Keyless Go - is it easily crackable?
Thread Starter
Super Member
Joined: Nov 2004
Posts: 627
Likes: 1
From: The Earth
Mercedes all the way!
Keyless Go - is it easily crackable?
hi all, came across this article in CNET (yes, i know, not exactly the best tech source but...).
basically, they are saying that it's easy to crack remote engine start codes, especially for Keyless Go cars - can't summarize it too well but essentially, the idea is that the key gives a response to the car (or a hacker who's broadcasting as if he were a car) using a rolling 40 bit code, and the algorithm can be cracked if the hacker had two samples to work with.
the reason i'm posting it here is because they specifically mentioned the new S550 as an example. apparently, this has already been shown to work on Ford Escapes and BMW X5s (Beckham's) so i'd like to know how true it is for Merc as well.
http://reviews.cnet.com/4520-3513_7-6516433.html
basically, they are saying that it's easy to crack remote engine start codes, especially for Keyless Go cars - can't summarize it too well but essentially, the idea is that the key gives a response to the car (or a hacker who's broadcasting as if he were a car) using a rolling 40 bit code, and the algorithm can be cracked if the hacker had two samples to work with.
the reason i'm posting it here is because they specifically mentioned the new S550 as an example. apparently, this has already been shown to work on Ford Escapes and BMW X5s (Beckham's) so i'd like to know how true it is for Merc as well.
http://reviews.cnet.com/4520-3513_7-6516433.html
MBWorld Fanatic!
Joined: Feb 2004
Posts: 5,143
Likes: 1
From: South Orange County, CA
4 wheels
I still dont think its this easy to steal any car that has an electronic ignition. I am sure that the automotive engineers have fine tuned to the best of their abilities.
Senior Member
Joined: Mar 2005
Posts: 397
Likes: 0
From: Sunny S. California
03 E500
That story cought my attention, but seems what they were able to steal was a Ford, I mean since when does Ford make anything good or safe? I wasn't too worried. I didn't even know a bargan based Ford escape has a keyless go option available. The X-5 mentioned in the story was just an assumption on how it was stolen, it was not a fact.
Until those geniuses at Johns Hopkins can sucessfully crack a Mercedes I will hold my panic.
Until those geniuses at Johns Hopkins can sucessfully crack a Mercedes I will hold my panic.
MBWorld Fanatic!
Joined: Dec 2005
Posts: 4,846
Likes: 291
From: Dallas TX
2013 650i Coupe, 2010 IS250 AWD, 1999 S500
If someone wants your car bad enough they'll get it by any means necessary, doesn't matter what the car has to prevent it. An old fashioned flatbed will still do the trick. Chicago city tow trucks have a system that can fish a car out of any parking space you can imagine and the tow truck driver doesn't even have to get out of the truck!
M
M
MBWorld Fanatic!
Joined: Jul 2005
Posts: 3,221
Likes: 11
From: Sydney, Australia
W203 slightly modified
Originally Posted by ruykava
hi all, came across this article in CNET (yes, i know, not exactly the best tech source but...).
basically, they are saying that it's easy to crack remote engine start codes, especially for Keyless Go cars - can't summarize it too well but essentially, the idea is that the key gives a response to the car (or a hacker who's broadcasting as if he were a car) using a rolling 40 bit code, and the algorithm can be cracked if the hacker had two samples to work with.
the reason i'm posting it here is because they specifically mentioned the new S550 as an example. apparently, this has already been shown to work on Ford Escapes and BMW X5s (Beckham's) so i'd like to know how true it is for Merc as well.
http://reviews.cnet.com/4520-3513_7-6516433.html
basically, they are saying that it's easy to crack remote engine start codes, especially for Keyless Go cars - can't summarize it too well but essentially, the idea is that the key gives a response to the car (or a hacker who's broadcasting as if he were a car) using a rolling 40 bit code, and the algorithm can be cracked if the hacker had two samples to work with.
the reason i'm posting it here is because they specifically mentioned the new S550 as an example. apparently, this has already been shown to work on Ford Escapes and BMW X5s (Beckham's) so i'd like to know how true it is for Merc as well.
http://reviews.cnet.com/4520-3513_7-6516433.html
It only works if Halle Berry is your girlfriend and John Travolta is blackmailing you at gun point whilst a hot chick is doing something unspeakable and you crack the code in your laptop. I think life imitates art in the strangest ways.
MBWorld Fanatic!
Joined: Jul 2005
Posts: 3,221
Likes: 11
From: Sydney, Australia
W203 slightly modified
Originally Posted by Germancar1
If someone wants your car bad enough they'll get it by any means necessary, doesn't matter what the car has to prevent it. An old fashioned flatbed will still do the trick. Chicago city tow trucks have a system that can fish a car out of any parking space you can imagine and the tow truck driver doesn't even have to get out of the truck!
M
M
Last edited by benzmodz; May 8, 2006 at 07:51 PM.
Trending Topics
Thread Starter
Super Member
Joined: Nov 2004
Posts: 627
Likes: 1
From: The Earth
Mercedes all the way!
