[ale] [OT] Looking for someone to do SMD rework.

Byron Jeff byronjeff at clayton.edu
Thu Mar 29 20:01:26 EDT 2018 

Solomon,

I replied to Horkan offline. I realize now that his reply went to the list
even though it didn't show in the header of the reply that I got. So here's
my commentary.

------------------------------------------------------------

I wish it were so simple. But alas I have a Fiat 500e, and so it's not.

Fiat uses Philips crypto transponders that have a challenge response with
the BCM. Essentially the secret key is embedded into the BCM of the car and
is written on the crypto block of the transponder and then locked. Once
locked, the crypto page cannot be read or changed on the transponder.

So there are only three ways to 'pre-code' new keys that can be programmed
into the vehicle:

1. Pay the dealer. $175 a fob. Supposedly shipped from Italy.

2. Pull the BCM and read the secret key out of the memory. This involves
unsoldering parts, dumping memory into software, then precoding
and locking new blank transponders.

3. Pay a ton of money for a tool that reads the BCM memory via the OBD/CAN
connector. Then precode and locking new blank transponders.

Then and only after a blank transponder has been precoded, can the new keys
be introduced to the BCM. Dealers charge upwards of $100, in addition to
the keys for the priviledge. In addition all authorized keys have to be
programmed in at the same time.

It's a battle I've been fighting for 6 months. It's a damn shame that 10
bytes of key information and the protocol to read/write the BCM are hidden
so that dealers can charge a ton of money just to authorize keys.

------------------------------------------------------------

BAJ

-- 
Byron A. Jeff
Associate Professor: Department of Computer Science and Information Technology
College of Information and Mathematical Sciences
Clayton State University
http://faculty.clayton.edu/bjeff

On Thu, Mar 29, 2018 at 07:14:06PM -0400, Solomon Peachy wrote:
> On Thu, Mar 29, 2018 at 03:58:38PM -0400, Horkan Smith via Ale wrote:
> > Are you sure it wouldn't be easier to retrain your car to the new key fob?  I've done that for Fords & Chevys w/ instructions from 3rd party key fob sellers.  The instructions varied, but usually involved shorting two wires on the OBDII port or using a strange pattern of key-on/key-off/lock-doors/etc.
> 
> I second this suggestion.  I bought my daily driver with no fobs and 
> a disabled security system.  Now everything works; the instructions 
> were actually in the owner's manual.
> 
> That said, many vehicles require a working fob in order to train a new 
> one.  It all depends on the manufacturer and model.
> 
>  - Solomon
> -- 
> Solomon Peachy			       pizza at shaftnet dot org
> Coconut Creek, FL                          ^^ (email/xmpp) ^^
> Quidquid latine dictum sit, altum videtur.



-- 
Byron A. Jeff
Associate Professor: Department of Computer Science and Information Technology
College of Information and Mathematical Sciences
Clayton State University
http://faculty.clayton.edu/bjeff

More information about the Ale mailing list