Does your smart key open other Prius?

I was thinking it would not be so hard to come up with a device that transmitts all the unlock code permutations. I hope Toyota put in a security fix to lock out the car and require manual opening after so many failed tries. Probably not but oh well. I envision us taking our cars to the dealers once a year for a security patch.

 

<div class='quotetop'>QUOTE(Tadashi\";p=\"74624)</div>

Then read this:

http://rfid-analysis.org

If you have a cable modem, have a peek at the video demonstrations.

 

Jayman said
Look, does anybody want me to go into more detail wrt the programming or the math? I had to make a lot of assumptions here, I don't mind PM'ing with more detail. Rick, our RHCE? Rick, our MDT??

nope, If I want your car bad enough I'll just tow it.

 

On no, my brain is frying! Enough already Jerry! Now your over my head right now. Now things are looking like my assignments in Statistical Process Control. Don't make me dig that book out and relearn!

 

<div class='quotetop'>QUOTE(jayman\";p=\"74606)</div>

Dan:

That's why I said "and assume a purely theoretical random distribution ..." and "If you want to know the probability of a *random* code unlocking the car" which as we should all know, is "theoretical." In the real world a PRNG is used, the robustness of which depends on how you set up seed values and hashing.

Since the car makers depend on a proprietary algorithm or "security through obscurity" we will never know how the PRNG is actually calculated. Thus we'll never know how truly robust - or not so robust - the hash actually is. Since they "cheat" by using a 40 bit value, and they also need to know the next 256 values, my guess would be "not so robust."

<div class='quotetop'>QUOTE(DanMan32\";p=\"74541)</div>

The overall probability doesn't change enough, it's still very close to 1 in a billion. Again assuming a "perfect" random distribution. I tried to keep this as simple as I could, but a lot of clarity has been left out.

A "pure" random number can never be proven, only disproven. So you have to accept that at best you will have a "pseudo" random distribution. Thus the PRNG algorithm:

http://www.embedded.com//showArticle.jhtml...icleID=20900500

I don't know how to enter special symbols like Sigma into this editor, so please go to the above URL and scroll down to "Figure 2" which describes how to calculate a Lag k value from the Y values. Figure 3 will show you how to calculate the x squared distribution.

Remember, so far the math is *easy* there is no calculus or integrals.

Here is a resultant "reasonably" secure hash that is fairly easy to follow:

static unsigned int xorTable[64] = {0x7be9c1bd...0x088aa102};
static unsigned int r = 31468; // your seed
static unsigned int q = 0, n = 0;
unsigned int i;
unsigned char Y;
// begin critical section
for(i=0;i<32;i++)
{
q = (r + xorTable[choice & 0x3f]) ^ n*xorTable[n++ & 0x3f];
if (q==r)
{
r+=xorTable[choice & 0x1f] ^ choice; continue;
}
else
{
r = q;
break;
}
}
n++;
Y = r >> 24;
// end critical section
return(Y)

I hope everybody quickly noticed the static integer that was the fixed value of 31,468. Try some other values and your resultant Y's will be remarkably different in value *and* distribution!

If you do something like inverse congruential number generation, you perform the math tests and discover that if the seed values differ just by 1, you can go from a reasonably "secure" hash where a value isn't repeated for 100 million iterations to hash output where there is a *lot* of autocorrelation.

This is where the math gets tricky ...

You have to perform *extensive* statistical diagnostics (ANOVA, F&T, Chi Square, Weibull, etc etc) on *all* the PRNG outputs to determine if you have a "robust" and reasonably "secure" hash at your disposal.

And you have to factor in one additional complexity: since it's possible for the fob to transmit and not receive a reply from the car, the fob encoder will get out of synchronization with the decoder in the car. The "expected" results won't match up and your fob no longer works.

That's why not only does that proprietary hash have to know the *next* expected hash, it also has to know the next 256 "expected" hash outputs. So that implies a certain level of autocorrelation that, more importantly, allows for more "unexpected" same values. This also allows for hacking once the Johns Hopkins University hack becomes common knowledge.

Look, does anybody want me to go into more detail wrt the programming or the math? I had to make a lot of assumptions here, I don't mind PM'ing with more detail. Rick, our RHCE? Rick, our MDT??[/b][/quote]
Daxx I can still follow the math. Not an inconsiderable thing when you are 35 years out of college and 31 out of Grad school. Gives one hope. Thanks

 

Hey, I appreciated the math and the explanation Jayman -- thanks.

And Dan, thanks for the scoop on the oscillators -- that was news to me.

100 points to you both!

 

<div class='quotetop'>QUOTE(Frank Hudon\";p=\"74776)</div>

Frank:

AH, where is the fun in doing that? I suppose that is always the "plan B" if your Palm Hacking method doesn't work.

 

<div class='quotetop'>QUOTE(rick57\";p=\"74821)</div>

Rick:

I bet you secretly enjoyed figuring out X Bar Control Charts. Didn't you? C'mon, admit it .... c'mon ....

 

<div class='quotetop'>QUOTE(jayman\";p=\"74946)</div>

Rick:

I bet you secretly enjoyed figuring out X Bar Control Charts. Didn't you? C'mon, admit it .... c'mon ....[/b][/quote]

Yea,yea right. And all those Histograms and Perito (?) diagraphms and such. What fun! Actually I did like that class and the math classes. I had a teacher that would say "Math is fun. Math is your friend."

