Redazione RHC : 8 August 2025 10:50
A new custom firmware for the Flipper Zero multi-purpose device is capable of bypassing many of the rolling code security systems implemented in the majority of modern vehicles, potentially exposing millions of cars to theft.
Evidence presented by the YouTube channel “Talking Sasquach” shows that the firmware, presumably circulating on the dark web, is capable of replicating a vehicle’s key fob with a single, rapid signal interception.
For decades, rolling code security has been the industry benchmark for enabling keyless vehicle access. The system was designed to prevent so-called “replay attacks.” But a new algorithm synchronized between the transmitter, i.e., the keychain, and the receiver, i.e., the vehicle, allows it to work.
Every time a button is pressed, a new, unique, and unpredictable code is generated. An old code, once used, is rejected by the vehicle, making simple recording and retransmission of the signal useless.
Some security experts point out that this may be a known vulnerability, described in detail in an academic paper called “RollBack.” This attack method involves capturing multiple codes and then playing them back to the vehicle in a specific, manipulated order.
This tricks the vehicle’s synchronization counter, causing it to revert to a previous state, which the attacker can exploit to gain control. Regardless of the precise method, the result shown in the videos is the same: a single capture grants full access. The list of affected manufacturers is long and includes many well-known brands: Chrysler, Dodge, Fiat, Ford, Hyundai, Jeep, Kia, Mitsubishi and Subaru.
Previously known attacks on this system, such as “RollJam,” were technically complex and difficult to execute in the real world. RollJam required blocking the vehicle’s receiver to prevent it from receiving the first signal from the legitimate key fob, while simultaneously recording the unused code for later use.
This new exploit, however, is much more dangerous due to its simplicity. According to demonstrations, an attacker using a Flipper Zero equipped with this custom firmware only needs to be within range to intercept a single button press on the target’s remote control, such as while the owner is locking or unlocking the car. No jamming is required.
From that captured signal, the device can apparently reverse engineer the cryptographic sequence, allowing it to emulate all the functions of the key fob, including locking, unlocking, and opening the trunk, effectively creating a master key. A significant consequence of this attack is that the original, legitimate remote control is immediately desynchronized from the vehicle and ceases to function. This could be the owner’s first sign that their vehicle’s security has been compromised.
There appear to be two main theories as to how the firmware achieves this. Talking Sasquach suggests that the method involves reverse engineering the rolling code sequence, which may have been made possible by previous leaks of manufacturer algorithms or extensive brute-force attacks on known code lists.
Serious consequences await both consumers and manufacturers. Unfortunately, the vulnerability hidden in the vehicle’s hardware receiver makes a quick fix through a simple software update impractical. According to experts, the only effective remedy would be a massive recall to replace the physical components of the affected vehicles, an extremely challenging logistical and financial undertaking for the automotive industry.
Redazione