coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [#3713] No subject

Browse Source
This commit is contained in:
CPol 2022-12-25 19:26:35 +00:00 committed by gitbook-bot
parent 82553b2892
commit c3284bed6a
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
todo/radio-hacking/flipper-zero/fz-sub-ghz.md
View File

@ -70,6 +70,10 @@ The **Read Raw** option **records signals** send in the listening frequency. Thi
By default **Read Raw is also in 433.92 in AM650**, but if with the Read option you found that the signal that interest you is in a **different frequency/modulation, you can also modify that** pressing left (while inside the Read Raw option).
### Brute-Force
If you know the protocol used for example by the garage door it's possible to g**enerate all the codes and send them with the Flipper Zero.** This is an example that support general common types of garages: [**https://github.com/tobiabocchi/flipperzero-bruteforce**](https://github.com/tobiabocchi/flipperzero-bruteforce)****
### Add Manually
{% hint style="info" %}
@ -99,7 +103,7 @@ Add signals from a configured list of protocols
Check the list in [https://docs.flipperzero.one/sub-ghz/supported-vendors](https://docs.flipperzero.one/sub-ghz/supported-vendors)
### Suppoerted Frequencies by region
### Supported Frequencies by region
Check the list in [https://docs.flipperzero.one/sub-ghz/frequencies](https://docs.flipperzero.one/sub-ghz/frequencies)

4
todo/radio-hacking/sub-ghz-rf.md
View File

@ -82,6 +82,10 @@ The attacker can **jam the car receiver and not his receiver** because if the ca
Other implementations seen in specifications show that the **rolling code is a portion** of the total code sent. Ie the code sent is a **24 bit key** where the first **12 are the rolling code**, the **second 8 are the command** (such as lock or unlock) and the last 4 is the **checksum**. Vehicles implementing this type are also naturally susceptible as the attacker merely needs to replace the rolling code segment to be able to **use any rolling code on both frequencies**.
{% endhint %}
{% hint style="danger" %}
Note that if the victim sends a third code while the attacker is sending the first one, the first and second code will be invalidated.
{% endhint %}
### Alarm Sounding Jamming Attack
Testing against an aftermarket rolling code system installed on a car, **sending the same code twice** immediately **activated the alarm** and immobiliser providing a unique **denial of service** opportunity. Ironically the means of **disabling the alarm** and immobiliser was to **press** the **remote**, providing an attacker with the ability to **continually perform DoS attack**. Or mix this attack with the **previous one to obtain more codes** as the victim would like to stop the attack asap.