Radio Hacking: Cars, Hardware, and more! - Samy Kamkar - AppSec California 2016
Переглядів 1,680,007
8 років томуWatch Samy most recent talk on Browser Manipulation • AppSecCali 2020 Closin...
In this talk I'll introduce radio hacking, and take it a few levels into hacking real world devices like wirelessly controlled gates, garages, and cars. Many vehicles are now controlled from mobile devices over GSM and the web, while even more can be unlocked and ignitions started from wireless keyfobs over RF. All of these are subject to attack with low-cost tools (such as RTL-SDR, GNU Radio, HackRF, Arduino, and even a Mattel toy).
We'll investigate how these features work, and of course, how they can be exploited. I'll be going from start to finish on new tools and vulnerabilities in this area, such as key-space reduction attacks on fixed-codes, advanced "code grabbers" using RF attacks on encrypted and rolling codes, exploiting mobile devices and poor SSL implementations, and how to protect yourself against such issues.
By the end of this talk you’ll understand not only how vehicles and the wirelessly-controlled physical access protecting them can be exploited and secured, but also learn about various tools for hardware, car and RF research, as well as how to use and build your own inexpensive devices for such investigation!
Samy Kamkar
Samy Kamkar is an independent security researcher, best known for creating The MySpace worm, one of the fastest spreading viruses of all time. His open source software and research highlights the insecurities and privacy implications in every day technologies, from the Evercookie which produces virtually immutable respawning cookies, SkyJack, the drone that wirelessly hijacks other drones, and KeySweeper, a wireless keyboard sniffer camouflaged as a USB wall charger. He continues to release new tools and hardware, for examples most recently the ProxyGambit, OpenSesame and ComboBreaker tools.
-
Managed by the official OWASP Media Project www.owasp.org/index.php/OWASP...
@markironmonger223 3 роки тому
Possibly the best answer for the public acceptance of Def Con, literally laying out the pathway of how vastly distributed insecure systems can be horrifically exploited because security standards weren't even a consideration. The arc from innocent fooling with your garage door to literally stealing any vehicle anywhere so long as you have cased it earlier is just a solid gradient from happy fun to full GTA superthief. Samy Kamkar did a wonderful job, not just as a sploiter, but as a presenter, this is top level Def Con.
@RainDancerVideo 4 роки тому
This is a very interesting talk. It gives even a non nerd a great insight into how insecure our world has become. "Just because it's invisible, doesn't mean it's safe" is a very eye opening statement. You have given me a new respect for hackers. Samy is a terrific presenter.
@nobodyimportant7655 Рік тому
Yeah he is one of the gang stalkers. That's why he teaches classes on this shit.
@pambrunner5716 Рік тому
A waist of time
@pambrunner5716 Рік тому
Wrong ail and or websight not mine?
@ITILII Рік тому
Samy Kamkar one of the most brilliant people you'll ever hear !!! Samy is my HERO 😁
@3v068 4 роки тому
GM is the perfect example of listen when someone is speaking to you, and have the respect to, at least somewhat, hear it out.
@foreverhidden0465 2 роки тому
So how would you defend against this sort of attack
@Willam_J Рік тому
Thanks to Samy, you can’t buy an IM-ME, now, for under $800. Believe me, I’ve been watching for one. My wife and I also go to antique malls, thrift stores, flea markets, etc, and I always look through the toys, hoping to find one of these. I haven’t seen a single one, in six years of looking. Thanks Samy! 😂
@russellm7530 Рік тому
I just looked on ebay and there's a few for around two hundred dollars.
@Willam_J Рік тому
@@russellm7530 - That’s still way too much. What’s driving their price down, is the release of the Flipper Zero. The FZ costs $160 and has infinitely more features. (I have a FZ and it’s absolutely worth the price.) I also have the HackRF, but since its necessary to use a laptop, to operate it, it’s not very convenient. I’ll wait until I find an IM-ME ‘in the wild’. I just can’t pay these prices, when better tools cost less. It still shocks me, that I have never found one. I know that antique dealers and resale shops check the value of everything on eBay, and price it accordingly, but it’s rarely something that I see happening at garage sales, unless it’s blatantly obvious that it’s worth money. I can’t imagine anyone taking an IM-ME out of a drawer, to put out at a garage sale, and saying “We better check this. It could be worth hundreds of dollars!” I’ve never even seen an overpriced one in person, and believe me, I’ve looked. Outside of eBay, it’s almost as if they never existed. With that being said, the intention of my comment was simply to poke some innocent fun at Samy. He’s a great guy, and a valuable asset to the community. Thank you for the ‘heads up’ on the price coming down. I knew that the FZ was driving the IM-ME prices down, but I didn’t know how much, or how fast. Take care and have a great week! 😃👍
@aramic1989 11 місяців тому
yeah man, i literally sold one like a week ago for 140 bucks....whats silly though is all you need is an arduino, a TI CC1110 sub-GHz RF chip and a few more things, some programming and you have your 200 IM-ME
@edschissel9109 11 місяців тому
90 bucks through Walmart online
@omegadroidzero 4 місяці тому
@@Willam_J You don't need a laptop to use a HackRF. Look up the portapack H2.
