Okay maybe not a hundred years but I was just making a point that the system we all grew up with worked fine , but as an old school person I hate them . As for automation again I like to think that I have a brain and I like to use it to make decisions for myself . Example 1 it,s raining and I see that it is getting wet on the windscreen so I TURN on the wipers . 2/ Its getting dark so I TURN on the lights .3 I want to change lanes so I LOOK before I change lanes not rely on some lane change avoidance system to do what GOD gave me eyes for . I could go on about self parking and all the other s^&%t but I may end up blowing a gasket . Give me a key any day over a remote thing one writer on VW's Facebook page could not stop his VW it just kept running and would not turn off until it ran out of fuel pretty damn stupid if you ask me .

I decided to get a spare key cut just for my wallet ,So I went and saw the Master locksmith and showed him what you had posted He laughed , As he said you didn't know what you were talking about Modern cars with Proximity keys are constantly sending out a signal an ORB searching for the sender . He said to tell you that what he uses is a Frequently Tracker /Ripper He said to tell you once he locks onto the signal being sent from the car it also disarms the Immobilizer He only has to hop in and push the push button and he can drive off He said he has repossessed heaps of these cars , and he doesn't need to break into any ones house to get their keys ,
And he cut a new laser cut key for me $30 as I had a spare blade just for the door , works a treat , The last time I had one cut I was charged $60 so it was very cheap ,

As I said before, your master locksmith sounds very irresponsible telling you all this.

And please have some respect for other folk that obviously have quite a bit of knowledge on the subject.

I'm glad to hear your locksmith had a laugh. I've never had to repossess a car using the techniques I described so I didn't realise my info was so far off base - I can only share what I've learned from running a company that writes CAN code and low level interface hardware for VWs.

Your locksmith might be interested in the Blackhat conference - https://www.blackhat.com/us-15/ - this years conference focussed on automotive hacking although most of the attack vectors there are IP based rather than directly attacking the keyless entry radio and encryption system.

Well James this is his profession id imagine you can not buy theses devices off the shelf , You might not believe what he told me about what he does ,And as far as being irresponsible Brad how could that be ,You or I could not buy this kind of equipment with out proper licensing and checks , He was just explaining the weaknesses in the Proximity key adaptation in cars and how easily it could be over ridden .

this is from London insurance company's refuse to insure cars with smart keys

Car thieves have cracked the technology behind the smart key, to the point that insurance underwriters won’t cover some cars fitted with keyless entry and keyless start systems. According to the Metropolitan police, approximately half of all cars stolen in London are taken without the key. The situation is serious enough for the police to mail drop certain London boroughs, warning residents to take precautions.

Insurance company's are advising owners of cars with smart keys to keep their keys in the fridge because technology can read the keys up to 60 metres away and drive off with your car ,

I would suggest that anyone foolish to believe that this technology cannot be defeated and that you cannot buy them off the shelf is living in a blinkered world . I would guarantee you that the Chinese have these devices as it was the Chinese first that made a scanning device which fitted in a folder carried under your arm that was able to scan and copy hundreds of credit card details by just walking past a person . If they can do that then this one for car keys would be reality as for importing them I doubt any customs people would even know what they were looking at . I once used MR Minit to clone a key for one of our VW's and it took all of 20 seconds to do .

Sunny. It's strange that at first no one believed me. That stealing smart key cars was possible It was a case of shooting the messenger instead of looking at the problem of these Devises.

I don't think anyone questioned that smart keys weren't so smart - just the method of obtaining access to the vehicle. There have been previous threads about it on VWWC. Here is the link to it

The quote you made about the London insurers and keeping keys in the fridge is all about the method I was describing (signal boosting) and has nothing to do with the vehicle itself emitting a signal (or you'd have to keep the car in the fridge). Even keeping the keys in the fridge is misleading, you just have to keep them in a home made Faraday Cage (a tin can).

Searching for "Frequently Tracker /Ripper" reveals nothing. Maybe you mean "frequency trapper / ripper"? Even searching for that reveals nothing except for some earth moving attachments.

Basically you are saying "My baker's Aunty says..." and expecting belief without question. It would be helpful if you provided links (like I did above), even if it's just for the insurance thing you have copy/pasted.

ian, it's not that I don't believe there are vulnerabilities with the keyless entry systems (I've even posted examples of how they are vulnerable), but my experience with these systems does not correlate with the existence of a single 'push button and unlock any car' device as a commodity item.

