With older cars this works, but newer cars got rolling codes which you can basically not find out. This means the key passes a frequency + a number, the car getting the signal will also have a number saved. If both numbers are the same the car door opens and the number aka the rolling code randomizes itself again, so only the car and the key know the necessary info. Edit: Sorry, my comment is misleading. I talked about the Flipper Zeros‘ basic programs which can not catch rolling codes (except there are users who made mods for this specific purpose idk). So yes, rolling codes can be caught by other hacking tools. A lot of people were confused about what I said. And before I get comments about the rolling code generation process being way more complicated, yes, that‘s also correct. I intended to post a comment which explains that this hacking device can not crack every car because at first some people might think this is the most powerful hacking tool on the market when seeing this. Oh yeah and also you need to catch the signal which eventually opens the car. If you catch the signal of the car locking or activating the car alarm, the exact action you caught the frequency of will happen.
There are a couple ways that rolling code systems can be bypassed. So long as you capture a transmission of the code and the car does not, that code will remain valid since the car doesn't know that the code has already been sent from the key fob. If you have a second SDR, you can set the devices up so that one of them jams the receiver on the car while the other intercepts the code. Once the first code is intercepted, disable the SDR that is jamming the car's receiver. The fob will cycle to the second code, which the car will accept because as far as the receiving end on the car is concerned, the first code was never sent to begin with. Due to how the number randomization works, the car isn't going to understand that the first code was never sent, because otherwise the key would stop working if you were to accidentally press the button while outside the range at which the car can capture the frequency. You'd have to reprogram the car every time that happened in order to reset it. Speaking of which, here is the second way to bypass the rolling code: if you can somehow press/get the owner to press the unlock button while far away from the car, it's basically the same concept. Code gets sent, you receive the code, and the car doesn't. One way or another, if this chain of events takes place, you now have a code that you can use to successfully unlock the car. It'll only work once though, because that code will then be checked off and designated as being invalid once it's used.
Not working on 1997 Toyota Supra Turbo RHD. It doesnt get any signal on 315/AM270. I tried hopping as well. Any tips? I thought my car was old enough to not have rolling codes.
@@nikkolausEnded up downloading the unleashed firmware and found the frequency at exactly 312.16 @ 76dm, which is weird because that's not a preset in the flipper. I was able to capture the signal very clearly, but it still won't function as a keyfob on the vehicle. It must have rolling codes? Seems odd for a 1997. I'll have to try different modulations tonight. Maybe in Japan they don't use AM270. But it was a very clear capture so I'm sure it's probably just rolling codes...
Flipper Zero's Sub-1GHz module is capable of receiving signals at all frequencies in the 300-348 MHz, 387-464 MHz, and 779-928 MHz operational bands. blog.flipperzero.one/rfid/
If your car is a newer model it'll use rolling codes. Check the first reply on the top/most liked comment on this vid. He goes in depth on that subject
One of the main issues is that the flipper isn't that great of a receiver for key fobs, even with an external antenna. I don't know if it's an issue with the Flippers libraries or the chip. I've also gone over the firmware code, and it's not set up to understand key fobs, so usable information can't be extracted. The data it thinks its reading isn't correct. This doesn't affect read raw, but it would be nice to extract the correct data bits. It's not a big problem to add or modify the current protocol. It's something I'm working on in my free time. I love this tool, but I hate it. The people who made it offer no support, despite making a lot of money. Other devices do the job the flipper does so much better. It does act as an open source tool for reading singals and converting it to a universal open source format like .sub files. I was easily able to write arduino code to send subghz files. It's kind of overpriced for its functionality.
This is still now working for me even though I am using the correct frequency and modulation, and I am recording the code away from the car, anyone know why?
Not continuously... Just like a TV remote... Press once, initiates command. Press again, initiates command. Press, Start, Release. Press, Stop, Release.
@@EnderGameZ. Um no. I have personally resynced keys on both my wife's and my own cars. I do have one car that needs a TechII in the OBD port to sync a key, but most have a song and dance with windows, doors and lock/unlock to resync.
I would say 6 of 8 registered on the scale somewhere. 2 of those 6 required deviation from the standard frequency into the higher and lower ends of the allowed ranges.
