r00tusr Posted June 5, 2013 Share Posted June 5, 2013 I am wondering if anyone saw this story on the nightly news last night. I read an article a few years ago about relaying a key fab signal to a car using antennas, which takes a lot of leg work. This isn't a new concept, but the surveillance video they showed of these thieves looked like the built a device that could unlock common vehicle types. I am interested to see if the media is giving them too much credit (using previously discovered vulnerabilities) and they needed a fill story or if someone really created a new device. Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted June 5, 2013 Share Posted June 5, 2013 I haven't heard of it in quite a while; but I think the concept is similar to garage door openers. If you purchased a ZigBee and matched the frequency up and actively listened for car door key fobs... it doesn't seem too far fetched. Quote Link to comment Share on other sites More sharing options...
Lost In Cyberia Posted June 6, 2013 Share Posted June 6, 2013 Yea I saw this on Security Now! podcast on twit... crazy stuff... they can't start the car, just go through it's contents Quote Link to comment Share on other sites More sharing options...
digip Posted June 6, 2013 Share Posted June 6, 2013 (edited) Keyfobs for Ford, I know only have like so many combinations of unlocks, where you can sometimes use the same keyfob on more than one car. I used to work for a Ford dealer from 92-97, and we'd occasionally run into this issue where we could walk the lot, hit the panic button on one while holding it to your chin(yes, your chin) to act like an antenna, and several of the vehicles alarms would go off at same time. It was a quick way to find the car on the lot, but when you get more than one car going off at the same time, we'd laugh because we'd be like, ok, lets walk to that end, see if its the one we need, if not, turn it off, then walk over to the other car to bring up to the front of the building. They are radios, like mentioned above with the garage door opener trick, you can replay attacks or just scan for them basically if you build a board for the same reciever. Each manufacturer has their own way of implementing them, but they all run off radio, so if you can capture it, you should be able to play them back. That said, when I bought my old Focus SVT, I had an extra module installed because of the keyfob tampering, where it was a special device they put in the car that would change the keycode for the fob, so I had to carry two. One to unlock the door, which was always the same, but the other, was one that would change randomly change the code for the ignition, which was sent from the fob to the car, and it wouldn't start without the extra remote. If you removed the chip from the car, you still couldn't start the car, becausse the key itself had a chip in it, that would only talk to the module they installed in the car. Slick, but wouldn't stop someone from unlocking my doors and stealing everything, but then again, low tech thieves not trying to actually hotwire or steal the cars, just use a hammer, break the rear window and ransack the car. Some high end cars, actually have special keys from the factory like this, such as some BMW's and even Chevy, had them with chips in the keys long before most other manufacturers, but the chevy's were easily bypased by ripping out the ignition in the steering column. The chevy implementation was easy to bypass while the fords, with their keys that had chips, had to be reprogrammed if you lost the key, which was like $120 per key and was something they did in the service department to sync the key to the car. Chevy just put in little rfid chips that were little black notches with a metal connector in the key which were easily bypassed and one of the reasons the Oldsmobile Cutlas Supreme was the most stolen car back in the 80's. They had 5 liter engines that were the same engine as the Buick Grand Nationals, just didn't have the same hardware and transmission for racing, but made easy targets for stealing. http://articles.latimes.com/1996-01-19/business/fi-26292_1_oldsmobile-cutlass-supreme Edited June 6, 2013 by digip Quote Link to comment Share on other sites More sharing options...
r00tusr Posted June 6, 2013 Author Share Posted June 6, 2013 Thanks for the replies. Interesting info. Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted June 6, 2013 Share Posted June 6, 2013 (edited) eBay carries un-cut fobs with chips installed. You can probably find one for your car. The dealers program the keyfob with a unique code that's tied to the vehicles VIN#(they claim), so theoretically its impossible to un-lock your neighbors car. But, just like WiFi its a radio signal so I bet its not hard to mimic using the GRC hacks. Whatever happened to slim-jims? I think most cops still rely on prying.... Edited June 6, 2013 by logicalconfusion Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted June 7, 2013 Share Posted June 7, 2013 http://www.lockpicks.com/slimjimkit.aspx There they are, logical! 1990 Is calling :P Quote Link to comment Share on other sites More sharing options...
digip Posted June 7, 2013 Share Posted June 7, 2013 http://www.lockpicks.com/slimjimkit.aspx There they are, logical! 1990 Is calling :P The funnest was the older F-150 pickup trucks with the T window. We used to keep the bar off the brake master cylinder filler, as a way to get into them, since you could slip it through the rubber in the t window, pull in the button, and push the t window open, then reach in and unlock the doors. Ford Fairmounts during a certain year had same windows too. Fun times and things I learned working at car dealer ships. Also fun, cars that have the 5 push button locks on the outside as keyless entry(mostly Fords, Mercury's and Lincolns) if the owner had used it to enter the car, you had two hidden features. Press last two buttons, it popped the trunk, which let you climb into the car via pushing out back seat, or press buttons 1 and 5 at same time, and it locked all doors. :) We had slim jims in the shop, but only service techs were allowed to use them since most people ended up breaking the window motors on some cars not knowing where to use it per door lock, and not every car can be unlocked with a slim jim(like my truck, some cars and trucks use cables on a pully/motor winder and if it got caught people thought it was the lock mechanism and snapped the cables pulling too hard, breaking the window motor, which also helps to get into cars anyway, since at that point, the window can be slid down by pressure from your hands and pushing down the window from no resistence by the motor). Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted June 7, 2013 Share Posted June 7, 2013 @Digip: "only service techs were allowed to use them..." LOL... I was thinking, before continuing, that, "Someone is gonna trash their window motor."... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.