90 Accord main relay
#31
Guest
Posts: n/a
Re: 90 Accord main relay
Seth wrote:
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>> Eric wrote:
>>> Jim Yanik wrote:
>>>
>>>> At least the Spec V has RFID chipped keys.
>>>
>>> This article may be of interest.
>>>
>>>> How a keyless car gets stolen isn't exactly a state secret; much of the
>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>> pairs
>>>> from their intended target before cracking the encryption. In an
>>>> example
>>>> from the paper, they wanted to see if they could swipe the passive code
>>>> off the keyless ignition device itself. To do so, the authors
>>>> simulated a
>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>> close to
>>>> someone with a keyless ignition device in their pocket, the authors
>>>> were
>>>> able to perform several scans in less than one second without the
>>>> victim
>>>> knowing. They then began decrypting the sampled challenge-response
>>>> pairs.
>>>> Using brute-force attack techniques, the researchers had the laptop try
>>>> different combinations of symbols until they found combinations that
>>>> matched. Once they had the matching codes, they could then predict the
>>>> sequence and were soon able to gain entrance to the target car and
>>>> start
>>>> it.
>>>
>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>
>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>> from july 14.
>
>
> Why post it to me? You do know that the exploit being discussed above
> has nothing to do with a remote starter as they don't use an RFID
> challenge/response signaling system, don't you?
>
> To clone a remote starter remote control signal you would have to be
> scanning/reading the code while the button is repeatedly pressed a
> number of times till the scanner could figure out the algorithm used for
> the code hopping. They don't transmit when the receive a challenge signal.
>
> If you want to be paranoid about the article mentioned above, then the
> way to protect oneself is to have their stock Honda (or any other brand)
> key stored in a lead lined key case when walking around with it in their
> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
> would require first getting your hands on the actual FOB, in which case
> you don't need to clone it as you have the original.
>
> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
> EXL 2007 - remote start" thread from july 14." was more an attempt at
> being obnoxious than anything else. I know I never said the system was
> invulnerable, just not a high-risk threat. Having one's head or house
> destroyed by a piece of falling debris is also possible, but again, not
> likely and therefore I'm not losing any sleep worrying about it.
> Coincidently, neither my home owners insurance, car insurance or life
> insurance has any clause excluding space debris or remote starters. If
> they thought it was a high risk possibility you better believe they
> would have a clause and an additional cost rider as a result to make
> more money off the customer.
>
seth, with respect, you're welcome to justify the remote starters you
sell any way you want. but in terms of how the key [and replication
system] works, you don't understand and are therefore propagating
misinformation. that's not to say you haven't read the marketing blurb
and can repeat it, but in terms of mechanism, you're still unclear.
it's a challenge/response mechanism - just like you have with computer
network authentication. on startup, ecu signals for code with token,
key hashes with it's own unique code that the ecu has been programmed to
recognize, then transmits it back. if the token has been hashed
correctly, the ecu will arm the ignition system. all an outsider has to
do to break in is, well, follow the procedure spelled out in the
article. the remote starter performs challenge/response just like the key.
are you welcome to have on in your own vehicle? sure. but please don't
say they're impossible to hack because they're not. just like the key
is not. the remote starter makes vehicle theft easier because there's a
"key" permanently attached to the vehicle. as i said at the start, some
people do this stuff for the technical challenge. hence the article.
which i didn't write.
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>> Eric wrote:
>>> Jim Yanik wrote:
>>>
>>>> At least the Spec V has RFID chipped keys.
>>>
>>> This article may be of interest.
>>>
>>>> How a keyless car gets stolen isn't exactly a state secret; much of the
>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>> pairs
>>>> from their intended target before cracking the encryption. In an
>>>> example
>>>> from the paper, they wanted to see if they could swipe the passive code
>>>> off the keyless ignition device itself. To do so, the authors
>>>> simulated a
>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>> close to
>>>> someone with a keyless ignition device in their pocket, the authors
>>>> were
>>>> able to perform several scans in less than one second without the
>>>> victim
>>>> knowing. They then began decrypting the sampled challenge-response
>>>> pairs.
>>>> Using brute-force attack techniques, the researchers had the laptop try
>>>> different combinations of symbols until they found combinations that
>>>> matched. Once they had the matching codes, they could then predict the
>>>> sequence and were soon able to gain entrance to the target car and
>>>> start
>>>> it.
>>>
>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>
>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>> from july 14.
>
>
> Why post it to me? You do know that the exploit being discussed above
> has nothing to do with a remote starter as they don't use an RFID
> challenge/response signaling system, don't you?
>
> To clone a remote starter remote control signal you would have to be
> scanning/reading the code while the button is repeatedly pressed a
> number of times till the scanner could figure out the algorithm used for
> the code hopping. They don't transmit when the receive a challenge signal.
>
> If you want to be paranoid about the article mentioned above, then the
> way to protect oneself is to have their stock Honda (or any other brand)
> key stored in a lead lined key case when walking around with it in their
> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
> would require first getting your hands on the actual FOB, in which case
> you don't need to clone it as you have the original.
>
> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
> EXL 2007 - remote start" thread from july 14." was more an attempt at
> being obnoxious than anything else. I know I never said the system was
> invulnerable, just not a high-risk threat. Having one's head or house
> destroyed by a piece of falling debris is also possible, but again, not
> likely and therefore I'm not losing any sleep worrying about it.
> Coincidently, neither my home owners insurance, car insurance or life
> insurance has any clause excluding space debris or remote starters. If
> they thought it was a high risk possibility you better believe they
> would have a clause and an additional cost rider as a result to make
> more money off the customer.
>
seth, with respect, you're welcome to justify the remote starters you
sell any way you want. but in terms of how the key [and replication
system] works, you don't understand and are therefore propagating
misinformation. that's not to say you haven't read the marketing blurb
and can repeat it, but in terms of mechanism, you're still unclear.
it's a challenge/response mechanism - just like you have with computer
network authentication. on startup, ecu signals for code with token,
key hashes with it's own unique code that the ecu has been programmed to
recognize, then transmits it back. if the token has been hashed
correctly, the ecu will arm the ignition system. all an outsider has to
do to break in is, well, follow the procedure spelled out in the
article. the remote starter performs challenge/response just like the key.
are you welcome to have on in your own vehicle? sure. but please don't
say they're impossible to hack because they're not. just like the key
is not. the remote starter makes vehicle theft easier because there's a
"key" permanently attached to the vehicle. as i said at the start, some
people do this stuff for the technical challenge. hence the article.
which i didn't write.
#32
Guest
Posts: n/a
Re: 90 Accord main relay
"jim beam" <spamvortex@bad.example.net> wrote in message
news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
> Seth wrote:
>> "jim beam" <spamvortex@bad.example.net> wrote in message
>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>> Eric wrote:
>>>> Jim Yanik wrote:
>>>>
>>>>> At least the Spec V has RFID chipped keys.
>>>>
>>>> This article may be of interest.
>>>>
>>>>> How a keyless car gets stolen isn't exactly a state secret; much of
>>>>> the
>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>>> pairs
>>>>> from their intended target before cracking the encryption. In an
>>>>> example
>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>> code
>>>>> off the keyless ignition device itself. To do so, the authors
>>>>> simulated a
>>>>> car's ignition system (the RFID reader) on a laptop. By sitting close
>>>>> to
>>>>> someone with a keyless ignition device in their pocket, the authors
>>>>> were
>>>>> able to perform several scans in less than one second without the
>>>>> victim
>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>> pairs.
>>>>> Using brute-force attack techniques, the researchers had the laptop
>>>>> try
>>>>> different combinations of symbols until they found combinations that
>>>>> matched. Once they had the matching codes, they could then predict the
>>>>> sequence and were soon able to gain entrance to the target car and
>>>>> start
>>>>> it.
>>>>
>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>
>>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>>> from july 14.
>>
>>
>> Why post it to me? You do know that the exploit being discussed above
>> has nothing to do with a remote starter as they don't use an RFID
>> challenge/response signaling system, don't you?
