3
R1100
130d

Sensible question but I am asking it here!
As you know wifi packets can be sniffed using kali and a wifi adaptor.
I was wondering if the same thing can be done about car remote using raspberry pi ?
(I know theft is illegal everywhere and I'm not looking for trouble)

Comments
  • 0
    it depends
  • 0
    @stop on what?
  • 1
    some cars use an encrypted two way system, other just send one of two codes on a specific frequency.
  • 2
    The usual car remotes just send an encrypted ID and counter to the receiver. Many use 433MHz band.
    You can sniff that data with a suitable receiver (no, not a wifi adaptor, wifi uses 2,4GHz and 5GHz band).

    The basic method is quite simple, so the there's little hope of weaknesses to "hack" a car.
    There have been successfull attacks on car remotes, but usually it's not that easy.
    You have to get the encryption keys, and gather information about the current counters of at least one of the keys. And actual hacks have proven, that some manufacturers have implemented security features in the receiver, like checking the counter and blocking the remote if the counter from the remote is lower than the last stored counter from that remote. So even if you can fake the signal, you may lock out the actual owner.

    To get into a car you're better of with a radio jammer that prevents the receiver from getting the signal, so the car will not be locked if you use the remote and the owner didn't notice
  • 1
    @ddephor if the jammer is not used , the owner should completely change the remote system or a simple reset is just enough?
  • 1
    if a car has a keyless system, you need just an reciever for the signal which sends the Data to a sender which reproduces the signal for the car.

    key -> reciever -> Internet -> sender -> car
  • 0
    @stop something like MITM?
  • 1
    @R1100 exactly
  • 1
    @R1100
    You'll need an sdr, samy shows it here, even the before mentioned counter system can be bypassed, because it has a flaw
    https://youtu.be/1RipwqJG50c
  • 0
    here's also videos about the before mentioned signal booster theft:

    https://youtu.be/bR8RrmEizVg
    https://youtu.be/i38qQsuEYOs

    just don't do stupid shit with this
  • 1
    @R1100 How do you change the remote system? Change all controller boxes and keys? That would be really expensive.

    And I don't think you can reset the system. How would you do that, delete the key and register it again, hoping that will change anything? I suppose the keys are the dumb part of the system, I would be surprised if their state could be reset by anyone that easy.

    And the hacks I know, were all based on design flaws of the system, bypassing the security mechanisms. That's the common approach, basic cryptography is safe, but the complexity of the whole system makes it easy to add "hidden features" to be misused.
  • 0
    @ddephor what kind of enctyption is used ? Does the key differ from time to time or there is a secrete hash?
  • 1
    @R1100 both are used in different car models
Your Job Suck?
Get a Better Job
Add Comment