@jamesw6529 4 роки тому
This is a very interesting lecture with a wealth of information. It would have been awesome of you to leave links for everything you are talking about.
@billyhackett7610 4 роки тому
Had my attention the entire time. That is even more impressive than your brute force 4 second average cracking time.
@vicenteandrew4393 2 роки тому
i dont mean to be off topic but does any of you know a tool to get back into an instagram account?? I was dumb forgot the password. I appreciate any help you can give me.
@patrickcollin2949 2 роки тому
@Vicente Andrew instablaster =)
@vicenteandrew4393 2 роки тому
@Patrick Collin thanks for your reply. I got to the site thru google and im waiting for the hacking stuff now. Takes a while so I will get back to you later with my results.
@vicenteandrew4393 2 роки тому
@Patrick Collin it did the trick and I actually got access to my account again. I am so happy! Thank you so much, you saved my ass :D
@patrickcollin2949 2 роки тому
@Vicente Andrew glad I could help xD
@rommelrodriguez8376 3 роки тому
Nice lecture, good overview of fun stuff to play with and the hardware/software starter tools.
@Rorschak129 4 роки тому
Sammy this video is so good man. Never heard such an interesting talk with such technical details and so much knowledge. Memes were on point too.you da man .
@jayjaystewart2561 3 роки тому
loved this presentation and how you displayed the slides too, very informative and kept it laughable and fun.
@mannyarroyo4798 4 роки тому
I've been a Ham for over thirty five years and can remember driving around with my dad's car as a teenager with a CB and a 600 watt amplifier and activating bank alarms, opening electric gates and garage doors, and emptying the nightclubs by causing an ear piercing feedback to their sound systems.
@bargans3949 4 роки тому
lol
@billyjoejimbob75 4 роки тому
People in my area use to stop at a red light near a furniture store and turn on the touch lamps at night with their little 100-200 watt amps.
@jerrygaber6150 2 роки тому
What an explicitive generator you are.
@cvspvr 8 місяців тому
@@jerrygaber6150huh?
@someguyontheinternet- 3 роки тому
This is so fascinating. I want to learn more
@bloguetronica 4 роки тому
A safe way to lock/unlock a car is, instead of using a rolling key, use RSA with timestamp encryption. The car would send a public key to the key fob, and the key fob would respond with an encrypted and salted hash containing the encrypted pass plus the command. That would by encrypted via a timestamp as well, as part of the public key. The private key would be used to decrypt the (command + pass) hash, but would never be sent via radio. Edit: Just saw the final of the video, and you suggest the same. Nice!
@j4k3z Рік тому
I feel like as long as the action remains electronic it will always be vulnerable. Hence: the killswitch.
@TheCinderDude Рік тому
@@j4k3z sure but this is WAAAY harder to hack than regular rolling codes.
@viewingprophet4971 4 роки тому
Oh the days of FSK Modulated Bit Shift Keys were sweet..Could open Garage any Garage Door so easy.. Remote gates were easy as well..But my oh my how things have changed... Great Presentation... Thank You
@lemon3rd800 7 років тому
From half an hour to just eight seconds - This is insanely fast.
@mkcvx 7 років тому
now you understand the power of Math ;)
@masskiller9206 4 роки тому
Every garage door on the block opens in an 8-second span
@GODofTimewaste2 3 роки тому
@@masskiller9206 I would love to see someone transmitting that code with stupidly high transmitting power, just to open random garage doors in a city all at the same time. Just for the lols.
