Custom Car Keypad Entry

jeepKeyless

[EdsJunk] loves the outdoors and using his Jeep Wrangler to get him there, but hiding a key just to go for a swim makes him nervous. After a friend showed him how convenient it was to have keypad entry to his vehicle, [EdsJunk] decided it was time he built his own.

The build uses a spare waterproof keypad attached to an Arduino Micro. [EdsJunk] simplified things by cannibalizing his extra keyless entry keyfob; if the ‘duino receives the right code from the keypad, it presses the unlock button on the keyfob to grant access. [EdsJunk] admits that the Wrangler’s soft top is easy enough to get into, but explains that the goal of this project is to keep the alarm activated, which would presumably go off if someone tried to break in through the soft top. You can watch a video demo of the keypad access below. This is another great addition to the multitude of hacks he’s performed on one vehicle.

We do, however, hope that there’s some kind of lockout built into the code to prevent brute forcing: it should be easy enough to activate the car’s panic button after a set number of failed attempts. Car hacks are popular this summer: check out the Real Car Remote Control if you missed it.

63 thoughts on “Custom Car Keypad Entry

  1. Why do you always have to be DAMN NEGATIVE? I CONSTANTLY see descriptions that come down to “see, this is a pretty cool project, but whoever did it was an idiot an I am the superior hacker because he did/didn’t do X/Y/Z”

    Maybe HAD should require it’s editors to at least almost get a passing grade for the “introduction to social skills” course.

    It’s a 4 digit code. Assuming you could try a code every 2 seconds (type code, wait for sound, try another code), it would take, on average, 5000 tries to guess the correct code by brute force, which is about 3 hours. Do you really think someone is going to spend 3 hours typing away at the keyboard instead of just cutting the soft top? That is even assuming the attacker knows it’s a 4 digit code.

    A lockout mechanism would only provide a rather obvious route for a DoS attack.

    1. The problem with four digit codes is the human factor:

      http://www.youtube.com/watch?feature=player_detailpage&v=Waw11zhaKSk#t=55

      If you assume that the number is a year, you only have a hundred or so combinations to try to get any recent significant event or someone’s birth year down. Takes you two minutes at most to try them out. Then you can go for things like natural constants like 3142, 2718, 2997… and simple patterns like 4862, 7931, 7894, 7319… 9999, 0000 and so-on which there are maybe a handful well known ones anyways. 12*31 combinations makes it a date, and if it takes 2 seconds to dial one in, it takes an average of 6 minutes to get the correct number.

      The safest code would be a random number, but people don’t remember random numbers very easily so they pick non-random numbers, which collapses the possible set of codes to something you can systematically exhaust in 15 minutes.

      1. Also, rubber keyboards start to wear out in use, so you can guess which numbers are likely to be involved by seeing which keys are worn the most. If that doesn’t give you a result, then you make the opposite selection; use the keys that are the least worn under the assumption that the person who set the code tried to be smart and not re-use digits.

          1. On very fancy safe lock mechanisms the dial readout is electric, powered by the rotation of the numberless dial by the user. The number readout is in random order.

            Similar could be done here. If it were possible to electrically change the numbers per use, it would make the buttons wear evenly. A bonus effect is the same as why this technique was invented in the first place: automating brute force becomes much more difficult.

    2. I can’t stand that kind of negative feedback either. I am cool with difference in opinion but please use some TACT when writing your “this hack is stupid/this guy is stupid” comments for others to see…a little bit of manners go a long way. It really drags everyone down when you outright call someone “stupid, idiotic, asshole, etc.” just because they attempted to do a hack and YOU didn’t like they way/manner in which they chose to do said hack. Grow up people.

    3. So a guy that is over-reacting to a somewhat reasonable but polite criticism is telling the author they need a lesson in “social skills”? Though your point is good, the intro to your comment actually invalidates it, or at least causes people to not process it. If on the other hand you were to remove the first two paragraphs and replace it with “Nah, a lockout it really not necessary because….” then you would not look like someone who really needs some coffee.

    4. I second this. This one isn’t the best example, but it does seem like every other post has an unneeded criticism in it. Let the trolls take care of that, there’s no need to poop on it in the actual post.

