Decoding Automotive Keyfob

HackRF Software

Decoding Automotive Keyfob

Postby admin » Thu Sep 05, 2013 12:05 pm

I captured some keyfob data the same way described in dragorn's great tutorial's Log in or register to see all links

Here you can see the data from the keyfob in baudline -

baudline.png
baudline.png (15.11 KiB) Viewed 4143 times


You can see there is long and short pulse's I will assume long is 1 and short is 0 at this point, I setup the following GRC graph to narrow down the signal and convert it to a magnitue. I also added a squelch to remove noise and a file sink for the data stream.

GRC.png
GRC.png (96.1 KiB) Viewed 4143 times


So I have the data in a file and now I need to make it meaningfull, I adapted a small C program which reads the file and records for how many counts the signal is HI and for how how many counts the signal is LOW based on a threshold I set. Because the data lengths are fixed we can then say if the signal is HI for x counts its a 1 and if it's HI for y counts its 0. That is what this little program is doing, I have check the output against a visual check in baudline and the outputed binary is correct.

Output.png
Output.png (19.86 KiB) Viewed 4143 times


The input for the program is, the file name, the sample rate in this case 30K and the threshold, this is the center point between a high and low this can be found by viewing the scope sink in gnuradio. Ofcourse this is not very usefull as is and I will next break the data in to packets etc, however as a beginner with all this I am pretty happy with where I am so far. I will attach the C file below, you could use it as is if the keyfob signal are the same or pretty easily modify it for your needs.

cppdecode.zip
(862 Bytes) Downloaded 332 times
admin
Site Admin
 
Posts: 28
Joined: Mon Nov 19, 2012 11:54 pm

Re: Decoding Automotive Keyfob

Postby geekskunk » Thu Sep 05, 2013 3:28 pm

Very nice. What type of keyfob was yours? Noticed Dragorn's OOK/Morse data was from a Subaru. Would you consider posting the GRC graph to facilitate re-use? Also the actual data in the file captured too might be interesting also to have a few folks look at and help you recover something from it. (If you want any outside opinions or help.) There may be something to be learned by comparing captures from different fobs from similar keyfobs.
geekskunk
 
Posts: 6
Joined: Sun Jul 28, 2013 9:05 pm

Re: Decoding Automotive Keyfob

Postby geekskunk » Thu Sep 05, 2013 3:33 pm

When trying to make heads or tails of the binary output it may be worth while to look at it in different line codes.

Ref:
Log in or register to see all links
or
Log in or register to see all links
geekskunk
 
Posts: 6
Joined: Sun Jul 28, 2013 9:05 pm


Return to Software

Who is online

Users browsing this forum: No registered users and 1 guest

cron