Tagged: portapack

Demonstrating a Rollback Attack on a Honda via HackRF Portapack and an Aftermarket Security Solution

Over on YouTube "Obsessive Vehicle Security" has uploaded a video demonstrating a rollback attack against a Honda vehicle using a HackRF Portapack and the "Remote" function on the Mayhem firmware. His recent blog post also succinctly explains the various types of keyless vehicle theft used by modern thieves, including Roll-Jam, Relay Amplification and Rollback attacks. Regarding rollback attacks he explains:

A Rollback Attack works by capturing remote signals and replaying them. In theory this should not be possible with a rolling code remote system, however, a large number of vehicles are vulnerable to it. Including my 2015 Honda Vezel!

For it to work on the Honda I need to capture 5 consecutive remote signals. It does not matter if the car has seen these or not, when I replay them it re-syncs and unlocks the car. I have tested this and can replay the sequence as many times as I like. It always works.

He also mentions in the video how an aftermarket security system can partially mitigate these attacks.

In the past we also posted about Flipper Zero based rollback attacks.

Rollback Attack on Honda - HackRF One Bypasses Rolling Code Security

Two YouTube Reviews of the new PortaRF – A New HackRF Portapack Combo

Recently, OpenSourceSDRLab, a Chinese store and lab that sells existing SDR products, and some unique products of their own design, has started taking pre-orders for their new "PortaRF" product

The PortaRF melds the HackRF and Portapack into a single PCB. They advertise it as an evolution of the PortaPack H4M, which is their popular clone of the original PortaPack, upgraded from the original. The PortaPack H4M has become one the most recommended HackRF PortaPack options on the market, even surpassing the original HackRF PortaPack, due to its high quality, excellent features, and significantly lower cost compared to the original.

The PortaRF features several improvements, including a larger 4" IPS screen compared to the 3.2" non-IPS screen on the H4M, increased flash storage from 1MB to 2MB, a higher internal battery capacity of 3000 mAh, and the addition of a new joystick control. Interestingly, OpenSourceSDRLab has also indicated that the production version may come with an AI module, which will allow the PortaRF to respond to voice commands.

The PortaRF is expected to ship around November 20, and it costs US$220, shipped from China. In comparison, the PortaPack H4M sells for US$165, shipped from China.

Recently, two reviews of the PortaRF were uploaded to YouTube. The first is by TechMinds, which provides an overview of the features and opens it up, showing the internals.

PortaRF - A NEW HackRF PortaPack Combo In One Single Board

The second review is from sn0ren who also reviews the features, and shows the internals. Sn0ren also makes some notes about his likes and dislikes with the new design.

HackRF Portapack Evolved? This is PortaRF

A Review of the New HackRF PortaPack H4M

The PortaPack H4M by OpenSourceSDRLab is a new design of the HackRF PortaPack which comes with various improvements. The PortaPack H4M adds I2C capable GPIO ports, a USB-C connector, a built-in speaker and microphone, a better screen, a proper on/off button that won't easily activate in a bag, flat design for easier storage, and improved charging speed.

The PortaPack H4M is currently available as a bundle for US$152 from Chinese manufacturer OpenSourceSDRLab. The bundle includes the PortaPack H4M PCB, and a HackRF R10c clone.  This is exceptionally good value, considering that an original HackRF (just the HackRF without PortaPack) sells for US$319. However, just be aware that by purchasing clones you are not supporting GreatScottGadgets, the original developers of the HackRF.

If you were unaware, the HackRF PortaPack is an accessory for the HackRF SDR that enables portable use, with a display, controls, and onboard processing for direct signal demodulation, modulation, decoding, and encoding, all without needing a computer.

Over on YouTube RocketGod has uploaded a video showing some of the PortPack H4M's new features, how to install the Mayhem Firmware, and then showing it in action with it receiving a few signals.

HackRF Portapack H4M - Getting Started Guide

We've also seen another video by sn0ren that also introduces and shows the PortaPack H4M in action.

The new HackRF Portapack H4M

Tech Minds: Taking a look at the new HackRF PortaPack Mayhem Version 2 Firmware

A few days ago the programmers of the popular Mayhem firmware for the HackRF Portapack released version V2.0.0. The new version includes multiple improvements specified in the release text below.

We are super excited to share the what's new with v2.0.0

  • Apps are now stored on the MicroSD Card so we can fit more apps on the device.
  • New file format that contains both the firmware and SD card apps to make updating super easy. (mayhem_v2.0.0_OCI.ppfw.tar)
  • Working USB serial communication when in Portapack mode
  • USB serial web interface (see details a few lines later)
  • One click update using https://hackrf.app
  • New USB serial commands
  • A bunch of bug fixes (see the changelog for the various bugs)
  • Updated 'Settings' (app settings editor, encoder options, date ,config mode, brightness...)
  • BLE apps
  • Raw auto record and replay (see Recon in wiki)

A brand new website to manage your device, https://hackrf.app

  • Can work offline once loaded first (Offline PWA)
  • Remote screen support
  • Remote file system access
  • One click firmware updates
  • Requires a chromium based browser to work

A new organization, Mayhem: https://github.com/portapack-mayhem where you can fin the sources of all our projects! Pull Requests are welcome :-)

Over on the Tech Minds YouTube channel Matt has uploaded a video showing off the new features of the Mayhem V2.0.0 firmware, and also showing how to install it. In the video Matt shows the new SD card browsing features, the new easy firmware one click update procedure, and the new web UI.

