Christopher @ Queensland Academy for Science, Mathematics and Technology
I am a Year 12 student attending the "Queensland Academy for Science, Mathematics and Technology" in Brisbane, Australia.
Currently I am completing the International Baccalaureate (IB) diploma and a required task is a 4000 word independent research essay. Ever since I found out about RTL-SDR, and tools such as the HackRF, I have become very interested in software defined radio. The IB subject the essay pertains to is ITGS: Information Technology in a Global Society.
For my paper, I have chosen to investigate the security of keyless entry systems, mainly in garages and automobiles. Specifically, I have reverse engineered the signal from a particular 433MHz rolling code keyfob using an RTL-SDR and GNURadio. Firstly I recorded the transmission, demodulated the 2-FSK signal and then decoded it based on pulse length and a certain preamble length. I then created a single shell script to automate this whole process. I have found that the rolling code is very insecure, with only 2 random bytes amongst a few predictably changing and static bytes.
However, I require a TX capable SDR to perform a jam and replay attack (recently demonstrated by Samy Kamkar and on the Andrew Nohawk blog), and I am particularly interested in your products, the Yard Stick One and HackRF. I plan to use a Raspberry Pi to control the Yard Stick One and also perform the jamming via a TI CC1101 chip or using the Raspberry Pi GPIO and rpitx. The paper will also detail other vulnerabilities in keyless entry systems and explain the impact on society globally.