Rash of Thefts From Automobiles
-
So, as described
:Neighborhood "up in arms" - it's about 50/50 people admitting their doors were unlocked vs. people positive they were locked.
(You smart folks know where this going I'm sure. ;) )
They fear an RF "Universal Door Unlocker".
Discuss.
My specific question - which buttumes a small finite number of car fob types - how many unique combinations are there?
Yes. I know Altavista is a "Thing" - but you all are smarter than the web.
So, now I have to choose between keeping my car empty of stuff - or buying snow tires and worrying that I'll run into Weng practicing his drifting around every turn... Decisions.
-
Leep your car empty of clearly visible expensive stuff, no sense inviting theft by having a super shiny aftermarket radio or a laptop on the front seat.
I say that because your windows are not unbreakable and a sufficiently motivated or desperate thief would not be troubled by a simple locked door.
as for the universal unlocker.... they work by transmitting a pattern of IR or RF (mostly RF these days) that is unique to each car and programmed at the factory (or dealership if you got it rekeyed)
I have no idea how many bits of entropy those patterns have, but at a not unreasonable strength of 16 bits (and the fact that they take about a second to broadcast) we're talking it taking about 18 hours between pressing unlock and exhausting the search space.
-
not unreasonable strength of 16 bits (and the fact that they take about a second to broadcast) we're talking it taking about 18 hours between pressing unlock and exhausting the search space.
This is what I'm after...more please.
Our neighborhood is city enough that everyone knows better than leave valuables in the car - but it happens - and somebody(s) is taking advantage of it by trying lots of cars either via the handles - or by more mysterious means.
-
I heard years ago where the remote keys were susceptible to replay attacks. I wouldn't know if that still applies to modern ones.
-
Broadly, yes, replay works (save a few aftermarket alarms that use one time pads).
But: people stealing shit out of cars wholesale don't make enough to make the stakeout/return cycle worthwhile. This techniques main use is a targeted attack.
Much more common is just plain unlocked doors or someone good with a slim jim. Most cars are utterly defenseless against a bit of metal with a hook in it.
-
I heard years ago where the remote keys were susceptible to replay attacks. I wouldn't know if that still applies to modern ones.
they are still.
because they work very much like your TV remote control (except RF instead of IR) so the pattern never changes.
of course they do transmit different patterns for lock and unlock so you need to be able to record the unlock pattern.
If you are worried about the possiblility of replay attacks (you do still need abotu 3k$ worth of materials (or you did as of about 2008 when i last looked into it) to pull it off) then just always use the physical key to lock/unlock. then you can't be caught by a replay attack
-
@experts said:
There's a gajillion codes, and it takes at least a little while to send each code...
And the equivalent to eavesdropping on your RF code...
Can we narrow down "gajillion" so I can roll my eyes at my neighbors?
I lost... a windbreaker. That'll inspire those hi-tech thieves.
No. Not that kind of windbreaker - the other kind, a light coat.
-
If they took stuff from the cabin, they're just common junkies.
If they ignored all that, popped the hood and stole the batteries ($10 each!) they're pro-level junkies with a stolen pickup truck and a 10mm wrench.
If they did both, grats on being hit twice in one night! The common junkie was probably following the other ones around.
-
So, now I have to choose between keeping my car empty of stuff - or buying snow tires and worrying that I'll run into Weng practicing his drifting around every turn... Decisions.
Tell you what, I have a Clifford Solaris aftermarket alarm system (which according to their marketing fluff is invulnerable to replays) laying in my garage. I removed it for the crime of being a total ballache because I couldn't be arsed to take the car to an authorized installer to have the disarm code reset (PO didn't remember it). You can have it, and you, too, can have a complete and total ballache sitting in the middle of your car's electrical system, judging you, trying to figure out if you've been carjacked.Or give it to one of your neighbors.
-
If they took stuff from the cabin, they're just common junkies.
Good and obvious point. Apparently no one's even lost anything from their trunks...
We have enough people here who have lived and/or worked in the actual Hood, the "just leave it unlocked so you don't piss off the thieves" Hood, everybody should know better than to panic like they are...
-
You can have it, and you, too, can have a complete and total ballache sitting in the middle of your car's electrical system, judging you, trying to figure out if you've been carjacked.
Or give it to one of your neighbors.
Sweet!
-
-
PM me an address and I'll
send the towthievesdrop it in the mail.
-
My guess, too. With Vortex 2 arriving any minute. It'll slow down.
