Fun with Keyfobs!

Anyways, just like I said I would I got into trying to actually demodulate the signal for that fan remote…well as it turns out, after tons of research it seems like the method I posted about in my last entry was the easiest way to "demod" a PWM signal, just doing it by hand.  So I've moved on to other stuff.  So, been working on attacks against Keyfobs today (that little button you use to unlock/lock your car) and so far so good. Here's a screenshot of a little program I'm working on to make IDR (intercept, disrupt, replay) attacks on keyfobs a little easier. When it's done it will basically sit there and listen for you to push a button, when you do it will jam the signal and save the signal to a file. Then when you push it again it will jam that signal, save the second one to a file, the replay the first one (causing your vehicle to lock/unlock as expected).

Decoding fan remote RF signal

It's been quite a while since I've last posted here so I figured I'd do a little experiment.  I haven't even touched my SDRs in a few months, but I recently purchased a HackRF and WIFI Pineapple (they haven't arrived yet) so I figured I'd pull out my old dongles and brush up some on SDR and DSA.  Well, I wanted to start with the simplest thing I could think of so I grabbed a remote control for our ceiling fans and decided I'd try to decode the signal.