      1. I’m not picking you out specifically, [Mike], but after reading a string of similar comments, I feel compelled to spell out some generic thoughts:

        How is there a criticism there? I saw an editorial thought in the final sentence… a statement questioning something that wasn’t specifically addressed/pointing out a potential issue to others who might consider the hack or something similar to it. But I didn’t see any criticism, unneeded or otherwise…

        Either we’ve got a metric crapton of thin-skinned people here, or there’s been whole generations taught that any thought that isn’t 110% positive/happy/fuzzy/unicorns/bluebirds is criticism. Either way, I’m getting really torqued off by people who see the criticism bogeyman behind every corner, alley, or post. Hacking, manufacturing, engineering, tinkering, etc… is all about taking something apart, improving it, fixing it, etc… and *THAT DOESN’T HAPPEN WITHOUT PEOPLE SPEAKING THEIR MIND WITHOUT WORRYING ABOUT BEING ALL TOUCHY-FEELY*.

        If anyone posting here about how “people are mean and we shouldn’t criticize others” would be so kind as to go join a song-circle or a preschool program, the rest of us would be most appreciative. And we promise we won’t criticise you after you leave…

        1. I did say that this wasn’t a good example. This post is fine. I just commented here because the topic was brought up.

          I just read back through the last ten pages looking for some examples, but I couldn’t find any. So I suppose it’s less prevalent than I thought. I do recall being put off by what I would call unwarranted criticism (poo-pooing) on multiple occasions, but I can’t find them now so I can’t really back my case up.

          Having read through the last ten pages, I must say that they’ve been more complimentary than usual. Maybe the problem is already gone and I just didn’t notice?

    5. It’s standard practice. In keypad locks, electronic ones at least, you set a timeout after 3 or so wrong tries. Every ATM machine you’ve ever seen does that. What’s wrong with mentioning it?

      It’s ADVICE. Some people can take advice without it being an attack on their ego.

      1. Yes! The ego thing really puzzles me. In this forum of all places, why does ego matter? We’re technical, inquisitive, hacking, engineering, etc… types. Why do we/why should we care about ego? Gaaaaahhhhh………

    6. I’m confused by this response. HaD is a learning community; you’d be hard pressed to find comments to any post that do not include a suggestion of some kind. Further, these suggestions are (typically, hopefully) offered as constructive criticism and without judgment passed on the hack or its creator, which was the intention here considering the hack protects the security of his vehicle.

      To be clear, the latter half of the second paragraph of this post exists solely to justify this hack and defend [EdsJunk’s] rationale behind it. There’s no statement of “this hack is probably pointless because it’s a soft-top vehicle…” and he’s been featured before; the guy has a lot of hacks for his Jeep and I’m looking forward to more.

      I have to echo Jimbo and Jarrod’s above responses. At no point does the tone drift toward condescension or imply superiority. I suspect that this community–who returns to this site to see the new hacks posted–trusts our opinions concerning both content selection and suggestion. Remember, HaD is a curation model:

      http://www.youtube.com/watch?v=iASluLoKQbo

      I’d much rather talk about your final comment, which is certainly valid: lockout could be a DoS for the owner. Mike’s comment further down about ignoring inputs seems to make sense. Also, is there any harm to setting the alarm off?

      -J

    1. Any recent ford has a brute force lockout that will ignore inputs for minute after a few unsuccessful attempts. This inflates the time to brute force dramatically. Considering that this guy has potentially 12 buttons instead of 5, and can make his code as long as he wants, he might be just as well off (or better) even without a brute force lockout,

      1. Just make the pattern change each time. I’m surprised I haven’t found other people who do what I do for low entropy input: For my briefcase with three 0-9 dials (which we will call a, b, and c), instead of a 3 digit number I come up with a number that satisfies a+b+c, or maybe a * b + c, or maybe a – (b + c). Every time I open the case, I change the code to something else that satisfies the the secret function.

        Example
        ========
        Remember: *,-5,7
        Expand: a * b – 5 = 7
        Possible Codes: 345, 435, 265, 625

        I can remember the same amount of numbers and change the code 4 times as often. If I need to write down the code, it’s gibberish to whomever gets at it.

        Alternatively, you could have a rotating combination of a long number. Maybe you memorized pi to 7 places to show off as a kid. Change your code every day to digits n, n+1, and n+2 of pi, where n is the day of the week. Yes, Monday is a predictable 314, but Tuesday is 141, Wednesday 415, etc, and all you did was remember 3.141592.

        1. Easier for PIN numbers etc is to use the letters on the keys, and have your PIN be a word, or the beginning of a word, or the initials of a phrase. A word only takes up one byte of the squishy grey RAM, a 4-digit PIN takes at least 4.

