Quote:
Originally Posted by geraldjust
There is a couple of things you can do, for push start cars the challenge response can be just brute force by keep sending challenges to the certification ecu. Record all the responses (will take a while). Once you have all those saved. You can replay it. The possibilities are very large, so you have to have some sort of external EEPROM, or flash. Turnkey cars are slightly different on some IDs due to the fact the BCM and Cluster are involved. but its doable.
|
It is possible to replay the key. But the hardest part is actually finding/intercepting the valid replay messages between canbus without connecting directly to the transponder in which most (if not all aftermarkets do - including OEM ones). Having to do this strictly on the canbus means that you need to have access to the key seeding and you have to be able to expose and read the fob data frame. I tried. I just decide to go the easiest route and can be implemented without much hassle.