[joybhowmik]

Quote:

Originally Posted by tsk1979

Many modern cars come with an electronic key, i.e. chip embedded in key. So when you insert key, vehicle won't start, unless you have an electronic key.

However, many old vehicles, and some new vehicles use a different remote. They have a remote operated central locking system, which comes with an immobilizer. So if your battery goes dead, or you do not open with remote but use key to open vehicle, the vehicle will not start.

Seems like a good anti theft?
Well no.

When our Safari remotes(minda) started going bad, I started looking solutions. I can call minda and they will program the key for 900 INR all inclusive.

But there is another soution
1. Find the freq of my remote 313MHz or 415MHz(commonly used frequencies)
2. Buy a learning remote
3. Use!

These remotes cost less than 10 USD when bought from ebay china sellers.

So all the thief has to do is stand around when you unlock your car, and train their remote.
So there goes the immobilizer out of the loop. All that is now needed is to get a duplicate key.

Considering hanky panky done at workshops, there is a good chance the unscrupulous employees can duplicate your keys + also duplicate your remote, and then drive of with your vehicle.

Solution? Get a gearlock, and give your vehicle to workshop with lock disengaged and no key. They can duplicate your key and remote, but they cannot duplicate what they do not have.

I hope more manufacturers come with electronic keys
1. more difficult to clone - Your car need not be theft proof, only more theft proof than the next car
2. Even if your remote battery dies, you still can use your car normally. No more running around looking for a remote battery. I carry 2 spare batteries always + a small screwdriver because its a known fact murphy can strike anywhere!

Quote:

Originally Posted by saket77

I have heard about rolling codes used in remote lock systems. Also, I wondered that how come in a parking lot with so many vehicles around, only one specific vehicle unlocks. There is surely something more than just the frequency band.

Quote:

Originally Posted by srishiva

I am not sure if they use the common IR remote codes used for TV etc in cars. Its based on encrypted transmission.

Not sure if what is mentioned here is just speculation without the actual knowledge about how car remotes work.

Modern car security systems work on the basis of hopping codes or rolling codes.

Using typical 40 bit rolling code systems, there's 1 chance in a Trillion, that a thief can use whatever code he copied , and hope that it works when one is away.

Source (How Stuff Works).
Also read: Texas Instruments Remote Controller Encoder / Decoders

Quote:

Here's how it works:

• The transmitter's controller chip has a memory location that holds the current 40-bit code. When you push a button on your key fob, it sends that 40-bit code along with a function code that tells the car what you want to do (lock the doors, unlock the doors, open the trunk, etc.).
• The receiver's controller chip also has a memory location that holds the current 40-bit code. If the receiver gets the 40-bit code it expects, then it performs the requested function. If not, it does nothing.
• Both the transmitter and the receiver use the same pseudo-random number generator. When the transmitter sends a 40-bit code, it uses the pseudo-random number generator to pick a new code, which it stores in memory. On the other end, when the receiver receives a valid code, it uses the same pseudo-random number generator to pick a new one. In this way, the transmitter and the receiver are synchronized. The receiver only opens the door if it receives the code it expects.
• If you are a mile away from your car and accidentally push the button on the transmitter, the transmitter and receiver are no longer synchronized. The receiver solves this problem by accepting any of the next 256 possible valid codes in the pseudo-random number sequence. This way, you (or your three-year-old child) could "accidentally" push a button on the transmitter up to 256 times and it would be okay -- the receiver would still accept the transmission and perform the requested function. However, if you accidentally push the button 257 times, the receiver will totally ignore your transmitter. It won't work anymore.

So, what do you do if your three-year-old child DOES desynchronize your transmitter by pushing the button on it 300 times, so that the receiver no longer recognizes it? Most cars give you a way to resynchronize. Here is a typical procedure:

• Turn the ignition key on and off eight times in less than 10 seconds. This tells the security system in the car to switch over to programming mode.
• Press a button on all of the transmitters you want the car to recognize. Most cars allow at least four transmitters.
• Switch the ignition off.

Given a 40-bit code, four transmitters and up to 256 levels of look-ahead in the pseudo-random number generator to avoid desynchronization, there is a one-in-a-billion chance of your transmitter opening another car's doors. When you take into account the fact that all car manufacturers use different systems and that the newest systems use many more bits, you can see that it is nearly impossible for any given key fob to open any other car door.
You can also see that code capturing will not work with a rolling code transmitter like this. Older garage door transmitters sent the same 8-bit code based on the pattern set on the DIP switches. Someone could capture the code with a radio scanner and easily re-transmit it to open the door. With a rolling code, capturing the transmission is useless. There is no way to predict which random number the transmitter and receiver have chosen to use as the next code, so re-transmitting the captured code has no effect. With trillions of possibilities, there is also no way to scan through all the codes because it would take years to do that.

