Breaking a Car's Cipher

An anonymous reader alerts us to research out of Belgium and Israel that claims a practical attack on the KeeLoq auto anti-theft cipher. Here are slides from a talk (PDF) at CRYPTO 2007. From the researchers' site: "KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or a Jaguar. The cipher is included in the remote control device that opens and locks your car and that controls the anti-theft mechanisms. The 64-bit key block cipher was widely believed to be secure. In a recent research, a method to identify the key in less than a day was found. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). The attacker than runs the implemented software, finds the secret cryptographic key, and drives away in your car after copying the key." Update: 07/23 15:27 GMT by KD : One of the researchers, Sebastiaan Indesteege, pointed out that the link to the paper was incorrect; their paper has not yet been released to the public. I also managed to mis attribute his nationality. He is Belgian, not Dutch. My apologies.

Re:So? CNC...

[foodnugget]

While it may be simple to break the code on the chip, you still need a copy of the key unless the car is push-button-ignition.
These days, many high-end car keys are CNC cut (my mini's key has huuuuuge tooling marks from a spindle-out-of-square), which will actually cause a bit of trouble. This isn't something you could easily do a putty-transfer on, nor does the group of people who spend a lot of time breaking cyphers typically overlap with the group of people who have and can work with CNC equipment.
In the end, I think flatbedding the car is the way to go. All the big chop shops are doing this now. If you're small-time, carjack. Alternately, get a real job.

Re:So...

[RandoX]

All you need is the correct sequence on the parking brake.

The mythical Honda override exists: It's a series of presses and pulls of the emergency brake. Each car, it seems, has a unique override code, which correlates to the VIN.

Re:So?

[cayenne8]

"The article (or at least the summary) implies what you say, although I find it hard to believe that someone would be so retarded as to design a key that communicates at all without manual initiation by its owner. Or, to use the technical term, pushing a goddam button."

Nope..I first found this on my first corvette...a '97 C5. It had a setting through the dash display, where you could set the car to sense when you came near enough with the keys, and it would automatically unlock. You could set it to unlock either both doors, or just drivers side.

I played with it awhile, but, I found that the hook I kept my keys on near the front door...were too close to where the car was parked...and would at times unlock the car in the driveway. I turned it off after that.