Hak5: Hacking Wireless Doorbells and Software Defined Radio tips

On this weeks episode of Hak5, a popular electronics and hacking YouTube show, the presenters talk about reverse engineering and performing replay attacks on wireless devices such as a doorbell. They also talk about using the recently released Yardstick One which is a PC controlled wireless transceiver that understands multiple modulation techniques (ASK, OOK, GFSK, 2-FSK, 4-FSK, MSK) and works on multiple bands (300-348 MHz, 391-464 MHz, and 782-928 MHz), but is not a software defined radio.

Finally they discuss how to use the RTL-SDR and GQRX to stream received audio over a UDP network connection using netcat in Linux.


If you are interested in the Yardstick one, Hak5 also uploaded two earlier episodes this month showing how to use the Yardstick one, and how to hack wireless remotes by using the RTL-SDR to do the initial reverse engineering, and then using the Yarstick One to do the transmitting.



  1. End of RTL-SDR.COM

    It has to be the end of RTL-SDR.com . Two hak5 videos in one post. Darren “the alcoholic” Kitchen world renowned wannabe script kiddie and prospect wannabe hacker shows you how to do things. Shannon’s hotness is the only reason i watch their videos.

    • Truth

      It depends on what the rolling code actually is.

      If it is something weak like a Pseudorandom number generated using a LFSR (https://en.wikipedia.org/wiki/Linear_feedback_shift_register) collect a few, the pattern can found (not easily) and the next code can be predicted.

      But if it is something like, for example, taking the number of seconds since midnight on the 1st January 1970, XOR that with a shared secret key and put the result through a cryptographically strong hashing algorithm (e.g. SHA256) then you can forget about predicting the next code, without having the shared key.

      • Noway

        for example Car Keys 99,99% all Radio Keys using Rolling Code for.
        I search over a long time for good Software to see “plaintext”. I could find nothing.
        Some Software are avaiable but the have nothink in there who is practicality used.

        • Truth

          OK so car key rolling codes, probably not going to happen, the current algorithm used is extremely strong, especially when compared to the weak insecure ones used in the past.
          There are still probably some old cars with the weak 32-bit LFSR seed value, no cryptographic hashing algorithm and no continually incrementing counter out there.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>