Hacker News new | past | comments | ask | show | jobs | submit login

> Lots of things use that range (garage doors, gates, fan remotes, etc.) and are not very secure.

https://en.wikipedia.org/wiki/Rolling_code I didn't know this wasn't secure enough. I thought this was the basis of most modern vehicle keyless entry too?

It is hard for me to not think of the Flipper Zero as a script-kiddie tool to do super illegal things like open your neighbor's garage illegally.




While rolling codes can be secure (KeeLoq [0] is a more secure example but has it's own issues), this [1] is an example of some of the weaknesses that can happen if a rolling code algorithm is broken. I have personally been able to capture, decode, encode, and transmit garage door codes using that python script and a HackRF (which can also be done with a flipper and custom firmware).

[0] https://en.wikipedia.org/wiki/KeeLoq

[1] https://github.com/argilo/secplus


Can you help me understand why rolling code attacks aren't broken on most cars but are broken for garages?

Also, are attacks like this real/common/easy to pull off? https://youtu.be/1SUGf6OwRzw Where the signal is amplified from the key inside the house to the car. How does the car/keyfob not detect it's signal/noise ratio or time for roundtrip is all messed up distance wise?


From what I understand, cars are a bit more complex now then garages. KeeLoq, from my understanding, is not 'breakable' like garage doors. It does have weaknesses, but more related to the raw cryptography/math. Since KeeLoq is a cryptographic function, it can be broken by brute force or by gaining access to the manufacture key.

For the amplification attacks, my understanding of them is that the key fob and car may be able to detect this kind of attack, but require more logic/software to do so. Also, most of these attacks use high frequency 'backhaul' wireless networks (key fob at 3-400Mhz, backhaul at 2.4-5 Ghz Wifi with lower latency) to prevent such timing/signal-noise from being detected. If I had to guess, most key fobs/cars are more focused on making sure the key fob works at range or in hard-to-detect environments and not focused on preventing such relay/amplification attacks.

Also, some similar attacks to what you linked could also be done against Bluetooth (I think Tesla had this issue in the past few years) with a simple Bluetooth range extender/relay setup.

(Note: without one of those devices, most of this is just guesses/what I've seen is possible/theoretical in terms of attacks)




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: