Go Back   Team-BHP > Under the Hood > Technical Stuff


Reply
 
Thread Tools Search this Thread
Old 29th December 2010, 16:53   #46
Team-BHP Support
 
tsk1979's Avatar
 
Join Date: Feb 2005
Location: New Delhi
Posts: 22,953
Thanked: 15,638 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878)

Quote:
Originally Posted by longhorn View Post
That clears the air. So if you have a key copied, you can just walk in, enter the default code and drive away. Child's play for any car thief worth his name.Therein lies the beauty of the iCATS. You cannot start your car even if a thief makes an exact copy of your key onto a blank new key. You car can only be started with the key that comes from the factory..
All cars do not have the same default code(unlike scorpio where 0000 is the code).
So the thief also has to get a copy of your user manual which has the key printed.
tsk1979 is offline   Reply With Quote
Old 29th December 2010, 17:32   #47
Senior - BHPian
 
thedreamcatcher's Avatar
 
Join Date: Mar 2009
Location: Dubai
Posts: 1,205
Thanked: 61 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878)

Sorry to hear this. DId this happen to your car or someone else who owns the car and was parked in front of your house?
thedreamcatcher is offline   Reply With Quote
Old 29th December 2010, 17:35   #48
Senior - BHPian
 
anujmishra's Avatar
 
Join Date: Jun 2008
Location: Bangalore
Posts: 1,271
Thanked: 338 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878)

One of fellow TeamBHP member and Safari owner using clutch-steering lock with manual locks (Godrej, Link etc). He had gear lock installed but removed it as it was rattling and parking on incline was issue.
I think this crude way of locking is more effective for LX as we do not have any other option.
I think it is safe to have such deterrent. Immobilizer is nice to have but we are clueless how thiefs actually decoded it and stole Safari.
anujmishra is offline   Reply With Quote
Old 29th December 2010, 20:42   #49
Senior - BHPian
 
nitrous's Avatar
 
Join Date: May 2004
Location: UAE/Lon/Madras
Posts: 6,966
Thanked: 282 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878)

I'm sorry for the loss, bro.
And I think it's an inside job.
nitrous is offline   Reply With Quote
Old 29th December 2010, 22:51   #50
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,385
Thanked: 336 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878)

Quote:
Originally Posted by vidyasagar View Post
Further, The EDC15x, EDC16X series of ECUs from Bosch are good 10 to 12 years old. cracking the security codes of these systems may be possible as the key length and algorithm complexity in these systems is long outdated. The latest generation EMS systems are Mighty. Forget the Automan v.5.11, Even Alibaba himself will not be able to do it.
It does not matter how strong Authentication / key mechanism is. For example you need not crack complex SSL (based on problic private key) algorithms to hack a site. You take sown a site by much simpler tools like XSS and SQL Injection (E.g. bug that allowed anyone to read anyone else's contact list in Gmail).

Similarly, even if Challenge->Response from ECU to Key (and vice verse) is impossible to crack, car might be vulnerable to other attacks.

Excerpts from article mentioned earlier in thread:

Quote:
Castles built on sand

Karsten Nohl's assessment of dozens of car makes and models found weaknesses in the way immobilisers are integrated with the rest of the car's electronics.

The immobiliser unit should be connected securely to the vehicle's electronic engine control unit, using the car's internal data network. But these networks often use weaker encryption than the immobiliser itself, making them easier to crack.

What's more, one manufacturer was even found to use the vehicle ID number as the supposedly secret key for this internal network. The VIN, a unique serial number used to identify individual vehicles, is usually printed on the car. "It doesn't get any weaker than that," Nohl says.
NetfreakBombay is offline   Reply With Quote
Old 29th December 2010, 23:59   #51
Senior - BHPian
 
Join Date: Jul 2008
Location: Bangalore
Posts: 2,031
Thanked: 380 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878)

Quote:
Originally Posted by NetfreakBombay View Post
It does not matter how strong Authentication / key mechanism is. For example you need not crack complex SSL (based on problic private key) algorithms to hack a site. You take sown a site by much simpler tools like XSS and SQL Injection (E.g. bug that allowed anyone to read anyone else's contact list in Gmail).

Similarly, even if Challenge->Response from ECU to Key (and vice verse) is impossible to crack, car might be vulnerable to other attacks.

Excerpts from article mentioned earlier in thread:
Exactly netfreak that's what I was explaining a the whole concept of Challange -> response using a public and private key pair is based on a premise that private key will never be shared.
Moment a car physical key is handed over to some one t is vulnerable if the person has data reader device.

UMTS SIM uses one of the most secure challenge -> response but still the SIM can be cloned if it is physically handed over to someone who uses a reader and writer.

Similarly I see no reason why a Car key can not be cloned, There is no need for thief to crack the authentication ,Cloning the whole data on an identical device would make the pvt key available.
amitk26 is offline   Reply With Quote
Old 29th December 2010, 23:59   #52
BHPian
 
razorBlades's Avatar
 
Join Date: Oct 2009
Location: Chennai
Posts: 164
Thanked: 70 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878)

feel sorry for the theft! I hope you get your car back soon!

Sometime back I read on the news that there is a GPS assisted theft alarm systems, if it is installed in the car, how easy is it for the thief to find and remove it? is it worth having it in the car?
razorBlades is offline   Reply With Quote
Old 30th December 2010, 08:42   #53
Senior - BHPian
 
getsurya's Avatar
 
Join Date: Aug 2008
Location: Hyderabad
Posts: 1,381
Thanked: 944 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878) [immobilizer beaten?!]

Sorry to hear about the loss! These days it has become extremely difficult to protect good cars in certain parts of our country!

Pray that you get your car back soon...in good shape.
getsurya is offline   Reply With Quote
Old 30th December 2010, 09:59   #54
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,385
Thanked: 336 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878)

Quote:
Originally Posted by amitk26 View Post
Exactly netfreak that's what I was explaining a the whole concept of Challange -> response using a public and private key pair is based on a premise that private key will never be shared.
Moment a car physical key is handed over to some one t is vulnerable if the person has data reader device.
Actually its slightly different. This attack does not rely on duplicating the Key.

Instead of attacking Key<->ECU auth, it attacks communication on car's internal network.

If that is successful, there is no need of duplicating the key.
NetfreakBombay is offline   Reply With Quote
Old 6th January 2011, 07:46   #55
BHPian
 
nijelj's Avatar
 
Join Date: Aug 2010
Location: Bangalore-Ktym
Posts: 366
Thanked: 361 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878) [immobilizer beaten?!]

My father had recently got into a scrap with a safari 2.2, after which the safari guy attempted to run. dad reached for the key,pulled with all he had and got the remote in his hand. the key was still in the ignition. the safari was not able to start after that. also my BIL bought a safari recently and I saw that the key itself is a normal mechanical one. link to the immo is on the remote.
So it seems that there are different strategies used by OEMs.
nijelj is offline   Reply With Quote
Old 6th January 2011, 08:22   #56
Senior - BHPian
 
ghodlur's Avatar
 
Join Date: Sep 2009
Location: Thane
Posts: 5,038
Thanked: 2,075 Times
Red face Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878) [immobilizer beaten?!]

Would it be a possibility that the Safari when it was stolen was not armed at all by the Immobilizer, reasons being faulty battery on the key fob. Does Safari immobilizer arms itself after certain period of time.

Does this issue means that the immobilizers in most cars are prone to theft? In that case what are the precautions which need to be taken.
ghodlur is online now   Reply With Quote
Old 6th January 2011, 10:04   #57
Senior - BHPian
 
Join Date: Jul 2008
Location: Bangalore
Posts: 2,031
Thanked: 380 Times
Default

Just to clarify the Key which I and net-freak spoke off is the code in normal terminology and not the mechanical key.

The below passage does not apply to Safari as the immobilizer is based on fixed key and not AKA.

Dear netfreak when the paper you cited says that the protocols are not secure it also includes any breach of security if private key is let out of the device by any means in broader terms.

There are several possibilities for breaching AKA

1. Any RF of wired connection to the ECU is hacked ( breach of protocol) this will lead to man in middle kind of attack but this attack can be successful only if the man in middle has private key.

