HITB-Invoice-Logo

regisTRATION NOW OPEN

NORMAL: USD999

Register

STUDENTS: USD250

Unlocking KeeLoq: A Reverse Engineering Story

Date

August 26, 2022

Time

10:30

Track

Main Track

KeeLoq Remote Keyless Entry systems make use of radio frequency transmissions to operate and have many known weaknesses. A 64-bit manufacturer key is used in transmissions to encrypt an incrementing transmission sequence number in order to provide replay protection. This presentation is a journey into bringing existing research together to make Keeloq attacks practical, ultimately repurposing a commercial receiver as part of a home automation system integration project.

I will demonstrate how I recovered the manufacturer key by extracting and reverse engineering the receiver’s firmware using a JTAG adapter and Ghidra.

Next, I will cover decoding and decrypting the KeeLoq transmissions (verified using a logic analyzer), cloning the captured serial and sequence numbers to a new transmitter, and finally, how to export the received transmissions to a home automation system via an add-on WiFi-capable microcontroller.

Speakers

Senior Researcher

Orange Cyberdefense

Rogan Dawes is a senior researcher at SensePost and has been hacking since 1998, which, coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague’s frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years building web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies; WebScarab. In recent years, Rogan has turned his attentions towards hardware hacking; and these days many suspect him to be at least part cyborg. A good conversation starter is to ask him where he keeps his JTAG header.

Other Talks in This Track

LOCATION

Main Track

DATE

August 26

TIME

09:00

LOCATION

Main Track

DATE

August 26

TIME

14:00

LOCATION

Main Track

DATE

August 26

TIME

15:00

LOCATION

Main Track

DATE

August 26

TIME

16:30