Re: forget photographing license plates!
At 22:43 8/14/96, The Prisoner wrote:
It is extremely comforting to me -- I don't know about you -- to think that GM will maintain a control center able to communicate with my auto electronics. Shit, why not TRW?
Hacker's delight. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred. Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November. Vote Harry Browne for President.
On Wed, 14 Aug 1996, Lucky Green wrote:
At 22:43 8/14/96, The Prisoner wrote:
It is extremely comforting to me -- I don't know about you -- to think that GM will maintain a control center able to communicate with my auto electronics. Shit, why not TRW?
Hacker's delight.
no kidding.. it wouldn't be hard to have something to capture the signal to open the car doors and start the engine. anyhow i wouldn't trust anything to be controled by a radio freq. anyhow.. it never works.. for example the garage door openers (pardon my spelling) people are robbing houses by duplicating the garage door opener signal. -soldier
Hacker's delight.
no kidding.. it wouldn't be hard to have something to capture the signal to open the car doors and start the engine. anyhow i wouldn't trust anything to be controled by a radio freq. anyhow.. it never works.. for example the garage door openers (pardon my spelling) people are robbing houses by duplicating the garage door opener signal.
-soldier
I know one lady get robbed several times by people scanning and duplicating codes on the garage opener. There are no garage openers manufacturers who have a "real" crypto challenge/response system. Most just give the code number and the opener verifies that that 8-24 bit code is correct -- real easy to scan or duplicate. The key switches/emergency latches are very easy to bypass as well. The latch can be pried off and these code things can be pried off and bypassed with a simple hot wiring. They don't know anything about tamper switches.
Another UK vehicle security reply (disclaimer: my dad's company installs alarms, imobilisers, lojack/skynet, etc.) The first generation of remote-keyed car-alarms used a static key. It didn't take long before people had modified scanners to record the key and play it back as soon as the driver had left. The current generation uses what is described as "rolling code random encryption". From what I could work out from talking to people, this scheme works something like a one time password scheme, but with no feedback from server (car) to client (keyfob). It seems that the keyfob has persistent state in the form of a counter, which is incremented every time the key is pressed. This counter is combined with the encryption key and the resulting cyphertext is then transmitted. The car keeps a record of the last successful sequence number, and will not allow earlier sequences to be replayed. The car will accept sequence numbers within a certain range of the last successful one, in case a particular try is not recieved, or the key is jostled in ones pocket. I don't know how strong the algorithms are, or how long the keys are; there are supposed to be minimum requirements on key length, but I don't know if the approval body evaluates the crypto. Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet.........
Another UK vehicle security reply (disclaimer: my dad's company installs alarms, imobilisers, lojack/skynet, etc.)
The first generation of remote-keyed car-alarms used a static key. It didn't take long before people had modified scanners to record the key and play it back as soon as the driver had left.
The current generation uses what is described as "rolling code random encryption". From what I could work out from talking to people, this scheme works something like a one time password scheme, but with no feedback from server (car) to client (keyfob). It seems that the keyfob has persistent state in the form of a counter, which is incremented every time the key is pressed. This counter is combined with the encryption key and the resulting cyphertext is then transmitted.
The car keeps a record of the last successful sequence number, and will not allow earlier sequences to be replayed. The car will accept sequence numbers within a certain range of the last successful one, in case a particular try is not recieved, or the key is jostled in ones pocket.
I don't know how strong the algorithms are, or how long the keys are; there are supposed to be minimum requirements on key length, but I don't know if the approval body evaluates the crypto.
Simon
That is known for cars. I double checked, and found some car alarms able to do this. However, I have not found any house garage door openers able to pull this off. Most still use the old blurt code method. Ironically, there are gate openers which have this technology in them (rolling code.)
participants (4)
-
Douglas R. Floyd -
shamrock@netcom.com -
Simon Spero -
Soldier