The Portapack is an accessory designed to enhance the HackRF software-defined radio (SDR), enabling portable operation. It integrates a display, user interface controls, and onboard processing capabilities. This setup allows for the direct demodulation/modulation and decoding/encoding of a wide variety of signal types without the need for an external computer.

The Best HackRF Portapack Firmware Yet - Mayhem Version 2

Tech Minds: A Beginners Guide to the HackRF and Portapack with Mayhem Firmware

In one of his latest videos Matt from the Tech Minds YouTube channel has created a beginners guide to the HackRF and Portapack with the Mayhem Firmware. The HackRF is a popular affordable software defined radio with wide frequency range and transmit capabilities. An addon called the Portapack allows the HackRF to go portable, and custom firmware called 'Mayhem' significantly expands it's capabilities.

Matt uses a Chinese HackRF and Portapack clone set from Banggood which can be found very cheaply for around $200 shipped. The original Portpack can be found from the Sharebrained store for $200, and then original HackRF can be found form various resellers listed on the greatscottgadgets website.

In the video Matt unboxes the Portapack, shows an overview of the hardware and then goes on to show how to update the stock firmware to the Mayhem firmware. He then demonstrates a few of the capabilities of the Mayhem firmware.

Beginner's Guide To The HackRF & Portapak With Mayhem

Testing the Mayhem Firmware on a HackRF Portapack

The Portapack is an add on for the popular HackRF SDR which allows the HackRF to be used portably without a PC. Recently the cost of this hardware duo has come down to below US$150 due to low cost Chinese clones now being available on the market. Generally the clones are of good quality too.

Once you have the hardware it is possible to install third party custom firmware such as "Mayhem" on the Portapack which enables many features such as the ability to receive and transmit various different types of RF protocols. Back in 2018 we did a review of Mayhems predecessor which was known as the "Havok" firmware. More recently Tech Minds did a video overview of Mayhem.

Now over on his blog A. Petazzoni has started a new blog series which aims to introduce the basics of the Mayhem firmware, including installation and some hands on testing with RF spoofing, denial-of-service (DoS) and replay attacks. Currently only his first post is out, and in the post he show how to install Mayhem onto the Portapack, then goes on to briefly overview some applications such as RF replay attacks, replicating wireless remote controls, receiving and transmitting POCSAG, receiving and transmitting ADS-B, and creating a jammer.

Obviously a lot of what you can do with a Portapack and the Mayhem firmware is extremely illegal and very dangerous, so please do be careful with what and where you transmit especially if you are new to RF hobby. These signals should remain in your test area only, and not leak out into the wider environment.

[Also seen on Hackaday]

HackRF Portapack transmitting a spoofed pager message.

Tech Minds: Testing the Mayhem Firmware on the HackRF Portapack

In a video uploaded to YouTube last week, Tech Minds explored the HackRF Portapack, which is an add on for the HackRF SDR that allows the HackRF to be used portably without a PC. In that video he demonstrated it running the stock firmware.

In his latest video Tech Minds explores the Mayhem firmware, which is firmware developed by a third party in order to add significantly more features. The Mayhem firmware is a fork of the Havok firmware which is no longer maintained. If you're interested, back in 2018 we did our own review of the Havok firmware.

In the video Tech Minds first explains how to install the Mayhem firmware which also requires you to add an external SD card into your portapack. He goes on to demonstrate the various RX decoders available including ADS-B, ACARS, AIS, AFSK, BTLE, FM/AM/SSB audio, analog TV, ERT meters, POCSAG, Radiosonde and TPMS. Next he shows the various transmittable signals available including, ADS-B, APRS, BHT, GPS Sim, Jammer, Key Fob, LGE, Mic, Morse, Burger Pagers, OOK, POCSAG, RDS, Sounds, SSTV, TEDI/LCR and TouchTune.

MAYHEM Firmware for the HackRF Portapack Installation / Overview

Tech Minds: A First Look at the HackRF Portapack

The Portapack is an add on for the HackRF SDR that allows the HackRF to be used portably without a PC. If you're interested, in the past we reviewed the Portapack with the Havok firmware, which enables many TX features such as POCSAG transmissions as well as various other RX modes.

In a recent video Tech Minds reviews a Portapack clone, which is essentially exactly the same as the original Portapack. In the video he shows how to connect the Portapack to the HackRF, how download the Firmware and flash it to the HackRF. He then goes on to show some of the Portapack RX features in action. In this review he uses the official Portapack firmware, but notes that he will test the third party Havok and Mayhem firmware which have many more features in a future video.

Portapack H1 For HackRF - Ultimate RF Hacker Tool