My mechanic can open a benz with a coat hanger
i believe Benz's are easy to open up as they don't have deadlocks: Merc doesn't want them because they're afraid of impeding emergency services in an accident.
but as for driving it away like no one's business, i don't know
MB World Stories
The Best of Mercedes & AMG
Manual Mercedes? 6 Times Sindelfingen Let Drivers Have All The Fun
Verdad Gallardo
Mercedes SLR McLaren 722 S Is Extremely Rare Example Modified by McLaren
Verdad Gallardo
8 Classic Boxy Mercedes Designs That Have Aged Like Fine Wine
Verdad Gallardo
Flawlessly Restored Mercedes 190E Evo II Heads to Auction
Verdad Gallardo
Electric Mercedes C-Class Unveiled: 11 Things You Need to Know
Verdad Gallardo
Mercedes EQS Gets A Major Update: Everything You Need to Know
Verdad Gallardo
5 Underrated Mercedes-Benz Models That Don't Get the Love They Deserve
Verdad Gallardo
Mercedes 300D Has Pushed Well Past 1 Million Miles and It Ain't Stopping
Verdad Gallardo
10 Most Reliable Mercedes-Benz Models You Can Buy Used
Verdad Gallardo
MBWorld Fanatic!
Joined: Dec 2005
Posts: 1,690
Likes: 3
From: Irvine, CA
2008 E550, 2012 GL450, 2014 GLK350, 2015 S550, 2020 GLC350e
For you non-techies out there, 40-bit encrytion is what was used on the net in browsers, etc., back in 1995. Now we're at 128-bit encryption.
256-bit encryption and better exists but as they said, more and more power would be required.
Regardless, 40-bit encryption is easy to crack.
256-bit encryption and better exists but as they said, more and more power would be required.
Regardless, 40-bit encryption is easy to crack.
Junior Member
Joined: Dec 2005
Posts: 24
Likes: 0
Mercedes uses the most sophisticated key-system on the market, since 1997 they use FBS3 (FahrBerechtigungsSystem) with no "ordinary key", years later other companys followed (mostly with this senseless "stick key into a hole and then press a button" instead of just sticking and turning).
I don't think this system (and Keyless-Go) uses an ordinary encryption like many systems, the system can only be used for a certain amount of times (don't worry: thousands) that would mean that it doesn't follow a certain algorithm but uses accidental generated codes which are safed onto the key and the lock. When a new key gets programmed it takes more time when the car is older (it has to go through all already used codes) it also cannot be manipulated with the tools avaible even at an authorized MB-Dealer (it all becomes controlled from Stuttgart - at least in Germany, maybe there's a different "server" for America?).
I wouldn't worry too much about it, like already said, when they steal your MB, they just take a wracking car and then disassemble it and sell the parts...
I don't think this system (and Keyless-Go) uses an ordinary encryption like many systems, the system can only be used for a certain amount of times (don't worry: thousands) that would mean that it doesn't follow a certain algorithm but uses accidental generated codes which are safed onto the key and the lock. When a new key gets programmed it takes more time when the car is older (it has to go through all already used codes) it also cannot be manipulated with the tools avaible even at an authorized MB-Dealer (it all becomes controlled from Stuttgart - at least in Germany, maybe there's a different "server" for America?).
I wouldn't worry too much about it, like already said, when they steal your MB, they just take a wracking car and then disassemble it and sell the parts...
MBWorld Fanatic!
Joined: Jul 2005
Posts: 3,221
Likes: 11
From: Sydney, Australia
W203 slightly modified
Originally Posted by ruykava
heh, but can he drive it away? :p
i believe Benz's are easy to open up as they don't have deadlocks: Merc doesn't want them because they're afraid of impeding emergency services in an accident.
but as for driving it away like no one's business, i don't know
i believe Benz's are easy to open up as they don't have deadlocks: Merc doesn't want them because they're afraid of impeding emergency services in an accident.
but as for driving it away like no one's business, i don't know
OR
Replace several key components and drive off.
MBWorld Fanatic!
Joined: Jul 2005
Posts: 3,221
Likes: 11
From: Sydney, Australia
W203 slightly modified
Originally Posted by Vik888
For you non-techies out there, 40-bit encrytion is what was used on the net in browsers, etc., back in 1995. Now we're at 128-bit encryption.
256-bit encryption and better exists but as they said, more and more power would be required.
Regardless, 40-bit encryption is easy to crack.
256-bit encryption and better exists but as they said, more and more power would be required.
Regardless, 40-bit encryption is easy to crack.
Almost a Member!
Joined: May 2006
Posts: 67
Likes: 0
cant do it with the benz, the key is coded and married to the vehicle and dedicated to a "slot" or numbered key location, the EIS or ignition has to "see" the key in the ignition to release the steering lock, the EIS gets the info from the key dependant settings, and transmits all info through the CAN to all other parts of the car so it would start, if a theif jacks your car with a laptop he needs somekind of governemt job as a spy
MBWorld Fanatic!
Joined: Dec 2006
Posts: 6,497
Likes: 335
From: Europe
223.168 & 213.012 & 906.633 & 214.005
But in order to replace these key components, one has to get them first from MB and you cannot just buy these theft protected parts like any other part. Benzmodz must know the details of info you need to provide the parts guy, they would basically then be aware of the car these would go for, plus the person buying, and the data is stored for later access.