>>
>> To clone a remote starter remote control signal you would have to be
>> scanning/reading the code while the button is repeatedly pressed a number
>> of times till the scanner could figure out the algorithm used for the
>> code hopping. They don't transmit when the receive a challenge signal.
>>
>> If you want to be paranoid about the article mentioned above, then the
>> way to protect oneself is to have their stock Honda (or any other brand)
>> key stored in a lead lined key case when walking around with it in their
>> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
>> would require first getting your hands on the actual FOB, in which case
>> you don't need to clone it as you have the original.
>>
>> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
>> EXL 2007 - remote start" thread from july 14." was more an attempt at
>> being obnoxious than anything else. I know I never said the system was
>> invulnerable, just not a high-risk threat. Having one's head or house
>> destroyed by a piece of falling debris is also possible, but again, not
>> likely and therefore I'm not losing any sleep worrying about it.
>> Coincidently, neither my home owners insurance, car insurance or life
>> insurance has any clause excluding space debris or remote starters. If
>> they thought it was a high risk possibility you better believe they would
>> have a clause and an additional cost rider as a result to make more money
>> off the customer.
>>
>
> seth, with respect, you're welcome to justify the remote starters you sell
> any way you want.
Haven't sold them in years.
> but in terms of how the key [and replication system] works, you don't
> understand and are therefore propagating misinformation. that's not to
> say you haven't read the marketing blurb and can repeat it, but in terms
> of mechanism, you're still unclear.
The key (Honda key from factory) is challenge/response. I didn't say
otherwise. The FOB that controls the remote starter is not. It is purely
1-way, rolling code (also called code hopping).
> it's a challenge/response mechanism - just like you have with computer
> network authentication. on startup, ecu signals for code with token, key
> hashes with it's own unique code that the ecu has been programmed to
> recognize, then transmits it back. if the token has been hashed
> correctly, the ecu will arm the ignition system. all an outsider has to
> do to break in is, well, follow the procedure spelled out in the article.
> the remote starter performs challenge/response just like the key.
Actually not the same. It (the remote starter RFID over-ride module) is
wired direct into the lines that the RFID receiver uses to feed the vehicle
ECU.
> are you welcome to have on in your own vehicle? sure. but please don't
> say they're impossible to hack because they're not.
You need to work on your reading comprehension. Please show me where I said
they were impossible to hack. I said it is a small risk due to the
complexity of doing it vs. otehr easier methods of stealing ones car. Big
difference. Re-read what I wrote and you will see that.
just like the key
> is not. the remote starter makes vehicle theft easier because there's a
> "key" permanently attached to the vehicle.
> as i said at the start, some people do this stuff for the technical
> challenge. hence the article. which i didn't write.
news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
> Seth wrote:
>> "jim beam" <spamvortex@bad.example.net> wrote in message
>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>> Eric wrote:
>>>> Jim Yanik wrote:
>>>>
>>>>> At least the Spec V has RFID chipped keys.
>>>>
>>>> This article may be of interest.
>>>>
>>>>> How a keyless car gets stolen isn't exactly a state secret; much of
>>>>> the
>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>>> pairs
>>>>> from their intended target before cracking the encryption. In an
>>>>> example
>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>> code
>>>>> off the keyless ignition device itself. To do so, the authors
>>>>> simulated a
>>>>> car's ignition system (the RFID reader) on a laptop. By sitting close
>>>>> to
>>>>> someone with a keyless ignition device in their pocket, the authors
>>>>> were
>>>>> able to perform several scans in less than one second without the
>>>>> victim
>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>> pairs.
>>>>> Using brute-force attack techniques, the researchers had the laptop
>>>>> try
>>>>> different combinations of symbols until they found combinations that
>>>>> matched. Once they had the matching codes, they could then predict the
>>>>> sequence and were soon able to gain entrance to the target car and
>>>>> start
>>>>> it.
>>>>
>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>
>>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>>> from july 14.
>>
>>
>> Why post it to me? You do know that the exploit being discussed above
>> has nothing to do with a remote starter as they don't use an RFID
>> challenge/response signaling system, don't you?
>>
>> To clone a remote starter remote control signal you would have to be
>> scanning/reading the code while the button is repeatedly pressed a number
>> of times till the scanner could figure out the algorithm used for the
>> code hopping. They don't transmit when the receive a challenge signal.
>>
>> If you want to be paranoid about the article mentioned above, then the
>> way to protect oneself is to have their stock Honda (or any other brand)
>> key stored in a lead lined key case when walking around with it in their
>> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
>> would require first getting your hands on the actual FOB, in which case
>> you don't need to clone it as you have the original.
>>
>> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
>> EXL 2007 - remote start" thread from july 14." was more an attempt at
>> being obnoxious than anything else. I know I never said the system was
>> invulnerable, just not a high-risk threat. Having one's head or house
>> destroyed by a piece of falling debris is also possible, but again, not
>> likely and therefore I'm not losing any sleep worrying about it.
>> Coincidently, neither my home owners insurance, car insurance or life
>> insurance has any clause excluding space debris or remote starters. If
>> they thought it was a high risk possibility you better believe they would
>> have a clause and an additional cost rider as a result to make more money
>> off the customer.
>>
>
> seth, with respect, you're welcome to justify the remote starters you sell
> any way you want.
Haven't sold them in years.
> but in terms of how the key [and replication system] works, you don't
> understand and are therefore propagating misinformation. that's not to
> say you haven't read the marketing blurb and can repeat it, but in terms
> of mechanism, you're still unclear.
The key (Honda key from factory) is challenge/response. I didn't say
otherwise. The FOB that controls the remote starter is not. It is purely
1-way, rolling code (also called code hopping).
> it's a challenge/response mechanism - just like you have with computer
> network authentication. on startup, ecu signals for code with token, key
> hashes with it's own unique code that the ecu has been programmed to
> recognize, then transmits it back. if the token has been hashed
> correctly, the ecu will arm the ignition system. all an outsider has to
> do to break in is, well, follow the procedure spelled out in the article.
> the remote starter performs challenge/response just like the key.
Actually not the same. It (the remote starter RFID over-ride module) is
wired direct into the lines that the RFID receiver uses to feed the vehicle
ECU.
> are you welcome to have on in your own vehicle? sure. but please don't
> say they're impossible to hack because they're not.
You need to work on your reading comprehension. Please show me where I said
they were impossible to hack. I said it is a small risk due to the
complexity of doing it vs. otehr easier methods of stealing ones car. Big
difference. Re-read what I wrote and you will see that.
just like the key
> is not. the remote starter makes vehicle theft easier because there's a
> "key" permanently attached to the vehicle.
> as i said at the start, some people do this stuff for the technical
> challenge. hence the article. which i didn't write.
#33
Guest
Posts: n/a
Re: 90 Accord main relay
"jim beam" <spamvortex@bad.example.net> wrote in message
news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
> Seth wrote:
>> "jim beam" <spamvortex@bad.example.net> wrote in message
>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>> Eric wrote:
>>>> Jim Yanik wrote:
>>>>
>>>>> At least the Spec V has RFID chipped keys.
>>>>
>>>> This article may be of interest.
>>>>
>>>>> How a keyless car gets stolen isn't exactly a state secret; much of
>>>>> the
>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>>> pairs
>>>>> from their intended target before cracking the encryption. In an
>>>>> example
>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>> code
>>>>> off the keyless ignition device itself. To do so, the authors
>>>>> simulated a
>>>>> car's ignition system (the RFID reader) on a laptop. By sitting close
>>>>> to
>>>>> someone with a keyless ignition device in their pocket, the authors
>>>>> were
>>>>> able to perform several scans in less than one second without the
>>>>> victim
>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>> pairs.
>>>>> Using brute-force attack techniques, the researchers had the laptop
>>>>> try
>>>>> different combinations of symbols until they found combinations that
>>>>> matched. Once they had the matching codes, they could then predict the
>>>>> sequence and were soon able to gain entrance to the target car and
>>>>> start
>>>>> it.
>>>>
>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>
>>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>>> from july 14.