2. Breach of protocol security which leads to sharing of private key.

Dear Ghodlur : I am seeing this more as an insider attack or maybe owner left the user manual with code in it inside the glove compartment.
If remote battery is dead the vehicle will not start.

Just to clarify the Key which I and net-freak spoke off is the code in normal terminology and not the mechanical key.

The below passage does not apply to Safari as the immobilizer is based on fixed key and not AKA.

Dear netfreak when the paper you cited says that the protocols are not secure it also includes any breach of security if private key is let out of the device by any means in broader terms.

There are several possibilities for breaching AKA

1. Any RF of wired connection to the ECU is hacked ( breach of protocol) this will lead to man in middle kind of attack but this attack can be successful only if the man in middle has private key.

2. Breach of protocol security which leads to sharing of private key.

Last edited by Amartya : 6th January 2011 at 15:50. Reason: Merging back to back posts.
amitk26 is offline   Reply With Quote
Old 6th January 2011, 10:32   #58
BHPian
 
verditer's Avatar
 
Join Date: Mar 2010
Location: Hosur, Tamilnadu
Posts: 323
Thanked: 72 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878) [immobilizer beaten?!]

Quote:
Originally Posted by ghodlur View Post
Would it be a possibility that the Safari when it was stolen was not armed at all by the Immobilizer, reasons being faulty battery on the key fob. Does Safari immobilizer arms itself after certain period of time.
Yes, in my Safari EX, the immobiliser becomes active after a certain period of time (few minutes of inactivity). But I think it doesnt get active if key is still present in the keyslot.
verditer is offline   Reply With Quote
Old 6th January 2011, 12:38   #59
Senior - BHPian
 
Join Date: May 2007
Location: Bangalore
Posts: 3,652
Thanked: 244 Times
Default Re: Tata Safari 2.2 stolen this morning (DL3C A Y 4878) [immobilizer beaten?!]

Quote:
Originally Posted by ghodlur View Post
Would it be a possibility that the Safari when it was stolen was not armed at all by the Immobilizer, reasons being faulty battery on the key fob. Does Safari immobilizer arms itself after certain period of time.

Does this issue means that the immobilizers in most cars are prone to theft? In that case what are the precautions which need to be taken.
Quote:
Originally Posted by verditer View Post
Yes, in my Safari EX, the immobiliser becomes active after a certain period of time (few minutes of inactivity). But I think it doesnt get active if key is still present in the keyslot.
The Security ECU detects the Door opening and then locks the Ignition after few minutes, if you forget to lock the Safari with the remote, but doors etc all remain open, only immobilizer is activated.

If you remove the battery, the immobilizer still remembers its last active state and returns to that after the battery is connected, therefore in all probability his Safari was towed not broken into.

Last edited by dadu : 6th January 2011 at 12:40.
dadu is offline   Reply With Quote
Old 6th January 2011, 14:02   #60
Distinguished - BHPian
 
condor's Avatar
 
Join Date: Jun 2006
Location: Speed-brkr City
Posts: 10,734
Thanked: 4,300 Times
Default only Un-lock or phsically open the doors ?

Quote:
Originally Posted by dadu View Post
The Security ECU detects the Door opening and then locks the Ignition after few minutes,
Which type ? Physically opening the door, or just using the remote to un-lock the doors ?

FYI, my Sumo has a factory fitted remote + engine immoblizer. Immobilizer kicks in after a preset period of using the remote to unlock the doors. The door itself does not have to be opened physcially. The remote does not automatically lock the doors (in situations where the doors are unlocked but the doors are not opened).
condor is online now   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Engine Immobilizer for Safari 2.2 VTT Lx amitk26 Modifications & Accessories 7 5th December 2016 16:01
Delhi - Goa - Delhi 4878 KMs! shelleve Travelogues 21 11th June 2015 22:17
8 Scorpio mHawks stolen-immobilizer codes cracked!!! ramkya1 Technical Stuff 126 31st March 2012 13:05
urgent!! driver beaten and car stolen at panvel. EDIT: Legal Opinion Needed amit_mechengg Street Experiences 190 25th February 2011 22:46
My car got stolen this morning!! GTO The Indian Car Scene 44 18th October 2004 23:19


All times are GMT +5.5. The time now is 09:46.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks