Browsing all articles tagged with ys1

This blog post will discuss the implementation of Codegrabbing / RollJam, just one method of attacking AM/OOK systems that implement rolling codes (such as keeloq) — these systems are commonly found on modern vehicles and entry systems such as gates and garages. This technique has been used and spoken about for a number of years (Marko Wolf describes it in “Security Engineering for Vehicular IT Systems” from 2009).

However the advancement in easy to use and cheap hardware has made this a readily available research path for almost anyone. Samy Kamkar showed it at Defcon 2015, you can read about that and his device at http://www.wired.com/2015/08/hackers-tiny-device-unlocks-cars-opens-garages/. This blog entry will be more discussing the integral parts of how it works and how easy it is to do.

I was optimistic that the 2015 talk @elasticninja and myself did at zacon on this topic would be published so that I could lazily just link to the video instead of having to write it up, but alas, here we are! ;)

Naturally its important to have a spoiler before the long boring text. Here is a video carefully crafted by my friend Roelof Temmingh showing us opening a VW car with two YS1 (YardStick One):

Read more »

Introduction

Its been absolutely ages since I’ve posted anything on the blog, not that I havent been doing things, just really not many things I felt good enough to write an entry about. I got a lot of feedback regarding my previous entry about Hacking Fixed key remotes and I decided to build on that slightly.

One of the pains of the previous method was that it was a rather tedious to do the following:

* Finding the key for the remote essentially it was broken into:

* Finding the signal with RTLSDR
* Saving demodulated .wav
* Running a script to decode that audio
* Replay remote with RFCat

* Transmitting the remote also meant another piece of hardware (RFcat) and then taking the signal from the decoded script into a format RFCat understands.

So much like the sex pistols album I am also going to be flogging a dead horse, this time the AM/OOK one. In this blog post I will explore discovering signals as well as replaying them with RFCat.

YardStickOnePacket

Read more »

Recent Posts

What?

Not the quickest of cats
on the best of days.

Spotnik

Check out my android app now in beta!

 

Donate

For electronics/other to play with:



Archives