consumerreports.org — Thieves with a little electronic know-how can crack the security codes in car keys or wireless gas-payment tags in 15 minutes using an inexpensive homemade decoder. Researchers at the Johns Hopkins University did just that earlier this year to demonstrate that the security codes aren’t adequate.
Aug 14, 2005 View in Crawl 4
vertigoblueAug 14, 2005
i digg the rfidanalysis.org...that is cool
yellowjktAug 14, 2005
for $3500 and 2 hours, that's a good investment for free gas at today's prices :-)
1337freekAug 14, 2005
this story is a bit old i remember reading this in the begining of the year
captsnuffyAug 14, 2005
people have been doing similar stuff with remote entry for a while
Closed AccountAug 14, 2005
Any good radio service monitor will be able to tell you the frequency of it. I used the one at work to check out my remote once... I believe it was around 400MHz, but it was a while ago. In any case, I think I'll try it now :) Then I'll post my results to be dug.
anthDec 20, 2005
Lots of Fords use the space around 435MHz - I know this because there is an AFB in my town and one afternoon all the keyless entry systems for Ford vehicles stopped working - it was on the news and the gov't said that the spectrum Ford was using is actually owned by the Govt.
euroliteMar 7, 2007
Umm clearly none of you have any knowledge of how remote entry works. You can not simply just "record the transmission and replay it" that stopped working in the 70's and has become even more complicated since then. Remote entry uses 40 bit random rolling codes there is no way to predict what code it will use next as that's over a trillion combinations and that was only since 1997 it has been 10 years since then I have not researched the subject since then but I am willing to bet they use a lot more then 40 bit rolling codes these days probably 256bit or even higher. There is only one weakness in the system which is there are 256 codes that the transmitter will reset encase you are out of distance from the receiver and send the signal (the code will rotate) if you push the unlock/lock whatever button more than 256 times in a row out of the distance of your vehicle you will have to reprogram the receiver to acknowledge the transmitter. You can sit there and try to crack the code which can take years not to mention you have the luck of accidentally discovering the panic button transmission code first and setting off the car alarm.
nosey2Apr 29, 2007
Hi, good to see that others have looked at this problem, not sure of eurolite's comments though, ie "if you push the unlock/lock whatever button more than 256 times in a row out of the distance of your vehicle you will have to reprogram the receiver to acknowledge the transmitter"I am looking at a Fiat at the present and it certainly does send a new encryption with every button push, but I assumed that that the transmitted code was anencryption of the code# supplied originally with the key. This limits the possible # of variations of the key to 10000. I would suggest that the transmitted code consist of random # encrypted with the key code#. I would also suggest that if you could find the algorith to encrypt these two it would be possible to reverse the process as the receiver does and arrive at the original key code#.