[Nextgrid]

Curious as to how such a device would recover the original signal while it’s broadcasting a stronger signal to jam the frequency.

Also, if you don’t mind, which city/country are you in? It seems insane that this is a regular problem happening in the same location and law enforcement doesn’t catch on.

[michaelt]

You jam at a slightly different frequency - different enough that you can tell the signals apart with your hackrf, but close enough that the receiver chip can't [1]

Of course, the strategy I've heard outlined is to jam and record one rolling code, then a second one, then to replay the first code so the fob holder sees the system respond to their button press but the attacker has a ready-to-use code. If people are seeing their cars failing to unlock, it's not that specific attack.

[1] Page 63 of https://samy.pl/defcon2015/2015-defcon.pdf

[05]

a) use a directional antenna for the jamming transmitter. Everyone except the car can receive the fob signal just fine

b) use a directional antenna pointed at the fob. You jam everyone but RSSI for the fob signal received through the antenna is still acceptable

c) jamming signal triggered by fob transmission, possible to jam specific packet bytes, like the CRC (recoverable later)

d) jamming signal uses a period that is a little shorter than packet length, repeated packets can be recovered by combining their intact parts

etc..