>>
>>
>> Why post it to me? You do know that the exploit being discussed above
>> has nothing to do with a remote starter as they don't use an RFID
>> challenge/response signaling system, don't you?
>>
>> To clone a remote starter remote control signal you would have to be
>> scanning/reading the code while the button is repeatedly pressed a number
>> of times till the scanner could figure out the algorithm used for the
>> code hopping. They don't transmit when the receive a challenge signal.
>>
>> If you want to be paranoid about the article mentioned above, then the
>> way to protect oneself is to have their stock Honda (or any other brand)
>> key stored in a lead lined key case when walking around with it in their
>> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
>> would require first getting your hands on the actual FOB, in which case
>> you don't need to clone it as you have the original.
>>
>> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
>> EXL 2007 - remote start" thread from july 14." was more an attempt at
>> being obnoxious than anything else. I know I never said the system was
>> invulnerable, just not a high-risk threat. Having one's head or house
>> destroyed by a piece of falling debris is also possible, but again, not
>> likely and therefore I'm not losing any sleep worrying about it.
>> Coincidently, neither my home owners insurance, car insurance or life
>> insurance has any clause excluding space debris or remote starters. If
>> they thought it was a high risk possibility you better believe they would
>> have a clause and an additional cost rider as a result to make more money
>> off the customer.
>>
>
> seth, with respect, you're welcome to justify the remote starters you sell
> any way you want.
Haven't sold them in years.
> but in terms of how the key [and replication system] works, you don't
> understand and are therefore propagating misinformation. that's not to
> say you haven't read the marketing blurb and can repeat it, but in terms
> of mechanism, you're still unclear.
The key (Honda key from factory) is challenge/response. I didn't say
otherwise. The FOB that controls the remote starter is not. It is purely
1-way, rolling code (also called code hopping).
> it's a challenge/response mechanism - just like you have with computer
> network authentication. on startup, ecu signals for code with token, key
> hashes with it's own unique code that the ecu has been programmed to
> recognize, then transmits it back. if the token has been hashed
> correctly, the ecu will arm the ignition system. all an outsider has to
> do to break in is, well, follow the procedure spelled out in the article.
> the remote starter performs challenge/response just like the key.
Actually not the same. It (the remote starter RFID over-ride module) is
wired direct into the lines that the RFID receiver uses to feed the vehicle
ECU.
> are you welcome to have on in your own vehicle? sure. but please don't
> say they're impossible to hack because they're not.
You need to work on your reading comprehension. Please show me where I said
they were impossible to hack. I said it is a small risk due to the
complexity of doing it vs. otehr easier methods of stealing ones car. Big
difference. Re-read what I wrote and you will see that.
just like the key
> is not. the remote starter makes vehicle theft easier because there's a
> "key" permanently attached to the vehicle.
> as i said at the start, some people do this stuff for the technical
> challenge. hence the article. which i didn't write.
news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
> Seth wrote:
>> "jim beam" <spamvortex@bad.example.net> wrote in message
>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>> Eric wrote:
>>>> Jim Yanik wrote:
>>>>
>>>>> At least the Spec V has RFID chipped keys.
>>>>
>>>> This article may be of interest.
>>>>
>>>>> How a keyless car gets stolen isn't exactly a state secret; much of
>>>>> the
>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>>> pairs
>>>>> from their intended target before cracking the encryption. In an
>>>>> example
>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>> code
>>>>> off the keyless ignition device itself. To do so, the authors
>>>>> simulated a
>>>>> car's ignition system (the RFID reader) on a laptop. By sitting close
>>>>> to
>>>>> someone with a keyless ignition device in their pocket, the authors
>>>>> were
>>>>> able to perform several scans in less than one second without the
>>>>> victim
>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>> pairs.
>>>>> Using brute-force attack techniques, the researchers had the laptop
>>>>> try
>>>>> different combinations of symbols until they found combinations that
>>>>> matched. Once they had the matching codes, they could then predict the
>>>>> sequence and were soon able to gain entrance to the target car and
>>>>> start
>>>>> it.
>>>>
>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>
>>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>>> from july 14.
>>
>>
>> Why post it to me? You do know that the exploit being discussed above
>> has nothing to do with a remote starter as they don't use an RFID
>> challenge/response signaling system, don't you?
>>
>> To clone a remote starter remote control signal you would have to be
>> scanning/reading the code while the button is repeatedly pressed a number
>> of times till the scanner could figure out the algorithm used for the
>> code hopping. They don't transmit when the receive a challenge signal.
>>
>> If you want to be paranoid about the article mentioned above, then the
>> way to protect oneself is to have their stock Honda (or any other brand)
>> key stored in a lead lined key case when walking around with it in their
>> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
>> would require first getting your hands on the actual FOB, in which case
>> you don't need to clone it as you have the original.
>>
>> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
>> EXL 2007 - remote start" thread from july 14." was more an attempt at
>> being obnoxious than anything else. I know I never said the system was
>> invulnerable, just not a high-risk threat. Having one's head or house
>> destroyed by a piece of falling debris is also possible, but again, not
>> likely and therefore I'm not losing any sleep worrying about it.
>> Coincidently, neither my home owners insurance, car insurance or life
>> insurance has any clause excluding space debris or remote starters. If
>> they thought it was a high risk possibility you better believe they would
>> have a clause and an additional cost rider as a result to make more money
>> off the customer.
>>
>
> seth, with respect, you're welcome to justify the remote starters you sell
> any way you want.
Haven't sold them in years.
> but in terms of how the key [and replication system] works, you don't
> understand and are therefore propagating misinformation. that's not to
> say you haven't read the marketing blurb and can repeat it, but in terms
> of mechanism, you're still unclear.
The key (Honda key from factory) is challenge/response. I didn't say
otherwise. The FOB that controls the remote starter is not. It is purely
1-way, rolling code (also called code hopping).
> it's a challenge/response mechanism - just like you have with computer
> network authentication. on startup, ecu signals for code with token, key
> hashes with it's own unique code that the ecu has been programmed to
> recognize, then transmits it back. if the token has been hashed
> correctly, the ecu will arm the ignition system. all an outsider has to
> do to break in is, well, follow the procedure spelled out in the article.
> the remote starter performs challenge/response just like the key.
Actually not the same. It (the remote starter RFID over-ride module) is
wired direct into the lines that the RFID receiver uses to feed the vehicle
ECU.
> are you welcome to have on in your own vehicle? sure. but please don't
> say they're impossible to hack because they're not.
You need to work on your reading comprehension. Please show me where I said
they were impossible to hack. I said it is a small risk due to the
complexity of doing it vs. otehr easier methods of stealing ones car. Big
difference. Re-read what I wrote and you will see that.
just like the key
> is not. the remote starter makes vehicle theft easier because there's a
> "key" permanently attached to the vehicle.
> as i said at the start, some people do this stuff for the technical
> challenge. hence the article. which i didn't write.
#34
Guest
Posts: n/a
Re: 90 Accord main relay
"jim beam" <spamvortex@bad.example.net> wrote in message
news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
> Seth wrote:
>> "jim beam" <spamvortex@bad.example.net> wrote in message
>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>> Eric wrote:
>>>> Jim Yanik wrote:
>>>>
>>>>> At least the Spec V has RFID chipped keys.
>>>>
>>>> This article may be of interest.
>>>>
>>>>> How a keyless car gets stolen isn't exactly a state secret; much of
>>>>> the
>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>>> pairs
>>>>> from their intended target before cracking the encryption. In an
>>>>> example
>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>> code
>>>>> off the keyless ignition device itself. To do so, the authors
>>>>> simulated a
>>>>> car's ignition system (the RFID reader) on a laptop. By sitting close
>>>>> to
>>>>> someone with a keyless ignition device in their pocket, the authors
>>>>> were
>>>>> able to perform several scans in less than one second without the
>>>>> victim
>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>> pairs.
>>>>> Using brute-force attack techniques, the researchers had the laptop
>>>>> try
>>>>> different combinations of symbols until they found combinations that
>>>>> matched. Once they had the matching codes, they could then predict the
>>>>> sequence and were soon able to gain entrance to the target car and
>>>>> start
>>>>> it.
