New KESSY Key

[pa_ko]

2 hours ago, Kenny R said:

I presume you omitted to read this bit from the link you just posted above...

 

“6.1 Immediate Countermeasures
Shielding the Key One obvious countermeasure against relay attacks is to prevent the communication between the key and the car at all times except when the owner wants to unlock the car. The users of PKES-enabled cars can achieve this by placing the car key (fob) within a protective metallic shielding thus creating a Faraday cage around the key. A small key case lined with aluminum might suffice for this purpose. While the key is in the key case, it would not re- ceive any signals from the car (relayed or direct). When the user approaches the car, he could take the key out of the case and open and start the car using the PKES system. The users who would opt for this countermeasure would loose only little of the convenience of PKES. Similar countermea- sures have been proposed to block the possibility of remote reading of RFID tags embedded in e-passports. However, an attacker might be able to increase the reading power suf- ficiently to mitigate the attenuation provided by the protec- tive shield. We note that designing a good Faraday cage is challenging [35]. Still, this countermeasure would make the relay attack very difficult in practice.”
 

 

Did you read it?

'...an attacker might be able to increase the reading power suf- ficiently to mitigate the attenuation provided by the protec- tive shield. 

Meaning: Poor shield (cheap crap bags) are not good protection

 

...We note that designing a good Faraday cage is challenging [35].

Meaning: cheap snake oil 'Faraday bags' are not Faraday cage. 

 

...Still, this countermeasure would make the relay attack very difficult in practice

Meaning: good protection (again: NOT cheap bags but alu foil or more expensive = quality protective casing) would provide high level of protection (but not 100%).

 

 

 

[Kenny R]

Edited 13 February, 2019 by Kenny R

[Berisford]

Curious thing is, why do so many VW group vehicle get spirited away in the night when switching off the Kessy system is seemingly so easy.....unless of course they can still be opened via access to the key signal?

 

[silver1011]

Because very few people disable KESSY.

 

Just like wrapping your keys in kitchen foil each night, then unwrapping them again in the morning, it's a hassle.

 

If the thieves can't open your car from the driveway, then they'll just kick the door down and beat you, until you tell them where the keys are.

 

With my keys in this pouch my car won't unlock. That's good enough for me. If they really want my Skoda then they can have it. I'm insured.

 

 

[Berisford]

I don’t think there’s that much kicking down doors and beating folk to get at the keys going on, that sort of behaviour tends to spur the boys in blue on a little........spiriting the car away with a little help from electronic gizmos is far the preferred modus operandi of your common a garden scroat but if the Kessy disable procedure genuinely works then I’m OK with that........though I’d be even more happy if the key had the movement sensor mentioned in the handbook when my Karoq eventually arrives. 

[silver1011]

33 minutes ago, Berisford said:

I don’t think there’s that much kicking down doors and beating folk to get at the keys going on, that sort of behaviour tends to spur the boys in blue on a little.

 

It's more common than you might think.

 

Ask most owners of the VW Golf R, Audi RS3/4/5/6. If the desire to get the car is strong enough, a uPVC door isn't going to stop them.

 

These threads are becoming all too regular...

 

https://www.pistonheads.com/gassing/topic.asp?h=0&f=23&t=1734148&i=0

 

Luckily we drive Skoda's, a Skoda SUV to boot. Sleep well!

[pa_ko]

11 hours ago, Kenny R said:

 

Where ignorance is bliss, 'tis folly to be wise

[Breezy]

Best anti theft device on our Karoqs is the badge on the bonnet and tailgate. Enjoy and bask in the fact that badge snobbery is likely to keep your car much safer than any Faraday wallet. 

[pa_ko]

For less ignorant people, here is a hack for adding movement sensor to our existing kessy fobs

 

Use one of gyro brakeout circuitry like this one 

https://github.com/explorelabs/Explore-Labs-3D-Gyroscope-L3GD20H-Breakout-Board/blob/master/README.md

 

Rewire keyfobs battery through this circuit and you get keyfobs which will be powered only if moved. With little additional delay circuit, it is possible to have kessy powered for short time (e.g. 60-120sec) after movement so you may be stationed while unlocking car and also have sufficient time while seated in car to start engine.

 

I'm planning to assemble such circuit for testing. As it only require resoldering battery connection wires, all circuit can be externalised for testing and later I can return keyfobs to original state without any physical damage.

[sakta]

2 hours ago, pa_ko said:

For less ignorant people, here is a hack for adding movement sensor to our existing kessy fobs

 

Use one of gyro brakeout circuitry like this one 

https://github.com/explorelabs/Explore-Labs-3D-Gyroscope-L3GD20H-Breakout-Board/blob/master/README.md

 

Rewire keyfobs battery through this circuit and you get keyfobs which will be powered only if moved. With little additional delay circuit, it is possible to have kessy powered for short time (e.g. 60-120sec) after movement so you may be stationed while unlocking car and also have sufficient time while seated in car to start engine.

