mk2 Posted February 1 Report Share Posted February 1 Apparently can be used to crack everything (with a software update). There are some 'curious' youtube vids on the thing. From what I understand, it's a wide band radio receiver with data record facility. And protocol analyser. And has a built-in transmitter to rebroadcast what it has just picked up. Clever, but no good on rolling code keyfobs (so you can't steal VW cars with it!). Anyone tried it? (@Skezza?) Might get one and report back, but not cheap at about £170. Deliberately not using the name on here. See pic. Thoughts? Quote Link to comment Share on other sites More sharing options...
James_VW Posted February 3 Report Share Posted February 3 (edited) I did my cyber security dissertation on this sort of thing.. Looking into security of short range RF devices using RTL-SDR and yardstick one. Yes VW are protected from replay attacks by rolling codes but are still vulnerable to rolljam attacks which consists of blocking and capturing the first unlock code and then the second then replaying the first code leaving an unused unlock code to the vehicle, which an attacker can then resend later on. VWs and a lot of other manufacturers are vulnerable to this. I believe the hackrf device can do this, although this is some effort and hit/miss as your blocking the the frequency the remote key fob transmits on but also trying to record at the same time... Obvs also vulnerable to brute force attacks but that can take time. Quicker if you can see patterns of codes to reduce your key set. Ie if the beginning of a code or end of a code is the same you know you only need to guess the middle.. iirc the ecu/CCM stores a number of keys allowed to unlock the vehicle incase the keys are pressed numerous times outisde range of the vehicle. You would then need 2 or so consecitive codes to resync them with the ecu/CCM. So this also increases your chances as you have more acceptable codes to unlock the vehicle. What is more scary is that VW of the same era codes have been cracked so you can capture one code and create more for later use. Check this paper out. Lock It and Still Lose It—On the (In)Security of Automotive Remote Keyless Entry Systems Fortunately he hasn't released the cryptographics of it but be aware they are bust and vulnerable. What I did find funny a few years back I had a lupo without remote control locking. It was actually more secure fitting a 3rd party system like rclick than retrofitting the genuine system. Also worth noting is that many old garage doors/shutters etc are vulnerable to replay attacks.. Thinking of more physical security yet? Edited February 3 by James_VW Word 1 Quote Link to comment Share on other sites More sharing options...
mk2 Posted February 3 Author Report Share Posted February 3 You seriously need to get together with @Skezza. I think we can now call you the forum expert on vdub security systems... But yeah. I think a physical security system is in order now. I'll have to wire in some secret switch which will disable the engine. It's actually quite scary what devices like that can do. There's even software which can copy the ID of an apple phone to spoof apple pay. And bank cards, although I believe that there's a 12 byte authorisation code. I get how all the electronics works, but the software is the bit I don't get. And I don't like installing code without knowing that it's legit. Wish you were closer down south. Quote Link to comment Share on other sites More sharing options...
James_VW Posted February 4 Report Share Posted February 4 I wouldn't worry too much tbh. Keep paying for financial security, insurance... Nothing beats the baseball bat method of stealing keys... 🤣 I saw a video other day of some lads pulling up front of a drive, pulling a weapon and demanding the keys. Vehicle gone in 30 seconds. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.