If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
Attend this talk for a presentation about an unusual variant of lock picking, which does not involve any wrenches, hooks or half-diamond picks. Instead the used tools are a software defined radio, PIC programmer and some self-developed software to gain access without using the original key remote control.
If you had fun watching the [Hörmann BiSecur talk at 34C3](https://media.ccc.de/v/34c3-9029-uncovering_vulnerabilities_in_hoermann_bisecur), this talk is for you! If you haven't watched it, it is highly recommended to catch up on it before attending this talk. While it is about a different product from a different vendor, there are many parallels and it can be seen as a sequel talk.
The plan for this talk is to first have a look at the radio signals from the door lock using a SDR. After making sense of the used message protocol, the hardware is analyzed to understand how it works and how to get access to the used micro-controllers (PIC18LF45K80 & PIC16LF1829). In the next step, the firmware from the read-protected PIC microcontroller is extracted by extending the existing PIC attacks. Last but not least the results will be demonstrated.