Each key has a different transmitting power. As long as you're within range of the ability to pick up that signal you can get it .. usually it's 30-65 ft
@@nikkolaus Do you know if there is a video where they show this being tested? I am not only curious about the range but about the angle of the reader. All videos I have watched so far have the fob pointed directly at the flipper. Are these like my old tv remote where it needs to be pointed directly at the device?
That's why you should always read the comments first. Don't use your own personal keys... Modern key fobs have a rolling bank of codes... You might still be able to get it to work but you have to go through the entire bank which is usually 50+ codes
Tks for the video.... Unfortunately when i do the same with mine for my japanese car import FOB the flipper does not allow me to replicate the 315 frequency on the Am270 modulation and tells me "Transmission on this frequency is not allowed in your region" . Anybody knows if i can somehow unblock this restriction? Appreciate any help.
Transmitting on certain frequencies is prohibited by region or country federal law. Please dont attempt to circumvent this law if you live in an area where it is restricted. The design, production, and importation of these devices was developed to each region in accordance with the laws of that country.
Don't do this to your own car key fob. You will desync the key fob if you are unlucky. Rendering it unable to work with your car again and requires resync of your key fob at a dealer.
@sirmario1 how does the car know it's a copy if the original wasn't sent in the first place? (If I recorded the signal far away without it reaching the car)
Thank you for your request. Taking your request to heart, and understanding your troubles, I have went ahead with the request and typed out the subtitles/captions for the video. It took me about 70 minutes, so I hope you and others appreciate it! ..Lmao... Thanks again. Keep watching, and check out my other Flipper Zero video on "Programming and Emulating Remote Buttons" - a short video on remotes and IR-based devices.
Absolutely brilliant vid 👍🏻🇬🇧 so interesting I have a hackrf myself with the firmware I have a couple of questions for you if you have a spare few minutes
@@Dannydawson537 Even if you were the police, you wouldnt be able to do shit about it... lmao... Can't prove a crime was committed (everything shown is mine), can't prove a country, state, or region, and no D.A. would take the case without any of that info...
@@nikkolaus Do you think that you cannot be found if anything in this video was illegal? I am pretty sure if they were after you that your country, state, and region would be readily available to the authorities.
@@jcgm666 well at least thats good for you, seems gm holdens code rolls every second time allowing unlock it once but not relock , so maybe for the 2007 holden commodore only rolls once both an unlock and lock sequence has happened
@@nikkolaus ok cool gonna practice in Ubers I assume the driver locks the door once you get in so you could grab the frequency and when you get out get code to unlock
can you run something like a bruteforce to try and get it right the transponder code?
With older cars this works, but newer cars got rolling codes which you can basically not find out. This means the key passes a frequency + a number, the car getting the signal will also have a number saved. If both numbers are the same the car door opens and the number aka the rolling code randomizes itself again, so only the car and the key know the necessary info.
Edit: Sorry, my comment is misleading. I talked about the Flipper Zeros‘ basic programs which can not catch rolling codes (except there are users who made mods for this specific purpose idk). So yes, rolling codes can be caught by other hacking tools. A lot of people were confused about what I said.
And before I get comments about the rolling code generation process being way more complicated, yes, that‘s also correct. I intended to post a comment which explains that this hacking device can not crack every car because at first some people might think this is the most powerful hacking tool on the market when seeing this.
Oh yeah and also you need to catch the signal which eventually opens the car. If you catch the signal of the car locking or activating the car alarm, the exact action you caught the frequency of will happen.
There are a couple ways that rolling code systems can be bypassed. So long as you capture a transmission of the code and the car does not, that code will remain valid since the car doesn't know that the code has already been sent from the key fob. If you have a second SDR, you can set the devices up so that one of them jams the receiver on the car while the other intercepts the code. Once the first code is intercepted, disable the SDR that is jamming the car's receiver. The fob will cycle to the second code, which the car will accept because as far as the receiving end on the car is concerned, the first code was never sent to begin with. Due to how the number randomization works, the car isn't going to understand that the first code was never sent, because otherwise the key would stop working if you were to accidentally press the button while outside the range at which the car can capture the frequency. You'd have to reprogram the car every time that happened in order to reset it. Speaking of which, here is the second way to bypass the rolling code: if you can somehow press/get the owner to press the unlock button while far away from the car, it's basically the same concept. Code gets sent, you receive the code, and the car doesn't. One way or another, if this chain of events takes place, you now have a code that you can use to successfully unlock the car. It'll only work once though, because that code will then be checked off and designated as being invalid once it's used.
