Re: 90 Accord main relay
 

Jim Yanik wrote:
> jim beam <spamvortex@bad.example.net> wrote in
> news:AIadnS5H0cTONjfbnZ2dnUVZ_q2hnZ2d@speakeasy.ne t:
>
>> Jim Yanik wrote:
>>> Gene Wagenbreth <genewxxx@isi-OS4> wrote in
>>> news:f8d8a2$q0l@venera.isi.edu:
>>>
>>>> My thanks to this news group and several websites that decribe the
>>>> main relay problem. I had an intermittent problem with flashing
>>>> sports light and check engine light for 5 years. It was getting bad
>>>> enough that I was going to donate the car. Dealer wanted to
>>>> put in a new transmission. A mechanic said he replaced the main
>>>> rely.
>>> Did he charge you for it?
>>>
>>>> I finally took out the main relay myself and found bad solder
>>>> joints exactly as pictured on several web sites. Bought a new one
>>>> for $40 (too timid to try fixing solder myself). Problem is solved.
>>> Until the new relay gets the same problem.
>>>
>>> I believe that people who have resoldered their original relay have
>>> had no failures since,but a new relay may develop the same fractures.
>> i think that's just a matter of time. i doubt anyone that's
>> re-soldered has had that relay in operation for an additional 10+
>> years.
>
> IIRC,some people here have had MR failures 6-7 yrs after purchase.
>
> The MR on my 94 Integra GSR lasted longer than before it was re-soldered.
> (and failed about at 7 yrs)
>
> Too bad that car got stolen,stripped and torched last month. :-(

sad news indeed.

>
> Now I have a 2003 Sentra SE-R Spec V.

how does that compare?


>
>>> (makes me wonder if the relay maker used the right solder alloy for
>>> the job???)
>> no, parts are subject to physical stress. a big no-no for solder
>> joints. bad design - depending on manufacturer objective!
>>
>
> I've been reading over on sci.electronics.design about the many different
> solder alloys manufacturers use on wave-soldering lines;some will fracture
> more easily than others,some may crystalize sooner.(and then fracture)
> The new lead-free solders are even worse;lots of NEW consumer products with
> fractured solder joints. Some solder alloys are not as ductile as others.

true enough. eutectic tin/lead for me.


>>>
>>> Now if you still have the old relay,you could find a friend who knows
>>> how to solder and has the tools to re-do the old relay and keep it as
>>> a spare.
>> indeed - need a higher wattage iron for that relay - some big copper
>> parts in there that will suck the heat out of a lesser iron and make
>> crappy joints.
>>
>
> Yeah,I used a 60 W iron on mine.
>

perfect!

Re: 90 Accord main relay
 

jim beam <spamvortex@bad.example.net> wrote in
news:GsudnQZZj8wLKzfbnZ2dnUVZ_gmdnZ2d@speakeasy.ne t:

> Jim Yanik wrote:


>>
>> Now I have a 2003 Sentra SE-R Spec V.
>
> how does that compare?

It's got plenty of power(rated 175 HP -before mods),tho I miss the
hatchback and fold down rear seats of the Integra.One of the [previous
owners installed headers,cold air intake,short throw shifter,cat-back
exhaust(a tad noisy for me)and slightly lower springs/shocks.So,it handles
well,but rides a bit stiff.It has 17" rims and 215/45 WR17 tires.6 speed
manny tranny,and limited-slip diff. I really haven't wrung it out yet.
It's hard to keep it to the speed limit!

I would have gotten another Integra GS-R *IF* I had a garage to keep it
safe.... you can install all sorts of alarms and protections,but they still
will break in and tear the car up trying to take it,and then steal
important pieces like the ECU,seats,etc.

Apt.complexes are just mini-shopping malls for Midnite Auto thieves.
At least the Spec V has RFID chipped keys.

--
Jim Yanik
jyanik
at
kua.net

Re: 90 Accord main relay
 

jim beam <spamvortex@bad.example.net> wrote in
news:GsudnQZZj8wLKzfbnZ2dnUVZ_gmdnZ2d@speakeasy.ne t:

> Jim Yanik wrote:


>>
>> Now I have a 2003 Sentra SE-R Spec V.
>
> how does that compare?

