This Toy Can Open Any Garage
HTML-код
- Опубликовано: 18 сен 2018
- Or almost any garage - it's particularly good with fixed code gates and garages. Samy proposes other weaknesses with rolling codes.
This video was sponsored by LastPass: bit.ly/2oscAe9
I don't condone malicious hacking of gates, garages or other property. The point of this video was to discuss how it could be done using fairly basic technology like this toy that was originally intended as an instant messaging device. I learned a lot in making this video about how codes are sent and received, how they are encrypted or not encrypted. I found out how hard it is to execute in practice something which in principle doesn't seem that difficult.
Special thanks to Samy! His original videos on using the IM ME to open radio frequency garages and gates can be found here: / s4myk
He's got a really cool channel so be sure to subscribe if you're interested in this stuff.
Music from epidemicsound.com "Critical thinking 2" "I think I was there" "Magnified X 3"
And music by Kevin MacLeod incompetech.com "Marty Gots a Plan"
Now we all have to upgrade the security of our three-garage mansions.
Yep.😎
🏘️
💵💵💵
💵💵💵💵💵💵
💵💵💵💵💵💵
Engineered obsolescence. Capitalism working as intended.
no such thing as havx or not or mansiox or not, monex etc doesn't matter, ceptu, do,be/can do be any nmw and any can be perfx
Zes buddy, you ok? You have a stroke?
Danielle Spargo
It's old Masonic code he is saying " fear not those who control money, fear those who are controlled by it"
Local Florida man opens up all garage doors with a calculator.
Hello fellow unus annus
Florida Mannnn Man Mannnnnn
god damn florida man
Only in Florida
local Florida man uses electric clock to open all garage doors
LockPickingLawyer sitting in his chair and smiles.
1 is pass
2 is binding
@@MojiMikato Nothing on 3
How do you lock pick a garage
Hahaha that guy is a beast
@@krishnaearth1624 you don’t need to lock pick it. You get a long strong wire slip under the rubber flap at the top, grab the rope where the red handle is and yank. It pulls the garage off the track. That’s why having a security system is a good idea. Cameras too.
However a do it yourself security system runs into its own problems. New ones today that interact with Google home or Alexa, can be manipulated to shut off or open the garage via voice commands through lasers hitting the diodes on those devices from outside. It’s tricky but totally doable. Also DIY kits don’t really call anyone but you, jam the cell single and nothing can be done.
Then you have security systems like ADT’s new ones or Xfinity or other cable services that literally call through your internet. I’m sure you see the downfall here, a power outage shuts off the internet, so the easiest way to replicate that is just to go to the power box and cut the power from the main breaker outside by the meter. Which surprisingly a lot of homes have it outside. Only homes built after Net Metering Meters were put up by electric companies about 10 years ago, have their main breakers inside the garage. Unless specifically requested for a sub panel to be put in. So shutting down those systems is pretty easy.
Then you have systems like simply safe. They are funny because even the company says, don’t advertise your sign or hide the main panel which is like a vase you plug in that calls out. They tell customers to do this because you plug it in, and with in 30 seconds if someone breaks in and unpluggs it, even though it’s monitored through cell signal it won’t call anyone. But you can go one step further. If you use a 350mega hurts radio transmitter, which sells on Amazon for a cool $3. You just press the button, hold it up to the door, open the door and close it and your in with out the alarm going off, because you jammed the signals and simply safe and other cheap DIY monitored systems don’t have sensor jam detectors that actually trigger the alarm. They just send out a notice that your door isn’t working right. Which people ignore.
Ok so at this point your thinking what about cameras. And shutting off someone’s power renders them useless. Even if they are arlo cameras that use mini solar panels that charge the camera so they don’t need a power source if your gone from the home, the power shuts off the internet and therefore the camera can’t send out any videos to you in live stream. So Ring, arlo, and all the copy cats, are no good. You can still see later what happened but a guy with a mask doesn’t show anything aside from you getting duped.
So why do criminals get caught and how can you protect yourself. Well to answer the first question, most crimes of theft are opportunity crimes. Your door handle was unlocked they checked it and stole stuff inside and ran. You left the garage open and someone popped in and grabbed something and ran. But they get caught because other people see them and call the cops. They are usually on foot and teenagers Or homeless looking for money walking down the street at night checking door handles, typically don’t have cars. Either way, no get away car, makes catching them easy, and most streets have nosey neighbors.
The second reason they get caught is because they are stupid. And this is probably the biggest reason. They don’t know any of the info I just said, and furthermore don’t case their homes properly or even pay attention. I can spot all these things with in seconds of stepping from the sidewalk on to the driveway. But I don’t steal, I sell people home automation and security systems, or I did for 10 years. I sell solar now. But it’s a craft.