[tsk1979]

Quote:

Originally Posted by el lobo 6061

@tsk1979, Tata, Mahindra & Mitsubishi cars have always been the easiest to steal. Nothing new.

I'm not a technical person, but I believe the above theory wont work VW laser cut keys which have a floating code and are paired to ECU?

Manufacturers like Tata, Mahindra & Mitsubishi will never give VW type keys as they cost 15K each as they always believe in keeping their cost low no matter what.

15K. Whoa. 15K will buy you a smarphone with RSA 256 encryption capabilities. The cost to company for an encripted key with two factor authentication will be more like 200rs extra.
Its more about the "will".

Quote:

Originally Posted by svsantosh

OT, but can relate to this on a funny note

Last week, my octogenarian neighbor stopped by my newly got 90' M800-AT. He too was a fellow M800 owner, (just back from shopping). He was in awe of the rare AT i got and wanted to take a peek inside. I said 'uncle please wait, let me run up to get the keys', to which he said 'son you are too young' - popped in his M800 key and opened my M800 door and sat inside to look at the Auto shift.

I was speechless!

But new Maruti cars have ECATS. So he cannot start the car with his key. I think your key will have RFID embedded. Alto definitely has one. Does M800 also has ECATS?

Quote:

Originally Posted by joybhowmik

Modern car security systems work on the basis of hopping codes or rolling codes.

Using typical 40 bit rolling code systems, there's 1 chance in a Trillion, that a thief can use whatever code he copied , and hope that it works when one is away.

Source (How Stuff Works).
Also read: Texas Instruments Remote Controller Encoder / Decoders

You are right. However, most systems use the KEELOQ system which is easily copied.
See the link to the remote I mentioned.

What you describe is the next stage which came in because the rolling code (KEELOQ) is easily hackable.

For perfect security, you need two factor authentication
Remote sends code
Receiver gets code and then performs a mathematic operation(secret), and sends it to the transmitter. Transmitter then performs another mathematical operation and sends out the final code which is used to unlock.

This cannot be beaten by a learning remote.
Wherever, there is 1 factor or one way communication... it will eventually be beaten. Its not a question of if, but a question of "when"

[saket77]

Quote:

Originally Posted by joybhowmik

Modern car security systems work on the basis of hopping codes or [b]rolling codes.

How does it then maintains the synchronization with the spare key remote, as many security systems provide 2 remotes?

[sajusherief]

Really don't know about the copying part, but even if you copy and remote unlock your car, don't you really need a chip embedded key to start the vehicle. I guess the engine immobilizer will not allow otherwise. I'll be surprised to know a car model which doesn't have an engine immobilizer now. I draw this conclusion based on the fact that my 2003 model M800 has an engine immobilizer!

[abirnale]

A little OT. I had once received this message and never bothered to verify -

Imagine a car that has after market remote lock. You generally get the key fobs in pair. Imagine you kept one key at home and out on a drive realized that in a parking lot, you left your key inside the car and doors got auto-locked. So simple thing to do is to call home over mobile, ask your family member to unlock the key by keeping the fob near to mobile and while that is being done, hold your mobile close to car - preferably near bonnet, closer to driver side. The belief is that you will get the audio frequency of the remote lock from home transmitted over mobile line to the unlocking unit on car. And then doors can be opened.

I don't know if this is true or false, but I feel if this is so easy, all we need is record that unlock beep without loss/ altering the wavelength and reuse it.

Just to reiterate what is already said - there is no such thing as perfect security. Your car is safer as long as there is someone else out there whose isn't as safer and as yours!

Also, there are two different things stealing a car and stealing things inside a car (or of the car).

[saket77]

Quote:

Originally Posted by sajusherief

I draw this conclusion based on the fact that my 2003 model M800 has an engine immobilizer!

Never knew that 800 had immobilizer back in 2003? That is news to me. Though have read somewhere that those manufactured around 2007 had immobilizers.
My 2002 Zen does not have it.

[tsk1979]

Quote:

Originally Posted by abirnale

A little OT. I had once received this message and never bothered to verify -

Imagine a car that has after market remote lock. You generally get the key fobs in pair. Imagine you kept one key at home and out on a drive realized that in a parking lot, you left your key inside the car and doors got auto-locked. So simple thing to do is to call home over mobile, ask your family member to unlock the key by keeping the fob near to mobile and while that is being done, hold your mobile close to car - preferably near bonnet, closer to driver side. The belief is that you will get the audio frequency of the remote lock from home transmitted over mobile line to the unlocking unit on car. And then doors can be opened.

I don't know if this is true or false, but I feel if this is so easy, all we need is record that unlock beep without loss/ altering the wavelength and reuse it.

