Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Tesla charge port is vulnerable to a simple replay attack. The author of this post analyzed the signal deeper.

Using GQRX, they captured the signal. From reading the FCC ID, this runs at 315MHz. However, for the recording, you want to use something NOT exactly at 315MHz, just as 315.5MHz. This is because there is always a loud frequency at the center where we want to listen (DC voltage issue).

With the recording in hand (raw I/Q data), the author takes to it in Inspectrum. The signal is very clearly using OOK (on off keying). Using the threshold plots, the raw bits can be recovered from the signal. Inspectrum is such an amazing tool!

From looking at the recording, a transmission is made up of 3356 symbols with a symbol rate of 2.5kBd.

The signal has a preamble of oscillating 0s and 1s. After that, there is a 42 byte charge port signal. These two sections are repeated 10 times each.

The author created a GNU radio flow graph for this as well. Simply adding your port number and sending this would open the Tesla! Overall, a cool topic with a fun analysis.