What is a code grabber: description, principle of operation and methods of protection. How to avoid theft

2024 Author: Erin Ralphs | [email protected]. Last modified: 2024-02-19 11:42

Almost any model of car alarms currently on the domestic market can be disarmed using a code grabber. What is a code grabber? This is an electronic device capable of intercepting the alarm key fob code. Further, the device remembers the code, then, if necessary, the device can disarm the alarm instead of the standard key fob. Let's look at the types of these devices, how they work, and how to protect against them.

Operation principle

Communication between the central unit of the car alarm and the remote control is carried out by one-way communication. The key fob electronics generates a command encrypted by a special algorithm. The central block decrypts the command and if it recognizes it as correct, it will definitely execute it. Modern alarms with a feedback function are no better than old “openers”, where after the command is completed, information with status data is sent to the key fobcar. But for the block, this information is not important at all.

Next, any command that the code grabber generates will be perceived by the signaling as correct, correct. Whatever they say in advertising about complex encryption algorithms, about dynamic keys, any one-way protocols are reliable only until they enter the market, until the protocol is hacked. They hack Starline A91 and other similar signals - the algorithmic keychain helps in this.

Then, new generations of manufactured code grabbers appear on the market - not hand-assembled by a hacker, but mass-produced. Most often, a hacking device is available in the form of a standard car alarm key fob. Car theft has become an industry, and the tools for this “job” are also evolving.

Manufactory code grabbers for FM systems

The device is made in a standard key fob case. But this is today, and before it was impossible. The reason is that in the Sherkhan alarms, frequency modulation of the signal was used. Other models had amplitude modulation.

Most of the old models were based on different principles for converting digital signals for transmission at frequencies of 433.92 MHz. Now it is quite realistic to make code grabber scanners in the form of a key fob, because two channels can easily work on one antenna of the device - with frequency modulation of the signal and with amplitude.

If we talk about encodings, then it doesn't matter to the code grabber how the signal is transmitted. The main thing for him is the algorithm by which it is encrypteddigital signal.

Cograbbers with relaying

This type of device is used by professional car thieves to break into car alarms and immobilizer systems that have complex coding systems built in, such as conversational code. In such a situation, the signal is transmitted from object to object over long distances through special auxiliary devices.

It must be said that the most secure can be considered those alarms where there is no passive operation of the radio keys. The signal is sent by the owner of the security system only to one specific place and at a specific time. This is only possible with systems where the keyfob is equipped with buttons to arm and disarm. It should also be noted that systems with dialogue codes that operate in the “Hands free for disarming” modes are subject to hacking.

Speaking of immobilizers, it is important to pay attention to the fact that systems with a dialogue code should not work in the background - the signal should be sent only at strictly defined time intervals. Most often, alarm manufacturers do not pay attention to these minor facts. But owners of such security systems should be aware of these functions in devices.

Replacing Code Grabbers

Often these Code Grabbers are made in the form of a Tetris toy. Consider only systems where dynamic code is used. In this case, each next package is different from the previous one. And this is so even if the owner of the remote presses only one button.

When the alarm works on staticcode, then if you press one button, the signal will be the same. The key fob will send a packet to the central unit, consisting of a closed (encrypted) and an open part. In the open one there is the key fob number and the identifier of the pressed button. In the encrypted part there is a pressing number. This number will increase each time you press any of the buttons. The system provides dynamic code.

The alarm system receives the packet, recognizes the key fob by number, and then decrypts the private part using the algorithm known to it. The block then sees if the push number is less than or greater than the last one received. If less, then the press has already been processed and the command will be ignored. If the number is greater, then the command will be executed by the code grabber.

What is a team? It's just data about which button was pressed. The key fob does not know anything about the functions of the central unit. Therefore, one key fob can be used for both one-button and two-button arming and disarming systems.

How does the 409 model work?

Replacement code grabber for car alarms 409 intercepts the packet issued by the key fob and distorts it in such a way that the alarm unit does not receive the packet. The grabber knows how the information in the package was distorted and it is stored in it in the correct form.

Then the device intercepts another packet. Instead sends the first. Changing packages will take literally some fractions of seconds and the owner will not notice anything. The alarm is armed, the owner will leave and will not notice that it has worked onlysecond press of the button. Next, the grabber will issue a packet that it intercepted and the alarm unit will be disarmed.

Device 502 and Human Factors

Psychology here is next. The owner believes that the theft will happen to anyone, but not to him. Before creating this alarm blende, a lot of preparatory work was carried out and user behavior was thoroughly studied. The results exceeded all expectations. Car owners appeared to be very careless, most of them did not know the capabilities of the key fobs, none of those checked were alarmed when they saw the information about what happened.

Device 502, in addition to all its functions, can create various types of interference. It consists of an antenna, a loop vibrator and, for example, is located on the fourth floor. Parking under the window. The device can easily work at a distance of 100 meters. What will the owner do when standing in front of a closed or less often open car if the key fob is suppressed by the jammer? 90 times out of 100 things look like this.

Script

The hindrance is being set without issuing responses. Packets are fixed. The vehicle owner presses the door open button for about 10 seconds, then selects another button. The device records the number of the pressed button.

Then the person carefully looks at the digital key fob, can get closer to the car, presses the button for about 30 seconds, not knowing what a code grabber is. Further, the owner rushes from the left door to the right, trying to poke the key fob into the lockwell.

After, in a different sequence, attempts are made to press all the buttons with a careful examination of the key fob. But as far as vigilance is concerned, there is no question of this. Then, after about five minutes, the key fob is disassembled, the batteries are cleaned. This is a good time to switch the device 502 into dispensing mode. Prior to that, it worked in the accumulation mode. Further, the owner seems to have repaired the key fob, because even the Starline A91 will work as before.

Device functions 502

Based on the features of extended formats. They consist in the fact that the number of the button pressed on the key fob is transmitted both in the closed and in the open part of the package. This makes it possible to sort packages in real time by which button they belong to.

Next, interference is created, the recording and identification of packets is carried out. After about 30 ms, the packet is returned. The hardware part almost completely repeats the 409th model, but there are much more controls. The software is also more developed. It allows you to work with multi-button key fobs with separate buttons for disarming. Due to a serious increase in memory, the device can remember a huge number of packets.

There is an accumulation mode - in this mode, packets are recorded with the installation of interference, without issuing previously recorded packets. There is a release mode - the packet is recorded in case of interference, and then automatically sent back after 30 ms using one of the previously recorded packets with the button number. There is an “Echo” mode when a packet is recorded and issued after 30 ms, if the device determines that the key fob is someone else’s in the open part of the signal.

Simple algorithm

The driver leaves home, the weather is not good, the Taiwanese electronics can't stand it, the key fob does not work, since the 502 device is operating in accumulation mode. On the display of the device, the hacker-hijacker sees statistics on the accumulated package, because the owner diligently presses the buttons. If the hacker considers that enough packets have been saved, you can switch to the issuance mode - the key fob will work. The driver leaves, the hijacker follows him, carries with him the entire stock of accumulated packages, which, in the issuance mode with a delay of 30 ms for the “close” package of the owner, will issue the previously saved “close” package. Then the “open” command will follow, but without the owner.

How to protect the car?

Protection from a code grabber is the topic of another article, alas, it will not be possible to tell everything. But for those who know what a code grabber is, there are no alarms that cannot be hacked. The best protection today is the Pandora DXL 5000 system - it cannot be opened with grabbers. The UTOS-2 system also performed well. Before her, the hijackers are also powerless. There are a lot of devices for protecting a machine from a code grabber, which are not talked about much. For example, this is the RIA-Phantom anti-grabber.