Rolling Codes Explained part 2. I hacked my own garage door #flipperzero

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] thank you so this is part two of my exploration of rolling codes to understand how they work and I was actually able to hack my own carport as we can see of the video above and I was able to enter my garage using my flipper zero even if this system uses rolling codes so if you are new to Rolling codes I recommend my first video of The Rolling codes explained I'll put a link and below in the description to that and here I learned that you cannot do a basic replay attack on the systems using uh rolling codes because the code that you have recorded is only valid once so how was I able to hack my own garage Port using my flipper to use it as a key yeah I will try to explain so let's start to go into the menu of The Flipper and select sub gigahertz which is here and then as we know we cannot record and use any saved ones because now we're working with rolling codes so we have to go into add manually and this is quite interesting because I'm using the Rogue Master firmware for the moment and as we can see here there are several algorithms for systems already saved here and this comes with the the firmware automatically so I will go down to the systems that my carport is using and that is the protocol called security 1.0 the Security Plus and I'm using 433 megahertz which is quite normal here in Europe so by selecting this then we have to give this a name so let's for test just call it a one and we can save it and then let's go back to the list which is here A1 and now I can emulate this and what we will see here pay close attention to um the second last row which says counter so here we can press the send button and it will increase by a number this is my first pressing then I can press again this is my second and so on so this means that for every time I am pressing this key it will send a new signal and what signal will be sent well that is up to the counter and the key and the algorithm and since this is a known algorithm both to my flipper and to my carport the receiver it should be possible to pair these two so let's go out to my cardboard and test how this works so this is my garage door in my garage this is a lift master as we can see and let's let's say that okay I have this new uh a newly bought remote control and I do I want to pair it towards my receiver so at the back side it's got an orange button I'll press that once and it's a LED lighting up and then I can select a button on my remote so I'll press it once and the receiver will click a couple of times and the lights is blinking so that means that I have now paired my control with my new remote I'll press the the right bottom button and it works stop it and I'll take it again okay now let's do the same with my flipper so let's go into the menu let's go into seven gigahertz let's say add manually and I know that my my receiver is using the protocol called security one so I'll select this frequency and then we will give it a name carport new save and the interesting part now is if I scroll down to my carport new which is here I can now emulate it but first I need to put my receiver as we saw in the correct mode so once again I'll be pressing the orange button at the back side it's lighting up let's try to emulate yes now I sent this signal we can see on the screen the key that I sent in and the receiver was making a response saying that this was okay so let's try to send this signal now yes now the door is closing I'll send it again it opens that's very cool actually so that means that I can use my flipper as a remote for my rolling code LiftMaster receiver okay so let's try to figure out what's really going on here let's do the same thing again let's go into the sub gigahertz and then add manually and then select the protocol that we are using Security Plus 1.0 and the correct frequency and now let's give it the name let's just give it a test name m 1 for Simplicity save and let's emulate for the first time M1 which is here pay close attention to the details and now I will send this for the first time and the only thing changing is the counter we can see the key we can see the ID we can see the button which is the middle and the counter will increase for each time I am sending this so when in learning mode the receiver will start a new register for accepting this key and this serial number and also knowing the current counter of the sender but when in operating mode it will only accept known keys and unique serial numbers in addition to a counter that is synchronized with the sender it will accept some future codes which ensures that your sender is not getting out of sync if you press it a couple of times but keep in mind that it will get out of sync if you press it too many times when you are outside the receiving area of the receiver so unknown senders are not accepted because the IDS such as the key and serial number are unknown and also replaying a known sender will not help because as we know the counter is not in sync and it will only accept unused codes so can you manually increase the counter to my knowledge yes but that depends on the protocol so I would say that my system to Security Plus 1.0 is not considered as very secure because if you node IDs and you know the counter and the protocol you can calculate the next valid code and that is also why there are better and newer codes available uh at the market and the successor of Security Plus 1.0 is Security Plus 2.0 and there also exists other more secure protocols [Music]

Info

Channel: TechAndFun

Views: 74,153

Rating: undefined out of 5

Keywords:

Id: PJvdIrY6aJY

Channel Id: undefined

Length: 8min 35sec (515 seconds)

Published: Mon Feb 13 2023