    1. If it didn’t, you could try optical. Can’t you get little things with an LED and phototransistor next to each other, facing outward? So putting a finger in front reflects the light from the LED back into the phototransistor? If I imagined such a product, it’s obviously simple in principle to just make one yourself.

      The LEDs could of course be infra-red. Using visible ones has a certain charm and would be easier to see in the dark though. The scan routine should loop through the 12 buttons, checking that photosensor X is lit when LED X is lit, and not lit otherwise. That way ambient light won’t ruin it.

      Car windows have too much dirt, water, wax and whatever else caked on them for capacitive to be easy, tho that said perhaps the Capsense stuff you can get is intelligent enough to cope with a moving baseline. Because of this I’d make the light sensors quite insensitive, and the LEDs relatively bright. Of course relatively bright from 2mm away isn’t the same thing as actual bright.

      Because of the harsh environment, it would also be good to only have the keypad active and receptive for a short period when necessary. That way, false positives while you’re driving around won’t upset anything.

      Plan B is a cheap membrane keypad, that you replace when it stops working.

      1. One of my friends kept arming his alarm system even when it is in his alarm guarded garage and we are stepping out for just a moment. This annoyed me for some reason so I started intentionally tripping the alarm. Didn’t take long for his behavior to change.

        Really that is an ancient trick dating back to the early days of car alarms before people knew how to bypass them. Just set it off and piss off the person’s neighbors. Wont take long for them to stop using it.

        Should unzipping the top set off the alarm, then slapping the soft top will too, which is quite legal.

        1. Depends, the sensitivitiy can be adjusted, or adjust itself. They use ultrasonics to measure, more or less, the volume of the in-car area. The difference from opening the top is quite significant, compared to the small decrease from slapping it. A slap also only lasts a short time, another way of discriminating against breakins that usually take more than half a second.

          This is how they solved the problem of every small gust of wind triggering car alarms back in the 80s.

    1. keister the key when swimming? xD

      …order now and we’ll throw in an additional
      Key-ster (trademark) for only $3.99 !!!
      It’s water proof, fudgeproof and comes in 7
      optional color choices to accessorize with your speedo!
      Order it before midnight tonight and we’ll
      even throw in a free sham-wow to clean it up with!!

      oh where are you when we need you, Billy Mays ?

  2. Looks clean, I like it. I did something similar (the other car keypad post on this site). I like the ease of using the keyfob, but I wired directly to the door to make sure that my keypad didn’t stop working due to a low battery in the fob. If your fob is in your hand and the battery is dead, you still have your key to get you in. If the fob is inside your car and the battery is dead, you’re out of luck. Unless he powered the fob from the car, he’ll have to remember to change that out every now and again. Not a dealbreaker by any means, but unfortunately I’m too forgetful to rely on this.

  3. I know it’s waterproof but I would suggest some sort of door to cover it. That way if it gets covered in mud you only have to flip up the muddy door to use it rather than deal with muddy buttons.

  4. I love this hack, and would do something similar if I had the need. Now that’s out of the way, I love the comment discussion on brute forcing the code…. Look at the picture again… All you need is a cross-head (Philips) screwdriver to unscrew the panel, then it’s a simple case of shorting out some wires to ‘activate’ the fob. :D

    It’s still a cool hack tho, but I WOULD drill out those screw heads a bit.

    1. The solution to that, is to put the circuitry that does the switching somewhere secure inside the car, so that if you did take the panel off, you’d be faced with the 7 wires of a key matrix.

      Another alternative with less wiring, split the unit into two, again have the bit that does the unlocking somewhere secure. Between them just a 2-wire link with a simple code on it, I2C or whatever. The existing microcontroller just needs altering to send this code when it wishes to trigger the remote, and use a small 8-pin chip at the remote end to decode it and do the remainder of the work. The idea of using a code over the wire is so that simply shorting the wires to +v or each other will be useless.

      It’s the same with ATMs, you could smash the keypad and screen, if you really wanted to, but the bit with the money in isn’t going to cough up.

    2. Security wise this doesn’t have to be perfect. Even if somebody can guess the combination, unscrew the panel, etc…. that is still more difficult and less likely than simply cutting the soft top, smashing a window, etc…..

      There is always a way somebody can get in. The idea is to put up a barrier to make them work at least a little for it. There is a saying that locks are “to keep honest people honest”. The real criminals will always have a way but at least having some form of lock is a good deterence for the less determined ones.