>>>>
>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>
>>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>>> from july 14.
>>
>>
>> Why post it to me? You do know that the exploit being discussed above
>> has nothing to do with a remote starter as they don't use an RFID
>> challenge/response signaling system, don't you?
>>
>> To clone a remote starter remote control signal you would have to be
>> scanning/reading the code while the button is repeatedly pressed a number
>> of times till the scanner could figure out the algorithm used for the
>> code hopping. They don't transmit when the receive a challenge signal.
>>
>> If you want to be paranoid about the article mentioned above, then the
>> way to protect oneself is to have their stock Honda (or any other brand)
>> key stored in a lead lined key case when walking around with it in their
>> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
>> would require first getting your hands on the actual FOB, in which case
>> you don't need to clone it as you have the original.
>>
>> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
>> EXL 2007 - remote start" thread from july 14." was more an attempt at
>> being obnoxious than anything else. I know I never said the system was
>> invulnerable, just not a high-risk threat. Having one's head or house
>> destroyed by a piece of falling debris is also possible, but again, not
>> likely and therefore I'm not losing any sleep worrying about it.
>> Coincidently, neither my home owners insurance, car insurance or life
>> insurance has any clause excluding space debris or remote starters. If
>> they thought it was a high risk possibility you better believe they would
>> have a clause and an additional cost rider as a result to make more money
>> off the customer.
>>
>
> seth, with respect, you're welcome to justify the remote starters you sell
> any way you want.
Haven't sold them in years.
> but in terms of how the key [and replication system] works, you don't
> understand and are therefore propagating misinformation. that's not to
> say you haven't read the marketing blurb and can repeat it, but in terms
> of mechanism, you're still unclear.
The key (Honda key from factory) is challenge/response. I didn't say
otherwise. The FOB that controls the remote starter is not. It is purely
1-way, rolling code (also called code hopping).
> it's a challenge/response mechanism - just like you have with computer
> network authentication. on startup, ecu signals for code with token, key
> hashes with it's own unique code that the ecu has been programmed to
> recognize, then transmits it back. if the token has been hashed
> correctly, the ecu will arm the ignition system. all an outsider has to
> do to break in is, well, follow the procedure spelled out in the article.
> the remote starter performs challenge/response just like the key.
Actually not the same. It (the remote starter RFID over-ride module) is
wired direct into the lines that the RFID receiver uses to feed the vehicle
ECU.
> are you welcome to have on in your own vehicle? sure. but please don't
> say they're impossible to hack because they're not.
You need to work on your reading comprehension. Please show me where I said
they were impossible to hack. I said it is a small risk due to the
complexity of doing it vs. otehr easier methods of stealing ones car. Big
difference. Re-read what I wrote and you will see that.
just like the key
> is not. the remote starter makes vehicle theft easier because there's a
> "key" permanently attached to the vehicle.
> as i said at the start, some people do this stuff for the technical
> challenge. hence the article. which i didn't write.
news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
> Seth wrote:
>> "jim beam" <spamvortex@bad.example.net> wrote in message
>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>> Eric wrote:
>>>> Jim Yanik wrote:
>>>>
>>>>> At least the Spec V has RFID chipped keys.
>>>>
>>>> This article may be of interest.
>>>>
>>>>> How a keyless car gets stolen isn't exactly a state secret; much of
>>>>> the
>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>> Hopkins/RSA study needed only to capture two challenge-and-response
>>>>> pairs
>>>>> from their intended target before cracking the encryption. In an
>>>>> example
>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>> code
>>>>> off the keyless ignition device itself. To do so, the authors
>>>>> simulated a
>>>>> car's ignition system (the RFID reader) on a laptop. By sitting close
>>>>> to
>>>>> someone with a keyless ignition device in their pocket, the authors
>>>>> were
>>>>> able to perform several scans in less than one second without the
>>>>> victim
>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>> pairs.
>>>>> Using brute-force attack techniques, the researchers had the laptop
>>>>> try
>>>>> different combinations of symbols until they found combinations that
>>>>> matched. Once they had the matching codes, they could then predict the
>>>>> sequence and were soon able to gain entrance to the target car and
>>>>> start
>>>>> it.
>>>>
>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>
>>> post that to seth on the "Honda Pilot EXL 2007 - remote start" thread
>>> from july 14.
>>
>>
>> Why post it to me? You do know that the exploit being discussed above
>> has nothing to do with a remote starter as they don't use an RFID
>> challenge/response signaling system, don't you?
>>
>> To clone a remote starter remote control signal you would have to be
>> scanning/reading the code while the button is repeatedly pressed a number
>> of times till the scanner could figure out the algorithm used for the
>> code hopping. They don't transmit when the receive a challenge signal.
>>
>> If you want to be paranoid about the article mentioned above, then the
>> way to protect oneself is to have their stock Honda (or any other brand)
>> key stored in a lead lined key case when walking around with it in their
>> pocket. The car alarm, remote starter, keyless entry unit, to be cloned
>> would require first getting your hands on the actual FOB, in which case
>> you don't need to clone it as you have the original.
>>
>> All that aside, I'm guessing the "post that to seth on the "Honda Pilot
>> EXL 2007 - remote start" thread from july 14." was more an attempt at
>> being obnoxious than anything else. I know I never said the system was
>> invulnerable, just not a high-risk threat. Having one's head or house
>> destroyed by a piece of falling debris is also possible, but again, not
>> likely and therefore I'm not losing any sleep worrying about it.
>> Coincidently, neither my home owners insurance, car insurance or life
>> insurance has any clause excluding space debris or remote starters. If
>> they thought it was a high risk possibility you better believe they would
>> have a clause and an additional cost rider as a result to make more money
>> off the customer.
>>
>
> seth, with respect, you're welcome to justify the remote starters you sell
> any way you want.
Haven't sold them in years.
> but in terms of how the key [and replication system] works, you don't
> understand and are therefore propagating misinformation. that's not to
> say you haven't read the marketing blurb and can repeat it, but in terms
> of mechanism, you're still unclear.
The key (Honda key from factory) is challenge/response. I didn't say
otherwise. The FOB that controls the remote starter is not. It is purely
1-way, rolling code (also called code hopping).
> it's a challenge/response mechanism - just like you have with computer
> network authentication. on startup, ecu signals for code with token, key
> hashes with it's own unique code that the ecu has been programmed to
> recognize, then transmits it back. if the token has been hashed
> correctly, the ecu will arm the ignition system. all an outsider has to
> do to break in is, well, follow the procedure spelled out in the article.
> the remote starter performs challenge/response just like the key.
Actually not the same. It (the remote starter RFID over-ride module) is
wired direct into the lines that the RFID receiver uses to feed the vehicle
ECU.
> are you welcome to have on in your own vehicle? sure. but please don't
> say they're impossible to hack because they're not.
You need to work on your reading comprehension. Please show me where I said
they were impossible to hack. I said it is a small risk due to the
complexity of doing it vs. otehr easier methods of stealing ones car. Big
difference. Re-read what I wrote and you will see that.
just like the key
> is not. the remote starter makes vehicle theft easier because there's a
> "key" permanently attached to the vehicle.
> as i said at the start, some people do this stuff for the technical
> challenge. hence the article. which i didn't write.
#35
Guest
Posts: n/a
Re: 90 Accord main relay
Seth wrote:
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
>> Seth wrote:
>>> "jim beam" <spamvortex@bad.example.net> wrote in message
>>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>>> Eric wrote:
>>>>> Jim Yanik wrote:
>>>>>
>>>>>> At least the Spec V has RFID chipped keys.
>>>>>
>>>>> This article may be of interest.
>>>>>
>>>>>> How a keyless car gets stolen isn't exactly a state secret; much
>>>>>> of the
>>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>>> Hopkins/RSA study needed only to capture two
>>>>>> challenge-and-response pairs
>>>>>> from their intended target before cracking the encryption. In an
>>>>>> example
>>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>>> code
>>>>>> off the keyless ignition device itself. To do so, the authors
>>>>>> simulated a
>>>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>>>> close to
>>>>>> someone with a keyless ignition device in their pocket, the
>>>>>> authors were
>>>>>> able to perform several scans in less than one second without the
>>>>>> victim
>>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>>> pairs.
