Penetration Testing mailing list archives
Re: RF code scanners
From: Mister Coffee <live4java () stormcenter net>
Date: Thu, 17 Jun 2004 09:08:43 -0700
On Wed, Jun 16, 2004 at 09:57:12AM +1000, Amit Deshmukh wrote:
Has anyone had any experience with using radio frequency code scanners and/or grabbers to try and grab codes for garage doors and things like that?
I will neither confirm nor deny having any experience actually doing this.
What's the sort of hardware used for this? Surely it cant be a matter of just cycling through the 2.4 Ghz (or appropriate) spectrum till u hit the right frequency and the door pops open! There is probably also a code burned into the firmware of the remote control device and the receiver which may need to match up.
In the early early early days of Garage Remotes, that was about all it took. Find out what freq it was on, what single tone it sent, and you were done. Now it's not quite that easy. Remotes work in a number of different freqs, depending on vendor (google for it), and most of them send a digital code from the remote to the receiver. Last one I played with was set with dip switches in the battery compartment. Some of the more recent units (Genie's "Intellicode" for example) use a dynamic code, so it takes a little more than just grabbing the code passively.
I've heard of other devices which sort of "code hop" and use a different code each time. Any vulnerabilities with those? (maybe they use an "industry-standard" algorithm?)
I know there are several companies that produce compatible remotes, so the algorythms must be available. The base stations have a "Learn" function that lets you add new transmitters (set it to learn, press the opener several times in a row), which indicates to me that the "random" code is predictible. Given that, it seems that you could duplicate a given transmitter by passively listening to it for several iterations. I'm not certain here. I haven't researched it all that deeply.
Is it better to use a scanner or grabber with devices that use a static non-changing code?
That depends on what you're trying to do. Side note: http://www.radioreference.com/modules.php?name=News&file=article&sid=467 Openers are decidedly susceptible to jamming...
Cheers, Amit
Cheers, L4J
Current thread:
- RF code scanners Amit Deshmukh (Jun 16)
- Re: RF code scanners Mister Coffee (Jun 17)
- Re: RF code scanners Richard Rager (Jun 17)
- Re: RF code scanners Mister Coffee (Jun 22)
- Re: RF code scanners Richard Rager (Jun 17)
- Re: RF code scanners Richard Rager (Jun 17)
- <Possible follow-ups>
- Re: RF code scanners Maarten Van Horenbeeck (Jun 21)
- RE: RF code scanners Ng, Kenneth (US) (Jun 23)
- Re: RF code scanners Mister Coffee (Jun 24)
- RE: RF code scanners Ng, Kenneth (US) (Jun 23)
- Re: RF code scanners Mister Coffee (Jun 27)
- Re: RF code scanners Mister Coffee (Jun 17)