Stealing Cars for 20 Bucks

[Yingtao Zeng], [Qing Yang], and [Jun Li], a.k.a. the [UnicornTeam], developed the cheapest way so far to hack a passive keyless entry system, as found on some cars: around $22 in parts, give or take a buck. But that’s not all, they manage to increase the previous known effective range of this type of attack from 100 m to around 320 m. They gave a talk at HITB Amsterdam, a couple of weeks ago, and shown their results.

The attack in its essence is not new, and it’s basically just creating a range extender for the keyfob.  One radio stays near the car, the other near the car key, and the two radios relay the signals coming from the car to the keyfob and vice-versa. This version of the hack stands out in that the [UnicornTeam] reverse engineered and decoded the keyless entry system signals, produced by NXP, so they can send the decoded signals via any channel of their choice. The only constraint, from what we could tell, it’s the transmission timeout. It all has to happen within 27 ms. You could almost pull this off over Internet instead of radio.

The actual keycode is not cracked, like in a HiTag2 attack. It’s not like hacking a rolling key keyfob either. The signals are just sniffed, decoded and relayed between the two devices.

A suggested fix from the researchers is to decrease this 27 ms timeout. If it is short enough, at least the distance for these types of attacks is reduced. Even if that could eventually mitigate or reduce the impact of an attack on new cars, old cars are still at risk.  We suggest that the passive keyless system is broken from the get-go: allowing the keyfob to open and start your car without any user interaction is asking for it. Are car drivers really so lazy that they can’t press a button to unlock their car? Anyway, if you’re stuck with one of these systems, it looks like the only sure fallback is the tinfoil hat. For the keyfob, of course.

[via Wired]

Different Differentials & The Pitfalls of the Easy Swap

I dig cars, and I do car stuff. I started fairly late in life, though, and I’m only just starting to get into the whole modification thing. Now, as far as automobiles go, you can pretty much do anything you set your mind to – engine swaps, drivetrain conversions, you name it – it’s been done. But such jobs require a high level of fabrication skill, automotive knowledge, and often a fully stocked machine shop to match. Those of us new to the scene tend to start a little bit smaller.

So where does one begin? Well, there’s a huge realm of mods that can be done that are generally referred to as “bolt-ons”. This centers around the idea that the install process of the modification is as simple as following a basic set of instructions to unbolt the old hardware and bolt in the upgraded parts. Those that have tread this ground before me will be chuckling at this point – so rarely is a bolt-on ever just a bolt-on. As follows, the journey of my Mazda’s differential upgrade will bear this out.

The car in question, currently known as the “Junkbox MX-5” until it starts running well enough to earn a real name. It somehow looks passable here, but in person I promise you, it looks awful.

It all started when I bought the car, back in December 2016. I’d just started writing for Hackaday and my humble Daihatsu had, unbeknownst to me, just breathed its last. I’d recently come to the realisation that I wasn’t getting any younger, and despite being obsessed with cars, I’d never actually owned a sports car or driven one in anger. It was time to change. Continue reading “Different Differentials & The Pitfalls of the Easy Swap”

Electronifying A Horror Fraught Hydraulic Press

[Josh] is replacing the springs in his car’s suspension. He wanted to know the travel rates of these springs, but apparently, this is a closely guarded trade secret in the industry. One company did manage to publish the spring rates, but they weren’t believable. Instead of taking this company’s word, [Josh] built a spring tester.

The theory behind a spring tester is pretty simple: apply a force to a spring, measure it, then measure how much the spring has traveled. Or compress a spring an inch or so, measure the force, and compress it some more. Either gets you the same data.

This spring tester is built around a Harbor Freight hydraulic press. Yes, the spring is completely captured and won’t fly out of the jig if you look at it wrong. The bottom of the press contains a few load cells, fed into an ATmega8, which displays a value on an LCD. For the displacement measurement, a ruler taped to the side of the press will suffice, but [Josh] used a Mitutoyo linear scale.

What were the results of these tests? You shouldn’t buy coils from Bilstein if these results are correct. The rates for these springs were off by 70%. Other springs fared better and won’t bind when going over bigger bumps. That’s great work, and an excellent application of Horror Fraught gear.

How Many Parts In A Triumph Herald Heater?

This Herald is in much better condition than my 12/50 was. Philafrenzy [CC BY-SA 4.0]
This Herald is in much better condition than my 12/50 was. Philafrenzy [CC BY-SA 4.0]
What was your first car? Mine was a 1965 Triumph Herald 12/50 in conifer green, and to be frank, it was a bit of a dog.

The Triumph Herald is a small saloon car manufactured between about 1959 and 1971. If you are British your grandparents probably had one, though if you are not a Brit you may have never heard of it. Americans may be familiar with the Triumph Spitfire sports car, a derivative on a shortened version of the same platform. It was an odd car even by the standards of British cars of the 1950s and 1960s. Standard Triumph, the manufacturer, had a problem with their pressing plant being owned by a rival, so had to design a car that used pressings of a smaller size that they could do in-house. Thus the Herald was one of the last British mass-produced cars to have a separate chassis, at a time when all other manufacturers had produced moncoques for years.