>>>>>> Using brute-force attack techniques, the researchers had the
>>>>>> laptop try
>>>>>> different combinations of symbols until they found combinations that
>>>>>> matched. Once they had the matching codes, they could then predict
>>>>>> the
>>>>>> sequence and were soon able to gain entrance to the target car and
>>>>>> start
>>>>>> it.
>>>>>
>>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>>
>>>> post that to seth on the "Honda Pilot EXL 2007 - remote start"
>>>> thread from july 14.
>>>
>>>
>>> Why post it to me? You do know that the exploit being discussed
>>> above has nothing to do with a remote starter as they don't use an
>>> RFID challenge/response signaling system, don't you?
>>>
>>> To clone a remote starter remote control signal you would have to be
>>> scanning/reading the code while the button is repeatedly pressed a
>>> number of times till the scanner could figure out the algorithm used
>>> for the code hopping. They don't transmit when the receive a
>>> challenge signal.
>>>
>>> If you want to be paranoid about the article mentioned above, then
>>> the way to protect oneself is to have their stock Honda (or any other
>>> brand) key stored in a lead lined key case when walking around with
>>> it in their pocket. The car alarm, remote starter, keyless entry
>>> unit, to be cloned would require first getting your hands on the
>>> actual FOB, in which case you don't need to clone it as you have the
>>> original.
>>>
>>> All that aside, I'm guessing the "post that to seth on the "Honda
>>> Pilot EXL 2007 - remote start" thread from july 14." was more an
>>> attempt at being obnoxious than anything else. I know I never said
>>> the system was invulnerable, just not a high-risk threat. Having
>>> one's head or house destroyed by a piece of falling debris is also
>>> possible, but again, not likely and therefore I'm not losing any
>>> sleep worrying about it. Coincidently, neither my home owners
>>> insurance, car insurance or life insurance has any clause excluding
>>> space debris or remote starters. If they thought it was a high risk
>>> possibility you better believe they would have a clause and an
>>> additional cost rider as a result to make more money off the customer.
>>>
>>
>> seth, with respect, you're welcome to justify the remote starters you
>> sell any way you want.
>
> Haven't sold them in years.
>
>> but in terms of how the key [and replication system] works, you don't
>> understand and are therefore propagating misinformation. that's not
>> to say you haven't read the marketing blurb and can repeat it, but in
>> terms of mechanism, you're still unclear.
>
> The key (Honda key from factory) is challenge/response. I didn't say
> otherwise. The FOB that controls the remote starter is not. It is
> purely 1-way, rolling code (also called code hopping).
so is the honda key - never sends the same code twice. the point is,
you can /predict/ what the next code will be if you have a few samples
from which to establish the pattern.
>
>> it's a challenge/response mechanism - just like you have with computer
>> network authentication. on startup, ecu signals for code with token,
>> key hashes with it's own unique code that the ecu has been programmed
>> to recognize, then transmits it back. if the token has been hashed
>> correctly, the ecu will arm the ignition system. all an outsider has
>> to do to break in is, well, follow the procedure spelled out in the
>> article. the remote starter performs challenge/response just like the
>> key.
>
> Actually not the same. It (the remote starter RFID over-ride module) is
> wired direct into the lines that the RFID receiver uses to feed the
> vehicle ECU.
it /is/ the same - the ecu still has to challenge and then compare the
hash on the response.
>
>> are you welcome to have on in your own vehicle? sure. but please
>> don't say they're impossible to hack because they're not.
>
> You need to work on your reading comprehension. Please show me where I
> said they were impossible to hack. I said it is a small risk due to the
> complexity of doing it vs. otehr easier methods of stealing ones car.
> Big difference. Re-read what I wrote and you will see that.
apart from problems with engine wear caused by habitual use of remote
starters, i mentioned security, a point on which you've taken great
offense for reasons i still don't understand. and you continued arguing
against that point regardless of the facts, finally resorting to what
amounts to "well, if it /does/ get stolen, it's not excluded from your
insurance, so hopefully you're ok".
fact: if you have the gear and the knowledge, and a laptop is not
exactly an uncommon item, electronic theft is a good deal easier than
mechanical. and remote starters mean the driver doesn't need to be
present or challenged.
end of story.
>
> just like the key
>> is not. the remote starter makes vehicle theft easier because there's
>> a "key" permanently attached to the vehicle.
>> as i said at the start, some people do this stuff for the technical
>> challenge. hence the article. which i didn't write.
>
>
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
>> Seth wrote:
>>> "jim beam" <spamvortex@bad.example.net> wrote in message
>>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>>> Eric wrote:
>>>>> Jim Yanik wrote:
>>>>>
>>>>>> At least the Spec V has RFID chipped keys.
>>>>>
>>>>> This article may be of interest.
>>>>>
>>>>>> How a keyless car gets stolen isn't exactly a state secret; much
>>>>>> of the
>>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>>> Hopkins/RSA study needed only to capture two
>>>>>> challenge-and-response pairs
>>>>>> from their intended target before cracking the encryption. In an
>>>>>> example
>>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>>> code
>>>>>> off the keyless ignition device itself. To do so, the authors
>>>>>> simulated a
>>>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>>>> close to
>>>>>> someone with a keyless ignition device in their pocket, the
>>>>>> authors were
>>>>>> able to perform several scans in less than one second without the
>>>>>> victim
>>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>>> pairs.
>>>>>> Using brute-force attack techniques, the researchers had the
>>>>>> laptop try
>>>>>> different combinations of symbols until they found combinations that
>>>>>> matched. Once they had the matching codes, they could then predict
>>>>>> the
>>>>>> sequence and were soon able to gain entrance to the target car and
>>>>>> start
>>>>>> it.
>>>>>
>>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>>
>>>> post that to seth on the "Honda Pilot EXL 2007 - remote start"
>>>> thread from july 14.
>>>
>>>
>>> Why post it to me? You do know that the exploit being discussed
>>> above has nothing to do with a remote starter as they don't use an
>>> RFID challenge/response signaling system, don't you?
>>>
>>> To clone a remote starter remote control signal you would have to be
>>> scanning/reading the code while the button is repeatedly pressed a
>>> number of times till the scanner could figure out the algorithm used
>>> for the code hopping. They don't transmit when the receive a
>>> challenge signal.
>>>
>>> If you want to be paranoid about the article mentioned above, then
>>> the way to protect oneself is to have their stock Honda (or any other
>>> brand) key stored in a lead lined key case when walking around with
>>> it in their pocket. The car alarm, remote starter, keyless entry
>>> unit, to be cloned would require first getting your hands on the
>>> actual FOB, in which case you don't need to clone it as you have the
>>> original.
>>>
>>> All that aside, I'm guessing the "post that to seth on the "Honda
>>> Pilot EXL 2007 - remote start" thread from july 14." was more an
>>> attempt at being obnoxious than anything else. I know I never said
>>> the system was invulnerable, just not a high-risk threat. Having
>>> one's head or house destroyed by a piece of falling debris is also
>>> possible, but again, not likely and therefore I'm not losing any
>>> sleep worrying about it. Coincidently, neither my home owners
>>> insurance, car insurance or life insurance has any clause excluding
>>> space debris or remote starters. If they thought it was a high risk
>>> possibility you better believe they would have a clause and an
>>> additional cost rider as a result to make more money off the customer.
>>>
>>
>> seth, with respect, you're welcome to justify the remote starters you
>> sell any way you want.
>
> Haven't sold them in years.
>
>> but in terms of how the key [and replication system] works, you don't
>> understand and are therefore propagating misinformation. that's not
>> to say you haven't read the marketing blurb and can repeat it, but in
>> terms of mechanism, you're still unclear.
>
> The key (Honda key from factory) is challenge/response. I didn't say
> otherwise. The FOB that controls the remote starter is not. It is
> purely 1-way, rolling code (also called code hopping).
so is the honda key - never sends the same code twice. the point is,
you can /predict/ what the next code will be if you have a few samples
from which to establish the pattern.