So what’s the best system for your money. Ok let’s start with cameras, make sure they record off movement, have at least two night vision infrared lights and send video spliced into 30 second clips in real time. That way you can see at least one clip before anything can be done. Cameras with a power source are best. Placing them high up is good too. Also Vivint has them where they even whistle or make other noises like an alarm to detour people. Get cameras that have two way audio also, and run on their own undiscoverable WiFi or cellular network. Next, your security system needs to be monitored cellular, I didn’t mention this before but old systems use land lines which can be cut. The cellular needs to be two way connected at all times. So if cell jammers are used or breaking in and ripping the panel off the wall and smashing it, the company knows they aren’t receiving signal instantly and call you. You will most likely see at least one clip of a criminal and tell them to dispatch police. The sensors need to have sensor jam detectors, like what happened with simply safe, if a Vivint sensor gets Jammed it will immediately sound the alarm. The system needs to be a two way voice, so the monitoring company can click in and hear what’s going on inside, like someone giving the wrong verbal password or saying take the tv out the back, or dogs barking or glass breaking. This is super important, especially in higher crime areas. Police don’t respond quickly or sometimes not at all to alarm companies unless it’s a confirmed response, and two voice is how you confirm the response to get police out there ASAP. And lastly, only have home automation that can do things like lock a door, arm the security or close a garage via voice commands through Alexa or Google, not the other way around. That way no one can yell or use lasers to have the doors respond to open a garage, unlock a door or disarm the system. Vivint’s are programmed in that matter.
Now I say Vivint a lot, because they have the best system money can buy hands down. I’ve worked for 7 different companies and Vivint’s the best by far. They thought of everything, I don’t even work for them right now so you know I’m telling it to you straight. The one thing Vivint didn’t think about was paying their managers better so I left lol. But for customers, it’s the best most secure alarm you can get.
Hypothetically you can still break into one but it will be hard. Also it’s a serious crime and I would never recommend doing such a thing. But hypothetically if you did, You would have to probably hide in a tree, and hope someone disarms their system via the touchscreen panel. Where at the right vantage angle you might be able to see the password. Then one day when they are gone, hop the fence, cut the power so WiFi is gone for outdoor cameras. Do not use the front door, Bc that doorbell cameras is on cell signal and you can’t stop it from sending out recordings. Then head to the back door. You’ve already cased the house so you know it’s an older sliding door, where they don’t have these rubber pads at the top of the door frame. Meaning you can get a screwdriver and wedge it under the slider and lift it upwards, so it renders the lock useless Bc you will lift it so the lock disengages. If there’s these pads at the top on the inside of the door you can’t do that on newer sliders. But you got to do it quick. And in 30 seconds get in and type in the code to shut the alarm off. Or someone will call after that even if you disarm it with the code. Now you can go to the front door, and either unplug the doorbell camera if it’s not hardwired in, or if it is get your drill and drill into the wall and cut the wires for power. Then proceed to the garage and open it up and tell your buddy down the street to pull the moving van up to the house so neighbors don’t get suspicious. Be quick and your gone.... of course again, it’s all hypothetical. And if you have never been robbed, it’s a terrible feeling that takes people months or years if they ever get back their full peace of mind. It’s a terrible thing to do to someone else. They are your fellow man, the same species and your neighbors. Don’t steal or break into someone’s property of any kind. There are always honest options to your problems, and those are the best ones.
However, in the video game hypothetical scenario we discussed above, I’m sure you would agree that’s a ton of work!!! That’s really time consuming, you could get caught a week prior just casing the house or up in the tree. It’s super risky. Which is why a criminal just goes to the next house who doesn’t have a Vivint System, or really any system at all. Anyways I hope that answers any questions you had, and all the ones you didn’t haha.
The amount of bikes and cars I've stolen by now is uncountable! Thank you for this video!
um
@@sp0721 You can't count to zero.
@@EebstertheGreat zero
Oh? Here I am with an unlocked garage and my bikes are still in there...
Ah yes, economy
I remember that when I visited my great-grandmother in 1968, sometimes her garage door would open when military jets flew over.
if your grandmother had this technology in 1968 then she is an alien.
@@hiveknight3853 maybe she was. You don't know this man's life and even less about his great-grandmother's origin.
O ROUABAH maybe do some googling first before you open your mouth.... Wireless garage door openers have existed since like just after world war 2....
@@hiveknight3853 maybe it just wasn't available in your country. You would be amazed to know how long phones and cars has been around. Try Google if available in your area.
Just joking of course, don't take this the wrong way
I remember when my grand daughter's pet rock used to order chinese whenever 8 dogs barked at the same time.
Me: Installs Last Pass
Hacker: Okay, now I have to crack only one password
True hackers don't bother with all that. They simply change the password.
@@joshuafoster23 Top 10 Least Subtle Pickup Lines
@@joshuafoster23 not my real email jackass im not that stupid
@@joshuafoster23 youre not very smart.. at all. Lmao
@@joshuafoster23 just send me the virus link.
my dad used to drive around after church with us clicking the garage button aiming at strangers houses 😂 I think his clicker worked for one or two garages. I also thought I could open my garage from 50 miles away when I was little 😓
"I also thought I could open my garage from 50 miles away when I was little"
As a kid, I used to sweat whenever I pressed the keyfab because I though no matter how far away it is, it would open the car. So I'd press it again to lock it but then I was still nervous worrying that maybe it didn't register and the car stayed open.
me to
little did you know, pops was going back to those houses later to snatch some bikes and tools 😅
@@CanIHasThisName you were right about one thing, It didn't register
Well you can now from anywhere on your phone!
this man just taught 2million people how to break into his house
it's even easier to pick almost every lock with a $12 set from amazon. Did you really think you're safe in your house?
@@nervmichnich And windows are always breakable.
do you know where she lives though ?