It's got plenty of power(rated 175 HP -before mods),tho I miss the
hatchback and fold down rear seats of the Integra.One of the [previous
owners installed headers,cold air intake,short throw shifter,cat-back
exhaust(a tad noisy for me)and slightly lower springs/shocks.So,it handles
well,but rides a bit stiff.It has 17" rims and 215/45 WR17 tires.6 speed
manny tranny,and limited-slip diff. I really haven't wrung it out yet.
It's hard to keep it to the speed limit!

I would have gotten another Integra GS-R *IF* I had a garage to keep it
safe.... you can install all sorts of alarms and protections,but they still
will break in and tear the car up trying to take it,and then steal
important pieces like the ECU,seats,etc.

Apt.complexes are just mini-shopping malls for Midnite Auto thieves.
At least the Spec V has RFID chipped keys.

--
Jim Yanik
jyanik
at
kua.net

Re: 90 Accord main relay
 

jim beam <spamvortex@bad.example.net> wrote in
news:GsudnQZZj8wLKzfbnZ2dnUVZ_gmdnZ2d@speakeasy.ne t:

> Jim Yanik wrote:


>>
>> Now I have a 2003 Sentra SE-R Spec V.
>
> how does that compare?

It's got plenty of power(rated 175 HP -before mods),tho I miss the
hatchback and fold down rear seats of the Integra.One of the [previous
owners installed headers,cold air intake,short throw shifter,cat-back
exhaust(a tad noisy for me)and slightly lower springs/shocks.So,it handles
well,but rides a bit stiff.It has 17" rims and 215/45 WR17 tires.6 speed
manny tranny,and limited-slip diff. I really haven't wrung it out yet.
It's hard to keep it to the speed limit!

I would have gotten another Integra GS-R *IF* I had a garage to keep it
safe.... you can install all sorts of alarms and protections,but they still
will break in and tear the car up trying to take it,and then steal
important pieces like the ECU,seats,etc.

Apt.complexes are just mini-shopping malls for Midnite Auto thieves.
At least the Spec V has RFID chipped keys.

--
Jim Yanik
jyanik
at
kua.net

Re: 90 Accord main relay
 

Jim Yanik wrote:

> At least the Spec V has RFID chipped keys.

This article may be of interest.

> How a keyless car gets stolen isn't exactly a state secret; much of the
> required knowledge is Basic Encryption 101. The authors of the Johns
> Hopkins/RSA study needed only to capture two challenge-and-response pairs
> from their intended target before cracking the encryption. In an example
> from the paper, they wanted to see if they could swipe the passive code
> off the keyless ignition device itself. To do so, the authors simulated a
> car's ignition system (the RFID reader) on a laptop. By sitting close to
> someone with a keyless ignition device in their pocket, the authors were
> able to perform several scans in less than one second without the victim
> knowing. They then began decrypting the sampled challenge-response pairs.
> Using brute-force attack techniques, the researchers had the laptop try
> different combinations of symbols until they found combinations that
> matched. Once they had the matching codes, they could then predict the
> sequence and were soon able to gain entrance to the target car and start
> it.

http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501

Re: 90 Accord main relay
 

Jim Yanik wrote:

> At least the Spec V has RFID chipped keys.

This article may be of interest.

> How a keyless car gets stolen isn't exactly a state secret; much of the
> required knowledge is Basic Encryption 101. The authors of the Johns
> Hopkins/RSA study needed only to capture two challenge-and-response pairs
> from their intended target before cracking the encryption. In an example
> from the paper, they wanted to see if they could swipe the passive code
> off the keyless ignition device itself. To do so, the authors simulated a
> car's ignition system (the RFID reader) on a laptop. By sitting close to
> someone with a keyless ignition device in their pocket, the authors were
> able to perform several scans in less than one second without the victim
> knowing. They then began decrypting the sampled challenge-response pairs.
> Using brute-force attack techniques, the researchers had the laptop try
> different combinations of symbols until they found combinations that
> matched. Once they had the matching codes, they could then predict the
> sequence and were soon able to gain entrance to the target car and start
> it.

http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501

Re: 90 Accord main relay
 

Jim Yanik wrote:

> At least the Spec V has RFID chipped keys.

This article may be of interest.