      I would not consider drilling out the screw heads, etc… that would just make it a real pain to work on in the future! I do like the idea of putting the circuitry elsewhere in the car but unless there is an easy place for him to do so I don’t think the added trouble would be worth it.

  5. I see the PC police are out in full force! Do ANY of you have a job in the real world? I somehow think you do not or you’re from the newest generation of crybabies to enter the workforce who can’t take polite criticism let alone a real ass chewing without whining about it… Its time you put on your damn bigboy pants and DEAL WITH IT. Those of us that can deal with it are sick of your pathetic “buu buuu but, at least I tried to do a good job” blubbering! It gets old. People ARE going to say negative things about your hard work, people without the slightest knowledge of your subject matter, and they are going to tear you to shreds, and your either going to have to put up or shut up – ITS LIFE- Freaking deal with it! Talk about a lack of social skills… You whiners are going to get a real wakeup call when you join the rest of us here on planet earth!

    1. This, this, this. Thank you!!! I’m getting really tired of the whineyness here. Negative feedback is the single most useful part of the development cycle, period. Positive feedback, while nice to hear, contributes nothing to development or innovation.

      I’m not sure if I should be more concerned by the sheer number of PC types that won’t be able to fill needed jobs, or if I should be more concerned that there might be whole companies dedicated to coddling these types… either way the economy suffers, but if this is becoming the corporate norm there’s going to be a whole lot of unemployed people and a whole lot of empty companies in the near future… and we don’t need any more of either.

      And I’m not even an oldster… I’ve only been in the full-time working world for a decade or so, but somehow I’ve recognized this as an issue since I was in highschool. What the heck has happened to my generation???

  6. Given what I see, I hope he has that thing securely attached. All he needs is an idiot with a Phillips screwdriver to walk up, pull off the keypad, keep pulling till he gets the arduino, and keep pulling until he gets the key fob with key (see video), then drive off with the car.

    1. Ah, yes. Another thought though, why not just get a non-electronic key and find a way of attaching it to yourself while swimming? Like a wristband that you can tighten if you’re worried about it sliding off. You could also put some security screws on the keypad. I’m sure you can buy them on amazon…

      1. You could padlock your keys to a nearby tree.

        Or they make “key safes”, a small safe for storing keys, with combination locks. Attach one of those somewhere discreet under the car.

  7. I’d say my main concern with this is that it has standard screws. I carry a leatherman all the time, and while I have no interest in stealing a car, it wouldn’t take any effort to just pop this off and either look behind…. or just steal the keypad.

  8. Two buttons is all it takes to key in a memorable code. Two fingers can finger two keys without having to look at keys thus it can be hidden; under seat on motorcycle under fender etc.
    2 lefts,5 rights,3 lefts etc. on to 16 digits or more in binary. No one or camera can see you fingering the buttons. Visually secure. Two rugged waterproof buttons.

    1. Mhh… I see what you trying to achieve but I dont see the necessity. Of course you would and should do it how you described it but I would see some flaws in the usability (what again might not be a problem for you but in gerneral term).
      A
      With a weakness-ok code of 5 chars, it would be a great tool for camping-session where you let others in the group know what the code would be like (“If someone wants beer, you know the code, its in the back of my jeep”, “can you please bring me the solar cells from the jeep while I build the tent?”). So with your idea of a two button code it would be kinda hard to tell others “Listen, the code is L-R-L-R-L-L-L-R-R-R”. Unless you make a riddle out of it to remember it better, this String is kind of hard for humans to memorize. You disagree?

  9. Anyone thought of this with arduino and OBD-II/CAN Bus shield, instead of fondling with the key fob? I see a whole lot security issues on this one tough. For starters the dust will stick more to the buttons which are more often touched (ie. greased). So a good idea is to incorporate some “turn the keypad off” feature and brute force lockout.

    Some say that this doesn’t have to be secure, since breaking a windows is faster and easier. But in case of broken window, the alarm goes off, and the insurance company pays off, which is not the case with non destructive entry (at least with my policy).

  10. The details of the mods are very good, and as a “hacker” you can’t deny he has done an excellent job on all the mods on his car.

    But, at first I thought his hacks were really cool. Now I think he’s just ruining his car.

    It becomes “too much”, “over the top”, … it starts to look to cheap? It keeps reminding me of the Annihilator 2000.

    http://www.youtube.com/watch?v=Cf3RfidFKBw
    http://www.propstore.com/img/products
    /1812/Beverly_Hills_Cop_3_Hero_Annihilator_Gun_2.JPG

Leave a Reply to MeCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.