Unlock Cars with a Raspberry Pi And SDR

Unlock Cars with a Raspberry Pi And SDR - Replay attack

Рет қаралды 86,150

Күн бұрын

Пікірлер

@faithinverity8523 Жыл бұрын

As an over-65 electronics nerd it warms my heart to watch a young person use TERMUX to ssh to an RPi and run a PWM signal out to a make-shift antenna on GPIO4. So marvelously geeky. Thanks and God bless.

@g0fvt 5 жыл бұрын

Fascinating, I have all the bits to try this... except our cars having rolling code

@M4CHINE69 4 жыл бұрын

Is it where the code changes everytime so no one can record the old data then replay it

@g0fvt 4 жыл бұрын

@@M4CHINE69 in a word yes

@anthonyc3915 4 жыл бұрын

Ok so I believe in your case with a rolling code you want to use a jammer in conjunction with your sniff and repeat. I believe by jamming the key fobs rf from making it to the vehicle and you simultaneously grabbing the code .. That code you just snatched is still good for a use. I'm an idiot though some 1 please correct me if im wrong.

@g0fvt 4 жыл бұрын

@@anthonyc3915 that would seem a logical approach and in principle should work

@rajairfan7679 4 жыл бұрын

@@anthonyc3915 Hy i need your help give your number plz

@jayweezy3264 4 жыл бұрын

so does this basically preform the same thing as a hackrf would withkey fobs?

@china_white_ Жыл бұрын

I love your video !! U did such a great step by step instructions unlike everybody else tryna explain making this device

@hahayoucaughtme824 5 жыл бұрын

I just bought all of the pieces can't wait to try it out!

@robintewolde1992 4 жыл бұрын

Did it work?

@trillboijose 4 жыл бұрын

Update?

@hahayoucaughtme824 4 жыл бұрын

I’m getting an error code... I can capture the signal but can’t replay. From what I have heard this is a problem with the latest release of the program.

@robintewolde1992 4 жыл бұрын

@@hahayoucaughtme824 alright. That is bad. Are they gonna fix it ? Or is there a work around ?

@hackwithtech5323 6 жыл бұрын

In my case it show invalid samplerate warning failed to set center frequency and then started capturing please help

@maxwellcrafter 3 жыл бұрын

Neat, I'll have to try this out when I get the chance

@Sam-l7b5z 3 күн бұрын

Can we use without band pass filter?

@HiPh0Plover1 5 жыл бұрын

you didnt think it was useful to do the vid during the day light

@siddharth4662 5 жыл бұрын

i doubt if it will work with the Roll keys FOB

@evanconnect8384 5 жыл бұрын

My devices do

@Ayribshaklek 3 жыл бұрын

EVAN CONNECT can I buy your devices?

@yamanjabr2598 3 жыл бұрын

@@evanconnect8384 what is your device?

@Robert08010 2 жыл бұрын

Is the "e6" like scientific notation for the fact that the freq was in mHz instead of Hz?

@nicolasperezmolina491 4 жыл бұрын

How can i connect my pi through SSH? and do you use a band pass filter?

@nilsonvidenoff7811 5 жыл бұрын

hi moderham could you explain or desglozar the numbers 25000 the g35 and the e6 in "rtl_sdr -s 25000 -g 35 -f 315.0125e6 filename.iq"

@jimmygerilius8494 6 жыл бұрын

I thought the RTL-SDR was only a receiver. How did you transmit on 315/433 MHz ?

@ModernHam 6 жыл бұрын

The wire attached to the raspberry pi makes it an fm transmitter...

@ModernHam 6 жыл бұрын

Not the RTL SDR but the pi itself.

@arvindsamy49 5 жыл бұрын

@@ModernHam Hello. How is it possible ? Raspberry has a 433Mhz integrated tramitter ?

@boiclyde 5 жыл бұрын

Do you think a Zero would have the power for this?

@e1Pr0f3ss0r 5 жыл бұрын

I have watched this video very awesome... There is no alternate video on KZbin on this topic... Thank you very much

@9b_vajra4 4 жыл бұрын

why when i enter the cmake comand, it shows bash: cmake: command not found

@MattMaggioChannel 4 жыл бұрын

sudo apt-get install cmake -y

@dandwrasan2342 5 жыл бұрын

What a fantastic vid and so well put together 👍🏻😊 I have a plutosdr can I do your experiment with it ?

