thecriscoking

Frequencies

16 posts in this topic

I was wondering if its possible to pick up frequency signals (ex. TV remote, garage door opener) through your laptop or some additional hardware for the laptop?

A friend of mine told me there were robbers who would playback the frequencies emitted from a victim's garage door opener to break into house/garage. I wanted to know if any of this is even possible (the picking up and emitting of frequencies).

0

Share this post


Link to post
Share on other sites

I think your friend has been watching "Gone in 60 seconds" a few too many times.

But it's not impossible...

What you need for it is a Frequency Counter which scans a range of frequencies then locks into the strongest signal (the unit is heavily attenuated) via the capture effect. That will give you a base frequency.

Then, I would imagine you could capture it a couple ways... analog or digitially.

Analog way would be passing enough of the IF to a recording device that captures the signals that it makes. But not all signals are static...

Digital way would be figuring out the modulation method, capturing the raw bits of true data from background noise then reproducing it/modifying it.

I've heard of people modifying various remotes for different models of garage door openers with a flipflop IC hooked to a BCD counter which goes through all the bits combinations possible for that series of remote (and hopefully opener) till it finds the right one.

0

Share this post


Link to post
Share on other sites

You can do things like that. Check this out. It requires a "Universal Software Radio Peripheral" or USRP which is about $700 though.

0

Share this post


Link to post
Share on other sites
I was wondering if its possible to pick up frequency signals (ex. TV remote, garage door opener) through your laptop or some additional hardware for the laptop?

You can use a scanner (or some form of radio) feeding into the sound card of a PC/Laptop. This obviously is RX only, but using application like 'Multimon' you can recieve and decode pagers/packet radio/APRS/etc. If you have TX capability there is no reason why you couldn't do a replay attack.

My wife's car has an in-built door opener, you can put it into learning mode to clone a third party garage door opener. I guess that this is no-different.

I assume there there has not been a concern about security on this before, so most likely the codes would be pretty easy to clone. Unless of course they use a rolling key, in the same way that car door remotes work.

Mungewell.

0

Share this post


Link to post
Share on other sites

A quick bit of googling and here's some more information.

1). there is a 'security+' scheme which implements a rolling key, used on modern systems.

2). remotes appear to work on 390MHz band.

3). All in one chips are available, see http://www.maxim-ic.com/quick_view2.cfm/qv_pk/5549/t/al

4). US embassies are acting to prevent the criminals intent by blocking the 390MHz band, see http://www.cbc.ca/canada/ottawa/story/2005...en20051104.html

Munge

0

Share this post


Link to post
Share on other sites

I'm almost certain I could get my hands on a scanner. But how would I go about feeding it into my sound card and enabling it to have TX abilities?

0

Share this post


Link to post
Share on other sites
But how would I go about feeding it into my sound card and enabling it to have TX abilities?

For the RX side of things, just connecting audio jacks together should be OK. You may need to play with volume/record level to get something working. For TX you would need a transmitter (as scanner does not transmit) running at the appropriate frequency. I would presume that these remotes operate within a license free band (ie Part 15)

Obviously breaking into people's houses/garages is illegal.... I can't really encourage you to actually construct something which _could_ be used as a 'break & enter' tool.

Mungewell.

0

Share this post


Link to post
Share on other sites
You can do things like that. Check this out. It requires a "Universal Software Radio Peripheral" or USRP which is about $700 though.

That's just leet. Expensive, but you could have way more control over frequencies than you could with hardware.

I wonder if there's multiple frequency jamming potential here.

0

Share this post


Link to post
Share on other sites

what would be considered a scanner / transmitter? Like a regular trucker CB or something?

0

Share this post


Link to post
Share on other sites
What you need for it is a Frequency Counter which scans a range of frequencies then locks into the strongest signal (the unit is heavily attenuated) via the capture effect. That will give you a base frequency.

Spectrum analyzer, not a frequency counter.

