Radio controlled door opener for cars and buildings cracked.
TRANSLATED FROM GERMAN

Original Press Release is as follows (in German)
Ruhr-university Bochum. Press Release (http://www.crypto.rub.de/imperia/md/content/projects/keeloq/keeloq_de.pdf)

Scientists at the Ruhr-Universität Bochum have defeated the Keeloq immobiliser and door opener used in many cars. Attackers need only intercept two transmissions between the transmitter and receiver in order to clone the digital key and gain access to the car. Microchip Technology's RFID-based KeeLoq process, is used in automobiles manufactured by Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota (Lexus), Volvo, Volkswagen and Jaguar. KeeLoq is also used in building access systems and garage door openers. Signal interception is possible at a range of 100 metres, according to Professor Christof Paar of the School of Electronics and Information Technology. In addition to gaining unauthorised access, the systems can be manipulated, denying the rightful owners access.


Both the KeeLoq transmitter and receiver encrypt their signals. A proprietary, non-linear encryption algorithm is used which encrypts controller commands with a unique code and transmits them by radio control to the vehicle. A 32 bit initialisation vector together with a 32 bit hopping code is used as a key. An ID unique to each electronic key is added to the calculation.

But there is also a manufacturer's master key for all of the products in a series. This is precisely what Professor Paar's Bochum group was able to retrieve using a procedure known as side channel analysis. To obtain the master key the researchers used differential power analysis (DPA) and differential electromagnetic analysis (DEMA) at both the transmitter and receiver during the transmission. Once the master key is known, only two transmissions are needed in order to obtain the crypto key of a particular KeeLoq remote control. The vulnerability was tested on commercial systems, according the Bochum scientists.

In early February the researchers presented a detailed description of the attack that required them to intercept a number of activation procedures in order to obtain the manufacturer's key. At the CRYPTO 2007 cryptography conference, an international group of researchers presented a method by which the individual keys could be cracked using a computing centre.
NXK-43Y

gone in 60 seconds stylzzzz

was only a matter of time!

being an EE i'm fairly certain thieves wouldn't have access to the tools, let alone know how to use 'em :p

Still, retrieved keys could be sold by unscrupulous people, as has apparently happenned with jaguar in the past.

Interesting use of the methods though, we use a variant of dpa for some of our longline comms stuff, mainly for signal integrity/emi detection.

Why the hell are scientists spending time and money trying to learn how to crack a security system - surely there are other more worthy things they can be doing... you know little things like finding a cure for cancer, saving the planet, developing new energy resources.... :rolleyes:

being an EE i'm fairly certain thieves wouldn't have access to the tools, let alone know how to use 'em :p



it would be ignorant to assume this is always the case tho, because i'm sure some thieves might have a background in electronics and be recruited by your everyday thieves if you know what i mean


Why the hell are scientists spending time and money trying to learn how to crack a security system - surely there are other more worthy things they can be doing... you know little things like finding a cure for cancer, saving the planet, developing new energy resources....

coz not all scientists have a sound mind?

==edit==

woot 100 posts

coz not all scientists have a sound mind?

very true - they're all a bit weird aren't they.

was only a matter of time!

I thought exactly the same thing, when I 1st started hearing of the wide spread use of keyless entry and push start engine feature, ie: it seems easier to steal the car.... :(

Maybe that's why this feature has been deleted from alot of new model cars coming into Aust. ATM ??

Pity, because it's such a cool and convenient thing to have...

Im glad that none of our cars have this feature i think its just a big wank factor for sure, look at me i can get into my car and have ti start just by walking up to it whoo hoo im a big wanker.


They were most likly hired to see if they could crack it by the company that makes it so they can improve it.


SSS_Hoon

smart entry key is quite useless and someone could drive ur car off with u just standing next to it...happened to one of my mates` sister:p ..he drove off with her car without even a key....:eek: ..she was just standing next to it!!

smart entry key is quite useless and someone could drive ur car off with u just standing next to it...happened to one of my mates` sister:p ..he drove off with her car without even a key....:eek: ..she was just standing next to it!!

I would have thought that it would detect the key travelling along with the car, so if the key wasn't in the car, it would cut out.... pretty big oversight if that wasn't the case....

i don't know about you guys but i don't think i want a thread like this giving crims good ideas on how to steal my car

I would have thought that it would detect the key travelling along with the car, so if the key wasn't in the car, it would cut out.... pretty big oversight if that wasn't the case....

nope, he pushed the start button and the engine started and kept going.The car was a corolla levin or something.

that is freaky i bet they didnt even think about that when they were designing the system.


SSS_Hoon

i don't know about you guys but i don't think i want a thread like this giving crims good ideas on how to steal my car

your car is a lot easier to steal than you think

I would have thought that it would detect the key travelling along with the car, so if the key wasn't in the car, it would cut out.... pretty big oversight if that wasn't the case....

From what I've read up, I think it operates like this on the new Japanese cars with this feature, ie: you have to have the key or card within a close proximity to the vehicle at all times or it won't run....will have to read up and check on it though ???

