Solving the Mystery of a Keyless Vehicle Entry RF Deadspot in a Carpark with a FUNcube Dongle
The Brisbane Times ran a story today that discussed an interesting RF phenomenon that was solved using a FUNcube dongle software defined radio. The Funcube dongle is a SDR similar to the RTL-SDR. The issue was that vehicle wireless entry keyfobs would not work at a particular location within an outdoor shopping centre car park.
The story goes like this – First a user on a local Brisbane subreddit message board posted about how he had noticed that his cars wireless entry keyfob would not work when he parked in a certain area of the shopping area car park. The user wrote:
I walked out to my car from Bunnings, and there was a new HSW Maloo parked in front of me with the owner staring at his key fob and shaking his head.
I said “let me guess, car won’t open?” and he said yeah, and he’d been trying for about 5 minutes. I said that I’d had the same thing happen to me a few months back in the same spot, and then went to open my car.
Nothing. No beep, door stayed locked. Looked around and there was another couple trying to get into their car as well (late model C Class).
It took about 5 minutes of me trying the door every 20 seconds or so before it opened. HSV owner was still there when I left. The only thing he and I could think of causing it was the mobile phone tower in front of Aldi.
After reading the post, user u/riumplus decided to go out to the same spot with his Funcube dongle SDR and see if there was any interference that might explain the issues. But he found no such interference. However, when he pressed the wireless entry on his own keyfob he noticed reflections from the main transmission that were coming from the buildings walls. He wrote:
Aliens designed the building in this way! I can see it with my FunCubeDigliDiDingDong! No prrof needed, believe me!
Its interesting to note that if your fob doesn’t work and you are in expected range you could be victim of a “Jam, Record and Steal” rolling code attack…. Id only be concerned parked out front of Defcon or in a major city but its something to think about…
hackaday.com/2014/03/17/hacking-rolling-code-keyfobs
“After reading the post, user u/riumplus decided to go out to the same spot with his Funcube dongle SDR and see if there was any interference that might explain the issues. But he found no such interference. However, when he pressed the wireless entry on his own keyfob he noticed reflections from the main transmission that were coming from the buildings walls.”
******************
Can u/riumplus provide us with a short video clip or screen shots, of what displays the Funcube software produced that he correctly diagnosed as multipath reflections from the buildings? Such a video would be very interesting to see and interpret for most of us.—Thanks very much.
“he’d been trying for about 5 minutes”, really? I would have used the key after 3 failed tries.
You’d be surprised how many people don’t know there’s an actual physical key inside their fob.