@@takeapart and here I don't understand: suppose I save a dozen codes after 6 the opening signal with the original remote control is sent to the control unit, will the other 6 signals still be valid?
@@takeapartI don't quite understand this attack: hack rf will jam by blocking the original remote control, the Flipper Zero will record the codes. The problem is if the owner were to open the car he can always do it manually with the lock and then he will leave: For closing the Flipper will be able to record the codes but if it is only a closing signal how will I open the car?
you have to be far away from car….(capturing key signal) make sure to be outside of the range so the car won’t receive the key signal… only you will capture it. Then you can replay it and it should work.
Hi One question maybe you can help me. I have a portapack h3 and tried to jam the key fob signal. I'm running the correct frequency (imo, analyzed it with the flipper zero) but if I press unlock on the key the car still opens. So there is no signal jamming
Hi, new to the HackRF scene, but from what I've been reading, the HackRF doesn't have a lot of amplification power, so maybe that's what it's going on, the key is overpowering the HackRF's signal. I've just started messing with it, but I had a similar issue.
@@takeapart What's the use of doing replay on car keys? Many things run on 2.4Ghz. So the HackRF Repaly you do in the video, can go up to the 2.4Ghz band as well, not just the 433 you played with? :)
My HackRF ONE PortaPack H2 after turning off erases all recordings (Capture) and after the next turn on, only play beep and carrier frequency. Interesting, should it be? How do I save my capture recordings?
thats because the unlock 'code' will change on both the car and normally the FOB. But because you used the portapack to unlock, the car is ahead in the codes. Maybe it will never catch up by its own cause it needs part of the code to keep it in line with each other, but that is just a guess. I had the same problem and after unlocking with the key the manual way (turning the door lock) and also power on the dashboard with my key, the FOB worked again. Or it was the many times I tried unlocking and locking the car with the FOB that eventually resetted it, or brought it back in line again. It is one or the other, maybe both. For reference, it was a VW Caddy 2005 model I tested.
@@Karpakurvathe signal sent was 0005, the car didn’t received it ever, so the first time it received it was from the device, thats what i understood but not sure
@@honestlocksmith5428 really?! Did you just invented a new wonderful technique of dealing with rolling codes, that makes the good old roll jam unnecessary? If so, share your finding with the audience here, i bet everyone will be glad to hear 🧐
MUST SEE! check out www.youtube.com/@takeapart/videos
I’m having problems getting it replay captures but no idea why do u need specific aerial or setting
for cleaner RX TX
But with the rolling code can you open or close it only once?
yes… but you can record multiple codes
@@takeapart and here I don't understand: suppose I save a dozen codes after 6 the opening signal with the original remote control is sent to the control unit, will the other 6 signals still be valid?
that’s depends on manufacturer…. but mostly rest of the 6 captures won’t work.
@@takeapartI don't quite understand this attack: hack rf will jam by blocking the original remote control, the Flipper Zero will record the codes. The problem is if the owner were to open the car he can always do it manually with the lock and then he will leave: For closing the Flipper will be able to record the codes but if it is only a closing signal how will I open the car?
2014 Kia Optima EX, 2010 Lexus 250h... Rolling codes, So I said in the car while It started and grab captures for opening. No luck! Got a suggestion?
you have to be far away from car….(capturing key signal) make sure to be outside of the range so the car won’t receive the key signal… only you will capture it. Then you can replay it and it should work.
Unfortunately it's not working, away from the car 35M outside... Then I get to the car nothing. Does it matter what the antenna is? @@takeapart
@zipit-media 35m is still not far enough…. standard range is about 200m ! (in clear line of sight)
@@takeapart I did 300m, nothing. So you need to see the car 200m?
Jamm the signal with the hackrf and record with flipper or jamm wirt a quansheng.
but how hack rf one produced rolling code ? as it expires after 1 use by key ? idk if im wrong please correct me
hack rf doesn’t produce rolling codes… please rewatch the video
Nice content ! just started playing around ! when capturing it didnt save anything. wonder why
hi, maybe wrong SD card … try different types
Hi One question maybe you can help me. I have a portapack h3 and tried to jam the key fob signal. I'm running the correct frequency (imo, analyzed it with the flipper zero) but if I press unlock on the key the car still opens. So there is no signal jamming
Hi, new to the HackRF scene, but from what I've been reading, the HackRF doesn't have a lot of amplification power, so maybe that's what it's going on, the key is overpowering the HackRF's signal. I've just started messing with it, but I had a similar issue.
you need a rf amplifier
Can you do replay attacks on 2.4ghz band as well?
sure can , but what use ?
