Recently, I’ve seen a number of posts on Facebook groups for South African communities about people having their car remotes jammed and the contents of their cars cleaned out while they are at petrol stations, malls and other public areas. It seems to be on the rise as an easy way for criminals to gain access to vehicles usually to look for high resale items such as laptops, cameras, wallets and purses. This is just a post on building a really simple, not start of the art way to determine if someone is constantly transmitting (jamming) on the frequency cars commonly use for their remotes.
Car jamming works on a very simple process that you simply block the “lock” signal being sent to your vehicle. People often will walk away from their car and press the lock button assuming it will just work without physically confirming this. Essentially when you press the button on your remote your remote sends out a signal that when your car decodes it and verifies it as from your remote will perform an action. Most remotes for cars (and gates/other consumer devices) work at 433mhz. What a criminal will do is simply hold down the button on another remote (such as a gate remote) and this will stop your car from being able to properly receive that signal. An easy way to think of this is that your remote is shouting out a series of numbers that your car can understand. But when another person also presses their remote its like two people shouting at the same time and the car cannot properly hear the series of numbers.
There are a number of ‘detectors’ available but the prices range from about R500 to over a few thousand! Generally these simply determine if there is a signal being transmitted for an extended period of time, and if there is it will sound an audio or visual (usually LEDs) alarm.
Having worked with 433mhz transmitters and receiver pairs for some of the research I did previously on bypassing car remotes as well as building the zacon badges I thought I would give it a go to build a very cheap passive ‘detector’. I put detector in quotes because it still needs a person to visually see the alert!
Essentially you can buy a very cheap 433mhz receiver ( usually they are sold in pairs of receiver and transmitter ) for about $1-2 (~R20). The additionally components you would need are a 5v voltage regulator, a resistor and an LED. You can then wire up an LED to the data channels of the receiver and everytime there is any activity in the 433mhz (and 434) range the LED will come on. Thus if you are trying to determine if there is jamming around you will see the LED staying on.
The circuit is dead simple and shouldn’t take more than a few minutes to build (and should be easy enough to show your kids how to build it too!):
Here are a couple more pics of the device:
Its taken a lot of motivation to start writing this, and I hope its okay, I have a mental block that I need to write this and the second post about magstripes before moving on to some new things with my plants I want to try.
My friend Roelof Temmingh (@Roeloftemmingh) made this cool video for my talk, check it out below or at http://vimeo.com/51228567. Please note we had permission to test out the door at Senseposts’ old office :)
I’ve always been semi interested in botnets/trojans and targetted attacks and the way they get their data in and out and how the command and control centres work. One of the things i’d usually do is see if I can determine where the traffic is going from the bot (infected machine) and this would obviously point me to the c&c. I’d then fire up Maltego and start playing with that IP/hostname to see where else it appears, what other things are linked to it and so on. One of the concepts I was playing around with was how could you hide where your c&c and from this FireBridges as a concept where created.
An unconference is a facilitated, participant-driven conference centered around a theme or purpose. The term “unconference” has been applied, or self-applied, to a wide range of gatherings that try to avoid one or more aspects of a conventional conference, such as high fees and sponsored presentations.
very informal every talk submitted got a slot ( even mine).
So mine was on TCP/IP DoS, very similar to slowloris (even if i did the research first, he published first and mine is still not coded for distribution), but you can check out my talk below:
I’ll definitely write a post or 2 about it in the near future, hopefully a lot better than my first ever talk^
Not the quickest of cats
on the best of days.