Has anyone else described how a Flipper Zero can be used to aid in car theft? My understanding is since the 1990s car have used rolling codes for keyless entry, making it improbable for a Flipper to replay captured signals to unlock vehicles¹. But surely Canada has at least a modicum of evidence that thieves are using Flippers?
¹ Caveat: Some cars will accept rolling code signals with a counter only 1-3 values off. So a Flipper recorded unlock message could be replayed successfully if the owner hasn't used their fob again. Plus, replaying codes can desynchronize the car's system from the fob, leading to non-functional keyfobs. You can find online reports where Flipper users did this to themselves: https://www.reddit.com/r/flipperzero/comments/yxgn60/flipper...
edit: A deeper dive makes me think a the Flipper could help with some attacks. On some cars recording multiple successive unlocks and replaying them in order will make the car resynchronize its counter to the messages on your Flipper and the next one will unlock the car. It seems this attack relies on the first signal being jammed, but you could do that with two Flippers. One next to the car jamming, and a 2nd closer to the keyfob recording. Lots of info here: https://i.blackhat.com/USA-22/Thursday/US-22-Csikor-RollBack...
¹ Caveat: Some cars will accept rolling code signals with a counter only 1-3 values off. So a Flipper recorded unlock message could be replayed successfully if the owner hasn't used their fob again. Plus, replaying codes can desynchronize the car's system from the fob, leading to non-functional keyfobs. You can find online reports where Flipper users did this to themselves: https://www.reddit.com/r/flipperzero/comments/yxgn60/flipper...
edit: A deeper dive makes me think a the Flipper could help with some attacks. On some cars recording multiple successive unlocks and replaying them in order will make the car resynchronize its counter to the messages on your Flipper and the next one will unlock the car. It seems this attack relies on the first signal being jammed, but you could do that with two Flippers. One next to the car jamming, and a 2nd closer to the keyfob recording. Lots of info here: https://i.blackhat.com/USA-22/Thursday/US-22-Csikor-RollBack...