RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies.

IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Support for other RF related testing will be added as needed in my testing.

I am currently researching keyless Entry bypasses. Keyless entry functionality will be added in the future with additional hardware requirements for advanced attacks. Feel free to use this software as is for personal use only.

Do not use this code in other projects or in commercial products. I hold no liability for your actions with this code. Your life choices are your own.

Current supported Functionality:

– Replay attacks -i -F
– Send Saved Payloads -s -u
– Rolling code bypass attacks -r -F -M
– Targeted -t -F
– Jamming -j -F
– Scanning incrementally through frequencies -b -v -F
– Scanning common frequencies -k

Future Functionality (Currently Researching)

– Keyless Entry/Engine Start bypass with SDR
– Any Suggestions based on realistic use-cases you want me to add??
– Add in more configuration for changing timing and logging

Usage Examples:

Useful arguments:

Other Notes:

Captures get saved to ./files directory by default! Device templates are saved and loaded to ./device_templates by default Rolling code is hit or miss due to its nature with jamming and sniffing at the same time, but it works. Just use the keyfob near the yardsticks. It will also require 2 yardsticks, one for sniffing while the other one is jamming. And a final note, this is my own test bench for doing research and dev, if you have ideas to make it better based on realistic use case scenarios, feel free to reach out to me. Right now I am working on keyless entry attacks which I will implement into this later.

Download RFCrack