0

Share this post


Link to post
Share on other sites
What you need for it is a Frequency Counter which scans a range of frequencies then locks into the strongest signal (the unit is heavily attenuated) via the capture effect. That will give you a base frequency.

Spectrum analyzer, not a frequency counter.

A spectrum analyzer measures power on a chunk of spectrum.

A Frequency Counter just finds the frequency of the strongest carrier.

Example: http://www.optoelectronics.com/xplorer.htm

Example: http://www.optoelectronics.com/cd100.htm

Example: http://www.optoelectronics.com/cub.htm

Learn when you read, son.

0

Share this post


Link to post
Share on other sites
what would be considered a scanner / transmitter? Like a regular trucker CB or something?

A scanner is simply a receiver that rattles through a series of frequencies. Not to be confused with a Receiver which is what the radio in your car is.

Ideally you want a transceiver to do both receive and transmit but first you need to learn what the signal is... what kind of modulation it employs (for instance you'd think that transmissions at 109Mhz would be FM since it's above the FM broadcast band at 108Mhz... but this is the aeronautical band and their transmissions are AM), how the data stream is sent, whether it changes between periods, etc.... A scanning receiver is much cheaper for this purpose because sometimes it could be *wide* in it's IF filter which if you were to listen to it on a *narrow* radio, you'd be losing vital parts of the bit stream.

Again, instead of investing in a USRP (which you can do... but you still won't have a TX section for that portion of the band - someone mentioned 370Mhz?) I'd just modify remotes which you can purchase at the hardware store reasonably cheap, contain the TX and RX portion you'll need and are much simpler to modify.

But hey, if they have something worth that much you want to steal, why not just use a brick? Have fun in jail when you try to hock it.

0

Share this post


Link to post
Share on other sites
You can do things like that. Check this out. It requires a "Universal Software Radio Peripheral" or USRP which is about $700 though.

That's just leet. Expensive, but you could have way more control over frequencies than you could with hardware.

I wonder if there's multiple frequency jamming potential here.

I like spark gap generators for this purpose.

Wide band interference is phat... especially in traffic. ;)

0

Share this post


Link to post
Share on other sites

lol i had no intention on using this to actually break into a house or any other illegal activity. Just curious ^_^

0

Share this post


Link to post
Share on other sites

1. Garage door openers operate as Part 15 unlicensed devices in the 300-400 Mhz. region. There are about fifty different frequencies that are used depending on make and model. The most commonly used frequencies are between 380-400 Mhz.

2. This frequency range has a primary allocation in the US as a federal government/military land mobile band.

3. Garage door openers use pulse code modulation to send a 8-10 bit binary number as the "code". The better systems use a "rolling code" system in which the access code changes in a pusedo-random manner every time it's used.

4. A regular scanner will hear nothing but a "pulsing" nose if tuned to the frequency in question. In most cases, a frequency search with a scanner will miss it. Close Call won't work either as the scanner is looking for an AM or FM analog signal, not a PCM one.

5. Most frequency counters do not have a fast enough gate time to lock on and display a frequency. You will need a "digital" counter such as the Opto Digital Scout.

6. A spectrum analyzer will easily show the signal.

7. In order to "receive" the signal, you'll need a VHF/UHF communications receiver in SSB or CW mode with the IF or discriminator output running into a soundcard using spectragram-type software.

8. US Embassies could give a fuck about crminals spoofing garage door openers. They simply have primary use of the frequencies and could care less if they screw with some Part 15 devices. The standard US Govt response regarding their use of the RF spectrum is to deny everything, even to the people who service their stuff.

9. Cybertech Issue #5 had an article on modifying the older garage door openers to cycle through the entire code sequence.

10. About the only thing detecting and monitoring for garage door remotes is useful for, is for detecting certain sensor/surveillance devices that use the same RF engines as garage door openers, such as wireless perimeter alarm/motion sensor systems.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now