 

I'm planning to assemble such circuit for testing. As it only require resoldering battery connection wires, all circuit can be externalised for testing and later I can return keyfobs to original state without any physical damage.

At that scale, that would be incredible pointless. It wouldn't be practical, nor useful for any Skoda owner to demonstrate a key with a cheap Arduino module on it....

 

Not to mention, I2C/SPI requires you handle the data in some form. You need some form of data processing, so no, you cant just wire the key fob battery to it. Unless you know assembly and want to reverse engineer the key and develop some simple software for it, and create an entire new PCB.

Edited 14 February, 2019 by sakta

[patrolman]

13 hours ago, Berisford said:

I don’t think there’s that much kicking down doors and beating folk to get at the keys

You want to live in Birmingham !

[pa_ko]

5 hours ago, sakta said:

At that scale, that would be incredible pointless. It wouldn't be practical, nor useful for any Skoda owner to demonstrate a key with a cheap Arduino module on it....

 

Not to mention, I2C/SPI requires you handle the data in some form. You need some form of data processing, so no, you cant just wire the key fob battery to it. Unless you know assembly and want to reverse engineer the key and develop some simple software for it, and create an entire new PCB.

From oversimplification to overcomplicating.

 

Either you don't have experience with digital electronics or you just want to discourage people to think beyond snake oil.

 

No need for Adruino nor new PCB. There is programmable interrupt that I just user to break battery connection to original kessy fob circuitry.

 

Important: tested it just now and it works in practice. When I move - kessy gets power and works. If I leave keyfobs stationary - it is out of power so no theft is possible. (I out this all together in clumsy way just to check if kessy will work fine with fast switching power supply)

 

Now time for improved design. Don't this, recommend by friend:

https://www.elecrow.com/vibration-sensor-module-sw420-p-525.html

Just connected it to 74122 retriggerable Monostable Multivibrator.

 

Now, if I move keyfob, vibration sensor triggers a 74122 which generates an impulse of 30sec. width which just turns on battery supply to existing kessy electronics inside keyfob. After movement ceases, impulse from 74122 shouts (breaks) power supply to kessy circuit (after 30 seconds).

 

Over weekend I will play with miniaturisation, packing everything in single PCB that I can put inside keyfob.

 

P.S. Even having it outside is ok for me right now. I just hold key of in my messenger bag Al the time so I don't have problems with some wiring around it as I very rarely take it out (that is all point of keyless for me to have no need to ever get it out of my bag that I carry around with me all the time).

 

[TheRobinK]

23 minutes ago, pa_ko said:

retriggerable Monostable Multivibrator

 

Oh yes. Skoda should definitely add this to the Karoq options list. I'd bet that quite a few women (and possibly a few men) would pay up for one.  Keyless entry would never be the same...   

[pa_ko]

17 minutes ago, TheRobinK said:

 

Oh yes. Skoda should definitely add this to the Karoq options list. I'd bet that quite a few women (and possibly a few men) would pay up for one.  Keyless entry would never be the same...   

 

Ah... Yes. Surely. As well as some people buy snake oil and Faraday bags. Simply clever.

[Nicky_P]

On 13/02/2019 at 21:15, Berisford said:

I don’t think there’s that much kicking down doors and beating folk to get at the keys going on, that sort of behaviour tends to spur the boys in blue on a little........spiriting the car away with a little help from electronic gizmos is far the preferred modus operandi of your common a garden scroat but if the Kessy disable procedure genuinely works then I’m OK with that........though I’d be even more happy if the key had the movement sensor mentioned in the handbook when my Karoq eventually arrives. 

I can only go by what's been posted on a Golf R forum that I'm a member of, all the posts relating to stolen R's over the last couple of years are via house break in.....

[Berisford]

23 minutes ago, Nicky_P said:

I can only go by what's been posted on a Golf R forum that I'm a member of, all the posts relating to stolen R's over the last couple of years are via house break in.....

 

Hmmm....quite a poor state of affairs really, what are we allowing our world to become, feral types and savages allowed to roam freely amongst us?......Well, let's just concentrate on the 'spiriting away in the night' business of more mundane motors like the Karoq.....anything that hampers this scandalously easy practice must be a good thing, so roll on the movement sensor Kessy. 

[silver1011]

On 14/02/2019 at 17:02, pa_ko said:

 

Ah... Yes. Surely. As well as some people buy snake oil and Faraday bags. Simply clever.

 

As mentioned, my £6 snake oil covered Faraday bag works a treat.

 

The best bit, it required zero effort, was delivered through my letterbox, and the £6 was for two.