@@nervmichnich Stuff Made Here: ah I see you used almost so I can’t tell you
More importantly, he showed them how flawed this form of security can be. Security awareness is a very important thing today and there really is no other way of teaching people what to watch out for other than exposing these flaws.
Good luck breaking in my garage. I have no lock on the door, no power opener and so much junk inside that no one can pass.
My garage has so much junk in it, it's in that grey area between "messy" and "booby trap"
I dont hv a garage
They could use a thin wire with a hook at the end to pull the emergency release handle from the outside. ruclips.net/video/8Zef7tXMzfk/видео.html
Hard to do so after someone stands their ground
@@zo1dberg
@@chargermopar Edgyboi! Careful, you might cut yourself on that edge!
"Opens the door to other issues.." ;-) Nice. I see what you did there
jokes on them, my garage door is always open! take that stupid hackers!
My neighbor really does leave her garage door unlocked all the time. Not even kidding.
Einstein got the joke guys
My favorite Samy line...
The moment you think all your issues are solved..
A door opens.
I am buying one of these and doing this. Unlike my crappy garage door opener remotes, I bet it will work reliably
update pls
You need a newer system with digital codes since the frequencies drifted with the old ones.
I used to write firmware for security receivers, and a lot of inexpensive garage door openers are simple 8- bit pulse position format, but as you guys found out the timing is everything. The codes I used were PPM and PWM and 24 to 32 bits in length and sometimes included hamming and grey encoding, but the reception windows were very tight ( to about 50uS) and in some formats they used a sync pulse to specify the widths of the pulse windows so the timing would be different in different conditions.
And now imagine forgetting the password for lastpass..
I did. It sucks. :)
We should *really* be using public private auth for most things
@@mannye what happen when you actually forgot the password for lastpass?
@@firdausralis8032 Nothing. I kept trying to get them to send an email to reset, but it's so complicated and time consuming that I just gave up. I'm very busy, however, so it may be different for someone who doesn't mind wasting time getting FastPass to work.
@@firdausralis8032 if you haven't setup one time passwords and out of options, well your data is lost forever, because lastpass encrypt your password profile (called the vault) using your master password, and you can't reset the password unless you know the password because the mechanism to reset the master password is part of the vault. TL;DR if forgot your master password with no backup you are done.
"An average person has at least 200 accounts"
Well then I must not be average
KØxNinja yeah i have 5
I just checked, I have 572
I have like 50 max
@@joaquin6700 Bear in mind for every person without any accounts, there's one with 400, and for every person with 122 accounts, there's one with 278.
It's an average, that's kind of how averages work.
Low and high end make up the average, the middle doesn't even have to exist.
Yeah 200 seems way too high imo
Thanks for the tips! I have 12 new bikes already.
You don't need a transmitter or toy to open most garage doors. Here is a little known fact that has come in handy many times during power outages before I installed a battery back-up. In most garages, the latch at the inside top of the door that connects and disconnects with the center guide rail is easily accessible using a wire coat hanger. Just slipping a wire coat hanger between the door frame and door with the hook part to catch and release the latch with a downward yank will open most garage doors. Thieves know this, so should you!
Wow, yeah! Simple but effective!
Sadly this was how my home was broken into. Now I stick a bolt through one of the holes of the guiderail of the garage door so it can’t be lifted past it. Annoying but that’s life
My garage door is 6+ feet tall. I understand that you could easily hon that hanging rope in the disconnect lever, but if I remove that rope, wouldn't that defeat this technique?
Some new doors have an extra feature that makes this harder, though not impossible.
only if the opener limit setting it not set correctly. Unfortunately most doors arent set correctly.
While the door is closed and connected to the machine, try lifting the door. If it doesnt move at all then its set correctly. If it does lift up, you should adjust the limit setting on your opener.
That’s Samy kamkar he was banned from using any computer with internet access in 3 years for hacking MySpace lol
well not technically hacking myspace, just embedding a malicious script into the custom css that acted as a worm. MySpace was really just the medium through which users were "infected".
JaytleBee von Miraus What did the worm do?
Didn't veritasium make a video on him (six degrees of separation)
"but most of all, Samy is my hero"
SapphFire it was a self propagating worm that made users that watched he’s page send him a friend request, and then embedded itself onto their own page so it spread exponentially and within 24 hours it had spread onto a million users
Thanks for this! My neighbour has lots of cool stuff in his garage. Just ordered one! ;)
Oh no, you didn't did you?
But you dont know how to program it
I know that you're joking, right? But, why waste your money on a gadget when all you need is a wire coat hanger to open most residential garage doors that use a center guide rail? Garage doors with remote openers have always had a false sense of security attached to them, but they are literally the easiest door to unlock manually with little effort once you know how to release the guide rail latch.
Welp, he did it.
Lmaoooooo
No one:
RUclips: Hey do u wanna learn how to break the law using a toy?
Do you prefer not knowing it?
You threw in that last part so people wouldn't try breaking into your house.
Nice one haha
heck yeah i wanna learn how to break the law
Dear RUclips: I want to learn how vendors who sell shitty, poor-security hardware provide easy access to your property by those who break the law, and then steal your stuff.
You should give this to Linus from LTT as a backup plan if his damn garage door fails again
My uncle drove a late 70's Datsun pickup truck with a really noisy ignition system. He managed a residential construction crew so he would drive through the same neighborhood every morning about the same time. Whenever he passed by a certain house, the garage door would open. Eventually the homeowner flagged him down and confronted him about it. Of course it wasn't malicious. The guy just had a really shitty garage door receiver. :)
Wow, that is amazing!