@bonjourbonjour1008 4 жыл бұрын

yes you should be able to

@e1Pr0f3ss0r 5 жыл бұрын

How can i contact u for asking some Questions and taking guidelines...

@e1Pr0f3ss0r 5 жыл бұрын

Plz reply just don't like my comments

@williamsonrobert6354 4 жыл бұрын

Isnt there any way to automatically detect The Magic number???

@elvedinbegovic1717 5 жыл бұрын

Does it work on rolling code (if the car is keyless) if you replay the signals when you are near the car. Can you pull the door handle so the car unlocks?

@maikel5642 5 жыл бұрын

i don't think so but if you record the keyfob while not in the car's range it should work

@hackwithtech5323 6 жыл бұрын

Just subsribed thanks for this i have been searching for this from very long time. but can you please tell me what is the samplerate you use after you get error plz tell me ?

@ModernHam 6 жыл бұрын

25000

@MattMaggioChannel 4 жыл бұрын

@@ModernHam That is a invalid sample rate.

@Яська_Гаспадар_з-пад_Вільні 5 жыл бұрын

Great! What's your car model?

@udaysharan8977 5 жыл бұрын

Awesome Video thanks for sharing this video

@aidangray9082 4 жыл бұрын

Will the raspberry pi zero w work for this?

@gerritsmit346 2 жыл бұрын

Will this work with other PI models?

@mandc20022 4 жыл бұрын

Can I use a laptop hooked to a rtlsdr

@eniggma9353 8 ай бұрын

very interesting presentation.

@hackwithtech5323 6 жыл бұрын

Help when i transmit it shows caught transmitting 1c and after that nothing happens please help

@robintewolde1992 5 жыл бұрын

Did u get it to work? i still have a issue with transmitting.

@e1Pr0f3ss0r 5 жыл бұрын

Can i use this "Leoie USB2.0 FM DAB DVB-T RTL2832U R820T2 RTL-SDR SDR Dongle Stick"?

@johnygreen2123 3 жыл бұрын

Can we do this job with just a laptop with kali linux and SDR? do we need to have Raspberry Pi ?

@nguyenquythanhbinh5008 3 жыл бұрын

U can only record signal

@lexco6534 Жыл бұрын

Yes, RPI is needed for transmission

@mrluis2328 3 жыл бұрын

./sendiq command not found

@dandwrasan2342 5 жыл бұрын

Can I do this with a Arduino instead of the pi using 433mhz transmitters

@ModernHam 5 жыл бұрын

I think this would be possible. But you would need different software obviously for your transmitter.

@tissentissen7245 6 жыл бұрын

Nice video. Does it unlock rolling codes too?

@Savage.735 6 жыл бұрын

You will will be amazed want it can do with a little help but not on KZbin laws i have a lot to share win the time is right

@tissentissen7245 6 жыл бұрын

@@Savage.735 You want to share somethig? May be we talk via email?

@excitedbox5705 5 жыл бұрын

@@tissentissen7245 all you do is jam the signal to the car while recording (point a second antenna at the car transmitting white noise with more power than the key does). then when the person hits the button a second time thinking the car didn't catch it, you resend the first code so the person sees the car blink and lock, and keep the second code for once they walk away. Nothing fancy to it like that kid wants to pretend. It works because you will have 2 valid codes that the car never received. Then when you send the first one, the second becomes the active code. On newer cars there may be some more processing to do because the car sends the fob a code back that is used to generate the next code.

@tissentissen7245 5 жыл бұрын

@@excitedbox5705 hank you for contacting me. Is it possible to use jammer and sdr or one full duplex device for this purpose? - unlocking/replay rolling code of car can we contact via email? Your time will be highly appreciated. thanks,

@mwlulud2995 2 жыл бұрын

@@excitedbox5705 yes but how can your jam the signal and at the same time capture it on the raspberry in addition to that the car uses AM signals and sends on two frequencies at the same time... A tutorial from you would be nice!