My 12/50 was the sporty model, it had the high-lift cam from the Spitfire and a full-length Britax sunroof. It was this sunroof that was its downfall, when I had it around a quarter century of rainwater had leaked in and rotted its rear bodywork. This combined with the engine being spectacularly tired and the Solex carburetor having a penchant for flooding the engine with petrol made it more of a pretty thing to look at than a useful piece of transport. But I loved it, tended it, and when it finally died irreparably I broke it for parts. Since then I’ve had four other Heralds of various different varieties, and the current one, a 1960 Herald 948, I’ve owned since the early 1990s. A piece of advice: never buy version 0 of a car.

Continue reading “How Many Parts In A Triumph Herald Heater?”

One Micro Bit Accomplishes Its Goal

Like the Raspberry Pi, the BBC Micro Bit had a goal of being foremost an educational device. Such an inexpensive computer works well with the current trend of cutting public school budgets wherever possible while still being able to get kids interested in coding and computers in general. While both computers have been co-opted by hackers for all kinds of projects (the Pi especially), [David]’s latest build keeps at least his grandkids interested in computers by using the Micro Bit to add some cool features to an old toy.

The toy in question is an old Scalextric slot car racetrack – another well-known product of the UK. But what fun is a race if you can’t keep track of laps or lap times? With the BBC Mirco Bit and some hardware, the new-and-improved racetrack can do all of these things. It also implements a drag race-style light system to start the race and can tell if a car false starts. It may be a little difficult to intuit all of the information that the Micro Bit is displaying on its LED array, but it shouldn’t take too much practice.

The project page goes into great detail on how the project was constructed. Be sure to check out the video below for some exciting races! The build is certain to entertain [David]’s grandkids for some time, as well as help them get involved with programming and building anything that they can imagine. Maybe they’ll even get around to building a robot or two.

Thanks to [Mark] for sending in this tip!

Continue reading “One Micro Bit Accomplishes Its Goal”

Reverse Engineering the Smart ForTwo CAN Bus

The CAN bus has become a defacto standard in modern cars. Just about everything electronic in a car these days talks over this bus, which makes it fertile ground for aspiring hackers. [Daniel Velazquez] is striking out in this area, attempting to decode the messages on the CAN bus of his Smart ForTwo.

[Daniel] has had some pitfalls – first attempts with a Beaglebone Black were somewhat successful in reading messages, but led to strange activity of the car and indicators. This is par for the course in any hack that wires into an existing system – there’s a high chance of disrupting what’s going on leading to unintended consequences.

Further work using an Arduino with the MCP_CAN library netted [Daniel] better results, but  it would be great to understand precisely why the BeagleBone was causing a disturbance to the bus. Safety is highly important when you’re hacking on a speeding one-ton metal death cart, so it pays to double and triple check everything you’re doing.

Thus far, [Daniel] is part way through documenting the messages on the bus, finding registers that cover the ignition and turn signals, among others. Share your CAN hacking tips in the comments. For those interested in more on the CAN bus, check out [Eric]’s great primer on CAN hacking – and keep those car hacking projects flowing to the tip line!

How To Put A Jag On Your School Roof

Did you ever commit any pranks in your time at high school, college, or university? Maybe you moss-painted a rude word on the wall somewhere, or put a design in a sports field with herbicide, or even worse, slow-release fertiliser. [Roman Kozak] and his friends went far further than that last summer when they replicated some of the most famous student pranks; they put a Jaguar S type car on the roof of their school. And now the dust has settled, he’s posted an account of how they did it.

jag-on-roof-guy-cuttingOf course, putting a car on the roof is a significant challenge, particularly when you only have the resources of a high-school student. Ensuring the roof was strong enough for a car, and then hiring a crane to do the deed, was beyond them. They therefore decided to take the wheels and outer body panels of a car and mount them on a wooden frame to give the appearance of a car.

They needed a statement vehicle and they didn’t have a huge budget, so it took them a while to spot a for-parts Jaguar S type which when it came into their possession they found only had a fault with its reverse gear. Some hard work removed the panels, and the rest of the car was taken for scrap.

Frenetic work as the term end approached gave them their frame, and a daring midnight raid was mounted to winch the parts to the roof with a pulley. The result was so popular with their classmates and teachers that they owned up to the prank rather than preserve their anonymity. We think these young scamps will go far.

This is definitely the first car-on-roof prank we’ve brought you on Hackaday, but it’s not the first to be done. [Roman] and his friends cited an MIT prank as their inspiration, but the daddy of car-on-roof stunts has to go to Cambridge University students in the 1950s. Their Austin might be a lot smaller than the MIT Chevy or [Roman]’s Jag, but they got it onto their roof in one piece as a full car rather than a facsimile of one.

Important note: The author would like to state for the record that she and her friends were somewhere else entirely and had solid alibis when in summer 1993 the logo of Hull University Union Technical Committee appeared in the lawn outside Hull University Union. We’re sure that commenters will be anxious to set their own records straight for posterity in a similar manner.