>
>> it's a challenge/response mechanism - just like you have with computer
>> network authentication. on startup, ecu signals for code with token,
>> key hashes with it's own unique code that the ecu has been programmed
>> to recognize, then transmits it back. if the token has been hashed
>> correctly, the ecu will arm the ignition system. all an outsider has
>> to do to break in is, well, follow the procedure spelled out in the
>> article. the remote starter performs challenge/response just like the
>> key.
>
> Actually not the same. It (the remote starter RFID over-ride module) is
> wired direct into the lines that the RFID receiver uses to feed the
> vehicle ECU.
it /is/ the same - the ecu still has to challenge and then compare the
hash on the response.
>
>> are you welcome to have on in your own vehicle? sure. but please
>> don't say they're impossible to hack because they're not.
>
> You need to work on your reading comprehension. Please show me where I
> said they were impossible to hack. I said it is a small risk due to the
> complexity of doing it vs. otehr easier methods of stealing ones car.
> Big difference. Re-read what I wrote and you will see that.
apart from problems with engine wear caused by habitual use of remote
starters, i mentioned security, a point on which you've taken great
offense for reasons i still don't understand. and you continued arguing
against that point regardless of the facts, finally resorting to what
amounts to "well, if it /does/ get stolen, it's not excluded from your
insurance, so hopefully you're ok".
fact: if you have the gear and the knowledge, and a laptop is not
exactly an uncommon item, electronic theft is a good deal easier than
mechanical. and remote starters mean the driver doesn't need to be
present or challenged.
end of story.
>
> just like the key
>> is not. the remote starter makes vehicle theft easier because there's
>> a "key" permanently attached to the vehicle.
>> as i said at the start, some people do this stuff for the technical
>> challenge. hence the article. which i didn't write.
>
>
#36
Guest
Posts: n/a
Re: 90 Accord main relay
Seth wrote:
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
>> Seth wrote:
>>> "jim beam" <spamvortex@bad.example.net> wrote in message
>>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>>> Eric wrote:
>>>>> Jim Yanik wrote:
>>>>>
>>>>>> At least the Spec V has RFID chipped keys.
>>>>>
>>>>> This article may be of interest.
>>>>>
>>>>>> How a keyless car gets stolen isn't exactly a state secret; much
>>>>>> of the
>>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>>> Hopkins/RSA study needed only to capture two
>>>>>> challenge-and-response pairs
>>>>>> from their intended target before cracking the encryption. In an
>>>>>> example
>>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>>> code
>>>>>> off the keyless ignition device itself. To do so, the authors
>>>>>> simulated a
>>>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>>>> close to
>>>>>> someone with a keyless ignition device in their pocket, the
>>>>>> authors were
>>>>>> able to perform several scans in less than one second without the
>>>>>> victim
>>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>>> pairs.
>>>>>> Using brute-force attack techniques, the researchers had the
>>>>>> laptop try
>>>>>> different combinations of symbols until they found combinations that
>>>>>> matched. Once they had the matching codes, they could then predict
>>>>>> the
>>>>>> sequence and were soon able to gain entrance to the target car and
>>>>>> start
>>>>>> it.
>>>>>
>>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>>
>>>> post that to seth on the "Honda Pilot EXL 2007 - remote start"
>>>> thread from july 14.
>>>
>>>
>>> Why post it to me? You do know that the exploit being discussed
>>> above has nothing to do with a remote starter as they don't use an
>>> RFID challenge/response signaling system, don't you?
>>>
>>> To clone a remote starter remote control signal you would have to be
>>> scanning/reading the code while the button is repeatedly pressed a
>>> number of times till the scanner could figure out the algorithm used
>>> for the code hopping. They don't transmit when the receive a
>>> challenge signal.
>>>
>>> If you want to be paranoid about the article mentioned above, then
>>> the way to protect oneself is to have their stock Honda (or any other
>>> brand) key stored in a lead lined key case when walking around with
>>> it in their pocket. The car alarm, remote starter, keyless entry
>>> unit, to be cloned would require first getting your hands on the
>>> actual FOB, in which case you don't need to clone it as you have the
>>> original.
>>>
>>> All that aside, I'm guessing the "post that to seth on the "Honda
>>> Pilot EXL 2007 - remote start" thread from july 14." was more an
>>> attempt at being obnoxious than anything else. I know I never said
>>> the system was invulnerable, just not a high-risk threat. Having
>>> one's head or house destroyed by a piece of falling debris is also
>>> possible, but again, not likely and therefore I'm not losing any
>>> sleep worrying about it. Coincidently, neither my home owners
>>> insurance, car insurance or life insurance has any clause excluding
>>> space debris or remote starters. If they thought it was a high risk
>>> possibility you better believe they would have a clause and an
>>> additional cost rider as a result to make more money off the customer.
>>>
>>
>> seth, with respect, you're welcome to justify the remote starters you
>> sell any way you want.
>
> Haven't sold them in years.
>
>> but in terms of how the key [and replication system] works, you don't
>> understand and are therefore propagating misinformation. that's not
>> to say you haven't read the marketing blurb and can repeat it, but in
>> terms of mechanism, you're still unclear.
>
> The key (Honda key from factory) is challenge/response. I didn't say
> otherwise. The FOB that controls the remote starter is not. It is
> purely 1-way, rolling code (also called code hopping).
so is the honda key - never sends the same code twice. the point is,
you can /predict/ what the next code will be if you have a few samples
from which to establish the pattern.
>
>> it's a challenge/response mechanism - just like you have with computer
>> network authentication. on startup, ecu signals for code with token,
>> key hashes with it's own unique code that the ecu has been programmed
>> to recognize, then transmits it back. if the token has been hashed
>> correctly, the ecu will arm the ignition system. all an outsider has
>> to do to break in is, well, follow the procedure spelled out in the
>> article. the remote starter performs challenge/response just like the
>> key.
>
> Actually not the same. It (the remote starter RFID over-ride module) is
> wired direct into the lines that the RFID receiver uses to feed the
> vehicle ECU.
it /is/ the same - the ecu still has to challenge and then compare the
hash on the response.
>
>> are you welcome to have on in your own vehicle? sure. but please
>> don't say they're impossible to hack because they're not.
>
> You need to work on your reading comprehension. Please show me where I
> said they were impossible to hack. I said it is a small risk due to the
> complexity of doing it vs. otehr easier methods of stealing ones car.
> Big difference. Re-read what I wrote and you will see that.
apart from problems with engine wear caused by habitual use of remote
starters, i mentioned security, a point on which you've taken great
offense for reasons i still don't understand. and you continued arguing
against that point regardless of the facts, finally resorting to what
amounts to "well, if it /does/ get stolen, it's not excluded from your
insurance, so hopefully you're ok".
fact: if you have the gear and the knowledge, and a laptop is not
exactly an uncommon item, electronic theft is a good deal easier than
mechanical. and remote starters mean the driver doesn't need to be
present or challenged.
end of story.
>
> just like the key
>> is not. the remote starter makes vehicle theft easier because there's
>> a "key" permanently attached to the vehicle.
>> as i said at the start, some people do this stuff for the technical
>> challenge. hence the article. which i didn't write.
>
>
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
>> Seth wrote:
>>> "jim beam" <spamvortex@bad.example.net> wrote in message
>>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>>> Eric wrote:
>>>>> Jim Yanik wrote:
>>>>>
>>>>>> At least the Spec V has RFID chipped keys.
>>>>>
>>>>> This article may be of interest.
>>>>>
>>>>>> How a keyless car gets stolen isn't exactly a state secret; much
>>>>>> of the
>>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>>> Hopkins/RSA study needed only to capture two
>>>>>> challenge-and-response pairs
>>>>>> from their intended target before cracking the encryption. In an
>>>>>> example
>>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>>> code
>>>>>> off the keyless ignition device itself. To do so, the authors
>>>>>> simulated a
>>>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>>>> close to
>>>>>> someone with a keyless ignition device in their pocket, the
>>>>>> authors were
>>>>>> able to perform several scans in less than one second without the
>>>>>> victim
>>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>>> pairs.
