Thread: Can anyone tell me why this isnt complete bollocks
View Single Post
  #45   Report Post  
Posted to uk.d-i-y
Steve Walker[_5_] Steve Walker[_5_] is offline
external usenet poster
  
Posts: 3,080
Default Can anyone tell me why this isnt complete ********
On 14/07/2018 21:58, The Natural Philosopher wrote:
On 14/07/18 20:09, Tim Watts wrote:
On 14/07/18 15:24, Brian Gaff wrote:
Yes I'm sure for once they can. I got the exact same info from a
metropolitan Police newsletter sent to our local neighbourhood watch.
The keyless systems, ie not the ones where you have to press the
button, but the ones that work on proximity have the car pinging and
seeing if a matching fob is nearby. Normally it is not, so the crims.
have two interlinked devices, the guy walks down the road and then
when he finds a car he knows has one of these opening systems, he
records its pinging and sends it to the person going down the row of
houses, when the person gets a ping back from a fob in a house, he
then records this and sends it to the other person who proceeds to
get into the car.

The thing is, there is no non-action proximity device that you could
not insert a dumb relay between the key and the car.

Even if you have a normal challenge-response crypto system between Car
and Key, if you stick a relay device with two ends: A and B:


C=A----------------B=K

If A-B faithfully relay a copy of the signals (NFC, radio, it doesn't
matter) - there is no way C doesn't know it's not next to K


One time key solves that.

Essentially there is a shared secret that means the codes are not reusable.

Example. You have 16K of 256 bit identical code pairs in the transmitter
and receiver.

Every time a code is transitted, the key responds with the pair. And
increments both a master counter and puts its value inĀ* a location
associated with the code pair. This means the code pair is now marked as
having been used.

Next time a new pair is used. The old pair no longer works. After 16k
door open/engine starts you reuse the codes.

The key (sic!) to a technique like this is that to fully replicate the
secrets you need to listen to all 16K pair exchanges. And the key is
that the secret is immensely large and random.

AS long as each fob and reciever are absolutely uniquely programmed as a
matched pair, it works.

Its not impossible to crack, but its hugely non-trivial

That works for fobs where you press a button to disarm and unlock and is
indeed the sort of system that is used; but with keyless entry systems
they simply relay the communication between the car and the key over
more than its usual range, so they are using the real fob at the time
that they break in and need no knowledge of the codes at all. Neither
the car nor the fob have any way of knowing that they are not in close
proximity.

SteveW
Reply With QuoteReply With Quote