Mercedes were the 1st (as with all major innovative features) to introduce this years ago, I havn't heard of any problems like this on their cars ??? maybe they have a full proof system ???

IMHO I don't think it's a wanky feature, I think it's all about convenience and ease of operation, especially if you've got your hands full when approaching your car and then once you get into the car, if it's night time, you don't have to look for the key hole, you just push a button....very handy :)

no system is a full proof system, theres always a way around them..

mythbusters proved it on a few indoor securoty systems..

I can see the benfits of such a system that is for sure but still it wint a selling point on a car for me that is for sure and i bet it aint for most ppl also.

And if they really want your car no matter what you do they will eventually get it if they want it enough.

SSS_Hoon

your car is a lot easier to steal than you think

Exactly why i always use the magnetic deadlock feature that the veccy's have

That don't make it unstealable just take them a tad bit longer is all.

Turbo timers are great for getting a car started fast too(from what i have heard anyway when a amte wanted one for his skyrice but was told not too as it makes it easier to steal the car):D

SSS_Hoon

And if they really want your car no matter what you do they will eventually get it if they want it enough.

SSS_Hoon

This is very, very true and I've seen in my time more than one tow/carrier tray truck carrying a car that didn't look damaged and travelling at ballistic speeds LOL IMO they'd just car jacked the thing....bastards :mad:

This is very, very true and I've seen in my time more than one tow/carrier tray truck carrying a car that didn't look damaged and travelling at ballistic speeds LOL IMO they'd just car jacked the thing....bastards :mad:

must have been parked in a 'clearway' at the wrong time :D

That don't make it unstealable just take them a tad bit longer is all.

Turbo timers are great for getting a car started fast too(from what i have heard anyway when a amte wanted one for his skyrice but was told not too as it makes it easier to steal the car):D

SSS_Hoon

I've always hated those things and would never use one !!!

Lost count of the number of people I see who don't know what they are saying, "hey look this guys left his car running" LOL :D

Besides alot of turbo cars now including our Astra T's have their own inbuilt features for doing that job, so there's no need for them anyways...

yeah i have never like the turbo timer either.

Yet many a ppl still have them and they sell by the bucket loads.



SSS_Hoon

must have been parked in a 'clearway' at the wrong time :D

Maybe, but just remember a couple of times it all looked too suss - maybe because of the type of cars on the tray - one time an XY GT and another time an E class Merc.

I remember the one with the GT, taking a corner at way too high a speed for a truck carrying a car, really suss....

From what I've read up, I think it operates like this on the new Japanese cars with this feature, ie: you have to have the key or card within a close proximity to the vehicle at all times or it won't run....will have to read up and check on it though ???

Mercedes were the 1st (as with all major innovative features) to introduce this years ago, I havn't heard of any problems like this on their cars ??? maybe they have a full proof system ???

IMHO I don't think it's a wanky feature, I think it's all about convenience and ease of operation, especially if you've got your hands full when approaching your car and then once you get into the car, if it's night time, you don't have to look for the key hole, you just push a button....very handy :)


I never have any problem putting my key in the key hole, even in the dark. I actually enjoy it :D ..its like natural instinct.

does this mean i'm gonna have to go out n buy some steering lockclubs?!?!?!
not that it would really stop the crims!!

I never have any problem putting my key in the key hole, even in the dark. I actually enjoy it :D ..its like natural instinct.

I have similar dirty thoughts :D

your car is a lot easier to steal than you think

Good 'ole Flat Bed Tow Truck & Bye Bye Car ;)

turbo timers are a wank for modern cars... only for the fully sik's bragging...

plus you have all that ignition wiring all ready to go for the thief....

used to start my mates car like that pete ;)
makes it waaaaaaaaaaaay to easy

Good 'ole Flat Bed Tow Truck & Bye Bye Car ;)

That's exactly the thing I've been talking about....

If I was a "would-be teenage crim" searching on google, this thread would be a gold mine ;)

If I was a "would-be teenage crim" searching on google, this thread would be a gold mine ;)

I'll post up how to disable the immobiliser on VR Commo's via the headlight.... :D ;)

I don't actually know how to do that, just know that it can be done.

A few cars apparently can be done like that.


SSS_Hoon

If I was a "would-be teenage crim" searching on google, this thread would be a gold mine ;)

Your not far off - both amatuer and pro car thieves scour the net for targets !!!

That's why I've always said and tried to maintain blanking out the regos of all our cars shown...

when i first bought the astra ('99) and parked in suss areas, I used to just pull out the fuel pump relay.. not that it prolly mattered but kinda gave the same warm fuzzy feeling as removing the dizzy cap on my old commodore.

Which incidentally got broken into, and thieves tried to start by breaking the ignition lock.. no dizzy=no joyride! :)

That's exactly the thing I've been talking about....

I just noticed just then ya Commented the Same thing.

When my AshTray decided to have a Full Electrical Brain Fart. I couldn't open it with the Remote or Key, The Towie just whinched it up on the truck with the Handbrake on. Then he pulls out these Rollers so it can be done to Automatics with Park Engaged. I was Freaking & Straight away thought about my GT.
He said " How else to do we Re-po Cars without the Owner Knowing".