Transceiver for Hella wireless car key fobs.
CMake Python C++ C
Latest commit 78fea97 Sep 21, 2016 @bastibl committed on GitHub Merge pull request #3 from JosephRedfern/more-keys
Start adding support for some unsupported keys
Permalink
Failed to load latest commit information.
apps switch to QT GUI Sep 15, 2016
cmake update cmake files Jan 8, 2016
docs init Jun 23, 2015
grc update grc files Jun 22, 2016
include/keyfob init Jun 23, 2015
lib Start adding support for some unsupported keys Sep 20, 2016
python delete unused unit tests Aug 7, 2016
swig init Jun 23, 2015
utils init Jun 23, 2015
.gitignore init Jun 23, 2015
CMakeLists.txt init Jun 23, 2015
MANIFEST.md add manifest Jan 8, 2016
README.md Update README.md Aug 15, 2016
gqrx-20150211-143803.wav init Jun 23, 2015
gqrx_20150306_154200_434400000.wav init Jun 23, 2015

README.md

This is a GNU Radio module to receive and reencode signals of (some) wireless car key fobs from Hella.

Dependencies

GNU Radio v3.7.X or the v3.8 development branch (next)

Installation

mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig

Usage

See the flow graphs in the apps folder.

Frame Format and Crypto

I recommend checking out the paper Lock It and Still Lose It – On the (In)Security of Automotive Remote Keyless Entry Systems by Flavio D. Garcia, David Oswald, Timo Kasper and Pierre Pavlidès, presented at the 25th USENIX Security Symposium.

The paper covers the frame format, crypto, and security issues of wireless key systems. This transceiver supports what the authors call VW-3 and VW-4. According to my understanding, the WAV files (i.e., signal samples) in this repository and a firmware dump of the ECU should be a good starting point to clone key fobs and to extract the master key.

There is also a Wired article on it.

Further Information

I blogged about the module and gave a talk at SDR Academy (slides and video).