@Un_Pour_Tous 5 жыл бұрын

Can one use a audio amp to extend signal TX on rpitx? I notice it uses that PWM.

@dandwrasan2342 5 жыл бұрын

Can I do this with a Arduino instead of the pi

@mihirkatoch1110 5 жыл бұрын

Aurdino isn't a single board computer.

@gvnt7004 5 ай бұрын

please make an updated version 2024

@katana-rl7gb 5 жыл бұрын

Does this work well with Pi 0 w?????

@GamingKing545 4 жыл бұрын

probably just use the same connections

@zamsheikh3418 5 жыл бұрын

pi@raspberrypi:~/rtl-sdr/build $ cmake ../ -DINSTALL_UDEV_RULES=ON -bash: cmake: command not found

@NormEnBenidorm 5 жыл бұрын

install gcc

@bilalbeyhan7690 5 жыл бұрын

@@NormEnBenidorm gcc ?

@NormEnBenidorm 5 жыл бұрын

@@bilalbeyhan7690 gcc library--> gcc.gnu.org

@g3rsiu 5 жыл бұрын

Use "sudo apt-get install cmake"

@dienadel30 5 жыл бұрын

All I saw was a light. On a SEN DIQ command hehe.. My name is Klaus !

@hackwithtech5323 6 жыл бұрын

Can we use arduino uno instead of rasberry pi?

@ModernHam 6 жыл бұрын

giving it the ability to transmit is a little harder. There's a tutorial here : www.instructables.com/id/RF-315433-MHz-Transmitter-receiver-Module-and-Ardu/

@hackwithtech5323 6 жыл бұрын

ModernHam thanks brother keep making videos we love your videos

@NicksStuff 5 жыл бұрын

I would have bet that such a modern (2006) car had a rolling code!

@themonkeyminds7252 6 жыл бұрын

Very nice sir ...keppe it up ...peace:)

@e1Pr0f3ss0r 4 жыл бұрын

I am getting error with " sudo ./sendiq commant not found" what should i have to do?

@williamsonrobert6354 4 жыл бұрын

Remove sudo and try

@hustlersinnovation2085 2 жыл бұрын

Very educational

@DDBAA24 6 ай бұрын

should be on the back of all key fobs, if not check the fcc database 👍

$@clashofracks6143$

@clashofracks6143 6 жыл бұрын

Did they update rpitx or something. Everything worked fine but sendiq.sh isn’t in it. So I can’t send the iq file to my car. Did I do something wrong or did they take it out.

@ModernHam 6 жыл бұрын

Not that I know of. Are you sure you issued the command within the rpitx folder? I haven't updated mine.

$@clashofracks6143$

@clashofracks6143 6 жыл бұрын

Yeah look at their github page. sendiq.sh isn’t there

$@clashofracks6143$

@clashofracks6143 6 жыл бұрын

@ModernHam is it possible you copy the code from sendiq.sh and paste it in the comments so I can use it.

@chriskaprys 6 жыл бұрын

i set this up today, with v2 of rpitx. sendiq is there, it's just not called sendiq.sh ... it's simply sendiq, without the .sh suffix.

$@clashofracks6143$

@clashofracks6143 6 жыл бұрын

I didn’t I must’ve missed a step or something. A day after I set it up(without sendiq) my raspberry pi wouldn’t boot correctly. Did you have this problem

@hackwithtech5323 6 жыл бұрын

Bro i am not able to buy raspberry pi 3 can i use raspberry pi zero with wifi ?

@ModernHam 6 жыл бұрын

According to github.com/F5OEO/rpitx the PiZero is compatible.

@hackwithtech5323 6 жыл бұрын

Thank you for info keep making videos

@whereveryouare6334 5 жыл бұрын

raspberry pi zero can ?

@mihirkatoch1110 5 жыл бұрын

If you are able to connect rtl sdr with it.

@ericweiss7473 4 жыл бұрын

This doesnt work bro, you dont even have a band pass filter. It just creates noise. thats probably why its shot in the dark so no one can see you unlocking it with the key fob. Id like to see the fft of the replay and maybe the demoded wave form in audacity or something

@ModernHam 4 жыл бұрын

Yeah you're right, I made a thirty minute video to fake unlocking a car for youtube for no reason using an actual method. All the people saying it worked are all just bots I had comment here.

