Monkey RF is designed to be a hand-held device for recording and replaying radio signals in the 433.xx MHz band. My inspiration came from the work that Samy Kamkar did regarding Garage Hacking and Car key spoofing. The idea is that by spoofing the right radio signals, you can pretend to be a car key, a garage opener, a door-bell and unlock a car, open a garage or ring a doorbell.

I started this project a long while ago – back in late November and I’ve been working on it slowly since then. Final year university work has to take priority unfortunately.

What is Monkey RF?

Monkey RF is just like tape recorders of the 90’s, but instead of recording and playing audio, Monkey RF records and plays signals in the radio spectrum.

Why would I want that?

Most people probably wouldn’t have much use for it. But for security research it can be pretty useful. It can be programmed to do a bunch of things, for example spoofing doorbell signals, or even cloning car keys.

What are the features?

A lot of what the Monkey RF can do depends on the way you program it. Things I have successfully achieved are cloning car keys (with the permission of the owner), cloning doorbells and blocking nearby car keys.

It charges via USB and is fully portable.

What does it look like?

Here is the PCB.

The main chip is an LPC11U24 from NXP which is an ARM Cortex M0 chip. This talks to a HopeRF RFM69 module via a SPI bus to handle all of the modulation. Any off-the-shelf antenna can be connected via the SMA connector at the top. For interface we have four buttons for input plus two seven-segment displays and two LEDs to indicate which mode we are in, whether we are recording and whether or not we are receiving/transmitting. Finally the device is programmed and charged via the micro-USB port at the bottom.

Here is a gif of the Monkey RF in action, unlocking my parents Toyota Prius (with their permission!):

unlocking_prius.gif

And a Vauxhall Corsa (also with permission!):

unlock_corsa.gif

To be clear, car key cloning only works once per cloning. We are effectively copying what the car key says to the car, but the key says something different each time so we have to clone once per use.

I have since built a box for the project using laser cut acrylic. Most of the parts are held together with epoxy, however the final two pieces are held together with a bracket and screws.

IMG_2861
The individual pieces that make up the box
Advertisements