Debunking Criminals Cloning Key fobs Myth

[BrownBarge]

Why was my post deleted from this thread?

[john999boy]

Why was my post deleted from this thread?

Because it contravened Site Rules.

Just like this one which is questioning why it was removed......

Maybe if you read your PM's you'd have known why.

[BrownBarge]

Because it contravened Site Rules.

Just like this one which is questioning why it was removed......

Fantastic. Gone i guess are the days when a mod would give a quick PM with an explanation. Im not entirely sure how it contravened site "rules" either. Its no wonder i didnt bother renewing my freedom membership.

I checked for a pm before posting and i hadnt recieved any

Edited 8 February, 2015 by BrownBarge

[john999boy]

Just to be perfectly clear on this subject.

Showing exactly how things can be circumvented is passing that limit. Everyone else please take heed as it's sometimes easy to forget the Rules that are in place on Briskoda.

BTW, You were informed shortly after your post was removed.

[BrownBarge]

Just to be perfectly clear on this subject.

Showing exactly how things can be circumvented is passing that limit. Everyone else please take heed as it's sometimes easy to forget the Rules that are in place on Briskoda.

BTW, You were informed shortly after your post was removed.

Understandable but maybe editing the post to remove the video would of been more suitable?

For those who missed my post,{TEXT REMOVED}. Its a flaw in the system. The thieves might look dim but they know what they are doing. Vag group cars are everywhere so once a thief knows how to get into one he can get into them all.

Edited 8 February, 2015 by john999boy
I'm not sure why you think that writing about a 'how to' is better than linking to a video?

[gadgetman]

Please don't post or link to info that could help a thief

As for PMs, staff sometimes simply don't have the time to send everyone a pm explaining everything.

[fordfan]

Why have BMW being recently silently rolling out a software fix to prevent their group cars from being opened using a mobile phone?

 

And since when did we allow discussion of moderating issues in public?, that's against the rules as well.

[Toxicvrs]

The BMW app for smartphones with the new self park on the I3 and I8 will be an interesting one as someone can steal the phone and they have your car too

[colinecek]

I started off this thread debunking cloning key fobs by sniffing and this has turned into a much broader discussion relating to car theft and how theft may or may not be perpetrated.   To be honest, I find myself thinking about stuff for which I don’t have first hand knowledge or experience, and it’s getting way bigger than I expected – not that I really considered what to expect, and just maybe I should have.  Don’t get me wrong, I think this is a healthy discussion and I for one; appreciate the opportunity to learn something I did not know, as I have done through out this thread.

 

I asserted that it is not possible to clone a key fob by sniffing (the radio signal as a close/open button is pressed on the key fob).  Even now I stand solidly by that assertion given my understanding of how these key fobs work, which is in short:

 

1. The key fob (transmitting device) and the central locking ECU (receiving device) are paired with the same large block of large randomly generated security code numbers that are stored in indexed tables in each device. 
2. When a button is pressed on the transmitting device, it transmits 3 key pieces of data: the security code (that was ordered in a previous button press or pairing), the function code (lock/unlock etc) and a randomly generated index number (pointer into the stored table of security code numbers) to be used for the next button press.
3. The receiver can only act on a function code if the security code exactly matches the code it was ordered to use on the previous successful transaction or pairing.

 

Given that only the transmitter and receiver know the next security code to be used to lock/unlock the car, I would think that it would take a very long time for any kind of processor to work through upwards of a trillion numbers to find a security code that the receiver expects.  As fabiamk2SE put it:

 

”Can’t get away from the fact that the easiest thing to do is break into the house and steal the keys.”

 

As I have said previously: the only viable way for a thief to circumvent the key fob system is to prevent the receiver from receiving a lock signal in the hope that the transmitter operator does not notice.

 

However, having lent strongly on the “it can’t be done camp”, a side of my brain warns me “never say never!”  At the end of the day, these systems are just systems; designed by very clever people and programmed by very clever people who can never fully protect these systems from equally clever criminals who want your stuff! 

 

Regarding “Keyless Entry Systems”: My thinking is:

 

1. The same or better security is most likely applied to these systems as described for the key fob system.
2. The fob periodically transmits a so called friendly signal, and it is possible for a criminal to listen to that fob friendly signal, and subsequent signals using a sniffer device, and relay the signals to a receiver close to a car that then in turn retransmit the signal to the cars receiver subsequently fooling the car receiver that the owner is at the car and unlocks.  Once unlocked, access to the OBD and … well… you know the rest.  This in my view is a huge security weakness.
3. Anyone who connects their car to a mobile phone really needs to think again.  Cool maybe, but a very serious security risk. 
4. In my view keyless entry should be aborted.  I say bring back the key!  We, the below lux car owners are paying through insurance premiums for the well healed to push their start buttons.  My message to the well healed: If you’re so set on pressing the start button thingy, go by an F1 car and live the dream! But please, buy car with a key.

 

@fordfan: “Why have BMW being recently silently rolling out a software fix to prevent their group cars from being opened using a mobile phone?” Because it was a dumb ass idea in the first place.  Whoever in BMW suggested this as being a good idea should be fired! This should never have been introduced; neither should any kind of remote start.

