Now that nearly every car on the road comes with an electronic key fob, people are desperate to find ways to repair these indispensable little gadgets without coughing up potentially hundreds of dollars at the dealership. There’s a whole market for replacement shells which you can transplant your (hopefully) still functional electronics into, but if you’re going to go through the trouble of putting the electronics into a new case, why not make it special?
That’s what [Michicanery] was thinking when he decided to build his own custom key fob. The end result is an utterly magnificent feat of engineering that’s sure to be a conversation for the life of the vehicle, if not beyond. Made of wood and aluminum cut on his OpenBuilds Lead CNC 1010, this build just might inspire you to “accidentally” drop your existing fob from a great height. Oh no, what a shame.
[Michicanery] starts by disassembling his original fob, which is the type that has a key integrated directly into the device. This meant his replacement would need a bit more thought put into it than a separate stand-alone fob, but at least it wasn’t one of the ones where you have to stick the whole thing into the dashboard. To make sure the build was strong enough to survive a lifetime of being turned in the ignition and generally fiddled with, he cut the central frame and buttons out of 1/4″ thick aluminum.
The top and bottom of the fob were then cut from Chechen wood and then chamfered on a table router so it felt a bit better in the hand. He applied oil to the pieces to bring out the natural color and grain of the wood, but not before engraving his own logo onto the back of the case for that extra touch of personalization. Not that we think [Michicanery] is going to have trouble identifying his keys from this point on.
Like the incredible watch cases we’ve seen recently, this is a perfect example of an everyday object getting a new lease on life as a bespoke creation thanks to a custom built enclosure. Granted we’re not sure Honda key fobs have quite the heirloom potential of a good watch, but we’d still prefer it over the black plastic original.
This clever precomputation attack was developed by a group of researchers at KU Leuven in Belgium. Unlike previous key fob attacks that we’ve covered in the past which have been essentially relay attacks, this hack precomputes a ton of data, looks for a collision in the dataset, and opens the door. Here’s how it works.
Continue reading “Tesla Opens with Precomputed Key Fob Attack”
Show of hands: how many of you have parked your car in the driveway, walked up to your house, and pressed your car’s key fob button thinking it would open the front door? We’ve probably all done it and felt a little dopey as a result, but when you think about it, it would be tremendously convenient, especially with grocery bags dangling off each arm and the mail clenched between your teeth. After all, we’re living in the future — shouldn’t your house be smart enough to know when you’re home?
Reverse engineer par excellence Samy Kamkar might think so, but given his recent experiences with cars smart enough to know when you’re standing outside them, he’d probably have some reservations. Samy dropped by the 2017 Hackaday Superconference in November to discuss the finer points of exploiting security flaws in passive car entry systems, and also sat down with our own Elliot Williams after his talk for a one-on-one interview. Samy has some interesting insights on vehicle cybersecurity, but the practical knowledge he’s gained while exploring the limits of these systems teach some powerful lessons about being a real-world reverse engineer.
Continue reading “Samy Kamkar: Reverse Engineering for a Secure Future”
[tomwimmenhove] has found a vulnerability in the cryptographic algorithm that is used by certain Subaru key fobs and he has open-sourced the software that drives this exploit. All you need to open your Subaru is a RasPi and a DVB-T dongle, so you could complain that sharing this software equates to giving out master keys to potential car thieves. On the other hand, this only works for a limited number of older models from a single manufacturer — it’s lacking in compatibility and affordability when compared to the proverbial brick.
This hack is much more useful as a case study than a brick is, however, and [tomwimmenhove]’s work points out some bad design on the manufacturer’s side and as such can help you to avoid these kind of mistakes. The problem of predictable keys got great treatment in the comments of our post about an encryption scheme for devices low in power and memory, for instance.
Those of you interested in digital signal processing may also want to take a look at his code, where he implements filtering, demodulation and decoding of the key fob’s signal. The transmission side is handled by rpitx and attacks against unencrypted communications with this kind of setup have been shown here before. There’s a lot going on here that’s much more interesting than stealing cars.
[Via Bleeping Computer]
Continue reading “Exploiting Weak Crypto on Car Key Fobs”
We all do it — park our cars, thumb the lock button on the key fob, and trust that our ride will be there when we get back. But there could be evildoers lurking in that parking lot, preventing you from locking up by using a powerful RF jammer. If you want to be sure your car is safe, you might want to scan the lot with a Raspberry Pi and SDR jammer range finder.
Inspired by a recent post featuring a simple jammer detector, [mikeh69] decide to build something that would provide more directional information. His jammer locator consists of an SDR dongle and a Raspberry Pi. The SDR is set to listen to the band used by key fobs for the continuous, strong emissions you’d expect from a jammer, and the Pi generates a tone that varies relative to signal strength. In theory you could walk through a parking lot until you get the strongest signal and locate the bad guys. We can’t say we’d recommend confronting anyone based on this information, but at least you’d know your car is at risk.
We’d venture a guess that a directional antenna would make the search much easier than the whip shown. In that case, brushing up on Yagi-Uda antenna basics might be a good idea.
Modern smart keys allow you to keep the key fob in your pocket or purse while you simply grab the handle and tug the door open. [Phil] decided he would rather ditch the fob altogether and instead implemented a passive Bluetooth keyless entry system with his Android phone. It’s probably unlikely for car manufacturers to embrace phone-based keys anytime soon, and [Phil] acknowledges that his prototype poses a landslide of challenges. What he’s built, however, looks rather enticing. If the car and phone are paired via Bluetooth, the doors unlock. Walk out of range and the car automatically locks when the connection drops.
His build uses an Arduino Mega with a BlueSMiRF Silver Bluetooth board that actively searches for his phone and initiates a connection if in range. Doors are unlocked directly through a 2-channel relay module, and an LED indicator inside the vehicle tells the status of the system. A pulsing light indicates it’s searching for the phone, while a solid ring means that a connection is established.
We hope [Phil] will implement additional features so we can make our pockets a bit lighter. Watch a video demonstration of his prototype after the break, then check out the flood of car-related hacks we’ve featured around here recently: the OpenXC interface that adds a smart brake light, or the Motobrain, which gives you Bluetooth control over auxiliary electrical systems.
Continue reading “Passive Bluetooth keyless entry system”
If you’re lofting a digital camera high into the stratosphere with a helium balloon, you really can’t do better than one of those key fob spy cameras. Being extremely lightweight with decent resolution, they’re the perfect camera to take to near space. If you’re bringing someone along to snap the pictures, that is.
[Román] wanted to take his 808 spy camera to new heights, but not wanting to manually reset the thing when it’s 100,000 feet in the air decided to use a microcontroller instead. An 8-pin PIC12F675 takes care of taking 60 pictures with a 4-second interval, then switching to movie mode and recording a 20-second video.
The entire device can be powered by 6 to 9 volts with the help of a voltage regulator. [Román] found the camera hangs after taking about 1600 photos, so a connection from the microcontroller to the reset switch was added. Everything works on the ground, so we can’t wait to see what happens miles above the Earth’s surface.