Kia and Hyundai cars in South Africa immune to viral theft trend – Here’s why

Nope, incorrect.

The Flipper Zero attack can attack rolling codes. The difference is that you need to capture the FOB's transmission "out of range of the vehicle" and then re-play it before the FOB is pressed again near the car.

This way you've captured a valid rolling code, but the car hasn't marked it as used yet, so it can be replayed.
Vehicles use a key map of valid rolling codes (in case you press your key too many times accidently without being near the car) - when you do press it near the car, the car will update the map table with the current rolling code + more valid codes.

However, any code on that table, if not used, is still valid.

Hence a simple example:

Say the vehicle is using a HEX code of 000AF1

The car is now waiting for:

000AF1 Here, you locked the car with the FOB in range.
000AF2 (Here, you pressed the FOB, captured it with flipper Zero but the car did NOT receive it/out of range)
000AF3 Waiting
000AF4 Waiting
000AF5 Waiting
etc..

The updated table now looks like this:
000AF1 USED/NOT VALID
000AF2 Waiting
000AF3 Waiting
000AF4 Waiting
000AF5 Waiting
etc..

Guess what happens when the Flipper replays 000AF2 :)
 
neoprema said:
Nope, incorrect.

The Flipper Zero attack can attack rolling codes. The difference is that you need to capture the FOB's transmission "out of range of the vehicle" and then re-play it before the FOB is pressed again near the car.

This way you've captured a valid rolling code, but the car hasn't marked it as used yet, so it can be replayed.
Vehicles use a key map of valid rolling codes (in case you press your key too many times accidently without being near the car) - when you do press it near the car, the car will update the map table with the current rolling code + more valid codes.

However, any code on that table, if not used, is still valid.

Hence a simple example:

Say the vehicle is using a HEX code of 000AF1

The car is now waiting for:

000AF1 Here, you locked the car with the FOB in range.
000AF2 (Here, you pressed the FOB, captured it with flipper Zero but the car did NOT receive it/out of range)
000AF3 Waiting
000AF4 Waiting
000AF5 Waiting
etc..

The updated table now looks like this:
000AF1 USED/NOT VALID
000AF2 Waiting
000AF3 Waiting
000AF4 Waiting
000AF5 Waiting
etc..

Guess what happens when the Flipper replays 000AF2 :)
Click to expand...
Did you even read the article?

This isn't about using a Flipper to access the car, it is about using a USB to start it.
 
I did, and my reply is to this part of it:

"The code rolling systems are linked to a transponder in the vehicle key and use a different “code” to unlock the vehicle every time, thus avoiding the possibility of a fixed code being copied by modern signal interference equipment and relayed to open the doors once the owner has left."
 
Crowley said:
Did you even read the article?

This isn't about using a Flipper to access the car, it is about using a USB to start it.
Click to expand...
Aww man! @neoprema been waiting a long while for this to pop up in casual conversation so he could show his understanding. :laugh:
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X