Back in the day when it was just a chirp on a frequency to run the door. If 5 neighbors all had the same opener, any one of them could have opened any of the doors. They only got away with it because back then openers were rare.
LMAO
In the "good old days" you often had the garage simply have an inductive loop outside, drive up and door opens. Inside you then pressed a button by the door to open it from inside. The times when you parked your car, and went inside leaving the keys in the ignition with not a care.
Ignition controllers started being made much more robust and shielded than they used to be once FM radios started becoming standard equipment in the 70s. Older ignition systems could interfere with FM radios. These changes have made cars much less vulnerable to nuclear electromagnetic pulse. The radio itself is now the most vulnerable part, but it should blow out its fuse before the surge can damage other parts of the car.
my garage door uses one bit.
But I won't tell you whether it's 0 or 1 ;))))
God damnit
i know its one coz we're all fans of the matrix Neo
I know the De Brujn sequence: 01.
John Stevonson The Original air date for Off Road Hog is September 19, 2018.
mine uses one bit too. its a small piece of metal that I keep with others on a metal ring. It's totally non hackable no matter how many social media sites you've buggered up but my problem is I cant be bothered to get back out of my car to use it when I drive out of the garage.
HEEEEECK YEAH! Uncommon utilization of de Bruijn sequences is what landed me my current job!
Haha as SOON as the video revealed that the receiver was checking the bit patterns via sliding window, I KNEW de Bruijn sequencing would shine bright here.
Good video! You really demonstrate arcane concepts in an engaging and relevant-to-most fashion ^_^
whats the story behind getting you a job?
I'm assuming you just added that last part about it being "much more difficult than you thought" as a disclaimer to prevent people from trying it? Because you had just finished showing him being quite successful in opening 2 garages, and he made it look pretty easy.
Easy to press the buttons but you need the knowhow to set it up to connect to the door
I have a brick that can open any window!!
my windows are plastic, try again
@@Blox117 lol
But that method alerts people to the break in. Unlocking the door doesn't.
+blox
I have a chainsaw that can open any window!
That guy is chainsawing a window nothing suspicious about that.
Can't hack into a garage door when you're too broke to have a garage
Naganachiketh Chinnamuttevi lol
It doesn’t have to be your own garage
*Can't
*you're
@@alvallac2171 thanks for pointing that out
weSmart
I love stuff like this. Thanks, Derek, MORE PLEASE!
"Thanks for the video, I'm gonna go " *borrow* " my neighbor's car real quick."
3 garage doors and a gate, damn, youtube definitely dint demonetize Derek.
*didn't
alvallac21, thakns
He also does other stuff and produces full length documentaries for tv-networks e.g. in Germany and France.
He was also wealthy prior to RUclips so there's that.
G+1121494 Yeah, lots of times recently he's said footage will be part of a documentary in Australia or Europe. That's where the bux come from. Let's just hope he doesn't get hit with retaliatory tariffs.
Embedded advertising ends at 1:45.
The hero we don't deserve
those imbedded ads pay for that huge 3 garage house with a gated driveway.
hahha, yeah. Because I'm totally going to put all my passwords in one place for them to just be snipped by the 13 year old who eventually hacks their database. or by the government.
I KNOW RIGHT?! CIA HAS ALL THE CONTROL OVER THAT THING, NONE IS SAFE!
Thanks!
A friend and I are working on something similar. The third garage and the gate may not have opened because the code to close it was sent very shortly after the code to open it was sent.
It'd be interesting to have the garages open and see if the ones that opened with opensesame close when it's run. I think there's a good chance they won't but the others will.
I have one of those and it was reprogrammed to be a spectrum analyzer. The microcontroller inside an interesting feature - a Received Signal Strength Indicator (RSSI). A fellow student when I was finishing Cal Poly EE program had the reprogramming tool for that toy that was originally intended to be a texting communication toy for girls.
Just wait till you learn about the 300 year old key technology we use to secure our homes.
Well, for the most common door lock systems, there are under 50 keys anyway in all variants, and for most of them the driving thing is cost. the one the builder put on is just there to keep the door from blowing open, though most home locks are just as poor as the door anyway.
not true if its an electronic lock
My garage can't even be unlocked from the outside xP
@@Blox117 your assuming they didn't have an accessible port for programming and unencrypted data easily sniffed giving you access to all locks in say many hotel chains. Oops.... or are you saying it's even easier than traditional picking ?
st1300 r if an electronic wireless lock was sending unencrypted radio signals then that manufacturer would go out of business.
that is a really nice house. congratulations Derek
Might not be either of their homes! More like; 'Look, triple garages! Perfect to test our new toy!'
It's more of a mansion )))
His 3 garages are the same size as my entire house. Pretty impressive to me.
Now we all can "visit" him at any moment. Thanks for the instructions 😎
JD RUclips pays well these days.
what a coincidence! I literally just watched a video featuring your friend (from WIRED) and then I thought "ok lets watch a Veritasium video" and I chose this!! Who would have thought I would see him again on YOUR channel! :D Quantum Probability!!
Samy Kamkar is a living legend! Glad to see he is still on the scene.
