search

mcore1976 / cc1101-tool

RF tool based on CC1101 module and Arduino Pro Micro 8VMHz/3.3V. Allows using CLI with human readable commands to control CC1101 board over USB interface. Putty or any other serial terminal can be used. It has similar functionality to YardStick One but is cheaper and doesn't need specialized software. Allows for RF jamming and simple replay attack
286 stars 57 forks source link

Closed #32

Closed WR117H closed 5 months ago

WR117H commented 6 months ago

Hi i have a question. This device can record the raw RF data and play it. When I use it with my garage door, it records and plays the raw RF data properly, allowing me to open the garage door. However, when I try to do the same thing with a car, it doesn't work. I mean, it records and plays the raw data properly, but it won't open the door. What could be the problem?

mcore1976 commented 6 months ago

Yes, because the car uses one time generated codes also called rolling codes. It is widely described over internet, you may want to see this page : https://github.com/CR11CS/RollJam-315MHz-433MHz Create rolljam attack is easy with my cc1101 tool but you need 2 units. One CC1101 needs to be tuned sligtly around center frequency of the keyfob and jammer activated, while other CC1101 on other board needs to record the keyfob transmission (you need to set the RX bandwidth to lower values first not to catch jamming signal) Then you simply replay original signal after disabling jamming.

WR117H commented 5 months ago

Thank you brother.