Using the RSP 1 (SDRplay) cheap open/lock/panic/remote start any device
Disclaimer: this is for learning only, do not steal.. if you are smart enough to pull off things like this its makes no sense to lead a life of crime ;p
Parts required:
Your welcome very much i paid a ton more then 20% for mine.
You notice the SDRplayhas many antenna ports.. We are interested in 315Mhz and 433Mhz, I will leave it up to you to find the (short) cheap antennas on ali to cover those 2 in specific freqs. Your key fobs run on A or B.
Thats all u need in terms of HW.. Clone down Universal Radio Hacker:
https://github.com/jopohl/urh
Now take alook at your keyfob(s), and they will have FCC ids on them, type that code into https://fcc.io it should give u the exact freq. of your fob.
I want to leave a little to be learned here and not give it away.. This is pretty str8 forward. The demodulation type decoding can get intense.. but.. i figured it out.. U can too.
Load URH:
New Project, goto Spectrum Analyzer. Duplicate the fields I have (likely ). and hit record. Hit unlock and u should see the bands jump. That is good
Hit esc .. in URH goto Record Signal
Make sure Apply DC Offset is OFF. U may need to tweak the gains and IF. In this case I was replicating my remote start. It operates on 433.92mhz.
The 4 bars are digital rep. of the actual code. Each individual one will open the car. at this point stop, and save. hit esc.
Here comes the fun part ;) U wouldnt think its that easy would you ;p
Hell no. Now we have to decode the type of modulation and basically crack the code, which the s/w does for us. If u you dont see anything populated uner modulation, then click on the right open, and open your save file from previous step.
Click autodetect from orig. signal. It *should* auto crack the code, ive only run into a few times it didnt. … Good luck ;)
Another dope post by DJ Substance / 9x.network / tranceattic.com
follow me on @tranceattic
