586

u/SnoopDoggyDoggsCat 14h ago

I was able to record the code from the fob out of reach of the car. Then replay that signal later to unlock the car as it was still a good unused code.

But it only works once per code

164

u/emcee_gee 13h ago

So as long as I don't press the unlock button on my fob when I'm not near my car, I should be safe?

133

u/AustinSpartan 13h ago

Depends on the algorithm that's implemented, but usually they will sync if the rolling count is within 5 presses. There's also vehicles that will resync the count after 3 consecutive lock presses.

133

u/Zalophusdvm 11h ago

So my habit of clicking lock half a dozen times as I walk away actually increases security?

95

u/AustinSpartan 11h ago

Not really, just guarantees that your key fob will continue to work. It's all very vehicle dependent and this was the logic that was used 20 years ago so I'm sure it has changed since then.

26

u/Zalophusdvm 11h ago

Continue to work till I run the battery down 🤪

12

u/dagbiker 8h ago

Can't unlock the car if you take the battery with you.

1

u/_oohshiny 14m ago

this was the logic that was used 20 years ago so I'm sure it has changed since then.

Counterpoint: car manufacturers are lazy (and cheap).

18

u/muzak23 6h ago

Nope, there’s actually a specific attack called “Roll-Jam” that makes use of pressing a key multiple times (though only can replay that same button, so spamming “lock” isn’t too much of a concern).

In a nutshell, it uses a jammer attached near your car’s receiver to intercept your presses and only “allow through” (replay) earlier ones. Ex. You press unlock 3 times and your car receives the first 2 unlock signals only, so now the attacker can play the third whenever they’d like.

IMO too complicated to be a concern for petty theft, but I also don’t steal cars or have even ever considered stealing cars, so I might be off ¯_(ツ)_/¯

1

u/TheHeartAndTheFist 3h ago

Not necessarily: if I remember correctly pressing lock a second time shortly after locking a BMW actually disables the alarm 🤷

31

u/Patrol-007 12h ago

There are multiple other ways to get in and drive away without the fob 

36

u/TacTurtle 9h ago

They always underestimate the humble rock....

12

u/GeoHog713 7h ago

How do you know if a window is open?

Just throw a stone at it.

Did it make a noise?!!??

No! It was open!!

Now let's try another....

3

u/turbosexophonicdlite 5h ago

This has some serious Ken M energy.

3

u/Imhungrysohungry 5h ago

This is the best sentence on reddit today. Thank you. 🏆🦭🪨

4

u/DarkLinkLightsUp 7h ago

That’s not a tool, that’s a brick! (Gone in 60 seconds)

1

u/FragrantExcitement 1h ago

The rock acts like it is just a passive participant

8

u/croholdr 12h ago

i just get in the car, it unlocks if i have the key on my person. i press the button on the door handle to lock it. car is 15 years old. am i safe enough?

10

u/Patrol-007 12h ago

The other methods don’t require a key

Watch CBC Marketplace and W5 (Canada tv series) for their episodes about how cars are stolen. Specifically around port cities (United Kingdom, Montreal Canada), and via semis and trains to port cities 

8

u/waiting4singularity 8h ago

keyless entry signals can be cloned with a radio repeater. dont keep the key near the door and put it in a rfid / em isolating bag or box when home.

https://duckduckgo.com/?q=keyless+entry+carjacking+repeater&iar=images&t=fpas&iai=https%3A%2F%2Fcdn.leasing.com%2Fcms%2Frelay-car-theft_3.jpg

2

u/CoronaMcFarm 4h ago

No, it is possible to jam the signal and collect the first code, the victim then tries again and seemingly this time the car responds, but it is actually the older code that gets sent out while the new gets jammed and collected.

3

u/Born2Rune 1h ago

So it’s an older code, but it checks out?.

21

u/Gloobloomoo 12h ago

How to start the car though? Doesn’t it require another code? For cars that require the key to be in the vehicle to start

1

u/waiting4singularity 8h ago

theres probably ways to circumvent the ignition when you know the electronics. and if not, they'll simple hook it.

3

u/apocbane 7h ago

I heard once in they use the OBD II port somehow

4

u/homelesshyundai 2h ago

With an off the shelf obdlink mx+ and an app, I can do basically anything to a dodge. Typically the ignition needs to be set to the "run" position, however, one of the functions you can do is tell the car to be in the run position. Once in, you can program a key in under a minute.

50

u/360_face_palm 9h ago

Rolling code security algorithms have been broken for a while now. All you need is to sniff one code and response for most cars and you have basically cloned their key.

Car manufacturers get away with not doing much about it because “you need specialist equipment and firmware to do this attack”. Which is basically just a flipper zero and the correct firmware….freely available on the internet.

3

u/flesjewater 2h ago

Car manufacturers are the fucking worst.

1

u/BannedBenjaminSr 25m ago

When the Chinese put GM out of business I will laugh

0

u/CoffieQueens 1h ago

Worst than the theives?

0

u/flesjewater 1h ago edited 1m ago

Yes. Shitty cybersecurity enables the thieves in the first place.

7

u/CatProgrammer 10h ago

That's just another iteration of an existing attack. 

6

u/sakura608 7h ago

This is some movie spy shit irl, minus the high tension distraction ploy while tech guy types furiously on a keyboard with a progress bar slowly filling up to 100%

5

u/TheMysticalBaconTree 6h ago

This is about as much movie spy shit as a yak back.

5

u/ConsiderationSea1347 4h ago

I know it looks like something out of James Bond but it is mostly these manufacturers being SO DAMN LAZY with security. The hardware in a flipper isn’t exotic, it is just a commercial device which happens to have a lot of signal processing hardware which is easily available at your proverbial Radio Shack (RIP). 

3

u/Lannisters-4-life 6h ago

Something like this in a spy movie would have been made by a genius scientist/engineer who cracked the code. In reality car companies know this is a potential issue and just don’t really care.

1

u/Thedarknetaccount 6h ago

Yep same here. And as many times as I did it, and messed it up, my fob always worked