HOW TO STEAL AN AUDI, VOLKSWAGEN, SEAT OR SKODA
Gone are the days when car thieves could slim-jim a car's door, jam a screwdriver into the ignition lock and turn it with force to start the car, or alternatively cut the ignition wires and hot wire the car, and off they go. In most cases stolen cars are seldom recovered, forcing Insurance Companies to hike their premiums. Lobbying on their part, and government efforts to reduce car theft, resulted that immobilizer and alarm systems started appearing as standard features in most cars. I believer that it's now mandatory for all new cars sold within the European Union to have an electronic engine immobilizer installed.
An immobilizer acts as an anti-theft device that inhibits the car's engine from starting, unless the correct ignition key or additional electronic deactivation device is present. This concept makes hot wiring a car totally futile. If the code received from the key is incorrect or missing, the ECU disables the system until the correct key is placed in the ignition, and or the correct key code is presented, which will allow the car to start. Such electronic devices operate automatically and effectively prevents thieves from starting a car by hot wiring it, thus incentivising auto Insurance Companies to offer lower rates for vehicles equipped with these anti-theft devices. Be that as it may. Are immobilizers "secure" enough? Especially considering that it only reduced car theft by an estimated 40%.
Currently, electronic chips, algorithms and data encryption systems are used to protect cars from theft. And since its inception, the electronics industry members have had ways of marking their micro chips. In most cases, with an alpha numeric marking and perhaps a logo. Texas chips had a tiny map of Texas, Motorola had their classic M, Phillips had an emblem composed of a globe with a doubly wavy equator with two stars in each hemesphere. There were also several other electronic chip manufacturers many of them specializing in specific equipment. But today Philips and Texas Instruments dominates the fob key transponder market with their immobilizer chips. Legacy key manufactures like JMA and Silca each formed in-house electronics departments that specifically focuses on transponder technology and vigarously compete for market share. Then there is also Sokymat, Temic, NXT, Megamos, etc, providing anti-theft transponder / immobilizer electronic devices for keys.
A VW 3 button remote fob key fitted with a transponder and a miniature electronic circuit board essentially broadcasts an encrypted radio signal to the receiver fitted in the car's steering column, at the exact moment the driver starts the vehicle. If the signal is recognized by the receiver and the handshake is successful, it then responds by sending an encrypted signal to the car's engine control unit (ECU), enabling the car's engine to start. In Volkswagen vehicles, the miniature electronic circuit board in the fob key handles central lock/unlock and alarm activation which normally operates on the 433Mhz (UHF) frequency band, but some models operate on either 315MHz or at 868MHz frequency band.
Volkswagen, Audi and Seat only uses two key blade profiles, namely HU66 and HU49 on both their flat and flip keys, whereas the Skoda uses both HU66 HU49 and SK22 blade profiles. The blades and profiles are visible in the image below which can easily be decoded with a Turbo key decoder or a cheaper Lishi decoder, aka Master Key-Set for VAG for the relevant blade profile.
The intricacy starts with the numerous transponders used in Volkswagen, Audi, Seat and Skoda which varies from the PHILIPS ID33 Transponder, to the PHILIPS Crypto ID42 Transponder, to the PHILIPS Crypto ID44 Transponder, to the PHILIPS Crypto ID46 Transponder, to the MEGAMOS ID13 Transponder and MEGAMOS Crypto ID48 Transponder; to the Silca and JMA equivalents. Some precoded Megamos Crypto transponders can be coded from the VIN using the appropriate equipment, like the AD100Pro.
Having said appropriate equipment; immobilizers according to most of us are "secure" but research hackers have found vulnerabilities in the engine immobilizers algorithm / encryption system that is supposed to protect the vehicle from theft. Apparently said hacker hacked one of the most popularly used immobilizers within a mere 6 hours. He then released a white paper "Wirelessly Lockpicking a Vehicle Immobilizer" but was gagged by the High Court of London with an interim injunction from releasing his scientific article for public consumption.
The following is an actual cryptographic hash (SHA-512)
9d05ba88740499eecea3d8609174b444
43683da139f78b783666954ccc605da8
4601888134bf0c23ba46fb4a88c056bf
bbb629e1ddffcf60fa91880b4d5b4aca
What this means is that the current 48 bit encryption systems used by most car manufacturers can be easily cracked. The rolling code Hitag2 system used by Alfa Romeo, Chevrolet, Citroen, Dacia, Fiat, Ford, Lancia, Mitsubishi, Nissan, Opel, Peugot and Renault has been crack several years ago and is not secure. A 48 bit system is fractionally secure compared to the 128 bits Advanced Encryption Standard (AES) used for computer data systems which could take more than a 100 years to crack with a Quantum Super Computer. To add doom to gloom, several key decoders and key duplicators are available on the open market and you don't have to be a certified locksmith to be able to buy it, though they is quite expensive.
