Only one repeat on rolling
RobRusso opened this issue · 8 comments
Hi sorry my noob question but when using the rolling code mode (-r) only one of the signals is repeated, the second fails. Sometimes the first fails and the second works. Any tip how could I fix this?
Your listener is going to need to be near the Keyfob... Based on the very nature of the attack its going to be intermittent per the notes in the ReadMe becuase its jamming a frequency as it is sniffing a frequency. Which as you can imagine is tricky. But there are a few things you can adjust which are switches in RFCrack.. Upper and Lower RSSI . -U -L . and Jamming Variance which is -a. With these I can usually get a pretty consistant rolling code attack.
You can play around with adjusting the upper and lower RSSI values based on your environment. Since its parsing on signal strength of the Keyfob vs the Jamming.. Opening the window based on the output you are seeing in the signal strength which is is listed during the attack.
You can also adjust the Jamming variance, which is how far away from the exact signal you want to Jam.. This may give you a better capture.
Hi, quite new to the exciting world of RF Hacking, I have been playing around with the rolling jam attacks, I noticed that while the attack is ongoing, it starts receiving apparently "ghost" signals, even though there is nothing transmitting near the two yard sticks. I tried it indoors and in an isolated room. Yet the yard sticks seem to be pickup a signal... Is it possible the Sniffer is picking up the Jammer?
Hi, quite new to the exciting world of RF Hacking, I have been playing around with the rolling jam attacks, I noticed that while the attack is ongoing, it starts receiving apparently "ghost" signals, even though there is nothing transmitting near the two yard sticks. I tried it indoors and in an isolated room. Yet the yard sticks seem to be pickup a signal... Is it possible the Sniffer is picking up the Jammer?
Yes your yardstick is 100% picking up your jamming.. you need to filter based on RSSI values for signal strength since your jammer is right near your other card it will be higher signal strength then your target. Play around with those numbers so your filtering for your target signal strength vs your yardsticks.
is there a better way to filter the jammer's signal from the sniffer's. So far I have tried using the RSSI switches -U and -L. And also the -a switch, to try to filter out the jammer's from being capture by the sniffer.
Unfortunately, it seems it's signal strength is all over the range from -7 to -245 and anything in between...?
I have seen people fuzz with specific values then filter those out... you can give that a try.. I never had much luck with that technique though.
Probably would want to do something like on line 56 of the following file:
https://github.com/cclabsInc/RFCrack/blob/master/src/RFFunctions.py
Create a new line before if statement put something like:
print signal_strength
This should print the signal strength every time a check is used to see if the RSSI values are between the specified value during your rolling code attack. I believe that should be correct.
Oh my bad, when i say fuzzing I meant jamming.. I have seen people try to jam with specific characters and then filter those out when sniffing for real things.. But I have never had that work so I can't say that its useful. But its an option. I just have never seen it work in practice.