MBWorld Fanatic!
Joined: May 2007
Posts: 2,071
Likes: 2
2007 S600
Sort of related to this subject is the matter of keyless go screw ups. Just a few months ago, my wife decided to drop me off at the hotel while she went on to Wal-Mart to pick up groceries for our beach visit. She never drives my car but this time she of course had to. We swapped seats at a gas station earlier. Meanwhile, I still had the key in my pocket as I just jumped out of the car and went to the hotel room. Since she never drives my car, her key was still at home in the desk drawer. The car never warns the driver that the key is no longer recognized and therefore that person could drive for miles , shut the car off, and then not be able to restart it. Needless to say, I had to walk 2 miles to the Wal-Mart to get the car started. They need to have an audible warning to make the secondary driver turn around and get back to the key , wherever it happens to be.
MBWorld Fanatic!
Joined: Oct 2006
Posts: 3,642
Likes: 13
From: Caribbean/Florida/Colorado
E-ZGO 53hp., 1999 E 430 sport, 2004 E 55, 2008 Tahoe LTZ on 24"s
That is just crazy
Sort of related to this subject is the matter of keyless go screw ups. Just a few months ago, my wife decided to drop me off at the hotel while she went on to Wal-Mart to pick up groceries for our beach visit. She never drives my car but this time she of course had to. We swapped seats at a gas station earlier. Meanwhile, I still had the key in my pocket as I just jumped out of the car and went to the hotel room. Since she never drives my car, her key was still at home in the desk drawer. The car never warns the driver that the key is no longer recognized and therefore that person could drive for miles , shut the car off, and then not be able to restart it. Needless to say, I had to walk 2 miles to the Wal-Mart to get the car started. They need to have an audible warning to make the secondary driver turn around and get back to the key , wherever it happens to be.
MBWorld Fanatic!
Joined: May 2007
Posts: 2,071
Likes: 2
2007 S600
It almost happened to us once before on my 2000 S500 years ago. It's such a rare occurence that my wife (or anyone else) drives my car that I just forget about it. I also wish that our keyless entry buttons were actual depressable buttons with an indent feeling instead of the finger-touch pad variety. I like the feel of an actual button click to let me know that in fact I actuated the lock mechanism. Many times I think I locked the car to then realize that it didn't lock and I end up having to press the rear door button as a 2nd attempt as I've already walked away from the driver's door. Also, while washing my car, the touch pad system keeps locking and unlocking my doors as I make light touches on the door handles with a wash wrag. I know it's a trivial whiny complaint but I am just making a contribution to the suggestion box.
Member
Joined: Nov 2005
Posts: 164
Likes: 0
From: San Carlos (SF Peninsula) CA
'03 ML500, '07 E350 Sport (wife's)
Maybe it varies by model or age, but our E350 does warn you when the key goes out of range with the engine running. My wife teasingly tells people she lets me drive her E everyday. What that means is that I get to pull it into our garage (double garage with individual doors and post in the middle.) That way when I take off a mirror it's my fault. Anyway, she'll get out of the seat and if she doesn't give me the key and goes into the house, as I pull into the garage (reducing the range) the dash display turns red and displays "key not detected". Scared the **** out of me the first time and almost made me crash. Curious if other systems are different.
MBWorld Fanatic!
Joined: May 2007
Posts: 2,071
Likes: 2
2007 S600
Now that you mention it, maybe it does give the warning and my wife just didn't see it. I've just been assuming it didn't. Regardless, I feel that if the car is in Drive, an audible warning (even the nav lady voice would work) should accompany the text warning that you are driving the car without the key. I'll have to test this myself (or RTFM). Maybe it says something in there about it
MBWorld Fanatic!
Joined: Jul 2002
Posts: 2,677
Likes: 3
From: California
i535
PREMIUM SPONSOR
Joined: Mar 2007
Posts: 615
Likes: 3
From: Chicago, IL
ML350, Lotus Elise
cant do it with the benz, the key is coded and married to the vehicle and dedicated to a "slot" or numbered key location, the EIS or ignition has to "see" the key in the ignition to release the steering lock, the EIS gets the info from the key dependant settings, and transmits all info through the CAN to all other parts of the car so it would start, if a theif jacks your car with a laptop he needs somekind of governemt job as a spy
at any rate it is true that there are only going to be a few people who have the abilities to pull this off but that is a moot point... the problem is that all it takes is for one guy to break the system and then sell his software to the wrong people. there has been evidence of exactly this happening in the asian markets where luxury vehicle theft is not only more prevalent but much more sophisticated. the biggest problem with this sort of theft is in how it affects the average mercedes owner. right now the perception has been exactly what we have seen here: that you need to be some sort of super spy to steal a mercedes this way. the actual truth is that you only need to be a willing car thief who has access to the proper software. the issue then is that if your vehicle is stolen in this manner your insurance company is going to suspect fraud on your part rather than the possibility that this "ultra-secure" system has been brokenand this is in fact exactly what some unluck people have had to deal with.