Someone below is asking that the rolling code can't work the way its told here. As if the receiver accepts only the next code what will happen if the transmitter is out of range and someone presses the button of transmitter ? As now transmitter has moved ahead of receiver. Well the video lacks a few things here. Actually there is a synchronization counter C which gets increamented each time you press the key (of transmitter). Same way the receiver also stores the most recent validated synchronization counter it has received (N). Now when ever you press the key and send the pseudo-random number to the transmitter the transmitter also takes the synchronization counter C from transmitter (and to update itself will overwrite N with C). Now receiver will also produce the Cth code (corresponding to C i mean) and match with the code send by transmitter. There is also rolling window of acceptance for rolling codes say 100 or 1000 or whatever (depending upon which system you using for your garrage or car keys). Now also note that C-N
nailed it ! Hacks and Security is best
It's all good and easy in theory, but difficult practically.
The receiver saves the counter-value of the last accepted code (N). Would a simple check C>N not solve this issue? If the attacker sends a 9th code ("stolen") after the receiver has already received 10th code, it will fail than.
@@k-s-x N will never be greater than C, unless there is a cycle of codes (which I'm assuming there isn't). Remember that the attacker can not generate codes, he/she can only use the ones it stole. So the receiver will not update the sync code if there's a wrong code.
N will be always smaller than C ! N is the last code (sequence number) recevier has received but C is the last code key generated. How can reciever receive more codes than those genrated by the key itself ? The attacks can't send any pre used code ! and if the attacker sends code against 9th sequence and receiver also calculates for the 9th seqeuence ( receiver calculates its own code against C). prateek brother i know its hard practically but slowly with time due to automations and so much new devices coming in market its becoming easier. Especially RFID key making companies (for cars) should pay attention to it.
but most of all, Samy is my hero
From the Pablo Ted talk? 😂
xss is fun
Sean Wilkerson
Google "myspace worm"
How come you wach almost every channel that I wach
Wait... Arnt you that rubix cube guy
5:01 man! I have the same lappy skin!!! literally exact same!!! no minor variations!!! How cool is that! Glad to see someone with that!
Oye Paaji
Samy: finishes giving a smart explanation on how you could hack a rolling code device. "So that's the issue with rolling codes" *looks at Ver
Ver: *nothing
Samy: grins like a kid.
idk why but I loved that part lol 11:02
5:27
It opens the "DOOR" to other issues 😂😂
I like his expression
You threw in that last part so people wouldn't try breaking into your house.
This man speaks truth.
That's pretty guay
A very secure way to prevent any of these from working would be to have the door opener send the current time, followed by the signature of the current time. The garage door compares the received time to make sure it is within a window of its own time, say within 10 seconds to account for drift, signs the received time with the same signing key, and compares the 2. If they are the same signature, the door opens.
The way he stored the second code would still work. He would just have to add the current time into his injection which would not be hard to do.
@@Teh_Random_Canadian ah, but a signature is not the same thing as a signing key. Substituting the timestamp (the thing that is being signed against) with another automatically makes the whole signal completely invalid, as even a single digit change in the timestamp would generate a completely different and seemingly random signature with no relation to the previous.
These signatures work as a strong verification because the signature itself is useless on a different payload. The only way to spoof a signature, is to steal the signing key (also known as a signing secret), which usually means stealing the opener remote itself.
@@ginsederp I'm curious though about the rolling codes. How does the remote know whether or not to move onto the next sequence? In their example for jamming/recording, they said how the device would send out code 1, which gets jammed/recorded. Then, they would use the transmitter again to try and open the garage and send out code 2. If theoretically that first code never actually gets used, wouldn't the transmitter and the receiver be out of sync?
@@sumphatguy I'm not that familiar with this, but I think one way of doing it is to jam the signal for 2 sequences. Upon pressing the open button a 2nd time, the interceptor would stop jamming and send the 1st sequence, thus keeping the 2nd sequence as a valid open sequence.
To the victim, it would look like the door didn't get the signal the first time, and most people would just try pressing it once more. Since the interceptor is much faster than a human, sending the 1st signal would seem indistinguishable from the door responding directly to the remote.
@@sumphatguy There is no sync really, the receiver gets a code, uses algorithm to calculate the seed and if the seed is correct it opens the door and then it blacklists that specific code. If it never received the first code then the code is not blacklisted but remote will blacklist it for itself (as to not send it again because it thinks it's already used) but the receiver is still accepting that code. So you can use the first code after a month and it would still work because receiver never got it and it will accept it.
That CC1110 chip looks really nice actually - MCUs with integrated transceivers are pretty useful.
Thank you
Yours sincerely,
Thief
It's a known thing, a devices that use these exploits were out for years.
Huh.
Is also ironic that He got sponored by lastpass
Thieves know this. It's regular people who don't.
Similarly, if you have a shitty lock a thief will open it regardless whether there are videos on RUclips about it. But if YOU watch those you may think about changing it.
Butt Why?? /r/ whoosh
I lived a few miles from an Air Force base. Some of the buildings were constructed with EMP protection (metal cage). To test the system they used electromagnetic field generators. It was the strangest thing but every time they tested...my garage door would temporarily not work.
3 Subscribers Without Any Videos!!!!! What???!!! People say an EMP may be the only thing that could successfully destroy America!
Bill Schlafly
You can hack that with a physical key.
Your garage door signal was drowned under the EM noise floor. ECM jamming is also "old" tech.
