RFCrack: Software Defined Radio Attack Tool

RFCrack

RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but it should work fine in Linux. Support for other RF related testing will be added as needed in my testing. I am currently researching keyless Entry bypasses. Keyless entry functionality will be added in the future with additional hardware requirements for advanced attacks.

Feel free to use this software as is for personal use only. Do not use this code in other projects or in commercial products. I hold no liability for your actions with this code. Your life choices are your own.

Current supported Functionality:
———————————
– Replay attacks -i -F
– Send Saved Payloads -s -u
– Rolling code bypass attacks -r -F -M
– Targeted -t -F
– Jamming -j -F
– Scanning incrementally through frequencies -b -v -F
– Scanning common frequencies -k

Download

git clone https://github.com/cclabsInc/RFCrack.git

Usage Examples:
—————
Live Replay: python RFCrack.py -i
Rolling Code: python RFCrack.py -r -M MOD_2FSK -F 314350000
Adjust RSSI Range: python RFCrack.py -r -U “-75” -L “-5” -M MOD_2FSK -F 314350000
Jamming: python RFCrack.py -j -F 314000000
Scan common freq: python RFCrack.py -k
Scan with your list: python RFCrack.py -k -f 433000000 314000000 390000000
Incremental Scan: python RFCrack.py -b -v 5000000
Send Saved Payload:: python RFCrack.py -s -u ./files/test.cap -F 315000000 -M MOD_ASK_OOK

Useful arguments:
————————
-M Change modulation, usually MOD_2FSK or MOD_ASK_OOK
-F Change the frequency used in attacks
-U upper_rssi signal strength value for rolling Code
-L lower.rssi signal strength value for rolling code
-S Change Channel Spacing
-a Jamming frequency variance from sniffer
-s Send packet from a file source

Other Notes:
————————
Captures get saved to ./files directory by default!

Rolling code is hit or miss due to its nature with jamming and sniffing at the same time, but it works. Just use the keyfob near the yardsticks. It will also require 2 yardsticks, one for sniffing while the other one is jamming.

Demo

Source: https://github.com/cclabsinc/