Chip key-so how did they steal it?

[Max Capacity]

Sorry guy's, I'm still having a hard time understanding way anybody in there right mind would steal one of these things anyway.

 

There are so many Mod'ed Honda's out there that are much easier. Ask me how I know ?....if anybody happens to see a Orange turbocharged 1993 Honda Civic Si out there. I may have the title to it.

[Scruit]

If you go through the programming sequence then it should delete all prior key associations, right?

[farberio]

an antenna wakes it up, causing it to broadcast a signal, which an antenna receives. It needs to be very close, but if you walk up to a guy in a legacy and talk with him about his cool car for a minute before he walks to his destination, that minute is supposedly enough according to the people who have been interviewed in the articles I've read out of curiosity. So how is an immobilizer different?

 

This all depends on the type of RFID being used. The ones in our new US passports can be stolen like that from much farther away.

 

Each manufactures implementation of an immobilizer is a bid different, but here is the general gist of what is going on.

 

1. When you turn your key to acc/on/start, the key is powered on by a coil of wire that sits around the ignition cylinder.

 

2. The key wakes up and reports a unique hard coded number.

 

3. The immobilizer system checks this number against an internal memory table.

 

4. If the immobilizer finds this key in the table it will send a random number to the key.

 

5. The key will apply an encryption algorithm on the random number and send it back.

 

6. If the returned number matches with the immobilizer's system expected response, no action is taken.

 

If the immobilizer system fails at 3 or 6, it will either block the starter from starting, or cut fuel to the engine depending upon the current state of the engine.

 

Step 3 is why the dealer can charge an enormous rate for programming the key to your car. Its up to the manufacturer to provide a customer level programming feature.

[farberio]

If you go through the programming sequence then it should delete all prior key associations, right?

 

This depends on how its implemented, usually there is a programming way that will delete all of them, and a programming way where you add on to the stored data.

[mwiener2]

The designed transmission range of the key is about 2 inches. You'd have to be within a foot or two of the key to steal it's code. So don't talk to strangers trying to frisk you with a wand.

[ClimberDHexMods]

Did not know our key received current. Never heard of that. Then how does a boxed key still work with an STi key?

[farberio]

Its the exact same, but I think you are confusing the keyfob buttons and the immobilizer. They are two distinct and separate operations. The Circuit Board in the box fob operates the buttons. The immobilizer is usually implanted into the plastic of the key. If you take apart your key you will see in the sides of the plastic a small area that was filled with a liquid plastic of sorts...the immobilizer is in there. In an STi key, it contains that immobilizer but does not carry the circuitry to facilitate buttons.

[farberio]

The designed transmission range of the key is about 2 inches. You'd have to be within a foot or two of the key to steal it's code. So don't talk to strangers trying to frisk you with a wand.

 

I hate running into those strangers....its very annoying.

[ehsnils]

The keys contains a passive RFID chip, and it's a question of antenna theory and power in transmission.

 

The further the distance is the more power you need. But in the car the location is known and there is no need for much power, but reading at a distance is possible, and it's even possible to listen in to a "conversation" between the key and the car.

[schwinn]

The designed transmission range of the key is about 2 inches. You'd have to be within a foot or two of the key to steal it's code. So don't talk to strangers trying to frisk you with a wand.

Not quite... passive RFID can be read at far greater distances pretty easily. Consider the passive RFID devices in passports, and then look at this: http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/

 

Greater distances are possible, of course, with some more effort.

[mwiener2]

Ok, so using that british(?) guy as an example.

 

1. He would have to know what codes are for a car and what are considered junk.

2. He would have to be able to match a stolen code with a specific car.

3. He would have to program this code into a chip that the car could read.

4. (Assuming he doesn't want to hotwire the car) He would have to get a key cut for that car.

 

It's doable, but not unless you are targeting a specific car/person. It's not something you should be too worried about.

[farberio]

Not quite... passive RFID can be read at far greater distances pretty easily. Consider the passive RFID devices in passports, and then look at this: http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/

 

Greater distances are possible, of course, with some more effort.

 

Range depends on the type of passive RFID. If I recall, there are three types. The ones in our passports are one of the worst kind...go figure.

[farberio]

Ok, so using that british(?) guy as an example.

 

1. He would have to know what codes are for a car and what are considered junk.

2. He would have to be able to match a stolen code with a specific car.

3. He would have to program this code into a chip that the car could read.

4. (Assuming he doesn't want to hotwire the car) He would have to get a key cut for that car.

 

It's doable, but not unless you are targeting a specific car/person. It's not something you should be too worried about.

 

He would also have to know the encryption process as well as the encryption key. Which by the way, is different for each key.

 

In the end, unless someone is targeting your car specifically you have nothing to worry about. Anyone not targeting specifically you will just tow your car away or be content with a smash and grab.

[schwinn]

mwiener - no argument there... it requires someone determined to gather the signal. I'm just saying that the "2 inches" range is incorrect...

 

And, yes, farberio, you're correct too... range is a function of the type of passive RFID. The point is, it can be done, and at far greater ranges than "designed".

 

The british guy is just one example of accomplishing this... I am sure there are many other similar attempts out there, that are just as easy. As for the encryption key, do you have proof that the car-key actually uses a different encryption key for EACH key? I doubt it... most systems use a single encryption key... or one that is VERY easily broken.

