The title didn't make me click on this video, the animation homescreen on your flipper did

Very Nice Video as usual! Love how you put together the whole system to show how it works, Very Cool!

There is one "flaw" of this hack method.. If the owner uses his remote just once, all previous codes you gathered before, become invalid. The only scenario the above method would work for evil man, would be to take control of remote, save some codes (while the owner is far from the house/office/whatever and quickly go there to use it. Even if you jam the reciever (at the same time collecting codes), while owner is in the vicinity of it, he will finally send a code, making all the prevous codes obsolete. So it seems that the rolling code is quite effective method. Requires quite a few elements to occure at the same time to make the code-cloning effective. BTW - impressive channel content!

@Thadopeera

Жыл бұрын

Not if you send the code while he’s jammed . Hell think he locked the door himself 🤣

@TheLostAdventuress

11 ай бұрын

@@Thadopeeraimprobable

@Segphalt

Күн бұрын

Lots of situations where this still is viable. You and evilman are at some event that is going on for the next 2 hours and thus you are likely to be there for the duration. Evilman is in posession of your remote long enough to capture a few codes. At this point evil man could just leave being relatively certain you will be at the event for the next 2 hours so they go to the secure location and use those codes to unlock. Alternately same senario and after evilman has the codes they transmit the data of the codes to an accomplice already at secure site ready to enter and transmit them. To unlock secure site.

Thank you! Greatly explained and makes everyone more cautious with their safety. Can I ask what laptop you are using?

Nice explanation Peter!

What do we need to copy the fob to the flipper? Make the Flipper a spare remote?

So the ''unknown'' after KL means the flipper doesn't recognize the rolling code algorithm which implies it's a one time use code as you said. Also the counter is only made by zeros. My question is, does the flipper capture the same way static codes? And is there any indicator to say it's static or simply not recognized(rolling code protocol)?

Since there is no power to the lock. The lock is only picking up the code, since it was never used originally on the remote. I bet you would get a different result, either with the power on, and store the code in the flipper. Or you going back to a code you already used.

I hadn’t used Extreme Firmware yet. Only used Unleashed. I wonder if this is possible on that firmware

How does it deal with husband,wife having two openers. Surely they get out of sync. Unless each remote has its own independent rolling codes and the garage Reid has two sets of rolling codes for each?

...and no one has worked on solving the rolling code rules?

very impressive this shouldn't be possible but you clearly showed us it is very possible

There's a yt video of opening a garage door that using rolling codes (Security+1.0) .. any thoughts on it?

Hi.. I have tried to capturing my keys (car keys) that have rolling code, I have a honda 2016. At first I do frequency analyzer, and it captured my keys.. There is some different frequency, but there is also same one... Still on freq analyzer, I choose one of the frequency and hit enter.. It take me to "read' section, in there I try to capture my key, but not capturing anything. Im running on unleashed fw. Is it because I add restrictions freq?? This is so frustrating... 😅😅😅

@ImagineGTAVI

Жыл бұрын

@@peterfairlie2296 if they use rolling codes, and we want to use the flipper, do we just not go back to using keys and be fine forever?

So say if I copied multiple codes from the owners key (like you did), and say that owner uses their key once. Does that mean I would have to use a code that's after the one they already did and it would still work?

@PunkSage

2 ай бұрын

Yes, you have a very narrow window to use the codes until the original remote won't use a code that is more fresh than all of the oder codes you've stoled

One thing to is reading a raw signal without a protocol

My only question is now can you just use the customers remote like normal or will you have to press it a couple times to catch up since you took it out of sequence with the flipper? in some cases like certain cars it will even lock the remote out if it sends an already seen code, etc. can you elaborate on this thanks for the great video I love all of your content and knowledge

@Segphalt

Күн бұрын

The customers remote already transmitted all the codes. It is more ahead than the flipper. As the flipper was sending codes the original already sent but outside of range of the receiver. The moment the original is used again properly in range every code copied to the flipper will be useless as now the keyfob has given the most recent code nullifying the old ones.

Do the keys get desynchronized after using the rolling codes from the flipper? And if is not do you know how many codes can be use before it gets desynchronized? Thanks.

@paulberenger3276

8 ай бұрын

Yes. Not the first time, but if you do this 10 times : PROBABLY.

