Hak5: Hacking Wireless Doorbells and Software Defined Radio tips

On this weeks episode of Hak5, a popular electronics and hacking YouTube show, the presenters talk about reverse engineering and performing replay attacks on wireless devices such as a doorbell. They also talk about using the recently released Yardstick One which is a PC controlled wireless transceiver that understands multiple modulation techniques (ASK, OOK, GFSK, 2-FSK, 4-FSK, MSK) and works on multiple bands (300-348 MHz, 391-464 MHz, and 782-928 MHz), but is not a software defined radio.

Finally they discuss how to use the RTL-SDR and GQRX to stream received audio over a UDP network connection using netcat in Linux.

Hacking Wireless Doorbells and Software Defined Radio tips - Hak5 1910

If you are interested in the Yardstick one, Hak5 also uploaded two earlier episodes this month showing how to use the Yardstick one, and how to hack wireless remotes by using the RTL-SDR to do the initial reverse engineering, and then using the Yarstick One to do the transmitting.

How to begin hacking with the YARD Stick One - Hak5 1908

How to Hack Wireless Remotes with Radio Replay Attacks - Hak5 1909

Tweet
Share17
Reddit
Vote
Email
17 Shares

Related posts:

  1. Hak5: Reverse Engineering Radio Protocols with SDR and the Yardstick One
  2. Digital Ding Dong Ditch – Hacking wireless doorbells with Arduino and RTL-SDR
  3. Reverse Engineering Wireless Mesh Smart Meters with Software Defined Radio
  4. Hak5 at Shmoocon 2017: Shock Collar Radio Roulette, GNU Radio, Sniffing IR (Terrahertz) Signals and More!
  5. Brute Force Unlocking a Car with a USRP Software Defined Radio
Subscribe
Notify of
guest

6 Comments
Inline Feedbacks
View all comments
Giamma
#82753

My replay attacks on wireless devices such as a doorbell, https://www.youtube.com/watch?v=AcH6VGdqCio

0
Reply
End of RTL-SDR.COM
#79691

It has to be the end of RTL-SDR.com . Two hak5 videos in one post. Darren “the alcoholic” Kitchen world renowned wannabe script kiddie and prospect wannabe hacker shows you how to do things. Shannon’s hotness is the only reason i watch their videos.

0
Reply
Noway
#79687

So how could the hack the rolling code?

0
Reply
Truth
#79692

It depends on what the rolling code actually is.

If it is something weak like a Pseudorandom number generated using a LFSR (https://en.wikipedia.org/wiki/Linear_feedback_shift_register) collect a few, the pattern can found (not easily) and the next code can be predicted.

But if it is something like, for example, taking the number of seconds since midnight on the 1st January 1970, XOR that with a shared secret key and put the result through a cryptographically strong hashing algorithm (e.g. SHA256) then you can forget about predicting the next code, without having the shared key.

0
Reply
Noway
#79694

for example Car Keys 99,99% all Radio Keys using Rolling Code for.
I search over a long time for good Software to see “plaintext”. I could find nothing.
Some Software are avaiable but the have nothink in there who is practicality used.

0
Reply
Truth
#79700

OK so car key rolling codes, probably not going to happen, the current algorithm used is extremely strong, especially when compared to the weak insecure ones used in the past.
https://www.microchip.com/keeloq/
There are still probably some old cars with the weak 32-bit LFSR seed value, no cryptographic hashing algorithm and no continually incrementing counter out there.

0
Reply