@bugzbunny3223 4 жыл бұрын

Lol ppl are funny

@user-ze4ub6ci2c 5 жыл бұрын

Great idea but it's more simple with HackRF One

@ModernHam 5 жыл бұрын

Some want simple, but this is intended for those who want to actually learn how it's done. After all, the "simple" way wouldn't need a video demonstration. This shows more of what happens behind the scenes when you run those scripts made for you on the hackrf

@user-ze4ub6ci2c 5 жыл бұрын

@@ModernHam Thanks ;)

@dandwrasan2342 5 жыл бұрын

Baki Hanma hi I have some some questions about hackrf and replay attack

@user-ze4ub6ci2c 5 жыл бұрын

@@dandwrasan2342? 😇

@e1Pr0f3ss0r 5 жыл бұрын

Buying Hackrf one is not so simple as u thinking... this method is very much easier and comfortable for an common user...

@jbzhitz 3 жыл бұрын

No we shouldn’t already know what programs to use or how if we’re trying to learn how to read radio frequencies and how to setup this device. If we did then why would we need ur video? Thx for teaching this to people that already understand it.

@ModernHam 3 жыл бұрын

What I didn't explain is the most basic concepts of how to operate a raspberry pi. You can find that in 1000 tutorials around the internet. This is RF hacking, not "how to use linux for dummies" . If you don't know how to install an operating system, you need to start there. I'm not here to hold your hand plugging in a power adapter and formatting an SD card

@GamingKing545 4 жыл бұрын

instead of ssh just use a screen thats what i use

@MattMaggioChannel 4 жыл бұрын

SSH is awesome though, Come on! haha

@Cristasphoto 3 жыл бұрын

The FBI liked this video lol I kid I kid.

@atmel9077 6 жыл бұрын

There already are publications about the vulnerabilities of car keyless entry, but those rather showed the weaknesses of their proprietary undocumented "cryptography". But here this is much worse!!! There is NO rolling code AT ALL!!!

@ModernHam 6 жыл бұрын

Whats worse is the "cryptography" used is basically the same as generating a hash and matching it against the cars to see if it "belongs". This still leaves the possibility of recording dynamic keys, and jamming the frequency in such a way they they never make it to the car, leaving that key open to use at any time in the future.

@atmel9077 6 жыл бұрын

@@ModernHam This attack is called "RollJam" and was invented by Samy Kamkar, but, before knowing about this I imagined that I coule record 2 signals while jamming some of the last bits (let's say 4) so I now have two valid rolling codes with the last 4 bits missing. I then transmit my first code with the 16 different combinations, one of which is valid and will lock the car. and the owner will think that the car is successfully locked after the 2nd press. But now I have another valid code with 4 missing bits and I can time again try all 16 combinations and unlock the car. *This only works if the lock/unlock button is the same. On many cars it's not however many garage door openers use the same button.

@jimikailby7902 6 жыл бұрын

nice

@rawexploiterp6951 Жыл бұрын

when was r-pi was 30 bucks...

@cynicaltonez 4 жыл бұрын

Can u put more then one fob in and can u do it faster 😂

@marn200 4 жыл бұрын

$ make make: *** No targets were specified and no makefile found. Stop. Now, I dit=d see a Makefile.am but that did nothing

@Savage.735 6 жыл бұрын

amazing i done it before but another way love to see more maybe we can bring things to light for people that don't believe in real life hacks that R so easy to pull off really cheap and it is not a reality it is happening every day as long as you have a little brain lots of my friends say i be doing to much but win show them day like you need to be working for a security company or something i also have a book coming out this summer i will get back at you on it this summer nice

@ModernHam 6 жыл бұрын

Cool stuff! Do Let me know!

$@clashofracks6143$

@clashofracks6143 6 жыл бұрын

Your grammar is horrible.

@9999-h5p 5 жыл бұрын

@@ModernHam hello, can you help me in finishing such project? Can we talk via email?