HackRF One is a Software Defined Radio (SDR) peripheral capable of transmission or reception (half-duplex) of radio signals from 1MHz to 6GHz. This device is mostly designed for testing and development of modern and next generation radio technologies. It is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation.
In the following experiment, i tried the simplest replay attack to a real-world device (Ford Fiesta) in order to lock/unlock the car without the need of the original key.
To reproduce this experiment you will need:
- HackRF One device
- Windows 10 PC
- Permission from the owner of the Car
Step 1: First, you need to install the PothosWare which contains all the software tools that we need to record and play the captured signal from the key. https://github.com/pothosware/PothosCore/wiki
Step 2: Connect the HackRF device, locate the executable hackrf_tranfer.exe (normally this tool should be under the /Pothos/bin folder).
Step 3: Open a CMD and execute the hackrf_transfer.exe by using the following command
hackrf_transfer.exe -r key.raw -f 433900000 -l 8 -g 20
and by keeping the car key near the antenna, press the unlock button and stop the recording.
Step 4: Go near the car and execute the following command
hackrf_transfer.exe -t key.raw -f 433900000 -x 40
Enjoy!!
