My car has a big clunky keyfob, as all modern cars do. I don't use the buttons on it. It doesn't make sense to. The car knows when I am close and I can unlock it just by hitting the door handle. Same with starting the car - no need to put it in the ignition. How can I get a small RFID chip programmed so I don't have to carry around this stupid giant keyfob?
What I have:
What I want:
First world problems: the thread
It's an interesting question, I'd like to know myself. I'll ping some friends who might know.
Generally small RFID chips are not powered and need to be very close to the receiver to work. Think RFID hotel keys.
Our jeep grand cherokee says if the battery in the key fob runs out use the fob to push the start button on the dash.
I'm not 100% sure, but I don't think keys like this are just RFID.
For my Audi, there is an RFID portion, but only works when held up right next to special spot on the dashboard. That's the unpowered backup, for when the battery is dead or when the standard RF module in the car has failed. The keep-the-remote-in-your-pocket-and-touch-the-door thing is powered.
The other issue is one relating to how cryptographically secure it is. Some RFIDs are plaintext: they power up, they transmit a number, they power down, and the number is always the same. This makes them vulnerable to "replay attacks", because anyone who receives that number can replay it back and pretend to be the device. Other RFIDs are cryptographic, and I think (or at least I HOPE) that auto keyfobs work this way. That's going to be a lot harder to create a duplicate of, which is kind of the point.
Yeah my volvo has that big blob of a key and I really dislike it, but it doesn't have that close range id thing.
Well you could just leave it in the car and use a different system to lock/unlock that uses the passive rfid?
In reply to codrus :
Whether they are cryptographic or not, they're still fairly easily spoofed by a RF repeater as you are walking away from the car. Said repeater is also used to start the car with the keyless start. Car is gone before you even get into the building.
Some good points made. I guess the question is, how do I retain the same wireless/smart unlocking (the car knows when I'm near it or in it) in a package as small as possible?
Speaking to a friend who knows this stuff inside and out right now. Basically, RFID is unpowered and short range almost by definition. That's the "battery dead" option for a lot of cars, and how the Tesla card keys work.
The more distance stuff is a two-way communication. You can query the car as to lock state. It'll be cryptographically signed (assuming the coding wasn't done by an idiot) so you can't simply record and replay the signal.
So if you're willing to get really close, you should be able to clone the RFID "backup". Let me look into that.
Just for fun, we're looking at ND Miata keys because that's what I have on my desk :) It looks like it's same as is used on a bunch of other cars too.
Here's the inside view.
I have better things to be doing, but this is interesting.
Getting into the car is just a matter of a transmission, there's no back and forth chatter mentioned in the Mazda service manuals. However, to start the car the key has to respond to a request. It's not clear just what this ID data is. And there is what looks like an RFID backup option in the case of a battery failure. I'll be back :)
Hyundai/Genesis and Kia have/had smart keys that were the size of a credit card, although noticeably thicker. I want to get one for the Angievan. I'd have to get a new wallet, but it wouldn't be too much more space in my wallet which is always on my person, and it would be less obtrusive in my pocket than the key fob - for me, anyways (I carry my wallet in my front pocket).
Interesting topic. I think the auto makers and makers of that key are very interested in you not being able to do what you want without major effort. Otherwise the security of the technology would be considered much less than a physical key. Getting the key makers or automakers to share that code with you would be very difficult to achieve. While it would be possible to shrink down the hand held device just to open the doors and start the car when nearby. I am not sure how you could get smaller than the actual board that does that job.
The board, nicely modeled by Keith Tanner, may simply need to be transferred to another container. Discarding the push buttons and old case.
Hacks for getting into many RFID cars today depend on physical proximity to the owners' keys and car at the same time.
BTW, that picture is attached to the records for the FCC ID.
Two points on this:
https://store.yotamd.com/collections/ymd2-toyota-keyless-start-round-button
Looks like making a new, slimmer case for the existing board shouldn't be too difficult using some CAD software and a 3D Printer.
It won't be an ideal solution, but it would perhaps be a stopgap, especially if you can design to fit into one of those slim key organizers.
+
Something like this:
https://www.thingiverse.com/thing:3435453
With some slight tweaks to conform to the desired size and cover the important bits.
Knurled. said:In reply to codrus :
Whether they are cryptographic or not, they're still fairly easily spoofed by a RF repeater as you are walking away from the car. Said repeater is also used to start the car with the keyless start. Car is gone before you even get into the building.
While this vulnerability is real, it's a fairly sophisticated way of stealing a car and not all that common.
Fobs are so pedestrian, you need a sub-dermal implant. This is from a friend of mine. He actually did it (to) himself. Lots of good info.
At least one manufacturer is listening.
Jaguar has something called "activity key" that's basically an RFID bracelet that lets you do just about whatever you need to do and leave your keys in the car.
Not all the way there, but an improvement for sure.
https://hackaday.com/2021/05/24/custom-keyfob-fixes-mazda-design-mistake/#more-479678
So how do these systems work on the car side of it. Is there just a module that controls just the locks and starting? Or would it be built into the BCM or something? I have a 1990 Skyline GT-R and want to incorporate the keyless locks and starting from a newer R35 GT-R.
You'll need to log in to post.
