virtue3 7 hours ago

I think if you have enough replays you can deconstruct the rolling code. Not sure.

Also there are ways to desync/resync your key so you might be able to “add a key” with the flipper with certain firmwares.

Cloning the current key and using it can desync it from your car. Super annoying. Be careful

Reply View 4 replies
  • echoangle 7 hours ago

    I don’t know exactly how the rolling key works but wouldn’t it be kind of like having a secret stored in the key that’s needed to generate the next code? If it’s designed properly, recording a few thousand codes shouldn’t tell you anything about the next code, just like you can’t deduce private keys by looking at a few thousand encrypted files. I have no clue if that’s really how it works, so I would be happy to be corrected if my mental model is wrong here.

    Reply View 3 replies
    • bigiain 5 hours ago

      > If it’s designed properly,

      That phrase is doing a lot of heave lifting there...

      (This is only what I've read, but as i understand it many rolling code keys can be broken by recording three button presses while the keyfob is out of range of the car, then brute forcing the seed.)

      Reply View 0 replies
    • bongodongobob 5 hours ago

      Basically yeah. You'd need millions of replays to even have a chance. Cracking basic wifi back in the day required a couple days worth of sniffed packets. I'd imagine this is similar, if there is in fact a way to do it.

      Reply View 1 reply
      • FridgeSeal 5 hours ago

        Rolling code protocols like Keeloq can be broken pretty easily (apparently).

        Reply View 0 replies
FridgeSeal 5 hours ago

Plenty of devices use the Keeloq protocol for rolling codes which is pretty straightforward to break in modern hardware.

Reply View 0 replies