> How a keyless car gets stolen isn't exactly a state secret; much of the
> required knowledge is Basic Encryption 101. The authors of the Johns
> Hopkins/RSA study needed only to capture two challenge-and-response pairs
> from their intended target before cracking the encryption. In an example
> from the paper, they wanted to see if they could swipe the passive code
> off the keyless ignition device itself. To do so, the authors simulated a
> car's ignition system (the RFID reader) on a laptop. By sitting close to
> someone with a keyless ignition device in their pocket, the authors were
> able to perform several scans in less than one second without the victim
> knowing. They then began decrypting the sampled challenge-response pairs.
> Using brute-force attack techniques, the researchers had the laptop try
> different combinations of symbols until they found combinations that
> matched. Once they had the matching codes, they could then predict the
> sequence and were soon able to gain entrance to the target car and start
> it.

http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501

Re: 90 Accord main relay
 

Eric wrote:
> Jim Yanik wrote:
>
>> At least the Spec V has RFID chipped keys.
>
> This article may be of interest.
>
>> How a keyless car gets stolen isn't exactly a state secret; much of the
>> required knowledge is Basic Encryption 101. The authors of the Johns
>> Hopkins/RSA study needed only to capture two challenge-and-response pairs
>> from their intended target before cracking the encryption. In an example
>> from the paper, they wanted to see if they could swipe the passive code
>> off the keyless ignition device itself. To do so, the authors simulated a
>> car's ignition system (the RFID reader) on a laptop. By sitting close to
>> someone with a keyless ignition device in their pocket, the authors were
>> able to perform several scans in less than one second without the victim
>> knowing. They then began decrypting the sampled challenge-response pairs.
>> Using brute-force attack techniques, the researchers had the laptop try
>> different combinations of symbols until they found combinations that
>> matched. Once they had the matching codes, they could then predict the
>> sequence and were soon able to gain entrance to the target car and start
>> it.
>
> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501

post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
from july 14.

Re: 90 Accord main relay
 

Eric wrote:
> Jim Yanik wrote:
>
>> At least the Spec V has RFID chipped keys.
>
> This article may be of interest.
>
>> How a keyless car gets stolen isn't exactly a state secret; much of the
>> required knowledge is Basic Encryption 101. The authors of the Johns
>> Hopkins/RSA study needed only to capture two challenge-and-response pairs
>> from their intended target before cracking the encryption. In an example
>> from the paper, they wanted to see if they could swipe the passive code
>> off the keyless ignition device itself. To do so, the authors simulated a
>> car's ignition system (the RFID reader) on a laptop. By sitting close to
>> someone with a keyless ignition device in their pocket, the authors were
>> able to perform several scans in less than one second without the victim
>> knowing. They then began decrypting the sampled challenge-response pairs.
>> Using brute-force attack techniques, the researchers had the laptop try
>> different combinations of symbols until they found combinations that
>> matched. Once they had the matching codes, they could then predict the
>> sequence and were soon able to gain entrance to the target car and start
>> it.
>
> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501

post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
from july 14.

Re: 90 Accord main relay
 

Eric wrote:
> Jim Yanik wrote:
>
>> At least the Spec V has RFID chipped keys.
>
> This article may be of interest.
>
>> How a keyless car gets stolen isn't exactly a state secret; much of the
>> required knowledge is Basic Encryption 101. The authors of the Johns
>> Hopkins/RSA study needed only to capture two challenge-and-response pairs
>> from their intended target before cracking the encryption. In an example
>> from the paper, they wanted to see if they could swipe the passive code
>> off the keyless ignition device itself. To do so, the authors simulated a
>> car's ignition system (the RFID reader) on a laptop. By sitting close to
>> someone with a keyless ignition device in their pocket, the authors were
>> able to perform several scans in less than one second without the victim
>> knowing. They then began decrypting the sampled challenge-response pairs.
>> Using brute-force attack techniques, the researchers had the laptop try
>> different combinations of symbols until they found combinations that
>> matched. Once they had the matching codes, they could then predict the
>> sequence and were soon able to gain entrance to the target car and start
>> it.
>
> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501

post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
from july 14.

Re: 90 Accord main relay
 

"jim beam" <spamvortex@bad.example.net> wrote in message
news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
> Eric wrote:
>> Jim Yanik wrote:
>>
>>> At least the Spec V has RFID chipped keys.
>>
>> This article may be of interest.
>>
>>> How a keyless car gets stolen isn't exactly a state secret; much of the
>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>> pairs
>>> from their intended target before cracking the encryption. In an example
>>> from the paper, they wanted to see if they could swipe the passive code
>>> off the keyless ignition device itself. To do so, the authors simulated
>>> a
>>> car's ignition system (the RFID reader) on a laptop. By sitting close to
>>> someone with a keyless ignition device in their pocket, the authors were
>>> able to perform several scans in less than one second without the victim
>>> knowing. They then began decrypting the sampled challenge-response
>>> pairs.
>>> Using brute-force attack techniques, the researchers had the laptop try
>>> different combinations of symbols until they found combinations that
>>> matched. Once they had the matching codes, they could then predict the
>>> sequence and were soon able to gain entrance to the target car and start
>>> it.
>>
>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>
> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread from
> july 14.


