Cybersecurity & RF Hacking

Car Keyless Entry Replay Hack (HackRF)

Case Study DetailsID: car-hacking-hackrf

Name

Muhammad Ahsan

F2019376007

“Car Hacking System sing RTL SDR and Hack RF”

Car Hacking System sing RTL SDR and Hack RF

IN This project we hack car using a RTL SDR and Hack RF.

Most RKEs operate at a frequency of 315 MHz for North America-made cars and at 433.92 MHz for European, Japanese and Asian cars.

First we use rtl sdr to check frequency of car key remote.

We use gqrx software for recording frequency .

So we get frequency of car key remote and know we record this frequency and then we do replay attack with the help of Hack rf.

For doing this replay attack we use a software

“Universal Radio Hacker “

The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios.

For installing this software we use these commands .

“git clone https://github.com/jopohl/urh.git”

But we use “Dragon OS” dragon os is an operating system with preinstall all these softwares which hack rf and sdr needs so I do my attack on this operating system.

“ First we open terminal then type “urh” ”

Then urh open in gui form

After that open file and create new project

We created new project with name capture and replay .

After creating new project we set frequency which we get before we set frequency on 433.91M

And increase bandwidth to 4.0M .

For confirming frequency in this tool we open “spectrum analyzer”

We set frequency and connect our hack rf and set bandwidth and gain and press start butto.

so we confirmed our car key frequency on this tool.

After that we record this frequency.

For recording this frequency we open record signal from file option and record these car key frequency for replay attack .

After opening set frequency before we got and set all other settings and press start button.

We recorded the frequency and then press save button to save this frequency after that we do replay attack.

For replay attack open saved file which we saved before and then putt gain on zero and select our hack rf device and all other setting is same which we captured before.

Then just press start button for replay attack

“KNOW our car opens without key just doing this replay attack with hack rf.”

The

End

Project Summary

Brief Description

Executed a remote keyless entry (RKE) replay attack to lock/unlock vehicle doors using a HackRF One transceiver.

Methodology Summary

Identified vehicle fob frequency at 433.91 MHz using RTL-SDR. Captured key codes in DragonOS using Universal Radio Hacker (URH). Amplified and transmitted the recorded IQ code frame using HackRF One.

Results & Performance

Unlocked the target vehicle's doors without the physical key fob in a controlled testing environment.

Tech Stack

HackRF OneURH (Universal Radio Hacker)DragonOSRKE Protocol Hacking

Author:Muhammad Ahsan

Date:2025 - 2026

Class:security