Thank you for confirming that, like most garage door openers manufactured in the last 20 years, my garage CANNOT BE HACKED except by a purposeful, planned attack by a professional with dedicated, non-trivial equipment (and who attended Samy's 2015 DEFCON presentation on how to do this). Since I don't own a McLaren, I'm not too worried that anyone would ever get motivated to put the requisite effort into hacking my personal garage.
Elim - totally agree. For most criminals, the old saying "the juice isn't worth the squeeze" certainly applies here. Waaaaaay too much work to get into a garage. And, if it's a commercial facility, they probably have cameras and a motion sensor alarm inside.
This man really just showed all his viewers how to break into his garage
me: looks out window to every garage in my neighbourhood
"it's fun time"
Love Samy Kamkar, genuinely one of my heroes.
You went from "Any garage" to "Most garages" VERY quickly... You are one of the few channels i trust to be honest in the title
“200 different accounts” me and my 700,000 alts are an outlier, and should not have been counted
Ok Accounts Georg
Re: rolling codes - not entirely correct.
Yes, you could technically see a code, grab it, and emit a jamming signal. Then do it again, like you mentioned, to have a "future" code.
However...the garage door openers have a window of (usually 10 or more) "future" codes that it will accept as valid in addition to the current code. Otherwise, if there were interference between the remote and the door, or the remote was pressed far away from the door, the two would be out of sequence, and you would have to reprogram the remote to the opener before it would work again. People would be annoyed and think it was broken.
Let's say both the opener and the remote are on code N. You press the remote while at the grocery store. Now the opener is still on N, but the remote is on N+1. On the way home, your toddler presses the remote again. Now the remote is on N+2, but the opener is still on N.
You get home, press the remote, but you're too far away, so it isn't received by the opener. The remote is on N+3, but the opener is still on N. So you pull up closer to the garage and press the remote again. The remote transmits N+3, the opener says, "yup, that's valid" and opens the door.
But here's the important thing: The opener now says, "OK, I've missed a few presses, but I received N+3 as valid, so now THAT is the valid code. The old N, N+1 and N+2 will not be seen as valid." Both the remote and the opener switch to N+4.
So in your situation, your future code would be "killed" as soon as the opener DID receive a valid code from the remote, which would be pretty much immediately, because the owner would want to get into his garage.
Incidentally, this is also exactly how hotel locks work. The front desk encodes "room 302, rolling code 5" onto your card's magstripe. You insert the card into the door lock of room 302. The door lock says, "well, I'm still on code 4, but now I see a valid code 5, so I will disable code 4 and switch to code 5." Now all code 5 cards will open the door.
As soon as another card is encoded for the room, it will receive code 6, which when used in the lock, will disable code 5 and switch the lock to code 6.
gsmac1969 cool
@@icarusswitkes986 So I understand the idea that using a future code voids all previous codes, but in the video he mentions that the jammer device records code N and code N+1. , but sends code N after receiving N+1. so the jammer now controls N+1, receiver is on N+1, car is on N+2. The key detail is that the jammer sends the first signal after receiving the second so it still contains a valid future code of N+1.
QuaNo it would still deactivate a-z/1-9
good read, thanks for sharing!
So if you press the button 10+ times while away from the garage opener, your remote is out of sync and would be useless?
There are rolling code retrofit kits available for old garage door openers. If your opener has a receiver unit that can be bypassed, which a lot of older units do, you disable it and wire the kit into the opener like it was another button. It's a cheap & handy way to make an old but functional opener a lot more secure.
To this day, my building has the most primitive remote system for the garage (the system is quite old). I bought several remotes on Amazon, and they all worked fine when set. However, one came out of the box with the DIP switches already set in the up-down-up-down-... pattern, and worked without being set. RIGHT OUT OF THE BOX, it would open the garage gate. And yet, it's hard to get anyone to care or understand, because condo managers and board members tend to be low-tech folks.
Aside from the inherently poor security, the code hasn't been changed for over 20 years. I realize how complicated that might be for everyone, but folks stealing airbags and catalytic converters often have it figured out (and no, camera surveillance, in practice, is not the cure-all).
Be careful because they will get our things I mean steal our things
@@sean4751, my parents had their airbags stolen (what a mess) from the fairly new Honda Accord they had parked in that garage -- BEFORE they'd put a gate up.
That solution for how to hack the rolling code garage is really clever!
4:35 the TOTAL number of codes is 4096, so it would take 262 seconds to try ALL the codes.
The door would probably open before.
that's less than 5 minutes
@@Dubstepticon47 wow, so it's less than 1/12th hour
@@flowjob3813 wow, so that's less than 263 seconds
To be precise, the expected time given an equal distribution of codes would be that you have to try on average half of the codes.
I noticed that too
3:29 Owns lots of sophisticated tech. Knows technical stuff about how that remote works. Has to work out 2^8 from scratch.
somethings arnt worth remembering, its simply easier/more efficient to just figure things out as you need them and forget
@@thepretendgineer2288 You don't have to put an effort to remember, it will come naturally. It's still weird tho, 2^8 is what most people remember in the computer/electronics enginneeing field
Criminals watching this: WRITE THAT DOWN WRITE THAT DOWN!
that toy can do alot more than open a garage door, it can jam a encrypted police frequency in the 700mhz-800mhz range causing the encryption to fail and radio nessages are sent in the clear no longer encrypted. it doesnt prevent messages from being sent but it does jack up the encryption in a way that causes the system to default to not use encryption
I'm impressed you got sponsorship for a video that is basically a tutorial on breaking and entering :)
Great video, It was really interesting acturly.
