Comment by echoangle
Just recording and replaying wouldn’t help you anyways, the code is rolling to prevent replay attacks.
Just recording and replaying wouldn’t help you anyways, the code is rolling to prevent replay attacks.
I don’t know exactly how the rolling key works but wouldn’t it be kind of like having a secret stored in the key that’s needed to generate the next code? If it’s designed properly, recording a few thousand codes shouldn’t tell you anything about the next code, just like you can’t deduce private keys by looking at a few thousand encrypted files. I have no clue if that’s really how it works, so I would be happy to be corrected if my mental model is wrong here.
> If it’s designed properly,
That phrase is doing a lot of heave lifting there...
(This is only what I've read, but as i understand it many rolling code keys can be broken by recording three button presses while the keyfob is out of range of the car, then brute forcing the seed.)
Basically yeah. You'd need millions of replays to even have a chance. Cracking basic wifi back in the day required a couple days worth of sniffed packets. I'd imagine this is similar, if there is in fact a way to do it.
Rolling code protocols like Keeloq can be broken pretty easily (apparently).
Plenty of devices use the Keeloq protocol for rolling codes which is pretty straightforward to break in modern hardware.
I think if you have enough replays you can deconstruct the rolling code. Not sure.
Also there are ways to desync/resync your key so you might be able to “add a key” with the flipper with certain firmwares.
Cloning the current key and using it can desync it from your car. Super annoying. Be careful