Skip to content

ufnalski/rolling_code_transmitter_h533re

Repository files navigation

Rolling/hopping code authentication demo (transmitter) [STM32H533RE]

Inspired by the "unhackable" modern steering column locks such as 3Q0905861A (Audi A4 B9). The content of my repos makes it pretty obvious that I'm currently on the hunt for every (servo) drive from a passenger car. This time the hunter becomes the hunted. Steering columns locks will hunt me to the end of 2025 - two more weeks left 🙂 I will probably fail miserably. There are at least three reasons for that. First, the extended CAN ID renders brute-force search for IDs impractical for a DUT without a working car. Second, an electronic steering column lock (ESCL) is a security feature designed to prevent unauthorized use of the vehicle - do not expect it to react on a single CAN frame with a fixed payload. Third, I'm not a cybersecurity hobbyist (yet) and my tools are close to nonexistent in this particular field. If you are in a similar position, my suggestion is to start from something less challenging. Let's build our own transmitter and receiver pair that uses rolling code authentication. Are you curious upon what principle a remote keyless entry (RKE) system may be based? If yes, you came to the right place.

Audi A4 B9 ESCL Audi A4 B9 ESCL can frames Rolling codes in action Rolling codes can frames Rolling codes in action

Note

The demo uses wired communication. We are here to grasp the idea of a hopping code authentication method - the physical layer does not affect our current experiment. You can use any hardware of your choice - preferably the one that offers hardware hashing but you can always do that part also in software1 (buttons are pressed by humans relatively slowly). In my case the receiving device is a compatible CAN bus node.

Missing files?

Don't worry 🙂 Just log in to MyST and hit Alt-K to generate /Drivers/CMCIS/ and /Drivers/STM32H5xx_HAL_Driver/ based on the .ioc file. After a couple of seconds your project will be ready for building.

Readings

Call to action

Create your own home laboratory/workshop/garage! Get inspired by ControllersTech, DroneBot Workshop, Andreas Spiess, GreatScott!, bitluni's lab, ElectroBOOM, Phil's Lab, atomic14, That Project, Paul McWhorter, Max Imagination, Nikodem Bartnik, Stuff Made Here, Mario's Ideas, Aaed Musa, and many other professional hobbyists sharing their awesome projects and tutorials! Shout-out/kudos to all of them! Promote README-driven learning 🙂

Warning

Rolling/hopping codes - do try them at home ❗

210+ challenges to start from: Control Engineering for Hobbyists at the Warsaw University of Technology.

Stay tuned 😎

Footnotes

  1. An exemplary use of Mbed TLS is demonstrated in my Wall of Entropy.