Post

Hacking a garage door

Posted
Preview Image
By ynk
2 min read

What is the HackRF One?

A HackRF is a software-defined radio (SDR) device that allows users to receive, transmit, and modify a wide range of radio frequencies. It is essentially a tool that enables individuals to experiment with and learn about wireless communication technologies. In the following example you will see an example of how to use the HackRF to open a garage door. Keep in mind that this is a proof of concept and should not be used to open garage doors without the owners permission.

What is a replay attack?

A replay attack, on the other hand, is a type of cyber attack that involves the interception and playback of data that was previously transmitted between two devices. In this attack, a malicious actor captures a message that was sent between two devices (such as a key fob and a car), and then replays that message in an attempt to trick the receiving device into thinking that the original sender is sending the message again.

Demo

In the following video you will see a script that will exectute the second command which replays the signal. The hackRF is the device on the Left, please note that this is a HackRF one with the portapack module.

Demo Video

Combing the two

Assuming that the garage door opener uses a fixed code, we can use the HackRF to capture the signal and replay it to open the garage door. The following example will show you how to do this. The first step is to capture the signal. To do this we will use the hackrf_transfer utility. This utility allows us to capture and replay signals. The following command will capture the signal and save it to a file called capture.bin. The -f flag is used to set the frequency, the -s flag is used to set the sample rate, the -a flag is used to set the antenna, the -l flag is used to set the lna gain and the -g flag is used to set the vga gain.

To capture the signal we will use the following command:

1

hackrf_transfer -r capture.bin -f 433920000 -s 2500000 -a 1 -l 40 -g 40

To replay the signal we will use the following command:

1

hackrf_transfer -t capture.bin -f 433920000 -s 2500000 -a 1 -l 40 -g 40
projects, personal
sdr hackrf
This post is licensed under CC BY 4.0 by the author.