>>>>>> Using brute-force attack techniques, the researchers had the
>>>>>> laptop try
>>>>>> different combinations of symbols until they found combinations that
>>>>>> matched. Once they had the matching codes, they could then predict
>>>>>> the
>>>>>> sequence and were soon able to gain entrance to the target car and
>>>>>> start
>>>>>> it.
>>>>>
>>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>>
>>>> post that to seth on the "Honda Pilot EXL 2007 - remote start"
>>>> thread from july 14.
>>>
>>>
>>> Why post it to me? You do know that the exploit being discussed
>>> above has nothing to do with a remote starter as they don't use an
>>> RFID challenge/response signaling system, don't you?
>>>
>>> To clone a remote starter remote control signal you would have to be
>>> scanning/reading the code while the button is repeatedly pressed a
>>> number of times till the scanner could figure out the algorithm used
>>> for the code hopping. They don't transmit when the receive a
>>> challenge signal.
>>>
>>> If you want to be paranoid about the article mentioned above, then
>>> the way to protect oneself is to have their stock Honda (or any other
>>> brand) key stored in a lead lined key case when walking around with
>>> it in their pocket. The car alarm, remote starter, keyless entry
>>> unit, to be cloned would require first getting your hands on the
>>> actual FOB, in which case you don't need to clone it as you have the
>>> original.
>>>
>>> All that aside, I'm guessing the "post that to seth on the "Honda
>>> Pilot EXL 2007 - remote start" thread from july 14." was more an
>>> attempt at being obnoxious than anything else. I know I never said
>>> the system was invulnerable, just not a high-risk threat. Having
>>> one's head or house destroyed by a piece of falling debris is also
>>> possible, but again, not likely and therefore I'm not losing any
>>> sleep worrying about it. Coincidently, neither my home owners
>>> insurance, car insurance or life insurance has any clause excluding
>>> space debris or remote starters. If they thought it was a high risk
>>> possibility you better believe they would have a clause and an
>>> additional cost rider as a result to make more money off the customer.
>>>
>>
>> seth, with respect, you're welcome to justify the remote starters you
>> sell any way you want.
>
> Haven't sold them in years.
>
>> but in terms of how the key [and replication system] works, you don't
>> understand and are therefore propagating misinformation. that's not
>> to say you haven't read the marketing blurb and can repeat it, but in
>> terms of mechanism, you're still unclear.
>
> The key (Honda key from factory) is challenge/response. I didn't say
> otherwise. The FOB that controls the remote starter is not. It is
> purely 1-way, rolling code (also called code hopping).
so is the honda key - never sends the same code twice. the point is,
you can /predict/ what the next code will be if you have a few samples
from which to establish the pattern.
>
>> it's a challenge/response mechanism - just like you have with computer
>> network authentication. on startup, ecu signals for code with token,
>> key hashes with it's own unique code that the ecu has been programmed
>> to recognize, then transmits it back. if the token has been hashed
>> correctly, the ecu will arm the ignition system. all an outsider has
>> to do to break in is, well, follow the procedure spelled out in the
>> article. the remote starter performs challenge/response just like the
>> key.
>
> Actually not the same. It (the remote starter RFID over-ride module) is
> wired direct into the lines that the RFID receiver uses to feed the
> vehicle ECU.
it /is/ the same - the ecu still has to challenge and then compare the
hash on the response.
>
>> are you welcome to have on in your own vehicle? sure. but please
>> don't say they're impossible to hack because they're not.
>
> You need to work on your reading comprehension. Please show me where I
> said they were impossible to hack. I said it is a small risk due to the
> complexity of doing it vs. otehr easier methods of stealing ones car.
> Big difference. Re-read what I wrote and you will see that.
apart from problems with engine wear caused by habitual use of remote
starters, i mentioned security, a point on which you've taken great
offense for reasons i still don't understand. and you continued arguing
against that point regardless of the facts, finally resorting to what
amounts to "well, if it /does/ get stolen, it's not excluded from your
insurance, so hopefully you're ok".
fact: if you have the gear and the knowledge, and a laptop is not
exactly an uncommon item, electronic theft is a good deal easier than
mechanical. and remote starters mean the driver doesn't need to be
present or challenged.
end of story.
>
> just like the key
>> is not. the remote starter makes vehicle theft easier because there's
>> a "key" permanently attached to the vehicle.
>> as i said at the start, some people do this stuff for the technical
>> challenge. hence the article. which i didn't write.
>
>
#37
Guest
Posts: n/a
Re: 90 Accord main relay
Seth wrote:
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
>> Seth wrote:
>>> "jim beam" <spamvortex@bad.example.net> wrote in message
>>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>>> Eric wrote:
>>>>> Jim Yanik wrote:
>>>>>
>>>>>> At least the Spec V has RFID chipped keys.
>>>>>
>>>>> This article may be of interest.
>>>>>
>>>>>> How a keyless car gets stolen isn't exactly a state secret; much
>>>>>> of the
>>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>>> Hopkins/RSA study needed only to capture two
>>>>>> challenge-and-response pairs
>>>>>> from their intended target before cracking the encryption. In an
>>>>>> example
>>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>>> code
>>>>>> off the keyless ignition device itself. To do so, the authors
>>>>>> simulated a
>>>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>>>> close to
>>>>>> someone with a keyless ignition device in their pocket, the
>>>>>> authors were
>>>>>> able to perform several scans in less than one second without the
>>>>>> victim
>>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>>> pairs.
>>>>>> Using brute-force attack techniques, the researchers had the
>>>>>> laptop try
>>>>>> different combinations of symbols until they found combinations that
>>>>>> matched. Once they had the matching codes, they could then predict
>>>>>> the
>>>>>> sequence and were soon able to gain entrance to the target car and
>>>>>> start
>>>>>> it.
>>>>>
>>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>>
>>>> post that to seth on the "Honda Pilot EXL 2007 - remote start"
>>>> thread from july 14.
>>>
>>>
>>> Why post it to me? You do know that the exploit being discussed
>>> above has nothing to do with a remote starter as they don't use an
>>> RFID challenge/response signaling system, don't you?
>>>
>>> To clone a remote starter remote control signal you would have to be
>>> scanning/reading the code while the button is repeatedly pressed a
>>> number of times till the scanner could figure out the algorithm used
>>> for the code hopping. They don't transmit when the receive a
>>> challenge signal.
>>>
>>> If you want to be paranoid about the article mentioned above, then
>>> the way to protect oneself is to have their stock Honda (or any other
>>> brand) key stored in a lead lined key case when walking around with
>>> it in their pocket. The car alarm, remote starter, keyless entry
>>> unit, to be cloned would require first getting your hands on the
>>> actual FOB, in which case you don't need to clone it as you have the
>>> original.
>>>
>>> All that aside, I'm guessing the "post that to seth on the "Honda
>>> Pilot EXL 2007 - remote start" thread from july 14." was more an
>>> attempt at being obnoxious than anything else. I know I never said
>>> the system was invulnerable, just not a high-risk threat. Having
>>> one's head or house destroyed by a piece of falling debris is also
>>> possible, but again, not likely and therefore I'm not losing any
>>> sleep worrying about it. Coincidently, neither my home owners
>>> insurance, car insurance or life insurance has any clause excluding
>>> space debris or remote starters. If they thought it was a high risk
>>> possibility you better believe they would have a clause and an
>>> additional cost rider as a result to make more money off the customer.
>>>
>>
>> seth, with respect, you're welcome to justify the remote starters you
>> sell any way you want.
>
> Haven't sold them in years.
>
>> but in terms of how the key [and replication system] works, you don't
>> understand and are therefore propagating misinformation. that's not
>> to say you haven't read the marketing blurb and can repeat it, but in
>> terms of mechanism, you're still unclear.
>
> The key (Honda key from factory) is challenge/response. I didn't say
> otherwise. The FOB that controls the remote starter is not. It is
> purely 1-way, rolling code (also called code hopping).
so is the honda key - never sends the same code twice. the point is,
you can /predict/ what the next code will be if you have a few samples
from which to establish the pattern.
