Joined
·
5,301 Posts
How does anything work that transmits signals, I would think by Radio Waves? Remember the original TV Remote Controls that didn't use batteries and just made a chime noise? This I'm sure is covered at Google
I think the correct question is how does the car recognize the fob(s) it's been programmed for and no others. I believe each fob has a unique ID, much like the MAC ID on a Ethernet card.I understand the basics of how the remote signaling for door locks, trunk, horn, etc. works. I'm just curious about what kind of encryption GM uses to lock those key fobs to specific vehicles.
I don't think it's a separate system. I think at close range, the coil to pick up the magnetic "call" is able to power the fob. It's an alternate power source to the existing system, not a separate system.I'm also interested if the key fob contains an RFID chip. I assume it does because even with the battery dead you can place the key fob in the cup holder and the car will start, so it has to be some sort of active signaling for when the battery works but a passive backup for when the battery is dead.
That's my understanding as well. The transmitter advances to the next code with each press of the button. The receiver does likewise. The receiver also will accept later or earlier codes, up to ±5, I think. That way, if the user presses the button on the fob while it's out of range of the car, the fob will be one code ahead, but the receiver can still figure it out.I believe there's also "code rotation" to prevent a simple replay attack from getting access to your car.
Ahead, yes. But I don't think it would accept any behind. That would leave the door open for a replay attack.That's my understanding as well. The transmitter advances to the next code with each press of the button. The receiver does likewise. The receiver also will accept later or earlier codes, up to ±5, I think. That way, if the user presses the button on the fob while it's out of range of the car, the fob will be one code ahead, but the receiver can still figure it out.
As I recall, there was a Dallas Semi app note that described this very well, but danged if I can find it now. So some of the details are fuzzy. I agree, accepting old codes would indeed leave the car vulnerable. Good catch.Ahead, yes. But I don't think it would accept any behind. That would leave the door open for a replay attack.
Once a code is received, it won't work again until the table comes back around. I'm not sure how big the code table is, but I'd imagine it's pretty big.
The bigger the table is, the further ahead the receiver can accept without creating too big a window.
Can't that be spoofed with the same vulnerability as comes with garage door openers?I believe there's also "code rotation" to prevent a simple replay attack from getting access to your car.
As I understand it, while two transmitters could send the same code, the next codes will be different. The fobs may transmit on the same frequency, using the same modulation scheme and data scheme. But each one uses a different key that makes them unique. The key is used to create a new code relative to the previous code. So, if both transmitters send the same code but have different keys, then their subsequent codes will be different.Can't that be spoofed with the same vulnerability as comes with garage door openers?
Easier then that. Apparently what's used is a "relay" box. It picks up the signal from the car and sends to companion unit that transmits the same signal - with power (longer range). Since the majority of people leave their keys near the door, such a strong signal is enough to cause the key to respond as if it was next to (or inside) the car. Effectively, the thieves are using your key without ever having to lay hands on it.Can't that be spoofed with the same vulnerability as comes with garage door openers?
I said that when I owned my Hyundai Accent. "The anti-theft is that it's a Hyundai Accent."The good thing for us, thieves with that kind of equipment is unlikely to bother with Cruzes. There are far more attractive cars to steal.
You're a generation or two ahead of meEasier then that. Apparently what's used is a "relay" box. It picks up the signal from the car and sends to companion unit that transmits the same signal - with power (longer range). Since the majority of people leave their keys near the door, such a strong signal is enough to cause the key to respond as if it was next to (or inside) the car. Effectively, the thieves are using your key without ever having to lay hands on it.
Ok. While I guess it's possible to jam and intercept a signal simultaneously, that's not a trivial task. Not too many years ago, that would be military-grade technology.You're a generation or two ahead of meI'm still thinking of key fobs from the 90's and 00's.
I'm sure they do. However, given that it seems you can buy replacement fobs on the cheap from China, I have to wonder if it hasn't been cracked.That said, I would expect the current keys to still use some sort of rotating code that would prevent theft, no?