@masskiller9206 3 роки тому
@@GODofTimewaste2 regular power, very high gain antenna lol
@GODofTimewaste2 3 роки тому
@John fine, _suburban area of a city_ . I bet there are devices that would react to this even in an urban center though.
@aminabali9575 4 роки тому
I think this is one of the most interesting videos I've ever seen ! Thank you for all the great information and details 👌👏
@monelfunkawitz3966 4 роки тому
True story. My neighbors think I'm a little strange. They locked their keys in their car two months ago. Was walking the dog and talked to them. I told them I can take any sauce pan, put a rock in it, scream loudly in the pan and put the lid on, it will unlock any car. Went inside the house, got the pan and did this. Their jaws hit the floor. They tried for hours after I left. Maybe I should tell them I recorded their keyfob with my LimeSDR previously just in case and my daughter hit the mouse button after I told her to wait for my signal.
@ovencake523 3 роки тому
Just a question: Why do you have the car door codes for your neighbor's car?
@tanithrosenbaum 3 роки тому
@@ovencake523 Just in case...
@irishmick1156 3 роки тому
Great lil story if it's true. Hehehehe
@ruhnet 3 роки тому
Priceless
@atmosrepair 3 роки тому
Haha that is hilarious! Great thinking by playing a little joke with the sauce pan! I wonder if you ever told them what you really did!?
@cornholiob7074 4 роки тому
One thing I think would be cool to add in the section relating to MITM attacks would be the usage of a deathentication attack or a re-pair attack as its known in Bluetooth. This can help capture that wireless handshake as well as cause a device to connect to your false network.
@allcopsarenogood Рік тому
maybe
@adrianotto 8 років тому
Great talk Samy!
@giannisimeridis 3 роки тому
Couldn't agree more old sport
@thorthorbjornsen3853 4 роки тому
Recently discovered Samy. Great stuff, Man! TY!
@MrPinknumber 7 років тому
This talk is so damn interesting, loved it :D
@JohnBuggy 3 роки тому
Absolutely brilliant lecture!
@thomasdadswell858 4 роки тому
This is a brilliant lecture, natural teacher
@Frizzle1981 5 років тому
that moment he opened the recorded garage door signal modulation waveform in audacity.... genius. Crystal clear! This is the core essence of hacking.... learning and understanding technologies, and use them in ways they weren't designed for.
@dandwrasan2342 5 років тому
Chris Savage hi there seen your comment and thought you must know what your talking about I’ve got some questions on translating rf into binary
@SinanAkkoyun 4 роки тому
@@dandwrasan2342 Go ahead
@whoisntwhoisit2126 4 роки тому
This was an excellent presentation, well explained! Thank you!
@hassankrisht718 4 роки тому
extremely helpful ,full of interesting information. Thank you
@prisoneroftech2237 7 років тому
I think I will 'record' the frequency for my car and keep that data just in case I loose my key.
@chewysplace3542 6 років тому
funniest comment on here ...
@fadyserhan9537 6 років тому
good
@DupczacyBawol 5 років тому
It is not gonna work. Car key signals are encoded and encrypted using random numbers and algorithms like KeeLoq cipher.
@aroberts269 5 років тому
@@DupczacyBawol Correct. But, Samy created the code to successfully capture the signal and do so as mentioned above. He obviously will not release the code due to malicious use. Look at his site/google for the article. RollJam by Samy Kamkar
@SecureYourHacks 5 років тому
there is a synchronization counter C which gets incremented each time you press the key (of transmitter). Same way the receiver also stores the most recent validated synchronization counter it has received (N). Now when ever you press the key and send the pseudo-random number to the transmitter the transmitter also takes the synchronization counter C from transmitter (and to update itself will overwrite N with C). Now receiver will also produce the Cth code (corresponding to C i mean) and match with the code send by transmitter. There is also rolling window of acceptance for rolling codes say 100 or 1000 or whatever (depending upon which system you using for your Garage or Car keys). Now also note that C-N
@Thomas-gm7wb 2 роки тому
Fascinating. Great job on the presentation. Ten stars
@eventhorizon8014 4 роки тому
This is just amazing ! I'll order a RTL-SDR right next month :) I'm sooo excited what i'll find...
@Wiresgalore 4 роки тому
Buncha cool stuff! google WebSDR if you aren't already familiar to get a taste for sniffing the airwaves. I prefer the one in the Netherlands, I get lost in it for hours sometimes
@TheHellRay 4 роки тому
what did you find? :D
@stein1885 3 роки тому
@@Wiresgalore That is the best imo.
