The rolling codes operate with a counter shared between the remote control and the car. This counter advances with each use, producing a single code. This should prevent a pirate from reusing a code. In reality, synchronization tolerates a margin, called window, to manage missed pressures.
Since 2015, the Rolljam attack has shown that it was possible to capture a signal while blurring it. However, this method remains complex to implement. Another approach, Rollback, is to record several codes and then replay them in a reverse order. This brings back the synchronization of the vehicle to a previous state, where codes already used again again.
The firmware to pinball zero uses this technique. He captures the signals then replay them, emulates all the functions of the remote control: lock, unlock, open the trunk. Sometimes the original key is desynchronized and becomes unusable, but often it still works. Three popular firmwares for Flipper Zero, Unleashed, Momentum and Roguemaster, offer various options. All therefore make these attacks accessible without breaking the bank.
We saw it last year with the possible hacking of the Tesla which could ultimately generate a digital key from the vehicles of the Elon Musk firm, but other brands are also affected and the list is long: Chrysler, Dodge, Fiat, Ford, Hyundai, Jeep, Kia, Mitsubishi and Subaru. About 70 % of the Asian models tested show this vulnerability. Some Toyota models with Texas Instruments transponders are better. Some special cases like some Subaru between 2004 and 2011 even allow the key to definitively block.