Why post it to me? You do know that the exploit being discussed above has
nothing to do with a remote starter as they don't use an RFID
challenge/response signaling system, don't you?

To clone a remote starter remote control signal you would have to be
scanning/reading the code while the button is repeatedly pressed a number of
times till the scanner could figure out the algorithm used for the code
hopping. They don't transmit when the receive a challenge signal.

If you want to be paranoid about the article mentioned above, then the way
to protect oneself is to have their stock Honda (or any other brand) key
stored in a lead lined key case when walking around with it in their pocket.
The car alarm, remote starter, keyless entry unit, to be cloned would
require first getting your hands on the actual FOB, in which case you don't
need to clone it as you have the original.

All that aside, I'm guessing the "post that to seth on the "Honda Pilot EXL
2007 - remote start" thread from july 14." was more an attempt at being
obnoxious than anything else. I know I never said the system was
invulnerable, just not a high-risk threat. Having one's head or house
destroyed by a piece of falling debris is also possible, but again, not
likely and therefore I'm not losing any sleep worrying about it.
Coincidently, neither my home owners insurance, car insurance or life
insurance has any clause excluding space debris or remote starters. If they
thought it was a high risk possibility you better believe they would have a
clause and an additional cost rider as a result to make more money off the
customer.

Re: 90 Accord main relay
 

"jim beam" <spamvortex@bad.example.net> wrote in message
news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
> Eric wrote:
>> Jim Yanik wrote:
>>
>>> At least the Spec V has RFID chipped keys.
>>
>> This article may be of interest.
>>
>>> How a keyless car gets stolen isn't exactly a state secret; much of the
>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>> pairs
>>> from their intended target before cracking the encryption. In an example
>>> from the paper, they wanted to see if they could swipe the passive code
>>> off the keyless ignition device itself. To do so, the authors simulated
>>> a
>>> car's ignition system (the RFID reader) on a laptop. By sitting close to
>>> someone with a keyless ignition device in their pocket, the authors were
>>> able to perform several scans in less than one second without the victim
>>> knowing. They then began decrypting the sampled challenge-response
>>> pairs.
>>> Using brute-force attack techniques, the researchers had the laptop try
>>> different combinations of symbols until they found combinations that
>>> matched. Once they had the matching codes, they could then predict the
>>> sequence and were soon able to gain entrance to the target car and start
>>> it.
>>
>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>
> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread from
> july 14.


Why post it to me? You do know that the exploit being discussed above has
nothing to do with a remote starter as they don't use an RFID
challenge/response signaling system, don't you?

To clone a remote starter remote control signal you would have to be
scanning/reading the code while the button is repeatedly pressed a number of
times till the scanner could figure out the algorithm used for the code
hopping. They don't transmit when the receive a challenge signal.

If you want to be paranoid about the article mentioned above, then the way
to protect oneself is to have their stock Honda (or any other brand) key
stored in a lead lined key case when walking around with it in their pocket.
The car alarm, remote starter, keyless entry unit, to be cloned would
require first getting your hands on the actual FOB, in which case you don't
need to clone it as you have the original.

All that aside, I'm guessing the "post that to seth on the "Honda Pilot EXL
2007 - remote start" thread from july 14." was more an attempt at being
obnoxious than anything else. I know I never said the system was
invulnerable, just not a high-risk threat. Having one's head or house
destroyed by a piece of falling debris is also possible, but again, not
likely and therefore I'm not losing any sleep worrying about it.
Coincidently, neither my home owners insurance, car insurance or life
insurance has any clause excluding space debris or remote starters. If they
thought it was a high risk possibility you better believe they would have a
clause and an additional cost rider as a result to make more money off the
customer.