-
I was kidding - I don't need the headache either.
Like I said, I lost a windbreaker. Sentimental value, but oddly, I had two! So when I see the twerp wearing it around...
Question still stands: anybody know (order-of-magnitude) how many codes there are?
-
-
Discounting older IR systems, some rough estimation: Roughly 10 different code scheme/frequency combinations in wide use. Mostly along manufacturer lines and generational. Some analog, some digital. Around 16 bits worth of entropy. So if you can look at the car and say "That's a 1999 Ford Explorer!" and use the appropriate scheme, you have to deal with 2^16 codes. If you can't, 2^16*10.
It's not quite that simple, though. The REMOTES are the ones that have the code - not the car. If a car has more than one remote, it becomes 2^16 / numRemotes. Since there are usually two remotes that come with the car, you're in the 36000 code range.
-
It looks like it varies between manufacturers, the ones I'm familiar with use rolling codes (i.e. once syncronised the encoder and decoder change codes after every use which defuses replay attacks).
40 bit keys seem to be popular and this is a widely used part (see page 9).
A quick bit of buttuming suggests that instead of some sort of attack it's more likely the thieves are simply jamming the appropriate frequency so the car never actually locks?
-
The REMOTES are the ones that have the code - not the car. If a car has more than one remote, it becomes 2^16 / numRemotes.
yes, but it is extremely uncommon for the remotes to have different codes.
-
simply jamming the appropriate frequency
that would work, of course the FCC would not be happy with that activity, but we're already on the wrong side of the law so....
-
yes, but it is extremely uncommon for the remotes to have different codes.
Now, yes. Go back a generation or two (depending on manufacturer) and you'll find the opposite. Ford, for instance. Only since keys and fobs started melding into a single, chunky unit, and we started getting keyless ignition, did key length go up and the remotes became programmable to a car's key rather than cars programmed to listen for specific remotes.In other words, we're actually getting legitimate tech out of our $200 keys now!
-
In other words, we're actually getting legitimate tech out of our $200 keys now!
is that how much they cost to replace? damn! i could get a fully functional
thermonucleacomputer for that price! (at least 5 if i went with rPi's)
-
In other words, we're actually getting legitimate tech out of our $200 keys now!
I helped a friend with an electric gate a couple of years ago, it used FSK with an 8-bit static code...some security.
It was a fancy brand and cost more than my car.
-
Broadly, yes, replay works (save a few aftermarket alarms that use one time pads).
It looks like it varies between manufacturers, the ones I'm familiar with use rolling codes
-
The obvious solution is to store a bag of durian fruits inside your car. If someone breaks in they will not want to continue once the smell hits them.
-
-
If someone
breaksgets in for any reason they will not want to continue once the smell hits them.FTFY
-
Much more common is just plain unlocked doors or someone good with a slim jim. Most cars are utterly defenseless against a bit of metal with a hook in it.
If you have AAA and have had to use it for locking your keys in your car, it's alarming to see how quickly someone can get in.
-
If you have AAA and have had to use it for locking your keys in your car, it's alarming to see how quickly someone can get in.
This is roughly on-topic after the first few paragraphs.
-
-
it's alarming to see how quickly someone can get in.
I once almost got a free slim jim that way. Parked my car in valet parking and said "don't lock the car. I don't have a door key." They didn't listen. When I went to pick up the car, it took 10-15 minutes or longer to arrive, and they had left the slim jim hanging on the door.
-
Previous Officer?Parole Owner?
Potable Orifice?
Potential Ostrich?
Probable Octogenarian?
-
Potable Orifice?Potential Ostrich?Probable Octogenarian?
Peace Offering
Primate Orthodoxy
Plutocrat's Orangutan
-
Preventably Oblong
Post Orifice
Pick Op
-
Get your penis warmers ready now!
Stana Pavic, 24, from the Serbian capital Belgrade posted she was impressed by the man-sized covers saying: 'Wow! I've never been to that mountain but if that's the size of the average male then perhaps it's worth checking out.'
-
If you have AAA and have had to use it for locking your keys in your car, it's alarming to see how quickly someone can get in.
I would have thought you'd be calling them after you'd locked your keys in your car, not for putting them there...
-
I tend to do it before that, but after I lock myself in my car.
-
>If someone
breaksgets in for any reasonis downwind and breathing they will not want to continue once the smell hits them.FTFY
FTFFY
-
Rolling code - Wikipedia
The "Just In Time" Theory of User Behavior