@@GunsandGuitars69 bros lit
@@GunsandGuitars69 bro gonna get arrested 💀 jk
@@mh7a135 sorry, forgot to say to only do this in Minecraft lol
@@GunsandGuitars69 correct but only once which makes it useless
Thank you. I couldn’t get a reading for my vehicle key and this did the trick. Subscribed!
You're welcome
Not working on 1997 Toyota Supra Turbo RHD. It doesnt get any signal on 315/AM270. I tried hopping as well. Any tips? I thought my car was old enough to not have rolling codes.
Try 433.92 Or 303 mhz
@@nikkolausEnded up downloading the unleashed firmware and found the frequency at exactly 312.16 @ 76dm, which is weird because that's not a preset in the flipper. I was able to capture the signal very clearly, but it still won't function as a keyfob on the vehicle. It must have rolling codes? Seems odd for a 1997. I'll have to try different modulations tonight. Maybe in Japan they don't use AM270. But it was a very clear capture so I'm sure it's probably just rolling codes...
with the upgraded firmware you can capture and send the signal.
Yup. I'm on the latest.
Very helpful. Thanks! Been trying to capture signal for handicap door and this helped me figure it out
It sends the same signal which it receives or can also modify ?
For instance, if it catches door locking signal, can it send "unlock" command?
You can search for signals. If you find a signal, you can replay it.
@nikkolaus how ? If we catch signal lock how can send signal unlock?
Modify via Gnu radio or flipper zero has such function?
@@dimitridimitri8740 Flipper Zero gives the ability to emulate or repeat a saved digital signal.
Is there any guide (cheatsheet) with what Items usually go with -- freq. and mod. ???
Flipper Zero's Sub-1GHz module is capable of receiving signals at all frequencies in the 300-348 MHz, 387-464 MHz, and 779-928 MHz operational bands.
blog.flipperzero.one/rfid/
How old are those key fobs and I have Chrysler showing up on 433😊
Some fobs use that frequency
Followed the steps, I was able to save readings, but it still doesn't work for my car. Am I doing something wrong?
If your car is a newer model it'll use rolling codes. Check the first reply on the top/most liked comment on this vid. He goes in depth on that subject
@@Shade_Tree_Mechanic Thanks!!
the potential with this is crazy!! you could emulate all kinds of signalls
Only if you have the original source that opens/activates these signals
@@zapr0 Not true brother
Can it emulate my girlfriends love signal?
One of the main issues is that the flipper isn't that great of a receiver for key fobs, even with an external antenna. I don't know if it's an issue with the Flippers libraries or the chip.
I've also gone over the firmware code, and it's not set up to understand key fobs, so usable information can't be extracted. The data it thinks its reading isn't correct. This doesn't affect read raw, but it would be nice to extract the correct data bits. It's not a big problem to add or modify the current protocol. It's something I'm working on in my free time.
I love this tool, but I hate it. The people who made it offer no support, despite making a lot of money. Other devices do the job the flipper does so much better. It does act as an open source tool for reading singals and converting it to a universal open source format like .sub files.
I was easily able to write arduino code to send subghz files. It's kind of overpriced for its functionality.
Can you get the HEX code for each button?
Thanks for the video!
I'm not sure about each button, but I know you can manually enter HEX for NFC prox cards
@@nikkolaus I mean, after capturing the command, is there any way on getting that captured command to a hex file? (maybe with the sd card?)
This is still now working for me even though I am using the correct frequency and modulation, and I am recording the code away from the car, anyone know why?
Is there any way to copy these signals onto a new blank key to make cheaper duplicates using the original key signals?
Probably not. But, I'm not locksmith.
Mine showed up on 433.22 on all modules
How many meters can be average and maximum distance from key fobs of autos?
The maximum range is 50 meters.
I'm actually trying to figure this out since to get a new fob from the dealership is like $600
How did you get the black flipper zero?