Re: 90 Accord main relay
 

"jim beam" <spamvortex@bad.example.net> wrote in message
news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
> Eric wrote:
>> Jim Yanik wrote:
>>
>>> At least the Spec V has RFID chipped keys.
>>
>> This article may be of interest.
>>
>>> How a keyless car gets stolen isn't exactly a state secret; much of the
>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>> pairs
>>> from their intended target before cracking the encryption. In an example
>>> from the paper, they wanted to see if they could swipe the passive code
>>> off the keyless ignition device itself. To do so, the authors simulated
>>> a
>>> car's ignition system (the RFID reader) on a laptop. By sitting close to
>>> someone with a keyless ignition device in their pocket, the authors were
>>> able to perform several scans in less than one second without the victim
>>> knowing. They then began decrypting the sampled challenge-response
>>> pairs.
>>> Using brute-force attack techniques, the researchers had the laptop try
>>> different combinations of symbols until they found combinations that
>>> matched. Once they had the matching codes, they could then predict the
>>> sequence and were soon able to gain entrance to the target car and start
>>> it.
>>
>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>
> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread from
> july 14.


Why post it to me? You do know that the exploit being discussed above has
nothing to do with a remote starter as they don't use an RFID
challenge/response signaling system, don't you?

To clone a remote starter remote control signal you would have to be
scanning/reading the code while the button is repeatedly pressed a number of
times till the scanner could figure out the algorithm used for the code
hopping. They don't transmit when the receive a challenge signal.

If you want to be paranoid about the article mentioned above, then the way
to protect oneself is to have their stock Honda (or any other brand) key
stored in a lead lined key case when walking around with it in their pocket.
The car alarm, remote starter, keyless entry unit, to be cloned would
require first getting your hands on the actual FOB, in which case you don't
need to clone it as you have the original.

All that aside, I'm guessing the "post that to seth on the "Honda Pilot EXL
2007 - remote start" thread from july 14." was more an attempt at being
obnoxious than anything else. I know I never said the system was
invulnerable, just not a high-risk threat. Having one's head or house
destroyed by a piece of falling debris is also possible, but again, not
likely and therefore I'm not losing any sleep worrying about it.
Coincidently, neither my home owners insurance, car insurance or life
insurance has any clause excluding space debris or remote starters. If they
thought it was a high risk possibility you better believe they would have a
clause and an additional cost rider as a result to make more money off the
customer.

Re: 90 Accord main relay
 

Seth wrote:
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>> Eric wrote:
>>> Jim Yanik wrote:
>>>
>>>> At least the Spec V has RFID chipped keys.
>>>
>>> This article may be of interest.
>>>
>>>> How a keyless car gets stolen isn't exactly a state secret; much of the
>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>> pairs
>>>> from their intended target before cracking the encryption. In an
>>>> example
>>>> from the paper, they wanted to see if they could swipe the passive code
>>>> off the keyless ignition device itself. To do so, the authors
>>>> simulated a
>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>> close to
>>>> someone with a keyless ignition device in their pocket, the authors
>>>> were
>>>> able to perform several scans in less than one second without the
>>>> victim
>>>> knowing. They then began decrypting the sampled challenge-response
>>>> pairs.
>>>> Using brute-force attack techniques, the researchers had the laptop try
>>>> different combinations of symbols until they found combinations that
>>>> matched. Once they had the matching codes, they could then predict the
>>>> sequence and were soon able to gain entrance to the target car and
>>>> start
>>>> it.
>>>
>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>
>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>> from july 14.
>
>
> Why post it to me? You do know that the exploit being discussed above
> has nothing to do with a remote starter as they don't use an RFID
> challenge/response signaling system, don't you?
>
> To clone a remote starter remote control signal you would have to be
> scanning/reading the code while the button is repeatedly pressed a
> number of times till the scanner could figure out the algorithm used for
> the code hopping. They don't transmit when the receive a challenge signal.
>
> If you want to be paranoid about the article mentioned above, then the
> way to protect oneself is to have their stock Honda (or any other brand)
> key stored in a lead lined key case when walking around with it in their
> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
> would require first getting your hands on the actual FOB, in which case
> you don't need to clone it as you have the original.
>
> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
> EXL 2007 - remote start" thread from july 14." was more an attempt at
> being obnoxious than anything else. I know I never said the system was
> invulnerable, just not a high-risk threat. Having one's head or house
> destroyed by a piece of falling debris is also possible, but again, not
> likely and therefore I'm not losing any sleep worrying about it.
> Coincidently, neither my home owners insurance, car insurance or life
> insurance has any clause excluding space debris or remote starters. If
> they thought it was a high risk possibility you better believe they
> would have a clause and an additional cost rider as a result to make
> more money off the customer.
>

seth, with respect, you're welcome to justify the remote starters you
sell any way you want. but in terms of how the key [and replication
system] works, you don't understand and are therefore propagating
misinformation. that's not to say you haven't read the marketing blurb
and can repeat it, but in terms of mechanism, you're still unclear.