Read the title of the video and thought about Samy Kamkar. Opened the video and saw Samy Kamkar. Cool guy!
I love how he has a Kinect V1 on top of his monitor. Those are fun to play with 🙂
why is that??
I used to install garage doors and gates. I finally know what ASK means! It was always the button you held down to connect to the remote "asking" for permission to connect.
Pro tip: get 256 garage keys, modify each one to every possible combination for 8 bit, use it on ur neighbors.
Edit: nvm, you only need 1
One key and a fuckton of time
Nicholas Brown no way someone can reach our garage opener from outside... even with a coat hanger
Reduce the code timing down to 17ms (allowing a code press plus a space between code character)
@@AEON. i have cameras and alarm system lol
You guys know you can get the exact same effect with a crowbar right?
I NEED HELP I FORGOT MY LASTPASS PASSWORD
*_use lastpass to store your lastpass password so you won't have to remember your lastpass password_*
No you didn't forget it, I changed it!
You can simply click on forget password n use your email to reset it.
Then find it
@@14-avinashchoran18 what if you forget your email password?
the wild bit is that the de Bruijn sequence is not the shortest possible
the shortest possible arrangenents are called superpermutations, and while the length of the 8-bit superperm isn't known, 4-chan has found the formula which can predict this length very accurately, which then allows computers to directly attack perms at that length and we should soon know the 8-bit superperm, which is somewhere around half the length of the de Bruijn sequence. It's called the Haruhi problem and the solution is the Haruhi theorem.
In fact, the superperm is so efficient that it becomes possible to crack the rolling code opener with the superperm as well.
I came up with my own protocol for an automotive remote control. Uses a Fob ID, and a random number with a lot of "swirling" (shifts, flips, XORs) to create a 128-bit burst. It's very weak "encryption" (obscurity only - "key" goes with the "lock"), but spectrally it's white (important, to harden against analysis). More importantly, this is only for the wake-up "hello" to the RX radio transceiver - and it has a few extra features: rate limiting (one attempt every 3 seconds), and packet size (128-bits).
After the RX radio wakes up it begins a secure bidirectional session with elliptic curve with pre-shared public keys (from setup), HMAC, time limits (RTC), and a counter.
It has a full wake up, Car-to-Fob, Fob-to-Car loop time of 1.5 seconds - slower than your off-the-shelf car alarm or factory remote, but it's not going to be replayed, spoofed, or MiM. Was a balance between security, functionality, speed, power consumption, and range - uses TI's CC1312R on both ends.
To Samy's credit, I developed this after watching his OpenSesame hack half a decade ago.
I would just have a smart garage connected to my internet and my phone could just open the garage, it’s easier
Flex tape can block it!
Somebody's been watching jon tron 👌
That was a bad one tbh
Broken marriage? FLEX TAPE!!!
Scotch tape is better.
That's a lotta damage
Just so you know, there might exist slightly shorter de Brujin sequences for these codes.
I played around with these sorts of permutation strings myself, and also thought I came to an algorithm for the shortest possible sequence, which I think is similar to what you show in the video, but some more recent insights into the problem show that shorter sequences can be found using more efficient "traveling salesman" algorithms.
How do you find the De brujun algorithm? I've struggled to figure out how to put all of the combinations together
"How secure is my garage?"
"... no."
Man you're loaded! I think about that every time I watch this video. Good for you.
"This toy can open any garage" *Shows it opening 2 garage doors on the same house*
I mean he could not go opening other peoples garages as that is a dirty crime boy.
Fantastic and accessible explanation on rf, binary logic, and security all rolled up. Great job!
It’s all fun and games until Elmo gets this toy and appears under your bed.
My neighbor when he heard I have this toy: *Chuckle*, I'm in danger.
I dislike all these LastPass ads. I will not trust a private company with my passwords. Use open-source password managers instead! They can be audited and anyone can look at the source code to make sure there isn't a weakness.
I agree, but how else can Dirk afford his three garages?
"Open-source" and "anyone can look at the source" doesn't mean that even a single other person will look at the source or that they'll be an agent for good. What you want to advertise is well-tested and well-known OSS with a proven track record.
Joost Van Rens that’s Samy’s house
its not as convenient as last pass
*everyone can look at the source code to find weaknesses as well*
It won't open MY garage, since that has to be done manually.
Doesnt that mean anyone can just open ur garage with there hands
@@zapra4992 it's probably a key ;-;
@@zapra4992 I'd say that's the joke
Very well epxlained video, props to yall!
Garage door openers operate around 310 to 320 megacycles. It is laughably simple to open garage doors. I always shut the power off to my garage doors at night or when at home. I also latch the mechanical sliding lock as well. What prompted me to start doing this was a walkie talkie from a nearby mine that I took home by accident, opened th garages door when I hit the emergency tone. It was completely by an accident that I found out. I was going to go return the walkie talkie to the mine and I called on the walkie talkie. I talked to the mining authority and when I was going to shut down the walkie talkie I hit the emergency tone and the door opened. I switched the walkie talkie to low and it still worked. After that, I started powering down the garage door openers at night and when I am home. I do not trust the opener at all.