>
>> it's a challenge/response mechanism - just like you have with computer
>> network authentication. on startup, ecu signals for code with token,
>> key hashes with it's own unique code that the ecu has been programmed
>> to recognize, then transmits it back. if the token has been hashed
>> correctly, the ecu will arm the ignition system. all an outsider has
>> to do to break in is, well, follow the procedure spelled out in the
>> article. the remote starter performs challenge/response just like the
>> key.
>
> Actually not the same. It (the remote starter RFID over-ride module) is
> wired direct into the lines that the RFID receiver uses to feed the
> vehicle ECU.
it /is/ the same - the ecu still has to challenge and then compare the
hash on the response.
>
>> are you welcome to have on in your own vehicle? sure. but please
>> don't say they're impossible to hack because they're not.
>
> You need to work on your reading comprehension. Please show me where I
> said they were impossible to hack. I said it is a small risk due to the
> complexity of doing it vs. otehr easier methods of stealing ones car.
> Big difference. Re-read what I wrote and you will see that.
apart from problems with engine wear caused by habitual use of remote
starters, i mentioned security, a point on which you've taken great
offense for reasons i still don't understand. and you continued arguing
against that point regardless of the facts, finally resorting to what
amounts to "well, if it /does/ get stolen, it's not excluded from your
insurance, so hopefully you're ok".
fact: if you have the gear and the knowledge, and a laptop is not
exactly an uncommon item, electronic theft is a good deal easier than
mechanical. and remote starters mean the driver doesn't need to be
present or challenged.
end of story.
>
> just like the key
>> is not. the remote starter makes vehicle theft easier because there's
>> a "key" permanently attached to the vehicle.
>> as i said at the start, some people do this stuff for the technical
>> challenge. hence the article. which i didn't write.
>
>
> "jim beam" <spamvortex@bad.example.net> wrote in message
> news:YJydnc8tq8nb0TDbnZ2dnUVZ_vumnZ2d@speakeasy.ne t...
>> Seth wrote:
>>> "jim beam" <spamvortex@bad.example.net> wrote in message
>>> news:ucudnfaJCZ0WDzHbnZ2dnUVZ_qLinZ2d@speakeasy.ne t...
>>>> Eric wrote:
>>>>> Jim Yanik wrote:
>>>>>
>>>>>> At least the Spec V has RFID chipped keys.
>>>>>
>>>>> This article may be of interest.
>>>>>
>>>>>> How a keyless car gets stolen isn't exactly a state secret; much
>>>>>> of the
>>>>>> required knowledge is Basic Encryption 101. The authors of the Johns
>>>>>> Hopkins/RSA study needed only to capture two
>>>>>> challenge-and-response pairs
>>>>>> from their intended target before cracking the encryption. In an
>>>>>> example
>>>>>> from the paper, they wanted to see if they could swipe the passive
>>>>>> code
>>>>>> off the keyless ignition device itself. To do so, the authors
>>>>>> simulated a
>>>>>> car's ignition system (the RFID reader) on a laptop. By sitting
>>>>>> close to
>>>>>> someone with a keyless ignition device in their pocket, the
>>>>>> authors were
>>>>>> able to perform several scans in less than one second without the
>>>>>> victim
>>>>>> knowing. They then began decrypting the sampled challenge-response
>>>>>> pairs.
>>>>>> Using brute-force attack techniques, the researchers had the
>>>>>> laptop try
>>>>>> different combinations of symbols until they found combinations that
>>>>>> matched. Once they had the matching codes, they could then predict
>>>>>> the
>>>>>> sequence and were soon able to gain entrance to the target car and
>>>>>> start
>>>>>> it.
>>>>>
>>>>> http://reviews.cnet.com/4520-3513_7-...xt&tag=nl.e501
>>>>
>>>> post that to seth on the "Honda Pilot EXL 2007 - remote start"
>>>> thread from july 14.
>>>
>>>
>>> Why post it to me? You do know that the exploit being discussed
>>> above has nothing to do with a remote starter as they don't use an
>>> RFID challenge/response signaling system, don't you?
>>>
>>> To clone a remote starter remote control signal you would have to be
>>> scanning/reading the code while the button is repeatedly pressed a
>>> number of times till the scanner could figure out the algorithm used
>>> for the code hopping. They don't transmit when the receive a
>>> challenge signal.
>>>
>>> If you want to be paranoid about the article mentioned above, then
>>> the way to protect oneself is to have their stock Honda (or any other
>>> brand) key stored in a lead lined key case when walking around with
>>> it in their pocket. The car alarm, remote starter, keyless entry
>>> unit, to be cloned would require first getting your hands on the
>>> actual FOB, in which case you don't need to clone it as you have the
>>> original.
>>>
>>> All that aside, I'm guessing the "post that to seth on the "Honda
>>> Pilot EXL 2007 - remote start" thread from july 14." was more an
>>> attempt at being obnoxious than anything else. I know I never said
>>> the system was invulnerable, just not a high-risk threat. Having
>>> one's head or house destroyed by a piece of falling debris is also
>>> possible, but again, not likely and therefore I'm not losing any
>>> sleep worrying about it. Coincidently, neither my home owners
>>> insurance, car insurance or life insurance has any clause excluding
>>> space debris or remote starters. If they thought it was a high risk
>>> possibility you better believe they would have a clause and an
>>> additional cost rider as a result to make more money off the customer.
>>>
>>
>> seth, with respect, you're welcome to justify the remote starters you
>> sell any way you want.
>
> Haven't sold them in years.
>
>> but in terms of how the key [and replication system] works, you don't
>> understand and are therefore propagating misinformation. that's not
>> to say you haven't read the marketing blurb and can repeat it, but in
>> terms of mechanism, you're still unclear.
>
> The key (Honda key from factory) is challenge/response. I didn't say
> otherwise. The FOB that controls the remote starter is not. It is
> purely 1-way, rolling code (also called code hopping).
so is the honda key - never sends the same code twice. the point is,
you can /predict/ what the next code will be if you have a few samples
from which to establish the pattern.
>
>> it's a challenge/response mechanism - just like you have with computer
>> network authentication. on startup, ecu signals for code with token,
>> key hashes with it's own unique code that the ecu has been programmed
>> to recognize, then transmits it back. if the token has been hashed
>> correctly, the ecu will arm the ignition system. all an outsider has
>> to do to break in is, well, follow the procedure spelled out in the
>> article. the remote starter performs challenge/response just like the
>> key.
>
> Actually not the same. It (the remote starter RFID over-ride module) is
> wired direct into the lines that the RFID receiver uses to feed the
> vehicle ECU.
it /is/ the same - the ecu still has to challenge and then compare the
hash on the response.
>
>> are you welcome to have on in your own vehicle? sure. but please
>> don't say they're impossible to hack because they're not.
>
> You need to work on your reading comprehension. Please show me where I
> said they were impossible to hack. I said it is a small risk due to the
> complexity of doing it vs. otehr easier methods of stealing ones car.
> Big difference. Re-read what I wrote and you will see that.
apart from problems with engine wear caused by habitual use of remote
starters, i mentioned security, a point on which you've taken great
offense for reasons i still don't understand. and you continued arguing
against that point regardless of the facts, finally resorting to what
amounts to "well, if it /does/ get stolen, it's not excluded from your
insurance, so hopefully you're ok".
fact: if you have the gear and the knowledge, and a laptop is not
exactly an uncommon item, electronic theft is a good deal easier than
mechanical. and remote starters mean the driver doesn't need to be
present or challenged.
end of story.
>
> just like the key
>> is not. the remote starter makes vehicle theft easier because there's
>> a "key" permanently attached to the vehicle.
>> as i said at the start, some people do this stuff for the technical
>> challenge. hence the article. which i didn't write.
>
>
Thread
Thread Starter
Forum
Replies
Last Post
Jay W
Honda Accord
2
06-28-2007 11:11 PM
Rob
Honda Mailing List
16
12-06-2004 05:45 AM
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)