it's a challenge/response mechanism - just like you have with computer
network authentication. on startup, ecu signals for code with token,
key hashes with it's own unique code that the ecu has been programmed to
recognize, then transmits it back. if the token has been hashed
correctly, the ecu will arm the ignition system. all an outsider has to
do to break in is, well, follow the procedure spelled out in the
article. the remote starter performs challenge/response just like the key.

are you welcome to have on in your own vehicle? sure. but please don't
say they're impossible to hack because they're not. just like the key
is not. the remote starter makes vehicle theft easier because there's a
"key" permanently attached to the vehicle. as i said at the start, some
people do this stuff for the technical challenge. hence the article.
which i didn't write.

Re: 90 Accord main relay
 

Seth wrote:
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>> Eric wrote:
>>> Jim Yanik wrote:
>>>
>>>> At least the Spec V has RFID chipped keys.
>>>
>>> This article may be of interest.
>>>
>>>> How a keyless car gets stolen isn't exactly a state secret; much of the
>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>> pairs
>>>> from their intended target before cracking the encryption. In an
>>>> example
>>>> from the paper, they wanted to see if they could swipe the passive code
>>>> off the keyless ignition device itself. To do so, the authors
>>>> simulated a
>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>> close to
>>>> someone with a keyless ignition device in their pocket, the authors
>>>> were
>>>> able to perform several scans in less than one second without the
>>>> victim
>>>> knowing. They then began decrypting the sampled challenge-response
>>>> pairs.
>>>> Using brute-force attack techniques, the researchers had the laptop try
>>>> different combinations of symbols until they found combinations that
>>>> matched. Once they had the matching codes, they could then predict the
>>>> sequence and were soon able to gain entrance to the target car and
>>>> start
>>>> it.
>>>
>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>
>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>> from july 14.
>
>
> Why post it to me? You do know that the exploit being discussed above
> has nothing to do with a remote starter as they don't use an RFID
> challenge/response signaling system, don't you?
>
> To clone a remote starter remote control signal you would have to be
> scanning/reading the code while the button is repeatedly pressed a
> number of times till the scanner could figure out the algorithm used for
> the code hopping. They don't transmit when the receive a challenge signal.
>
> If you want to be paranoid about the article mentioned above, then the
> way to protect oneself is to have their stock Honda (or any other brand)
> key stored in a lead lined key case when walking around with it in their
> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
> would require first getting your hands on the actual FOB, in which case
> you don't need to clone it as you have the original.
>
> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
> EXL 2007 - remote start" thread from july 14." was more an attempt at
> being obnoxious than anything else. I know I never said the system was
> invulnerable, just not a high-risk threat. Having one's head or house
> destroyed by a piece of falling debris is also possible, but again, not
> likely and therefore I'm not losing any sleep worrying about it.
> Coincidently, neither my home owners insurance, car insurance or life
> insurance has any clause excluding space debris or remote starters. If
> they thought it was a high risk possibility you better believe they
> would have a clause and an additional cost rider as a result to make
> more money off the customer.
>

seth, with respect, you're welcome to justify the remote starters you
sell any way you want. but in terms of how the key [and replication
system] works, you don't understand and are therefore propagating
misinformation. that's not to say you haven't read the marketing blurb
and can repeat it, but in terms of mechanism, you're still unclear.

it's a challenge/response mechanism - just like you have with computer
network authentication. on startup, ecu signals for code with token,
key hashes with it's own unique code that the ecu has been programmed to
recognize, then transmits it back. if the token has been hashed
correctly, the ecu will arm the ignition system. all an outsider has to
do to break in is, well, follow the procedure spelled out in the
article. the remote starter performs challenge/response just like the key.

are you welcome to have on in your own vehicle? sure. but please don't
say they're impossible to hack because they're not. just like the key
is not. the remote starter makes vehicle theft easier because there's a
"key" permanently attached to the vehicle. as i said at the start, some
people do this stuff for the technical challenge. hence the article.
which i didn't write.