Hacker News new | ask | show | jobs
by tkems 877 days ago
While rolling codes can be secure (KeeLoq [0] is a more secure example but has it's own issues), this [1] is an example of some of the weaknesses that can happen if a rolling code algorithm is broken. I have personally been able to capture, decode, encode, and transmit garage door codes using that python script and a HackRF (which can also be done with a flipper and custom firmware).

[0] https://en.wikipedia.org/wiki/KeeLoq

[1] https://github.com/argilo/secplus
1 comments
MuffinFlavored 877 days ago
Can you help me understand why rolling code attacks aren't broken on most cars but are broken for garages?

Also, are attacks like this real/common/easy to pull off? https://youtu.be/1SUGf6OwRzw Where the signal is amplified from the key inside the house to the car. How does the car/keyfob not detect it's signal/noise ratio or time for roundtrip is all messed up distance wise?

link
tkems 877 days ago
From what I understand, cars are a bit more complex now then garages. KeeLoq, from my understanding, is not 'breakable' like garage doors. It does have weaknesses, but more related to the raw cryptography/math. Since KeeLoq is a cryptographic function, it can be broken by brute force or by gaining access to the manufacture key.

For the amplification attacks, my understanding of them is that the key fob and car may be able to detect this kind of attack, but require more logic/software to do so. Also, most of these attacks use high frequency 'backhaul' wireless networks (key fob at 3-400Mhz, backhaul at 2.4-5 Ghz Wifi with lower latency) to prevent such timing/signal-noise from being detected. If I had to guess, most key fobs/cars are more focused on making sure the key fob works at range or in hard-to-detect environments and not focused on preventing such relay/amplification attacks.

Also, some similar attacks to what you linked could also be done against Bluetooth (I think Tesla had this issue in the past few years) with a simple Bluetooth range extender/relay setup.

(Note: without one of those devices, most of this is just guesses/what I've seen is possible/theoretical in terms of attacks)

link