Just to reiterate what is already said - there is no such thing as perfect security. Your car is safer as long as there is someone else out there whose isn't as safer and as yours!

Also, there are two different things stealing a car and stealing things inside a car (or of the car).

This is a hoax. It does not work.
You can try it if you want to

[abirnale]

Quote:

Originally Posted by tsk1979

This is a hoax. It does not work.
You can try it if you want to

Glad I didn't waste my time

Remember the scene from "Gone in 60 seconds" about copying the codes from remote. Found some reading here and here

[joybhowmik]

Quote:

Originally Posted by saket77

How does it then maintains the synchronization with the spare key remote, as many security systems provide 2 remotes?

Assuming they use the system described in my post, then the one way this can work is as follows:
Tranmitter A - Uses Pseudo Random Number Generator configuration A
Transmiter B - Uses Pseudo Random Number Generator configuration B
Receiver -
a) Recognizes Transmitter A based on function key pressed on Transmiter A (e.g. lock/unlock/siren), and then uses Pseudo Random Number Generator configuration A
b) Recognizes Transmitter B based on function key pressed on Transmiter B (e.g. lock/unlock/siren), and then uses Pseudo Random Number Generator configuration B

Note that the mechanism to physically control which specific configurator is to be used by the Receiver, maybe as simple as designing an ON/OFF switch that (activates depending on key press) - certain memory blocks storing the next random number seed (for A or B) . These blocks are then read, by the code generator module to produce the code. So you dont need two code generator modules inside the Receiver - just the one. Only a way to store two possible values of the next random number seed.

therefore, the operation is completely transparent to the user. You can lock with Transmitter A, and unlock with Transmitter B
But behind the scenes, and unknown to you , it was as-if two different random number generators were used.

[audioholic]

Doesnt the amount of safety depend upon the kind if immobilisation? A few years back, we had this Autocop top of the line system in our Omni, which offered engine immobiliser by disabling the starter signal when armed. Hence if the car was locked, we couldnt crank the car. However push starting would work - Immobiliser Fail( though the siren would work

It so happened that this whole remote locking system developed niggles. On a rainy night the siren blasted, and it wouldnt stop. It took me just under a minute to get inside the car and kill the entire system. I went inside, removed two connectors going into the remote locking module and laid the whole thing to rest. So for a thief, I dont think its difficult to bypass or disable the entire security system. The immobiliser can be disabled too.

On the other hand, the Icats immobiliser provided by maruti is a different game. The car will crank, but the ignition system is disabled, which will prevent the engine from firing up. The setup is pretty accurate, and wont start the car even if there is a second key close to the first one since the RFID tag cant be read correctly. Unless a duplicate key is programmed into the ECU, that key will not be able to start the car. So it requires highly skilled or rather inside hands to steal such cars.

But anything and everything may act as a theft deterrent, but I dont think theres anything to make a car theft proof, since people with bad intentions can always develop some or the other way to get their job done.

[Captain Slow]

I do not know how true this is but when I recently shifted by regular remote for a flip key along with the remote components where was a separate chip. Without porting this chip to the flip key the car would not start.






similar to the black little chip pictured here.

Now this chip doesn't need a battery or power source to work and this is in no way connected to my remote unit, So how would a potential thief start a car with this kind of a system ?

[tsk1979]

Quote:

Originally Posted by Captain Slow

Now this chip doesn't need a battery or power source to work and this is in no way connected to my remote unit, So how would a potential thief start a car with this kind of a system ?

That's what I said. Cars with RFID in key cannot be stolen with a cloning remote.

[Captain Slow]

Quote:

Originally Posted by tsk1979

That's what I said. Cars with RFID in key cannot be stolen with a cloning remote.

Yup thanks, when I ported keys I forgot this little chip and tried to crank up the car! The car would crank but wouldn't start.
I was worried if something was wrong that's when I remembered the little black chip.
The moment I had the chip near the key hole the car cranked up and came to life!

[nik0502]

Hi all,

Interesting topic here. I have a question. I have a ford fiesta EXI. I don't think my car has an immobilizer. But my mech always says don't worry ford is theft proof as the keys are not like a regular key. People who have seen the key would know what i am talking about. I want to know if that is true. Because i think its just a rumor. I know there is nothing called theft proof. and also if I am sitting inside the car and i lock the car using the remote and try to start it does start so this proves that it does not have an immobilizer.

nIk

[EFF-EIGHT-BEE]

Quote:

Originally Posted by tsk1979

Many modern cars come with an electronic key, i.e. chip embedded in key. So when you insert key, vehicle won't start, unless you have an electronic key.

Nice and informative thread tsk1979! I want to ask about the immobilizer used in Figo, is it the one with chip embedded or remote locking type?