@mattmurphy7030 2 місяці тому
Did you get one??
@johnnykeeton8369 4 роки тому
I like how he is so excited but ham radio operators have been using this equipment for a while. Everything begins with the understanding of RF.
@sonyamcneil9719 2 роки тому
@@maxwellryanryan1839 zq
@myemail5457 2 роки тому
Am and FM to throw it off.
@anupr3592 3 роки тому
Worth every minute😍😍 RF is a very interesting topic. Dude😍😍
@johnaweiss Рік тому
Wow, the De Bruijn sequence is amazing! I wonder if vehicle makes now perform validation or hash their pw's.
@KipIngram 3 роки тому
Great presentation, Samy.
@melvinmprasad6117 3 роки тому
That was awesome. I learned 1 new thing so excited.
@Decentralized_Maze 3 роки тому
I thoroughly enjoyed every minute of this video. Superb content, clear and concise. A lot of details all at once lol, but perfect. I hope they pay you well 😆!
@EddieLeal 4 роки тому
I now remove my battery and all 4 wheels. It a pain but if they want my car they will have to really work for it. 🤣
@RWBHere 4 роки тому
They will just vandalise it and strip out anything of value. Does your alarm still work without the battery?
@omegachaos32 3 роки тому
Haha, you've essentially described what motorcycle, moped and bicycle riders do in large cities through metaphors. I've had one motorcycle stolen and another severely damaged in the attempt. That's with tech that has nothing to do with this video.
@sunyun4425 3 роки тому
Wheel lock
@codywhitlock8793 3 роки тому
@@sunyun4425 One of those extremely loud vibration alarms, active GPS, and a WHEEL LOCK is about your best bet and line of security. Other than that, the best security for your motorcycle is a highly reputable insurance company with exceptional theft protection.
@Max-ji4im 2 роки тому
😂😭😭😭😭😭😭
@mustache2295 4 роки тому
Well timed sip at 20:54. Confidence is exuding from this man here lol.
@larryje1069 2 роки тому
This is a fantastic video. Glad Samy is on the good side of the law. Do you know if auto manufactures are only fixing new car systems or do they also have some kind of hardware upgrade system to improve older cars?
@allcopsarenogood Рік тому
no but can instal
@alexbrown128 2 роки тому
As soon as you started explaining that you were cutting the pauses between the signals I said to myself "we can use superpermutations here"
@fifaham 4 роки тому
To view wider RF spectrum then use hand held spectrum analyser with small embedded display - they are about $100 up to few thousands dollars in price depending on capabilities. You may get basic hand help SA for $200 or so and view all frequencies say from 15 MHz up to few GHz in freq.
@PotatoOfDestruction 7 років тому
Samy is still my hero!
@noson_ 5 років тому
My space
@Cygnus0lor 5 років тому
@@noson_ is your space
@noson_ 5 років тому
@@Cygnus0lor sorry I do not understand want you are writing me
@Thekimfowler 4 роки тому
whizhackz ofoz .com
@RogBearD 4 роки тому
Good for you kid, living villains are becoming heroes to ppl nowadays. Where the world has come into.
@joanx9722 2 роки тому
I definitely need to hear about this bc it's been a problem with this in my on life ... thank you so much for this
@robinwells8879 4 роки тому
Exciting and disturbing in roughly equal measure. I like classic cars all the more now!
@gazzacroy 4 роки тому
lol I hear that one .
@yams3954 4 роки тому
but classic cars are much easier to break into
@robinwells8879 4 роки тому
TheBreakfastGod you are not wrong. My car has no keys or locks for that matter and starts with a screwdriver. That said, perhaps not so easy to gain access to when at speed on the road 🤣.
@atmosrepair 3 роки тому
Yep oldies but goodies. Lot less to go haywire, lot less sensors. All this tech in vehicles has amounted to big bucks for the dealerships.
@atmosrepair 3 роки тому
@@yams3954 yes they are, but if a person wants to steal something bad enough they will find a way usually.
@TehVulpez 5 років тому
lmao good opener "we all love nic cage right"
@Zany4God 3 роки тому
I only had an inkling this was going on. Thanks for sharing.
@fflynnful Рік тому
Interesting information. This shows that there is nothing quite like a hidden kill switch on your vehicle. Put the switch in line with power to the starter or ignition and make it hard to find easily. Hardware trumps software. The best place might be the power line to the fuel pump. The engine will crank and might start, until it shortly runs out of fuel.
@eliseyman 3 роки тому
Hey Samy, do you know is it possible (in theory) to duplicate car remote key (it’s features) onto a different device with remote capabilities? - If using my own key, there is an option to duplicate it to other digital device with remote options.
@anthonycontreras5613 4 роки тому
thank you for this video!
@JamieJones1985 4 роки тому
Very interesting. One thing I would suggest to improve the recordings is to repeat or summarise the questions before responding.
@omegachaos32 3 роки тому
Agreed. The last 5 minutes, roughly, were useless since we couldn't hear the questions and there weren't enough context clues to figure out what was being asked.
@atmosrepair 3 роки тому
Yup thought the same thing. Someone get that man a microphone, or as you say, just simply repeat the question for us.
@rickeyracer44 7 років тому
Brilliant!!! VERY Interesting!!! I sure hope the car manufactures whom you shared your discoveries, of the "vulnerabilities in security" offered you more than a handshake, and a thank you. I'm sure this discovery to you was only one of curiosity, and a hacker's delight, although with this information you sir, have helped progress technology as we know it.... not to mention saved alot of peoples cars from getting jacked!!! (LOL) I thank you. keep on hacking brother.
@MrBademy 5 років тому
even scarier !!! with technological backdoors like this one can easily perform a terrorist attack or a murder, just take control of his car and slam him offroad or lets say in whitehouse ?! crazy, this guy is like Tony Stark of hacking, good job Samy, you are my new idol ! :)
@jlboygenius 5 років тому
Interesting! I did something similar to reproduce the remote to an adjustable bed. Found out it used a CC2500. Now I can use my phone or Alexa to control the bed. :)
@publicmail2 5 років тому
Wow incredible you must use sure app!
@LeifNelandDk 4 роки тому
To prevent the jam+replay hack, if the rolling code is just continuing for every keypress, locking the car should invalidate the previously recorded unlock code.
@blauwzakjecrack 4 роки тому
nope, wont work, the reciever misses some of the transmitted rolled codes and thus is out of sync and dous not know what rolledcode it missed in the series excpected codes (in a recieve only setup), to fix this you could use spectrum of possible rolled codes (with reset evry x try`s , but his increases accessibility of brute force.
@roberrewyatt3989 Рік тому
Thank you, Samy!!! For the info...
@hfe1833 4 роки тому
The more I listen to him the more interesting
@nezerac 4 роки тому
@8:30 .....isn't that what they do when they climb for altitude?
@MaxJaMaija 4 роки тому
With RTL-SDR you can do much much more, AIS, Weather satellites and more
@TheUnpreparedMind 3 роки тому
What would you use to find out if somebody is chipped a frequency detector or a emf detector??
@gabrielborges7909 13 днів тому
The part where talks about spoofing a ship's gps signal really made me think of the Key bridge incident. I'm not saying it was hacked, but the fact that it's possible is mind boggling.
@fjs1111 2 роки тому
Rolling codes are very easy to catch, simply create a higher amplitude signal near there garage door and have a receiver where about they would activate it to open it. Sometimes they press it too soon anyway out of range, but as you said exactly repetition but rolling codes themselves are actually *breakable*. If you can capture numerous codes from opens and closes, you can actually use a deductive algorithm to reduce the time to what I calculate could be only a few days as there is no lockout. I call this attack deductive unrolling ;-) as you s aid, might be easier to kick there door in and get the keys. But, I don't like to give too many ideas publicly somewhat reluctant to even post this. Another thing, the rolling codes do have limits on older units so I believe it's usually 65k codes, newer one's have larger bit sequences. Now, WiFi enabled openers are gaining popularity and using pcap and simple wifi security flaws like one in Chamberlain (liftmaster) they leave ports open and you can pull the API cgi page which interfaces with the mobile app and it's easy enough for people like you and me. On car keys such as that on one of my older benz's, it actually uses IR for LoS functions like lowering windows and the IR portion may even have other functions. Again, I may delete this post as I'm a bit nervous over the possibilities and potential attention on this, and I was able to capture that with a learning IR remote and replay it. Worked once assuming I was near the transmitter unlock.
@BitSmythe 5 місяців тому
… near *THEIR* garage…
@skidoodles 3 роки тому
What's the indicator for a car to know that a code has been used before? Does it have a memory and logs history codes? Or go through a list of possible codes one by one in a random sequence? What if you've maxed out all the possible codes, does it start repeating codes?
@charlesclements4350 4 роки тому
I can not hear the questions coming from the audience.
@FunkyFalafel 3 роки тому
Great vid man! Thanks bro! Any spare kit would be awesome!
@bloguetronica 4 роки тому
My guess is that PSK (phase shift keying) is harder to decode. Your device would see a single, fixed frequency, continuous signal.
@mattmurphy7030 2 місяці тому
PSK is very easy to decode. SDR software has it built in.
@BuckFitches 3 роки тому
i like samys style to make us understand all this bs.....thanks man
@LarryCook1960 3 роки тому
Garage door openers haven't had DIP switches in a long time. All modern ones are rolling code.
@mmaranta785 3 роки тому
In the mid 70’s I had a Genie Alliance remote garage opener. I drove around my neighborhood on my bike with an Allen wrench and turned the adjustable ferrite coil (changing the frequency) and actually got someone’s garage to open.
@mattmurphy7030 2 місяці тому
I just installed a new garage door opener and it has dip switches…
@Nash4Nashville 4 роки тому
Glad he's one of the good guys!
@paulmilsom1092 4 роки тому
but now anyone can do this...
@awolff3381 2 роки тому
in the old days my dad had a garage door opener that had a roller switch where you could just stand in front of whatever door hold down the button then roll the switch back and forth till it opened it took seconds
@Haxr-dq6wt 3 роки тому
This dude make things soooo easy, he should make courses
@mowiwowi8951 2 роки тому
im glad your on our side
@k.m.rayhan1035 2 роки тому
it was a nice presentation. I am little curious about the questions end of the presentation. bt thanks for the knowledge .
@tenzindukdak5132 3 роки тому
This video is essentially opening gates for new hackers
@fifaham 4 роки тому
For time frame of 30:00 today ARM MCU have the capability of securing all communications by HW under supervisory mode, unless you are dealing with older technology then you will be at risk because todays ARM MCU have very strong security and strict supervisory mode preventing unauthorised users to intervene. Old technology did not have the ability to lock supervisory mode and allowed intruders to switch from User Mode to Supervisory Mode wirelessly or via WiFi or even if cable connected.
@thebesteverever6751 2 роки тому
this video was so informative thank you
@Sam-yz7vm 4 роки тому
very interesting and existing presentation :-)
@bneexotics2120 2 роки тому
Great presentation 👍
@dandwrasan2342 5 років тому
Great vid and a highly intelligent man
@instablaster. Рік тому
This was great presentation
@gjgedi 4 роки тому
Samy i really like this video but it’s 4 years old have you got an up date?
@alexlee6129 4 роки тому
So if you take someone's key fob and press unlock 1000 times while it is out of range of the receiver, that key fob would stop working forever?
@KLWCOMM 4 місяці тому
All well said - how about some suggestions on how to protect yourself from key fob attacks? A simple one is to shield the key fob with a simple faraday cage, such as an aluminum foil, while at home or in the parking lot, if it comes to that.
@AliHussain-yt2zl 3 роки тому
Wat about remote neural monitoring can you detect that at ulf ultra low frequency from 0mhz to 70mhz
@xvier777 Рік тому
This was so fun to watch! Thanks
@lordtimebomb6792 4 роки тому
Does this video talk about hackers listening in on your car convos??
@dentaldickwad 3 роки тому
This is how I started down the rabbit hole. Gate automation
@JohnWalker-256 2 місяці тому
Legends without cars are watching ❤❤
@ViktorEngelmann 4 роки тому
Very good presentation :-) just one thing: please repeat the questions in the Q&A
@CharIieMayhem 3 роки тому
Dang, I have so much to LEARN.
@andrew_koala2974 3 роки тому
Everyone has something to learn, and in an entire life-time one would not manage to learn everything there is to know. The secret is to surround oneself with people who know what we don't know and allow them to teach us. For that to happen, one must listen, and be teachable
@layton3503 4 роки тому
I just park on the street with my windows down now
@cameronragsdale1402 4 роки тому
No doubt.
@cesneaks5675 3 роки тому
Sammy this video is so good man. Never heard such an interesting talk with such technical details and so much knowledge. Memes were on point too.you da man .
