Code Hopping

Basically there are two most widely used approaches on operating garage doors / parking lot gates these days: using a fixed code (which means we always send the same message over and over) and using a code that changes after each transmission.
Obviously the latter is harder to replicate to some extent. Harder, but not impossible.

Enough Talks, Let's Do It

So here we are — there's our device, there's the original key fob, there's the hash function with key we don't know. So how we go about it? One straightforward approach would be to bruteforce and try all the uint16 combinations possible, yet there appears to be some more simple and elegant way of completing the task. Haven't checked other rolling code implementations yet, but this particular one made by italian company 'V2' has either some bug or some undocumented fallback feature: succession of old keycodes, repeated and replayed with certain gap, will fool the gate, making it accepting the command. Though not knowing wheter this is a bug or a feature really, I call it yet a 'sync bug'. Four prerecorded keycodes are used in my design, I had it working with two different gates 40km away of each other for over a year now. One at work, another at home. Works like a charm — I'll make a video and will post it later.

Sniffer

Of course once the protocol is known, recording new keys using either SDRSharp / Universal Radio Hacker becomes galling and tiresome. I couldn't stand it and built a sniffer that allows to capture and store keys on the fly. Thinking about publishing it, yet have some doubts, as such a device, even though requiring some skills to build, may wreak havoc all around once ended up in some not so responsible hands.

Almost forgot

Kudos to SDRSharp / Universal Radio Hacker respective authors. These are truly amazing utilities you've made, guys!

Parts Required

1. aTtiny13 MCU;
2. FS1000A (433.9mHz);
3. RTL2832U-based (or similar) Dongle*.

*the latter needed to capture keys off your key fob
(unless you already have some sniffer of a kind).