Thread: A Heads Up

There is a signal between the key thingy in your pocket and the car.

Originally Posted by GadgetGeek

The simple answer is that if you could snoop enough codes, you could break the signal, there are a lot of after market jobs that have a single signal for locks and one for starts, it just switches the function every time the signal is received by the car. the hardest part is sorting out the signal from all of the other noise, but it wouldn't be impossible.

That part is pretty simple.

Code hoping only works when the remote and the base can communicate, and if you could intercept that, you could break the sequence. its a matter of time really,

Years maybe. If you're there everytime the mark locks/unlocks their car.

no one is going to pay for a remote lock that cannot be broken when 99% of the time no one is looking for that vulnerability. it's the same for wireless routers, there was no need to change until everyone and their grandma could hack it.

Wireless is a very different case in that you can inspect hundreds of thousands or millions of packets in a short amount of time and the code is fixed (long, but fixed). The key fob uses a unique code each time it talks to the car. It's going to cycle (randomly) through a few million codes, 1 each time you use it...?

Originally Posted by Quick

There is a signal between the key thingy in your pocket and the car.

Like any new technology, there will be a way to take advantage of it. But it is way cool.

Quick, I've heard that that the newest hack for WEP and WPA can be done with a minimum of 8 packets, and by around 100 packets there is twice the required info. I may be mistaken but that's what I remember reading.
besides if you knew the code structure, how hard would it be to brute force it?

Originally Posted by GadgetGeek

Quick, I've heard that that the newest hack for WEP and WPA can be done with a minimum of 8 packets, and by around 100 packets there is twice the required info. I may be mistaken but that's what I remember reading.
besides if you knew the code structure, how hard would it be to brute force it?

It's not the same for your car. Cars use "code hopping"/"rolling codes".

Here's an explanation of a pretty basic scheme. HowStuffWorks "How Remote Entry Works"

You can also see that code capturing will not work with a rolling code transmitter like this. Older garage door transmitters sent the same 8-bit code based on the pattern set on the DIP switches. Someone could capture the code with a radio scanner and easily re-transmit it to open the door. With a rolling code, capturing the transmission is useless. There is no way to predict which random number the transmitter and receiver have chosen to use as the next code, so re-transmitting the captured code has no effect. With trillions of possibilities, there is also no way to scan through all the codes because it would take years to do that.

It's true that the pseudo random number generator is "pseudo". Given the same "seed" it will generate the the same sequence of random numbers. Determining the seed is one problem, then determining where the car and key are in the sequence is another, and then the sequence/seed can be further "randomized" dynamically. You might do something like modify the seed/sequence based on the key fob battery strength every now and again. So it doesn't matter if you know the code structure or have the source code. You can't "brute force" it simply due to the size of the number space.

you may very well be correct. I honestly don't know all that much about this stuff, and I'm going on some applied logic, which may be faulty. However, I'm not going to assume that something as cheap as a car remote system is unbreakable. I'd hazard a guess that 90% of systems are not very complex at all, and the 10% that are in the "very difficult" category are not worth messing with.
The reason why there is not a greater threat is that a brick in the window works much more efficiently.
Like any "security" system, I choose to trust them only as far as I know them, any protective measure that works based on secrecy is not very good IMHO.
Thanks for the enlightenment though!

Originally Posted by GadgetGeek

you may very well be correct. I honestly don't know all that much about this stuff, and I'm going on some applied logic, which may be faulty. However, I'm not going to assume that something as cheap as a car remote system is unbreakable. I'd hazard a guess that 90% of systems are not very complex at all, and the 10% that are in the "very difficult" category are not worth messing with.

The hardware is inexpensive. Original development of these software algorithms was expensive but not when scaled to a per unit price. Most all the technology is not licensed and available for free.

Like any "security" system, I choose to trust them only as far as I know them, any protective measure that works based on secrecy is not very good IMHO.

This is true, but these protective measures are not based on secrecy. The algorithms, methodology, source code in many cases, are all public knowledge. No secrets.

Most European vehicles made in the last 10 yrs or so use a rolling code. It changes every time you lock and immobilise. If you use a code grabber you get the last code to be used, which is no good because it has already changed.

Originally Posted by Whatsthe2ndDfor

My car is just enough to get by. I have no A/C (I have two windows though), no auto windows, and manual locks.

Nothing says hi-tech safe like a low-tech lifestyle.

That's why my "car" is a bicycle! (which I take into the store, with me)