@SecureYourHacks 5 років тому
For those who did not get the concept : there is a synchronization counter C which gets incremented each time you press the key (of transmitter). Same way the receiver also stores the most recent validated synchronization counter it has received (N). Now when ever you press the key and send the pseudo-random number to the transmitter the transmitter also takes the synchronization counter C from transmitter (and to update itself will overwrite N with C). Now receiver will also produce the Cth code (corresponding to C i mean) and match with the code send by transmitter. There is also rolling window of acceptance for rolling codes say 100 or 1000 or whatever (depending upon which system you using for your Garage or Car keys). Now also note that C-N
@jollax 2 роки тому
I wonder, if you attempted to brute force a garage door in a residential area then what's preventing you from opening other garage doors in the area during the process?
@mattmurphy7030 2 місяці тому
Range mostly
@change3541 2 роки тому
awesome presentation brother
@georgeroby3308 Рік тому
Dude as startling and eye opening watching this was some I already knew but because the powers to be I was talked to in a manner that I doubted my instincts and I began believing I was going loony. When used on as an example you got my attention cause at one I was so paranoid I wanted to remove the on star hardware from my truck but gm cheverolet and on star all three told me that was impossible as it would cause vehicle to nu perform or function correctly. Bottom line I knew they were lying to me when they told me the software and hardware didn't operate and function unless I was to activate it I knew it was bs and questioned my sense instincts and street smarts. I love to see more of your videos.and truly believe this I'm grateful to you for having the courage to openly publicize this information cause humans race deserve to know if they have any intention of protecting themselves cause this is the modern day threat guns is no longer our fear but technology is where the battles are being fought those who are misinformed and under educated are being destroyed I don't attend college I do have some credits I didn't graduate I also in self education I'm always learn even if I don't understand it. Something or someone comes after their going to have a fight on their hands that will be impossible for them to win let alone survive cause I will survive even if it comes down to my last breath I am a fighter and very proud American with thick deep Irish bloodline and darn proud of it
@PamelaLogan 7 місяців тому
Wow! Thanks for doing this. Are you saying that we don't need to use an expensive spectrum analyzers to find signals? Signet Intelligence has that capability. Id like to find out who is bombarding v2k technology to my head. Noticed sonar rays hitting my head while wearing a tight head wrap. Can hear a tracking sound.
@williamcruz364 6 років тому
Were can I buy THIS GADGET? 👍
@jeffreymorris1752 Рік тому
Samy is likely also an authority on cease-and-desist notifications. Pretty certain he could safely ignore most if not all of those.
@JDs_RandomHandle 4 роки тому
Researching ways to avoid having to call a locksmith. I almost want to loose my car keys now.
@timurnugumanov8164 4 роки тому
Man, now we know your garage code!
@rileystewart9165 4 роки тому
Wait so if his garage door opener operates on a single frequency, does that mean it is an AM signal? Alternatively for my cell phone, there is a lower and an upper bound. Does this mean my phone does FM with a bandwidth of (Higherbound-Lowerbound)? Thanks. I'm sort of interested in this stuff. I took a class on antennas but I wished I asked more questions.
@mattmurphy7030 2 місяці тому
Yes, you nailed both cases
@BuildThoseSkills 4 роки тому
garage door openers use rolling codes these days. the dip-switches are from a few decades ago. awesome info though! amazing :)
@mattmurphy7030 2 місяці тому
I just installed a garage door opener and it has dip switches in the remotes
@BuildThoseSkills 2 місяці тому
@mattmurphy7030 you're right... there still are dip switches... I guess what I meant was that a few decades ago before rolling codes, the dip switches were what made the signal unique and you could replicate the remote by matching the dipswitch positions on another remote.
@bdr420i 2 роки тому
When you find a video which already you hit like on it but you don't remember it, do you watch it again?
@amberrose6978 3 роки тому
Nice to meet you, Samy. I promise to not use this information for evil deeds.
BSides Cape Town
Переглядів 631 тис.
Руслан Гладенко
Переглядів 3 млн
Суспільне Донбас
Переглядів 271 тис.
Shubhanshu Mishra
Переглядів 27
UnderMind
Переглядів 243 тис.
DEFCONConference
Переглядів 304 тис.
HackersOnBoard
Переглядів 387 тис.
The Modern Rogue
Переглядів 1,1 млн
Blue Queen💙
Переглядів 375 тис.