zondag 28 mei 2017

Filling the Racal Cougar Crypto Keys using an Arduino Part I


After being able to fill the Racal Cougar with custom channel frequencies using an Arduino the next step was being able to add new crypto keys using an Arduino also.


After spending a couple of days doing some reverse engineering using both a C and G MA7083 fill gun filled with known keys i was able to write a little Arduino Sketch that recorded the PWM modulation being send over the F-pin of the audio/fill connector.

At first the data stream didn't make any sense but after looking at it using a scope i noticed why the grabbed data looked like garbage and i had to change the grabber sketch to show the correct data.

Reading both tech manuals for both the programmer and a 4515 i got some info on the commands needed to be executed to do a key-fill and these were quickly identified in the datastream. The 'difficult' part was the key-data datastream and CRC checksum used.

In the movie at the top of this post you can see me changing and testing the Crypto Keys of two Racal Cougars.

Next post(s) will be about the commands and key-data datastream used.