Published on: August 27, 2013 / Comments: None

Decoding RF signals like keyfobs with HackRF SDR

Don't worry, your keyfob has a secondary security for rolling keys

Dragorn has a couple of tutorials up on his site about working with the HackRF SDR.  Just like decoding weather satellite signals, decoding wireless remotes and other signals is cool too.  If you’re familiar with the cheap RTL-SDR, then just know the HackRF is like that but more powerful (and can transmit).

Dragorn starts out with part 1: inspecting a pair of car keyfobs.  In this tutorial, he records the signals and inspects them using baudline.  You can see the different encoding mechanisms the 2 different keyfobs use.  Dragorn points out that actually decoding the data is pointless as the data transmitted uses a rolling key pair that constantly changes the data sent for security.


And thus he moves on to part 2: using GNU Radio this time with something that decoding the data might be useful.  For this one he is using a cheapo 433mhz transmitter you would use on an arduino like the ones use in this post.  GNU Radio is a little more complex than baudline.  You get to visually pipe inputs and outputs together for different modules until you achieve the proper filtering and decoding.

