Comment by bufferoverflow
Comment by bufferoverflow 13 hours ago
Why can't it be very simple and secure. Car and fob share a secret key.
When you click on the open button on the fob, you send
SHA256(key)
Car responds with a random challenge
RND
Fob sends
SHA256(key XOR RND)
Car does the same calculation and compares.
There's no car identification in this protocol, meaning that impersonation/mitm attacks are trivial. Try again :)