. Common keys include F2, F10, Delete, or Esc. Once in the GRUB menu, select "Advanced Mode" using the arrow keys and press Enter. In the Advanced Mode menu, locate the entry for Parrot OS 6.1 and select "Recovery Mode" using the arrow keys. Press Enter to boot into Recovery Mode. Step 2: Purge Problematic Packages Once in Recovery Mode, log in as root using the default credentials. Open a terminal window by selecting "Drop to root shell prompt" from the Recovery Mode menu.
Read more

HACK HC-05(BLUETOOTH MODULE) FRIMWARE INTO HID FRIMWARE

-
Image
This post helps you to change the firmware of the hc05 Bluetooth chip into hid enabled Bluetooth chip. The HID stands for “HUMAN INTERFACE DEVICES” means things like your keyboard, mouse, printer, joysticks, etc.. Drivers get automatically installed in your computer without any external drivers needed.   The hc05 default don’t have hid capability but, the chip hc05 uses is same clone of chip RN-42 uses (BC417) , the RN-42 is an HID enabled chip. We gonna swap the firmware’s of rn42 into hc05. [NOTE: this particular hc05 chip comes with serial interface in it if you perform this swap it no longer work as serial Bluetooth chip. If you want you can save the firmware of hc05 and re-swap again to work normal]. That being said what are the things we need to perform this task are: 1.   HC05 module for sure (duh!) 2.   RN-42 chip {Wait if you are performing this task you must be very enthusiastic in electronics or extremely poor then why the hell you gonna buy an rn42 chip for..
Read more

1 Best way to add members to Telegram group(2021 using python)

-
Image
This post for those who want to add members to thier telegram group, which could take forever if we do manually, hence we can automate this take.  I 'm using python for this automation. Using the python script called telethon we can add members to the group.  T he daliy limit is 200 members. The script adds members with 60-180 sec intervals to avoid bans. you need the following installed in your computer : 1.python 3 (recent one would be better) 2.pip install of python installed(we can enable this option while install python choosing custom install) 3.telethon package installed using pip installer. 4.telegram group api registered in the telegram website. 5.good internet(mandatory) 1.Install python 3 CODE :  visit  python.org  for downloading and installing the windows pacakge. Note: 1.choose the custom installing to enable necessary installers in windows.             2.if you are on the linux or mac python is defaultly installed. just update it.   2. pip installer   Note: in linux
Read more