@Segphalt

Күн бұрын

The keyfob will always be ahead of the flipper in this style of attack as the keyfob has transmitted all of the other codes. Already that were intercepted by rhe flipper. The moment the fob is in range it will effectively invalidate all other codes. (Depends on the implementation but every one i have ever encounter buffers hundreds of codes in advance just to deal with the issue of accidental presses. If there exist a bad implementation out there simply pressing your fob a bunch of times out od range would also desync you. Dsync should only ever happen wheh you have an attack that can predict future codes and thus the flipper will be ahead of the fob, but then repeatedly pressing the fob will eventually place it ahead of the flipper once again.

can i calculate de diference about de 2 codes and get last code and sum this diference to set the next code??

@PunkSage

2 ай бұрын

No, you cannot as the difference is not fixed

Hello and thank you for the video! I have only downloaded official release and keeloq 64bit is locked :( please can you explain me step by step what should I do? Thanks :)

What is, if I want to open my garage door regularly with my remote, but due to any circumstances the signal is too weak to be detected by the receiver? Then, the remote would fetch the next code, but the receiver won't.

@Segphalt

Күн бұрын

The reciever has a buffer of the next few hundred codes in every implementation I have seen. Once it gets a valid one it buffers the next few hundred codes.

Does the rolling code use an algorithm? Or is it randomly generated? If there is an algorithm wouldn't it be possible to configure a rolling code manually? Or does it not work that way?

@zsoltibitter8761

5 ай бұрын

Theres no such as random code.

@Rightly_Divided

5 ай бұрын

@@zsoltibitter8761 Do you mind elaborating?

how and whered you get the anime background for the flipper

@AbundanceTribe

Жыл бұрын

@@peterfairlie2296 I am on X and searched through all the animations to look for that specific one and didnt see it, ill look again and add it to my custom pack if i find it.

it’s just alerting when it receives a signal…

If you’d save those would they the work same

🤔 … not what I expected but I learned something interesting 😎

hi can you send me the firmware pls

Nice

There's no "exploit" shown in this video.

My garage door opener uses two frequencies simultaneously, 300 mhz and 800 mhz, I needed two hackrfs to defeat it

@weirdsciencetv4999

Жыл бұрын

@@peterfairlie2296 no, this was the last place i rented. I wanted more time to make ready the unit past my official moveout date. I independently came up with your method. I drove a Mile down the road, recorded some codes. Came back and they didn’t work. Then I looked up the fcc id and discovered it needs a simultaneous broadcast on two nonharmonic frequencies

@weirdsciencetv4999

Жыл бұрын

@@peterfairlie2296 also if i were to design a door opener, it would send a nonce (or even a true random number) to the key fob when it first broadcasts. Then the key fob would cryptographically sign the nonce, send it back over the air. Door opens on good signature

@Segphalt

Күн бұрын

​@@weirdsciencetv4999Requires the key fob to have a reciever and at that point you may as well use a challenge response system for all transactions not just the one. The easy solution is contonuous rolling codes with synced RTC (Like google authenticator but without tou needing to manually do anything.) This would mean batteries need to be changed out more often but they could still last years and years as modern rtc's consume very little power. However the likely solution is just that your garage door opener will eventually be connected to your wifi and you will just unlock it via your phone/car rather than a fob. (I think teslas can already do this with some smart home integrations)

I like what you are doing with your vids but there’s nothing real world being shown, you turned off the rx power while thing to get the codes….

@peterfairlie2296

7 ай бұрын

What I'm demonstrating is that the Flipper can capture and replay the rolling codes. By turning off the power of the receiver I was simulating the scenario of the remote and receiver being at an out-of-range distance. This scenario can happen when you're far from home or your car. Someone can copy your fob's code and go use it before you arrive at home. This same type of attack can also be used on various cars too.

@halfstack9738

7 ай бұрын

@@peterfairlie2296 understood, my point is you can take it a step further and demonstrate a roll jam attack since this scenario doesnt really make sense in the wild without active signal jamming.

@peterfairlie2296

7 ай бұрын

It makes sense if you have access to the persons key fob and it's out-of-range of the intended target receiver. This could be a co-worker who left for the bathroom and left their fob on the table.

But you would need access to the remote surely to load multiple codes?

@Segphalt

Күн бұрын

Some people leave their keys with valets with all sorts of things attached to them more than you realize.