We’re happy to announce that Reverse Everything founder Danilo Erazo presented How I hacked Learning Codes of the key job of a car assembled in my country at DEF CON 32 in 2024
What: How I hacked Learning Codes of the key job of a car assembled in my country Who: Danilo Erazo Where: Las Vegas, USA When: August, 2024
In this presentation, Danilo Erazo shows how it was possible to detect the use of learning codes instead of rolling codes in a key job of a car widely used in Ecuador.
For this purpose, the key job was disassembled and the HS2240 integrated circuit was detected and, using a logic analyzer, the emission of learning codes from the integrated circuit to the radio frequency LED emitter was checked. With the use of HackRF SDR, the learning code is duplicated to be able to open the car N times without needing the original key anymore, which proves that the use of learning codes is very vulnerable, just like fixed codes.
Danilo Erazo is an Ecuadorian Automotive Security Researcher working at PCA Cyber Security in Budapest, Hungary. In his free time he has reported critical vulnerabilities to KIA Corporation, KIA Ecuador, Suzuki Motor Corporation, Calix Inc, Realtek Semiconductor Corp, Linux Kernel and as bug hunter and pentester he has reported vulnerabilities to Latin American Banks and companies. He is part of DEFCON Car Hacking Village. He is the organizer of the Car Hacking Villa at Ekoparty and the founder of the underground security conference PWNORDIE in Ecuador. He has been a speaker at Reverse 2026, Ekoparty Miami 2026, BSides Budapest 2026, Secure Our Streets 2025, DEFCON33, DEFCON32, Recon 2025, Hardwear USA 2025, Ekoparty 2025, 2024, 2023, Bsides Colombia, 8.8 Security Conference, etc. He holds multiple practical certifications in cybersecurity and computer networks, such as OSWP, CEH, CBP, CCSP, CPAZ, CNSP, CAP, CPNA, CCNA, API Security for Connected Cars and Fleets, Practical IoT Tester (PJIT). Finally, he shares hacking content in his YouTube Channel @revers3everything