Experimenting Radio Frequency

Hacking my Dad's Car

While I was starting off with RF, once I realised that car keys used in daily life are also wireless, it ignited a spark in me. What if I could spy on such signals (ethically) and observe what is being sent? I ended up doing a lot more than just observing.

Since I already had an RTL-SDR dongle, all I had to do was observe the signal on CubicSDR and be amazed! But that was not it. The car key in question utilized an older method of sending data, an analog signal instead of digital. I installed an application called Ethical Radio Hacker which allowed me to pipeline the live baseband from my RTL-SDR to this application and actually visualise the data in 1's and 0's that were being sent by the key fob. Another security measure that was implemented was rolling code; but it still had some downsides. If two older sequential codes were played back in front of the car, it would still unlock for some reason. This is certainly a huge flaw, a flaw I exploited to have access to the car at all times, once again ethically. 

Then, I had an idea. What if I could record this signal and replay it in front of the car? Since I dont have a proper radio transmitter, I used my Raspberry Pi to transmit the data at 433MHz, the band car keys use here. For this project, I also used RpiTx, a GitHub repo that allows the Pi to transmit radio waves by exploiting one of its GPIO pins. M yRTL-SDR was used to capture the signal. At home, I captured the signal of 3 unlock presses using the rtl_sdr utility at 250 kSPS. I then replayed this signal using the Raspberry Pi near the car, and it unlocked! I was extremely happy with the success of this project as I learnt a lot about how such signals work and operate in the real world, flaws that exist with these systems and certain improvements that have already been implemented when I tried the same with another car (ethically).