 

For example: http://electronics.howstuffworks.com/gadgets/automotive/rfid-ignition-system.htm/printable

 

As the above article states :"If you equip a laptop computer with a microreader, a device that can capture radio signals, you can capture the transmissions sent out by an RFID immobilizer key. Positioned within a few feet of the RFID transponder -- say, sitting next to the car owner in a restaurant -- the laptop sends out signals that activate the chip. When the key begins broadcasting, the reader grabs the code, and the computer begins decrypting it. Within 20 minutes, you've got the code that'll tell the car to start. (Once you have a good database of codes stored in your laptop, the time gets much shorter.)"

 

Again, a chip is certainly an excellent deterrent... but now that "everyone" has them, the target-pool is wider, and so they will find a way to attack it.

 

Anyway, back to the original point of my post: It's not ranged to "2 inches"... it can be done from MUCH farther away, without the owner even knowing it.

[farberio]

As for the encryption key, do you have proof that the car-key actually uses a different encryption key for EACH key? I doubt it... most systems use a single encryption key... or one that is VERY easily broken.

 

Funny you should ask...the answer is yes. But no I am not going to show it to you!

 

I will say that I helped implement the system used in many vehicles though.

 

Though, I did leave that company, so the secrets are no longer with me anyway.

[slowGT]

Old thread but it has some good info.

 

Can I cut out the chip/plastic part from my factory key and place it over my copy (blank with no chip) made at the hardware store? Does the chip need to get grounded to the metal on the key? Otherwise I don't see how it could be "woken up".

 

This would save about 100 bucks.

[E-Tank]

I've heard of people fabricating keys and just affixing the immobilizer somewhere to the steering column. The immobilizer is not grounded. It's a tiny unit buried in the plastic bulk of your key. From what I've seen, it's a bitch to dig out.

[slowGT]

So they just secure the chip near the column?

 

Thats basically what the antenna wire does from an aftermarket factory immobilizer like a 555 unit. It just loops around the ignition cylinder and gets the signal via the factory key inside the box (immobilizer).

 

I'd still like to keep the chips function (kind of anti theft), which is why I was looking to swap the chip over to the replacement key.

 

I might not be making sense though.

[joop1987]

The thief's swap out the ECU with their own that's matched up to their RFID chip. Bust the steering colomn and drive away.

 

 

Some car's need a couple things matched before the car will start. Ford is the ECU, guage cluster, and key. Mercedes is ECU, guage cluster, HID controller and key. BMW is ECU and key. I bet Subaru is ECu and key only.

 

 

You can now clone a RFID key at Home Depot. Since it's a clone, no need to go to the dealer.

[1055]

Just to throw my hat in the ring... most integrated fobiks now adays (keyless start, keyless go, passive entry, etc) all use a rolling 128bit encryption.

 

Speaking from my years of chrysler experience, there is no way youre stealing an 05+ chrysler/jeep/dodge/ram product without a key that works, or a flatbed.

 

Alot of manufacturers are going this route as well. I wouldnt be surprised if Subaru started it as well.

[slowGT]

Just to throw my hat in the ring... most integrated fobiks now adays (keyless start, keyless go, passive entry, etc) all use a rolling 128bit encryption.

 

Speaking from my years of chrysler experience, there is no way youre stealing an 05+ chrysler/jeep/dodge/ram product without a key that works, or a flatbed.

 

 

 

Who would want to .

[joelwatts]

Just to throw my hat in the ring... most integrated fobiks now adays (keyless start, keyless go, passive entry, etc) all use a rolling 128bit encryption.

 

Speaking from my years of chrysler experience, there is no way youre stealing an 05+ chrysler/jeep/dodge/ram product without a key that works, or a flatbed.

 

Alot of manufacturers are going this route as well. I wouldnt be surprised if Subaru started it as well.

 

I knew I was reading a dodge guy from the first paragraph. It would be easy for a dealer guy to steal a car. You come in for an oil change, we program a key unknown to you. We have all of your info including address. The. Just go pick it up while you sleep peacefully in your bed.

 

Come to think of it, I should be a crook

[1055]

Hahaha the other way is to duplicate the key before the car is sold.

 

Actually (and you may very well know this), our new 'powernet' cars have the ability to have the fob programmed to any car over and over again. If you got your hands on a police or fleet key, you could program it to up to 32 (i believe its 32) cars and drive them all away with the same key.

 

Then again all the big money parts have the vin printed on them now a days, or the vin stamped on the vehicle in 60+ places.. for instance, if a car is sold with satellite radio, sirius/xm now record vin numbers with radio ids. Meaning if your radio is stolen and someone trys to a. Acticate it, or b. You pull the id from it.. with the proper channels you can identify what car it originally came in.

[1055]

Who would want to .

 

Not the first time ive heard that

 

They've come a long way from what most people know.

[1454]

Also, you can just tape the old key underneath the steering column and cut the same style key and your good. I've heard of people with remote starts doing this. I even considered it when I was looking at keyless entry and starting like the ikey and smartkey systems.

 

Sent from my ADR6425LVW using Tapatalk 2