Hi Everyone,
I have been trying to figure out the Sub-Ghz to open my car doors but had no success so far. According to the FCCID I am supposed to use 315 mhz but even on that the flipper doesn’t read my keyfob. I have two and neither of them works. Any recommendations? I am happy to screenshot if needed.
and who said that the flipper should read this protocol?
you can record a RAW signal and replay it, if it works then the code is static
I tried RAW but it still doesn’t work. Does this mean the keyfob and vehicle are using different frequencies each time I use it?
Or dfferent codes on the same frequency
To my knowledge you will not be able to do this with newer cars. Newer models have something called a rolling code which prevents replay attacks like this. The code will likely switch though 0-255 different codes. You would have to figure out what the last code that was sent was in send the next one in order. and even then you don’t know if they’re randomized. However, this is near impossible to my knowledge. Now with older cars who don’t have this rolling code you should be able to do this type of replay attack.
its true most cars and garage doors etc use rolling codes. My fob stops the hopping at 433.92 every time, but I have been able to get more from it yet. My flip just arrived today.
My cars (have 2) is also 315mhz. Guess they don’t venture out lol
But yeah, I don’t think it’s going to work due to certain protocols. Yes it does read it raw but it has not worked on both of my vehicles 2019 and 2022 honda.
Especially seeing the same MHZ on 3 different cars.
If I’m missing something. Good. I like to learn !
As far as I know Flipper got a scan tool, which shows the Frequency in the Moment you push button on key. In right Frequency you should be able to read the signal. It is unfortenatly for the Experimenter in you, equipted with a rolling code, which is possibly encrypted.
For your “attacks” to work you first need the correct modulation … For example honda is very easy to exploit even with rolling codes … many info on the net. But to start you need the correct pre-set on the configuration file to capture and replay the signals with the flipper. Not allowed to talk about it here but i did post the honda pre-sets on another thread. I will not go any further on this matter but with a little bit of research should be easy to exploit at least the honda cars …