top | item 41664417

(no title)

wallaBBB | 1 year ago

Not really. At least not for those immobilizers that don't use "proprietary" ciphers. Automotive loves security through obscurity until it bites them in the ass. Today most manufacturers have moved to AES128, which is not cheap to brute force, especially if there is a rolling code (should be the case for many)

But you are right that there are many (older models) that use ciphers with know quick exploits: TI's DTS40/DTS80 (40/80bit, proprietary cipher, in many cases terrible entropy), models from Toyota, HKMC, Tesla. About 6s to crack in many cases.

NXP's HTAG2 - most commonly used one in the '00s - 48bit proprietary cipher, a lot less exploited in the wild than the TI's disastrous two variants.

discuss

mozman|1 year ago

you can just reprogram a new seed via canbus, don’t need to brute force it

wallaBBB|1 year ago

Those type of attacks (CAN injections) are very OEM specific, and come from deep insider knowledge, not something you fuck around and find out. I’m assuming you’re referring to Toyota, but anyways please give direct reference to the attack you’re referring to.

Keep in mind any need for expensive equipment is already a deterrent for many.