Hacking is time consuming because programming is annoying...
I'm a software engineer.
the dude in the video did it in a day
@@Sange4499 yeah, an entire day. Rather long, innit?
@@pts_ Generally not, I'm going for a Masters in Cyber Sec, with a focus mainly on NetPen and Digital Forensics, and generally hacking can be done extremely quick if you have decent information on the systems you're working on. This video took so long due to frequencies and calibration, so if he spent a while getting used to the fine tuning, he could apply what he learned very rapidly to the next door neighbours garage door.
Knowledge always takes time to develop, hacking is clicking buttons in the right order.
Lol nerds
@@EnergyOfQi lol successful people
back in the early 90's I connected a 12 bit binary counter in place of the dipswitch; It was effective.
Oh the chaos you’ve just created, now you’ll see thrives with toys opening garages
Half ikea home render half workshop and beautiful desk. I like!
Remember when lastpass was malware installed by hamachi if you didn’t uncheck it’s box
NanoSync lmao remember hamachi?
NanoSync hamatchi is adware
@Demo performing some useful function doesn't prevent it from being malware
"You put munitions chips in toys!" - Small Solider, 1998.
All electronics have interested me since I was little but the one thing I still love tinkering with is anything radio related and I plan to get my ham radio license and some nice radio equipment, I hope that by the time I can afford that stuff people are still using radio as the hobby is kinda struggling
Security alert!!! Great video for informing people. Makes you think if paying an extra $100 for a garage door opener is worth it?🤔
Imagine you're the owner of the three garage mansions, and you're looking at them opening your garage door
Lol this is their house I'm pretty sure..
Are there any resources to learn more about how the chip inside the toy was reprogrammed? It seems interesting.
The chip inside is a CC1110. That's a chip made by Texas Instruments. I've used the CC3xxx series, and it's quite easy to program these chips. Assuming you know C, all you need is Code Composer Studio and a JTAG programmer. Look up the datasheet for the CC1110 and boom, you're in.
SmilingIpad check out Travis Goodspeed & Michael Ossmans Tooorcon talk from 2012 on the pink pager. ruclips.net/video/WGU30mF_dgM/видео.html
If are uncapable of searching for resources yourself, i don't think you can make this work.
@@gotlos1 incapable*
Before: Ahhh… that is just scam, what can this guy tell me?!
After: Yeee Boi its time to hack some refrigerators!
5:56
that lonely 1 at the bottom
I knew who this guy was before you even introduced him by reading the title of this video. I am subsribed to sammy and am waiting for him to produce new content.
"The average person these days has about 200 different accounts that require passwords" - I kindly request the data of the researches that back this statement up. It seems like an outrageously high number. Even if it's true, I believe that the majority people would be better off deleting most of these accounts. Many things that were useful previously may not be useful anymore, thus turning themselves into burdens unless you eliminate them from your life. Keep it simple, folk.
It is simply based on this: "We found the average employee using LastPass is managing 191 passwords." blog.lastpass.com/2017/11/lastpass-reveals-8-truths-about-passwords-in-the-new-password-expose.html/
Do you really think people COMPLETELY delete their old accounts in all the websites they don't use anymore?
I will explain you, the chain is quite simple:
1) Old account on website not used anymore, password used: Iloveyou1975
2) Account on Facebook, password used Iloveyou1975
3) website not used anymore hacked and its database including users information get stolen
4) Hackers have scripts to try to login with the same email/password on many websites like Facebook.
5) Congratulation you got hacked and all your personal information on Facebook is stolen.
So use a password manager like KeePass.
Just an advise...
I'm more interested in how they know the most common passwords are how can they know that
Veritasium its a great channel, but it should start adding its sources!
@VanilleDev I don't understand how you can use such few accounts. I'm a programmer, I have a new job for a month and half only and I have already 19 entries in KeePass only for this new job... JIRA, Microsoft accounts, Slack, databases, RDP, Git, VSTS...etc
Easy way to hacker-proof an old 8 bit garage door opener: Use a remote lamp switch to power the opener. A local home supply store had two types, one with a 80 ft and another with a 140 ft range. The current ratings were large enough for a 1/2 HP opener motor but normally the relay in the remote controller will not make or break the motor current; only carry the motor current. One remote for each can be used if more than one garage door. Another way is a WiFi outlet controlled with a smartphone but this is more cumbersome to use.
This has actually been done before. Probably multiple times. It was an active robbery where six or so guys rolled up in a van and hacked someone's garage door. If I'm not mistaken, they were chain robbing multiple garages and houses. FYI, many garages have locking buttons on the switch which prevents receiving signals.
Derek is pretty fabulously wealthy for a RUclips educator
That's Sammy's home. He hacked into a bank.
Patrick Canning he's a Dr. Of Physics. Dr. Derek
YT is not the only thing he does.
Patrick Canning There were life before youtube, you know. Believe it or not.
Patrick Canning I am fairly certain the PHD in physics helps some...
I like how they made it seem difficult at the end so we don't all go out there and try to open people's garages lol
Suburbs, beware.
There are not that many standard baud rates. It's fairly simply to write code to sequence through these codes at various baud rates.
Rly want to see a collaboration video with you, Mark Rober, Colin furgel, Tom Scott and even Vsauce!
It'd be a science overload