@@takeapart What's the use of doing replay on car keys? Many things run on 2.4Ghz.
So the HackRF Repaly you do in the video, can go up to the 2.4Ghz band as well, not just the 433 you played with? :)
is there a possible way to do brute force with unlocking a car? or is it only possible with capture
maybe for very old aftermarket car alarm systems …..
Absolutely!
Hi Bro i have problem whene I go to (replay/open playlist/captures ) i don t find nothing you can help me please i have hacker rf
I think in some fw version there is different folder where hackrf saves captured files. check other folders
So the first thing to is search the frequency and capture that ?
Sorry i still newbie
yes, but capture it far away from the car
@@takeapart why near car does'nt help?
something doesn't feel right here... the turn signals don't flash when opening...
yes they do flash
My HackRF ONE PortaPack H2 after turning off erases all recordings (Capture) and after the next turn on, only play beep and carrier frequency. Interesting, should it be? How do I save my capture recordings?
SD CARD
How did you got the right frequency?
easy … EU - 433.92
@@takeapart Thank you! For an unknown device that the frequency is not public information for?
@teodorpocs use frequency analyzer
Dont you need to install a costom firmware?
this os called Mayhem
Anyone had the issue where after doing this. The car key fob won’t lock/unlock the car? Cuz thats what I’m dealing with rn I have an old volvo
you have to gooogle how to relearn key fob on …. some cars does that (not just cars… garage remotes and others )
thats because the unlock 'code' will change on both the car and normally the FOB.
But because you used the portapack to unlock, the car is ahead in the codes. Maybe it will never catch up by its own cause it needs part of the code to keep it in line with each other, but that is just a guess. I had the same problem and after unlocking with the key the manual way (turning the door lock) and also power on the dashboard with my key, the FOB worked again.
Or it was the many times I tried unlocking and locking the car with the FOB that eventually resetted it, or brought it back in line again.
It is one or the other, maybe both. For reference, it was a VW Caddy 2005 model I tested.
You bricked it because of rolling code security.
Why did the lights flash with the Flipper but not the HackRF?
Hi, I think back door wasn’t properly closed…
Nice try but this will work only if you capture the key that wasn't used before, that's why you had to move outside the range.
correct ✅
what means 'wasn't use'? A key thet was never connected to the car? Before the first use?
@@Karpakurvathe signal sent was 0005, the car didn’t received it ever, so the first time it received it was from the device, thats what i understood but not sure
If I will prank my friends, how can I capture without to get the key ?
hhh not possible… unless you spy on your friends and wait until they press keyfob button
but can it do a RollJam?
absolutely! check out my other video!
Roll jams are unnecessary.
@@honestlocksmith5428 really?! Did you just invented a new wonderful technique of dealing with rolling codes, that makes the good old roll jam unnecessary? If so, share your finding with the audience here, i bet everyone will be glad to hear 🧐
How do you find out original frequency of key fob?
with frequency analyzer…
Cool!
thanks buddy
have you seen other videos? I have seen quite a lot of viral vids there ….
It is also possible to turn on the car?
@HEX1337x probably, but only aftermarket remote start systems….
@@takeapart what you mean as aftermarket?
so you trew up key close to car😮 i wannna know how car talk to key))) but thank you!!!!! 😮
Im not 100% sure what you mean … but thanks for watching
@@takeapart i need to know what kind hadrware can emulate the key near car!!!!!
I have bunch of videos on this topic… check them out.
because my honda if i have key in my poket i can open door ill unlock by it self !!!!
it depends… some cars using different communications for this. but most combination or just subGhz standard fob buttons
How does this work for my keyless entery audi ?
hi, it should as hack rf is working from like 1MHz
You are going to brick your key FOB. Audi has rolling codes.
It's a completly nosense, one-time use only.
AKA rolling codes
@@takeapart So 99% of nowadays RF devices. So it's more for "test" purposes than actual "offensive" ones.
👍🏻
thanks
Двери открой у машины
stay tuned for that
yeah with the own keys like ownhotel rooms - pointless. make it at a stranger