Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

ComThings/RFCrack

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

                   ___                  _        ___            _
  / __|___ _ _  ___ ___| |___   / __|_____ __ _| |__  ___ _  _ ___
 | (__/ _ \ ' \(_-</ _ \ / -_) | (__/ _ \ V  V / '_ \/ _ \ || (_-<
  \___\___/_||_/__/\___/_\___|  \___\___/\_/\_/|_.__/\___/\_, /__/
                                                          |__/
            ___ ___ ___             _
      ___  | _ \ __/ __|_ _ __ _ __| |__
     |___| |   / _| (__| '_/ _` / _| / /
           |_|_\_| \___|_| \__,_\__|_\_\


    Welcome to RFCrack - A Software Defined Radio Attack Tool

    Developer: @Ficti0n - http://ConsoleCowboys.com
    CCLabs: http://cclabs.io
    Blog: console-cowboys.blogspot.com
    YouTube Tutorial: https://www.youtube.com/watch?v=H7-g15YZBiI
    Release: 1.1

    Hardware Needed: (1 Yardstick or 2 for RollingCode) 
    YardStick: https://goo.gl/wd88sr

    RFCrack is my personal RF test bench, it was developed for testing RF communications
    between any physical device that communicates over sub Ghz frequencies. IoT devices,
    Cars, Alarm Systems etc... Testing was done with the Yardstick One on OSX, but
    RFCrack should work fine in linux. Support for other RF related testing will be
    added as needed in my testing. I am currently researching keyless Entry bypasses.
    Keyless entry functionality will be added in the future with additional hardware
    requirements for advanced attacks.

    Feel free to use this software as is for personal use only. Do not use this code
    in other projects or in commercial products. I hold no liability for your actions
    with this code. Your life choices are your own.


    Current supported Functionality:
    ---------------------------------
    - Replay attacks -i -F
    - Send Saved Payloads -s -u
    - Rolling code bypass attacks -r -F -M
    - Targeted -t -F
    - Jamming -j -F
    - Scanning incrementally through frequencies -b -v -F
    - Scanning common frequencies -k

    Future Functionality(Currently Researching)
    -------------------------------------------
    - Keyless Entry/EngineStart bypass with SDR
    - Any Suggestions based on realistic use-cases you want me to add??
    - Add in more configuration for changing timing and logging


    Usage Examples:
    ---------------
    Live Replay:         python RFCrack.py -i
    Rolling Code:        python RFCrack.py -r -M MOD_2FSK -F 314350000
    Change RSSI Values:  python RFCrack.py -r -M MOD_2FSK -F 314350000 -U -100 -L -10
    Adjust RSSI Range:   python RFCrack.py -r -U "-75" -L "-5" -M MOD_2FSK -F 314350000
    Jamming:             python RFCrack.py -j -F 314000000
    Scan common freq:    python RFCrack.py -k
    Scan with your list: python RFCrack.py -k -f 433000000 314000000 390000000
    Incremental Scan:    python RFCrack.py -b -v 5000000
    Send Saved Payload:  python RFCrack.py -s -u ./files/test.cap -F 315000000 -M MOD_ASK_OOK
    With Loaded Config:  python RFCrack.py -l ./device_templates/doorbell.config -r

    Useful arguments:
    ------------------------
    -M Change modulation, usually MOD_2FSK or MOD_ASK_OOK
    -F Change the frequency used in attacks
    -U upper_rssi signal strength value for rolling Code
    -L lower.rssi signal strength value for rolling code
    -S Change Channel Spacing
    -V Change Deviation of modulation
    -a Jamming frequency variance from sniffer
    -s Send packet from a file source
    -d Save your current device settings into a loadable template after attack completes
    -l Load previously saved device configuration with attack

    Other Notes:
    ------------------------
    Captures get saved to ./files directory by default!
    Device templates are saved and loaded to ./device_templates by default

    Rolling code is hit or miss due to its nature with jamming and sniffing at the same time,
    but it works. Just use the keyfob near the yardsticks. It will also require 2 yardsticks,
    one for sniffing while the other one is jamming.

    And a final note, this is my own test bench for doing research and dev, if you have ideas
    to make it better based on realistic use case scenarios, feel free to reach out to me.
    Right now I am working on keyless entry attacks which I will implement into this later.

About

A Software Defined Radio Attack Tool

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%