Sunny43.5 refers to credit card skimming - yes that's a reality but the technology involved is very different. The NFC chips in a tap&go credit card are designed to be read - it's a one-way communication process between the credit card and the reader. The NFC standard is well published, anyone can build their own NFC reader, improve the antenna gain and skim from NFC cards. I have no doubt you can buy that type of technology in a box if you're a script-kiddie, from China or otherwise.

The technology of keyless entry systems is vastly more complex than NFC credit cards. For a start, the digital 'key' to unlock the car changes each time the car is unlocked, from a proprietary encryption algorithm cycling through trillions of possible key combinations. Brute forcing a keyless entry system, which is what a 'one size fits all' magic box would need to do in order to be able to unlock any car, is not computationally viable for a supercomputer array, let alone a piece of hand-held hardware running an ARM chip at 1Ghz.

ian - you quoted above from an insurance company in London advising people hide their keys in the fridge - the faraday shield approach that brad mentioned in Post #2. That implies that these car thieves are using signal boosters and other key-based attacks to steal the cars - approaches that we've all confirmed are possible, valid and have occurred in the wild. Again, I am sure that these types of devices can be bought as a commodity somewhere.

For specific vehicles there have been proven attacks to unlock vehicles and perform other tasks electronically. I know of cases where Chrysler vehicles have been compromised through their always-on IP connection, and where certain cars with Bluetooth Audio have been compromised by BLE chips that stay awake whilst the car is switched off, allowing access to the CAN network. I am aware of the Cambridge University attack on particular VW models that was suppressed by court order, however to the best of my knowledge that attack was against a car that didn't have keyless entry and it certainly wasn't a brute-force style of attack.

What I don't believe is that you can jump onto AliExpress, or SilkRoad, or any other website, and buy a portable device that is able to unlock the doors, disable the immobiliser and start the engine in any car with a keyless entry system. As such, I don't believe that electronically stealing a keyless entry car (one without an IP connection) without the key being in electronic range is an attack vector I should be particularly concerned about at this time.

You entitled to your opinion. Weather he locks onto the owners key signal or he captures the sign emitted from the car I can't say I only know what he told me and I have no reason to doubt. What he told me ,he unlocks and starts cars for repo. Company's.

It would of been an old VAG car, pre 2000? as these were using the first generation of the Megamos chip, like you said quick to clone. The second generation CAN NOT be cloned, Yet*.

I think that the one you might be referring to is how they found a weakness in the encryption on the Megamos chip. This happened a couple of years ago and as you said there was a court order preventing them from releasing their full paper on it. What I understand is that Megamos actually patented part of the encryption which means that companies can not legally use it until the patent runs out. This would stop the companies that make the tools to clone the chips, but not the crooks that want to pinch your car.


The big issues that I know about in the UK was first with BMW keyless cars being pinched. This was being done by the window being smashed ( Or picking the lock) and then using an OBD tool to code in a new FOB, this only took 10 seconds to happen. BMW have since some up with a couple of software updates to "fix" this. They haven't stopped it but it does take longer now.

A year or so later the same thing was happening with Land Rover which was using a similar system to BMW. So the insurance companies said that they will not insure keyless cars unless they were garaged, good luck with that in London.

The problem that I see with how security has changed is that car thief's used to have to be skilled and know how to remove or bypass a cars security system. Now that everything is electronic all it takes is one smart nerd to work out how to bypass/ manipulate the security, make a tool that's easy to use and then an idiot can steal your car.

Yes AA it was a pre 2000 VW we did a complete engine swap from a diesel powered T4 van to a 2.5 petrol so everything including instrument cluster was changed . After fitting the old diesel stuff into the donor van for resale it would not start Jmac was the one who informed me about the keys being coded so Mr Minit cloned it , what a relief as I had spent days trying to figure out why the B would not start . Another way to defeat thieves would be to simply remove a fuse and rewire it into a hidden switch , lets face it with 120 plus fuses in some of VW's models who would bother with attempting to figure out which one to replace , and then you need to be a person who is able to decipher Egyptian hieroglyphic's as those fuse charts are murder to interpret .