[pa_ko]

The significant surge in keyless theft in last few months is related to Chinese mass production and general easy available of electronic equipment. You can buy one cheap at Ali.. and even Amazon:

https://www.msn.com/en-gb/cars/news/car-theft-kit-for-sale-on-amazon-how-web-giants-are-helping-criminals-buy-devices-that-can-be-used-to-steal-vehicles-for-as-little-as-£100/ar-AAwcP9x

 

So all previous experience, testimonials and 'expert' opinions on modus operandi are baseless as situation has changed dramatically.

 

Law enforcement is light-years away (they needed just few years from publication of above mentioned hack to figure out sale of that equipment on Ali and Amazon) of agility of thiefs, supported by vibrant Chinese industry and secured by ignorant stupidity of communal snake-oil 'experts' building public opinion that there is no risk when you put your key in bag and head into sand.

[silver1011]

I didn't read the reviews. I popped my key into the pouch of snake oil, stood next to my car and discovered I was unable to open the door.

[pa_ko]

23 minutes ago, silver1011 said:

 

As mentioned, my £6 snake oil covered Faraday bag works a treat.

 

The best bit, it required zero effort, was delivered through my letterbox, and the £6 was for two.

 

BTW same snake-oil I bought for 1.5USD (free shipping) for testing. 

 

But if course on even greater mastermind than myseld could protect itself for free burying head in the sand.

[don_kiddik]

1 minute ago, pa_ko said:

 

BTW same snake-oil I bought for 1.5USD (free shipping) for testing. 

 

But if course on even greater mastermind than myseld could protect itself for free burying head in the sand.

 

         or their car keys !!

[Nicky_P]

2 hours ago, Berisford said:

 

Hmmm....quite a poor state of affairs really, what are we allowing our world to become, feral types and savages allowed to roam freely amongst us?......Well, let's just concentrate on the 'spiriting away in the night' business of more mundane motors like the Karoq.....anything that hampers this scandalously easy practice must be a good thing, so roll on the movement sensor Kessy. 

This is a cut and paste from a current thread on the R forum, not good reading.....

 

Hi guys,   Right I’m having a few sleepless nights. A couple of months ago we had an attempted break in for the car and they left empty handed as posted on here.   The thefts are getting pretty more violent in Birmingham as I’m guessing we’ve all seen the latest golf R and BMW taken by masked machete welding thugs smashed the door in to get keys.   Monday 2 Audi’s were taken in a similar manor only a mile from me. So is a ghost going to help you? After submitting your keys to the assailant what’s he is reaction going to be to realising he’s just wasted his time? Or do you put a sticker on to advise you’ve got ghost fitted of which the installer doesn’t advise

 

[silver1011]

17 minutes ago, pa_ko said:

 

BTW same snake-oil I bought for 1.5USD (free shipping) for testing. 

 

But if course on even greater mastermind than myseld could protect itself for free burying head in the sand.

 

I don't follow you, burying your head in the sand isn't going to help.

 

My greasy pouch however, does exactly what it says it'll do, and block the key's signal.

[pa_ko]

29 minutes ago, silver1011 said:

I didn't read the reviews. I popped my key into the pouch of snake oil, stood next to my car and discovered I was unable to open the door.

Thiefs are using amplifier to rely the signal. Car is not using amplifier. So it is not sufficient that you cannot unlock the car door. Thiefs can sense and amplify the week signal (escaping poor protective  casing) even car cannot get it. That is the point of this attack. 

 

BTW the same Chinese selling the bags are selling the hacking equipment 

 

Do you really think they are selling things that will protect you from themselves?

 

No. 

 

8 minutes ago, silver1011 said:

 

I don't follow you, burying your head in the sand isn't going to help.

 

My greasy pouch however, does exactly what it says it'll do, and block the key's signal.

 

It blocks the signal to your car. That is what you prove if you cannot unlock the car.

 

But if you read the article and learn lot of electromagnetic and inspect your bag and perform spectral analysis and investigate Chinese hacking electronic... you will find that weakened and distrorted signal from your bag (which is distorted in such way that car is not recognise it - that is what you tested and you think it is sufficient) still carries information (signal in border or partial spectrum ranges) which can be acquired, amplified and rectified and then relayed to car. 

 

And be sure Chinese are very well aware of spectral range and all electromagnetic characteristics of keyless systems. They are producing it. Simply clever. Just send to China your security production for lowering costs and then be suppressed how these 'stupid' Chinese are quick to hack your 'clever' passive keyless security... 

 

[silver1011]

4 minutes ago, pa_ko said:

BTW the same Chinese selling the bags are selling the hacking equipment 

 

Do you really think they are selling things that will protect you from themselves?

 

No. 

 

I think they won't be bothered, whether their stuff works or not is low down their priority list.

 

You're assuming my pouch isn't effective. As with everything in life, some versions of the same product work better than others.