Because I was part of the Kickstarter and bought it like that :P
QTY ITEM
1 Flipper Zero Black
@@nikkolaus same
Hey man you had any luck with the RFIDFuzzer?
I don't know what that is.
Could I use this as a spare key to start my car incase I lose my keyfob?
No, because modern key fobs have rolling codes... Repeatedly changes between a bank of codes... If you try to emulate one, it may not work
I’m running momentum firmware on my flipper.
So the button has to be pushed in order for the flipper to catch the signal.
Not continuously... Just like a TV remote... Press once, initiates command. Press again, initiates command. Press, Start, Release. Press, Stop, Release.
Hello sir... Can we duplicate all kinds of remote with this sir?
I wouldnt say "ALL" , just some
@@nikkolaus where can we get that gadget? Im a keyduplicator in our town, maybe u can help me sir..
I’ve had pocket knives lighters change pepper spray all stolen without my alarm going off how they do it
Mine already mess up with the remote fob key itself. Luckly already reset it back. Haha. 2 car messing up. Hahaha lmao
Beware of the desynchronization of the keys... they may be unusable later... dyor
Please upvote this, you may fuck up your or your friends keyfob.
I mean you can resync them. Usually some lock/unlock combo with key turns as well
@@crsv7armhl no that’s fake and cap
@@EnderGameZ. Um no. I have personally resynced keys on both my wife's and my own cars. I do have one car that needs a TechII in the OBD port to sync a key, but most have a song and dance with windows, doors and lock/unlock to resync.
@@crsv7armhl but rolling code exists that makes it impossible
would your fob key to car not work right after it was hacked?
That's what some people say.... Not been tested
Nice tutorial. Hopefully there will be more in the future. How successful were you in getting reaction from the vehicles?
I would say 6 of 8 registered on the scale somewhere. 2 of those 6 required deviation from the standard frequency into the higher and lower ends of the allowed ranges.
@@nikkolaus even rolling code emulation worked?
@@24TONS_ think it doesnt, would be way to powerful haha
@@24TONS_ no, obviously not
@@joasvdeerden it does with some more plugins
How do you know which modulation
Try each one or a Google search to see what frequency range
You can actually hear the radio signal being sent out from the flipper 😅
Can the tool reset flash the memory if the keys
You'd have to ask the creators. I'm not well versed in its capabilities
does this also spoof the key, so push to start works?
No idea - Probably not.
What is the max distance the flipper zero can be from the key in order to pick up the signal?
The maximum range is 50 meters.
so can you unlock car doors with this?? Thats if you set it to mimic the car lock/unlock frequency
Is there any certain range you have to be to the key ?
Each key has a different transmitting power. As long as you're within range of the ability to pick up that signal you can get it .. usually it's 30-65 ft
@@nikkolaus Do you know if there is a video where they show this being tested? I am not only curious about the range but about the angle of the reader. All videos I have watched so far have the fob pointed directly at the flipper. Are these like my old tv remote where it needs to be pointed directly at the device?
...it's a dual-band RFID antenna.. not an IR-blasting remote control.. There is no "pointing"... it broadcasts and receives in all directions...
Be careful because I have already cleared 2 car keys with it so that they no longer fit the car. was my mother's car, whops
That's why you should always read the comments first. Don't use your own personal keys... Modern key fobs have a rolling bank of codes... You might still be able to get it to work but you have to go through the entire bank which is usually 50+ codes
@@nikkolaus yeah it isnt my own personal key so it doewsnt matter xD
How did you clear the key??
@@MM-ip9zb scant my moms key and used it zwice, so the car waits for the next "Rolling Key" but the key sends another as the car wants.
Big help thx
great explainer. thanks.
I think the first Honda key fob works on 433mhz
I have a pilot with the same keyfob, I ordered my Zero today. I'll try to remember to check and reply here when I get it.
@@MadMullins any updates on what’s happened?😅
Does my car work
I am bengali how can i buy it
Play please quickly
flipperzero.one/
Question:
How do i duplicate my car key?
I have another fob but can i add those signals to the new car key?
have u found out
@@yesyes-ny1ce no i tried to find out before buying the device, but no one replied and i didn’t manage to find out so i didn’t buy it🤷🏻♂️
It recorded my truck but it won’t lock or unlock it.
Vehicles use a rolling set of codes. You need to do a little research into it before trying it on an expensive newer vehicle.
How far can the car key be away from the flipper to capture the signal ? What cars and car years does it work on ?
Yes I would like to know if you tested the range of this device as well.
@@corbindallas6684 The maximum range is 50 meters.
The maximum range is 50 meters.
@@nikkolaus you didn’t read the question properly, they ask about capturing, not sending. Capturing will not happen at 50 meters…
Tks for the video.... Unfortunately when i do the same with mine for my japanese car import FOB the flipper does not allow me to replicate the 315 frequency on the Am270 modulation and tells me "Transmission on this frequency is not allowed in your region" . Anybody knows if i can somehow unblock this restriction? Appreciate any help.
Transmitting on certain frequencies is prohibited by region or country federal law. Please dont attempt to circumvent this law if you live in an area where it is restricted. The design, production, and importation of these devices was developed to each region in accordance with the laws of that country.
Look up Flipper Unleashed. That will solve your issue
@@nikkolaus 🤓
Yes, you can unlock these locks. U need to use custom/modified firmware for your flipper zero
@@AndySlug but you will get arrested dummy
i tried it on my moms car and it didnt work
Vehicles use a batch of rolling codes.
Don't do this to your own car key fob. You will desync the key fob if you are unlucky. Rendering it unable to work with your car again and requires resync of your key fob at a dealer.
How do you do it safely then
I have two tho?
That makes no sense. The flipper is just listening for signals and saving them. Its not re-writing the fob
@@bairfreedom ?
@sirmario1 how does the car know it's a copy if the original wasn't sent in the first place? (If I recorded the signal far away without it reaching the car)
Could you reprogram new key with that? Is it possible?
No
When your flipper Not find a Signal from a car a Lots of carkey use infrared Mercedes usw
Haven't run into that issue a single time, yet.
Hello, I am interested in your videos, could you put the subtitles? For the francophone community, thank you in advance. Thak's
Thank you for your request.
Taking your request to heart, and understanding your troubles, I have went ahead with the request and typed out the subtitles/captions for the video. It took me about 70 minutes, so I hope you and others appreciate it! ..Lmao... Thanks again. Keep watching, and check out my other Flipper Zero video on "Programming and Emulating Remote Buttons" - a short video on remotes and IR-based devices.
thank you a thousand times, I wish you much success for your videos. thanks again
Absolutely brilliant vid 👍🏻🇬🇧 so interesting I have a hackrf myself with the firmware I have a couple of questions for you if you have a spare few minutes
I don't think that I'm qualified to answer any question that you may have... I'm just messing around with this thing
@@nikkolaus it’s ok I’m not the police 😂 just into gadgets n stuff like yourself
@@Dannydawson537 Even if you were the police, you wouldnt be able to do shit about it... lmao... Can't prove a crime was committed (everything shown is mine), can't prove a country, state, or region, and no D.A. would take the case without any of that info...
@@nikkolaus Do you think that you cannot be found if anything in this video was illegal? I am pretty sure if they were after you that your country, state, and region would be readily available to the authorities.
@@corbindallas6684 multipass
Damn a black flipper an og
Like Bluetooth fm Transmitter....
Cars use what’s known as rolling codes. So this doesn’t seem like it would work on cars.
Only for a certain years
@@nikkolaus what cars and years ??
Now gonna drive my neighbour’s car
might not be so easy, it might work the first time but modern cars use a rolling code
@@amb1u5 yeah, not working with my car and its 2014 so good luck
@@jcgm666 did you see a spike on the rssi graph when capturing?
@@amb1u5 yes, I capture lock and unlock signal, this part is working. Replaying the signal on the car wont work because of the rolling code protection
@@jcgm666 well at least thats good for you, seems gm holdens code rolls every second time allowing unlock it once but not relock , so maybe for the 2007 holden commodore only rolls once both an unlock and lock sequence has happened
Would this work inside the car?
Probably. I don't see why it wouldn't... It's just a signals catcher and emitter....
@@nikkolaus ok cool gonna practice in Ubers I assume the driver locks the door once you get in so you could grab the frequency and when you get out get code to unlock
Hi do you know whera i fond one that divace
flipperzero.one/
@@nikkolaus tnx