 

Rick:

Well, I wouldn't go so far to say that Math is Fun, but it certainly IS our friend! Though I have to admit I *like* Pareto Charts, they're a good way to highlight differences (eg: Out of bound X bar) among different groups of data or process systems.

As I'm sure you've discovered by now, the concepts in your Process Control/Process Quality classes fit quite nicely in an automotive shop. The principles are exactly the same, especially striving for Six Sigma and the various ISO achievements.

 

So if I read all this information correctly.... our Prius is easier to break-into and steal than a regular car (without engine immobilizer)? With the prius you don't even need a metal key to start the car. So if someone could use their laptop, and a special transmitter they could break our 'weak' encryption without much effort (a few hours each day to run through the codes?) It seems like the technology needed to steal the Prius is not that expensive/hard to find. Should we write in to Toyota or are my concerns overblown?

thanks,

Peter B

 

If they go only a few hours each day, assuming you are using the car daily, they'd be chasing a moving target. They may come accross on Monday the code you are using Tuesday.

 

<div class='quotetop'>QUOTE(prberg\";p=\"75289)</div>

Peter:

Not at the moment, no. Busting a steering column on a non-transponder car and hot wiring it is far easier. Cars with immobilizers have dramatically reduced the overall theft rate. However, the weak link has always been the transponder in the chip or the fob.

Companies like TI have always refused to mention exactly how their proprietary hash works, so we have always had to guess about theoretical probabilities.

Note: does anybody want me to discuss the math again? No? Oh, ok ...

Seriously, there is no such thing as "secret" math or "security through obscurity." Once you go beyond theoretical probabilities to applied probabilities in advanced math and computer science fields, the serious limitations of 40 bit keys readily becomes apparent.

The Johns Hopkins interdisciplinary team (Math and computer science) took up the challenge, and TI really shouldn't have been surprised at the results. I suggest you review their paper to get more details.

This reminds me of how Blue Boxing the AMPS cell phones in the late 80's was done. At the time, only exotically expensive computers and really smart PhD's could crack the MIN/ESN pair for analog AMPS cell phones.

Within 5 years, thanks to more understanding of computers in general, it became so easy to clone a cell phone that around 45% of all cell phone traffic was on cloned phones. A similar cloning situation took place with the DirecTV SIM cards, and the SIM cards used on GSM cell phones.

So at the moment I wouldn't lose any sleep over this. Ask me again in 5 years. Remember this will affect ALL transponder immobilizer cars, not just Prius.

 

Peter:

Also, to be a truly effective hack for car thieves, it can't take a few days to hack. They'd want it in under 5 minutes, preferably 30 secs.

Once you know how the algorithm works, it's an easy hack. OTOH, if the algorithm had been public all along, with secret 128 bit keys, we wouldn't even be having this discussion as there would not be a problem.

 

Smart Entry Hack? My Prius Was Locked/Robbed.

Park in garage every night.

Car was temporarily parked on my driveway in front of garage door between 7 and 9 pm on a week night. One lane drive off of cul de sac. No local traffic.

No one in neighborhood saw/heard anything (including neighborhood dogs).

Came out to find car unlocked, every hatch (including cargo area), drawer, slider, cup holder, hidey-hole open. No damage.

Almost $ 10,000 worth of pro camera equipment (Zeiss Lenses, etc.) and bag gone.

Police came. Neighbors polled. We're all baffled.

Took car to dealer next morning. Car locked self within 28 to 32 seconds, five times in a row.

Friend at work thinks a dealer employee is on to something with Smart Entry hack.

Insurance covered most but I miss my gear. Really feel violated. Death of a "Nice NEighborhood".

Any ideas as to how they got in without any noise, damage?

Bob

 

Robert:

From what you've described, this certainly could sound like the first Hack in the "wild." Have you peeked first at:

http://rfidanalysis.org

This is the official site of the Johns Hopkins team that, in partnership with RSA, broke the TI proprietary 40 bit algorithm. If you have a cable modem, please take the time to carefully view the videos.

I'm hoping that you forgot to properly lock the car. Otherwise, yes a dealer technician could - in theory - easily hack into a Prius. Especially if they took a blank fob and used the THHT to add it to the car decoder during a routine visit.

How would you know the car SKS encoder had another fob added to it? Though it may not hurt to see exactly how many fob's are supposed to "belong" to your Prius.

Or a very smart criminal gang has figured out how to perform the hack using the same technique the Johns Hopkins group did. Either a criminal Toyota tech or a real hack, the car alarm will not go off.

I think a lot of folks poo-poohed my comments in the original thread on this topic (The thread was lost when PriusChat got hacked a couple of months ago). I have a lot of experience with computer and industrial security, and I have seen some highly creative hacks.

Folks also thought the original AMPS analog cell phones were secure, as you needed almost a million bucks worth of hardware to hack the ESN/MIN to clone the phone. Within 5 years cloning an AMPS phone was so easy that almost 50% of the North American AMPS traffic was on cloned phones.

Folks also thought the DirecTV SIM card system was secure. We all know by now that DirecTV has to send their "zap" signal every once in awhile to cook cloned SIM cards.

Yes, I'm still hoping this is an isolated event or that some other explanation is involved. Otherwise we're in deep s***.

 

I also read in the owner's manual that a dealer has a tool to get into the car if you lock your keys in it.

Page 257:

"If your keys are locked in the vehicle and
you cannot get a duplicate, many Toyota
dealers can still open the door for you,
using their special tools."

Then, the special tools may mean a slim jim, which would set off the alarm.