 

@Rustynut:  I am Czech so I may wrongly refer to something by the incorrect name.  What I meant by “key blade” is the physical key, not some other device that would enable a lock to be operated.  Also my reference to disabling the alarm was meant to be in context of a thief being able to access the OBD without triggering the alarm, if indeed there is such a thing fitted, and that if a thief could gain access to the OBD without triggering the alarm, then I would want my money back because the alarm is not performing the very task it was designed to do, which is to alert the presence of unauthorized access.

[BrownBarge]

Hopefully this wont be deleted but if you unlock your car with the key in the door lock the alarm is deactivated. Assuming a manufacturers alarm is fitted. A decent aftermarket alarm that locks out the OBD port and will sound if the doors are unlocked should help the fight

[Rustynuts]

 

@Rustynut:  I am Czech so I may wrongly refer to something by the incorrect name.  What I meant by “key blade” is the physical key, not some other device that would enable a lock to be operated.  Also my reference to disabling the alarm was meant to be in context of a thief being able to access the OBD without triggering the alarm, if indeed there is such a thing fitted, and that if a thief could gain access to the OBD without triggering the alarm, then I would want my money back because the alarm is not performing the very task it was designed to do, which is to alert the presence of unauthorized access.

 

There are three main parts to the key. The remote part which talks to the car, the immobiliser transponder which talks to the ignition system, and the key blade which works in the locks. If the thief in the vid I posted had a complete key (all three parts) then he'd just get in and drive the car away without needing the laptop. If any part is missing then he needs to make up the other part by another means (that goes for all three parts). So clearly he hadn't got all three parts, so how did he defeat the alarm, get in, defeat the immobiliser, start the car, and drive away? Seriously, can you answer this?

If you can't agree that he used some means to circumvent one or more of the systems, then he must've had a complete key and he really is a very poor thief to take that long to steal a car he had the keys for.

[Richf]

Looked to me the guy stealing the Golf had a number of keys , tried one , went off and got another and so on , until he got the right set

Let's not forget a lot of these car criminals have people on the inside getting spare keys etc.

No alarm is perfect and no car is unstealable all you can do is make it more trouble than someone else's down the road. Truth be told I'd rather have a car stolen in a manner that didn't involve breaking into my home and putting my family at risk

[BrownBarge]

Rustynuts, i have only just seen your video of the golf and his way of entry was one i posted earlier however it was removed from this thread.

Also for anyone whos watched that video.. The land rover next to the golf, its door is open. It looks as though he failed to steal that first. Perhaps it was more valuable than the golf

[Rustynuts]

Looked to me the guy stealing the Golf had a number of keys , tried one , went off and got another and so on , until he got the right set

Let's not forget a lot of these car criminals have people on the inside getting spare keys etc.

No alarm is perfect and no car is unstealable all you can do is make it more trouble than someone else's down the road. Truth be told I'd rather have a car stolen in a manner that didn't involve breaking into my home and putting my family at risk

He has three or four goes at the car door, then the next time he comes back to the car (round about 3.57 in the vid) the alarm is deactivated, the interior lights come on, and the indicators flash, clearly signifying that he's used electronic means to (either or both) deactivate the alarm and unlock the doors. And at that point he's carrying a laptop. So if he had keys (again, at the risk of repeating myself) why would he need to go through all the rigmarole of doing what he does? A really dumb thief would have a range of car keys and keep going home for them one at a time though, don't you think?

 

It is possible to steal a car without having a physical key, using mechanical and electronic kit which is available if you know where to buy. It happens every day.

[Ootohere]

Or just a Slide Hammer & a Palmtop.

[patrolman]

Effecting entry in to vehicles for reasons of keys,pets,children locked in cars is a big part of our job ,in the good old days we were given slim jims and welding rods to gain entry,

 but now with modern cars we are issued lock pick devises thease are easely avalable from lock smith supplyers and with practice you can be in a vehicle in a couple of minuits

with no damage and as has been said befor if you unlock with the key in most cases it dissables the alarm ,some of thease divices will even give you a key code when done,most cars

with electronic steering coloms will release once the ignition is on.

[Guest]

colinecek, until last year I spent 34 years as a tech, master tech, engine and development engineer. I can tell you it is possible to clone most key fobs for most cars using available technology. I've seen it done and I too have been trained to enter cars without keys for the purpose of my job to assist customers. It was not possible to do this in the early days but technology has moved on according to the police in my area by thieves who are targeting high value cars. I don't think it's the easiest way to do it or the cheapest but some thieves think it worthwhile I guess.  I too had a set of lockpicks for all types of cylinder locks on cars and a range of other tools to gain entry. Especially useful if a customer has brought his car in for service, locked his car up in the wrong place on the forecourt and gone off on the train for the day with his key in his pocket. Disabling the average alarm is easy if that needs to done too, and on modern cars it usually is unless the original key fob is used. I would add that many cars can be accessed in many different ways both mechanically and electronically. But I'm not saying how. Many of you would be surprised if you knew just how easy it can still be on some cars. However, generally cars are much much safer from entry or theft these days and anyone without tools and knowledge won't be able to do it without a brick! Incidentally, locksmith tools are not available to anyone not registered to hold them, from a supplier and you or your organisation must normally hold a training certificate from the Master Locksmiths Association or similar accredited body. It's an offence to be found with locksmith tools in your possession without it being necessary for your job. It's called going equipped...etc.

