Rolling codes explained #flipperzero

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] thank you so today let's have a look at the wireless Keys replay attacks and rolling codes first let's have a basic understanding of a replay attack and I will use my flipper to demonstrate this a replay attack is when you are using a device such as the flipper to record a wireless signal and then to replay the same signal to emulate a key and then to open devices that you will not normally have access to does this mean that anyone with the flipper could get access to my carport or my car well according to many videos out there on YouTube it seems like that is the case but I would say that that's maybe just half of the truth let's first have a look at a basic replay attack let's use this remote control for controlling lights in my house this is just like a switch on and off and let's record the signal The Flipper going to the sub gigahertz select read Raw make sure that the frequency is correct in my remote tab 433.92 I'll select that go back and then into record let's press the button and see one two three I'm pressing the same button and you can see the signal is the same each time so that is because it's the study code and this is how it works as a lightning switch pressing it on it switch on the light and off the lights go off again let's try to record this on the flipper on off I'll stop it now let's try to replay this or just send it on off let's try to do the same thing with this remote control for my carport let's go into the flipper start recording and when I press the button on the remote one two three four here we can see that the signals are actually quite different each time it's not sophisticated enough this flipper to actually show the details but you can see actually that the symbols are a bit different each time the button is pressed but let's try to record a proper signal and to replay it before my carport here we have it I'll press save and let's give it a logical name like carport cp1 and now let's move towards my carport and try to repay it let's try to run cp1 and you can see my carport behind cardboard one running send and yeah it actually opens the door which is a good thing so now I'm closing it again just pressing my button so let's see here let's try to run car portable once more nope it doesn't work because that code has been used so let's go back to uh some other ones let's use cp2 which is here this has not been used trying again to send that send yeah that also works because that was also a new code so a very simplified sketch explaining rolling codes let's say that the sender and the receiver will agree on some kind of common key in this example I'll just have the sequence number starting with one two three and so on as the end you multiply that with pi and you multiply with 100 this is of course way more complicated in the real life but this is just to explain the principle so the sender will send the first code that is one times pi times 100 314 is the result that's being sent to the receiver the receiver is actually expecting the same because they have the same common key and the same kind of algorithm so that's a match it will open the door the next expected code is 2 times pi times 100 so that is exactly what is being sent by the sender because it's it has the same algorithm 2 times pi times 100 that's equals 628 that has been sent over it it's a match to the expected result and it will open the door so what if you are listening and intercepting on that code being sent using your flipper so you will like to record 628 well you can try to replay and send that using your flipper but that is not accepted because that code has been used so rolling codes is actually a very good thing to secure the communication between a sender and a receiver in this kind of context but you should also be aware that such a system is still vulnerable for something called replay and single jamming attack so that means that you need a single Jammer so when pressing the button at the sender sending code one sorry three one four it is stopped by the single Jammer but you can still record it on your recording device so yeah the receiver is expecting that call but it it didn't receive anything so what will happen from a user context perspective yeah the sender will kind of press the button again and it will send the next code which is six to eight that is also stopped by the single Jammer and is also recorded by your recording device now you will stop the signal jammer and the replay device could send the first code again three one four that code is received by the receiver and it meets the expectations and it will open the door and at this point the next expected code from the receiver side is of course 2 times pi times 100 and this is kind of the tricky part and the vulnerable thing of this kind of system that is actually the thing the code that you already have stored on your recorded device that's an unused code and it could be used then to attack the system and open the door in kind of an uh unauthorized way well as a conclusion I think we could say that yeah the flipper can replace your remotes in your house for lights and so on but you cannot use your flipper to emulate and replace your car port key because that's using rolling codes and as we have seen the rolling codes have some vulnerabilities as well but probably not a threat by using a flipper so I don't think you need to be worried about people having flippers to open your cars or your carport doors but you should be aware of when you are closing and opening your door that it is actually responding because if it's not responding it could be somebody there with a signal jammer and record your codes that could be replayed later [Music]

Info

Channel: TechAndFun

Views: 85,317

Rating: undefined out of 5

Keywords:

Id: aTcziqO_2lM

Channel Id: undefined

Length: 7min 40sec (460 seconds)

Published: Sat Feb 04 2023