Once the key is duplicated, the doors can be unlocked and turning on the ignition is just as simple. Starting the vehicles is slightly more intricate but still doable. Silca and JMA supplies systems that can do exactly that in just a few minutes. Optika, Lector and Lector Pro reads the code from the key and generates the required code.
What this means, is that it now easier to steal a car with a manufacturer fitted immobilizer than a car with an anti theft gorilla bar attached to its steering.
Gone are the days when car thieves could slim-jim a car's door, jam a screwdriver into the ignition lock and turn it with force to start the car, or alternatively cut the ignition wires and hot wire the car, and off they go. In most cases stolen cars are seldom recovered, forcing Insurance Companies to hike their premiums. Lobbying on their part, and government efforts to reduce car theft, resulted that immobilizer and alarm systems started appearing as standard features in most cars. I believer that it's now mandatory for all new cars sold within the European Union to have an electronic engine immobilizer installed.
IMMOBILIZER
An immobilizer acts as an anti-theft device that inhibits the car's engine from starting, unless the correct ignition key or additional electronic deactivation device is present. This concept makes hot wiring a car totally futile. If the code received from the key is incorrect or missing, the ECU disables the system until the correct key is placed in the ignition, and or the correct key code is presented, which will allow the car to start. Such electronic devices operate automatically and effectively prevents thieves from starting a car by hot wiring it, thus incentivising auto Insurance Companies to offer lower rates for vehicles equipped with these anti-theft devices. Be that as it may. Are immobilizers "secure" enough? Especially considering that it only reduced car theft by an estimated 40%.
Transponder chips used in automotive immobilizer systems |
Turbo Key Decoder can unlock any VAG car in just 3 minutes. |
A VW 3 button remote fob key fitted with a transponder and a miniature electronic circuit board essentially broadcasts an encrypted radio signal to the receiver fitted in the car's steering column, at the exact moment the driver starts the vehicle. If the signal is recognized by the receiver and the handshake is successful, it then responds by sending an encrypted signal to the car's engine control unit (ECU), enabling the car's engine to start. In Volkswagen vehicles, the miniature electronic circuit board in the fob key handles central lock/unlock and alarm activation which normally operates on the 433Mhz (UHF) frequency band, but some models operate on either 315MHz or at 868MHz frequency band.
Volkswagen, Audi and Seat only uses two key blade profiles, namely HU66 and HU49 on both their flat and flip keys, whereas the Skoda uses both HU66 HU49 and SK22 blade profiles. The blades and profiles are visible in the image below which can easily be decoded with a Turbo key decoder or a cheaper Lishi decoder, aka Master Key-Set for VAG for the relevant blade profile.
Volkswagen. Audi, Seat and Skoda key blade profiles. |
Megamos Crypto ID48 transponder (glass) |
The following is an actual cryptographic hash (SHA-512)
9d05ba88740499eecea3d8609174b444
43683da139f78b783666954ccc605da8
4601888134bf0c23ba46fb4a88c056bf
bbb629e1ddffcf60fa91880b4d5b4aca
Silicon chip transponder |
What this means is that the current 48 bit encryption systems used by most car manufacturers can be easily cracked. The rolling code Hitag2 system used by Alfa Romeo, Chevrolet, Citroen, Dacia, Fiat, Ford, Lancia, Mitsubishi, Nissan, Opel, Peugot and Renault has been crack several years ago and is not secure. A 48 bit system is fractionally secure compared to the 128 bits Advanced Encryption Standard (AES) used for computer data systems which could take more than a 100 years to crack with a Quantum Super Computer. To add doom to gloom, several key decoders and key duplicators are available on the open market and you don't have to be a certified locksmith to be able to buy it, though they is quite expensive.
"The mechanical turbo decoder can unlock any
Audi, Volkswagen, Seat or Seat
within 3 minutes flat".
Once the key is duplicated, the doors can be unlocked and turning on the ignition is just as simple. Starting the vehicles is slightly more intricate but still doable. Silca and JMA supplies systems that can do exactly that in just a few minutes. Optika, Lector and Lector Pro reads the code from the key and generates the required code.
What this means, is that it now easier to steal a car with a manufacturer fitted immobilizer than a car with an anti theft gorilla bar attached to its steering.
Car Steering Wheel Theft proof Lock - Auto Anti-theft Retractable Lock |
Laser key cutting machines and key duplicating machines are as popular as diagnostic scanner software and it is really easy to use. I suppose its just a matter of time before crime syndicates invest in these devices to further ply their "trade". Looks like Gorilla bars are back in vogue.