[patrolman]

colinecek, until last year I spent 34 years as a tech, master tech, engine and development engineer. I can tell you it is possible to clone most key fobs for most cars using available technology. I've seen it done and I too have been trained to enter cars without keys for the purpose of my job to assist customers. It was not possible to do this in the early days but technology has moved on according to the police in my area by thieves who are targeting high value cars. I don't think it's the easiest way to do it or the cheapest but some thieves think it worthwhile I guess.  I too had a set of lockpicks for all types of cylinder locks on cars and a range of other tools to gain entry. Especially useful if a customer has brought his car in for service, locked his car up in the wrong place on the forecourt and gone off on the train for the day with his key in his pocket. Disabling the average alarm is easy if that needs to done too, and on modern cars it usually is unless the original key fob is used. I would add that many cars can be accessed in many different ways both mechanically and electronically. But I'm not saying how. Many of you would be surprised if you knew just how easy it can still be on some cars. However, generally cars are much much safer from entry or theft these days and anyone without tools and knowledge won't be able to do it without a brick! Incidentally, locksmith tools are not available to anyone not registered to hold them, from a supplier and you or your organisation must normally hold a training certificate from the Master Locksmiths Association or similar accredited body. It's an offence to be found with locksmith tools in your possession without it being necessary for your job. It's called going equipped...etc.

we are members of master locksmiths association as we have an auto locksmith sevice, as for equipment I have brought equipment from supplyers with out checks or certification.

[Guest]

Hi patrol man, yes...I suspect that's because you are a "patrol man".  You guys of whatever organisation someone may be in are registered, a supplier would not question that. However, in my opinion they should (no offence) because anyone can impersonate a registered person or firm. I had accredited id to show to anyone that needed to see it. On another note, and one that you will I suspect agree, if someone has been able to get the tools, it's another thing being able to use them. Training is pretty much essential to get success. 

[Richf]

You cant get the training online ie youtube (or in jail or young offenders units )

 

A lot of these tools shouldnt be available like GPS jammers but you can buy it all online if you choose

[colinecek]

Some great responses there and I agree with everything that’s being said.  I did say that breaking a window is easy way in to get at the OBD, but I did not mean that to be exclusive.  I understand that there are other ways entrance can be affected without damage.

 

However, what I did say was that it is not possible to sniff a transmitting key fob and clone another key fob using the data collected.

 

@Estate Man & patrol man:  Have either of you in your past experience seen a key fob being programmed using data sniffed from a transmitting key fob? 

[Ootohere]

Lots of information is on here now but it is freely available on the Internet and as for link to ways to steal, thieves can use Google,

probably better than most, after all they can steal good computers and phones.

 

As to 'data sniffing', no offence but when a new member is showing such interest in the subject, maybe it is best to not discuss it in too much depth.

 

george

Edited 10 February, 2015 by goneoffSKi

[Guest]

I think george is right. Best to not go on about this too much. I know all the information is on the net but best to maybe not talk about the detail. All I will say is every system is breakable and I've seen just about everything. Never ceases to amaze me as to what individuals get up to.

[colinecek]

@goneOffski & @Estate Man: I am not asking for details and I completely agree with not giving out information likely to be of value to a criminal type.  I understand and appreciate your caution, but I am simply interested in whether you can irrefutably say that in your experience/knowledge that it is possible to copy a key fob based entirely on sniffing  a host key fob as it transmits a command to a vehicle.

 

Here is the reason why I am interested.  My car was broken into 2 times in the week before Christmas. On the first time they got away with my Columbus Nav, and on the second time they got away with my laptop which was in the boot.  I have owned my car from new and in the 7 years I have never had a problem until then and I was shocked that the criminals were able to gain access to my car without triggering the alarm.  I am even questioning if I did actually lock the car on both occasions.  I want to make myself more secure and to that extent, I intend to do things to increase my vehicle security.

 

I had thought that my car had an alarm installed in that it is a top of the range and I thought I had ordered every conceivable extra.  Turns out it does not have… grrrrr!  So I am going to install an alarm that will not be connected to the OBD that will call my mobile when the alarm is triggered.

 

I am also going to secure the boot.  I need to be confident that if a criminal does get into my car he cannot get into the boot. and I am going to disable the key fob if that proves to be a vulnerability.

 

I joined this community to learn as much as I can do regarding car security.  I very much value the experience shared throughout this thread and I am going to learn stuff that’s going to be very helpful to me.  The reason why I am being so persistent with this thread is because I need quality information that going to help me, not hearsay that’s going to misdirect me.

Edited 10 February, 2015 by colinecek

[patrolman]

this should answer your questions

 

http://electronics.howstuffworks.com/gadgets/automotive/unlock-car-door-remote1.htm