klail
Well-Known Member
Sure!! BUT good luck putting your truck into drive without the fob. I haven't tried it but I doubt you will be able to do so.
5thGenRams Forums
Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
Car Thieves key fob hack
- Thread starter SRRouse
- Start date
Electrical
Ram Guru
- Joined
- Dec 16, 2018
- Messages
- 755
- Reaction score
- 463
- Points
- 63
- Age
- 124
Rolling codes are in the RF transmission; no worries there regarding these type of hacks.... hence my "baloney" comment. Although not mentioned in the OP, but everybody caught except me, that article is talking about capturing the LF signal and mimicking key fob proximity. I'm not sure if any coded security features are present here. Grinch nailed it. LF is only "capturable" at a meter or two.
You can. My sister took my dad's ram to the store, just left it running while she ran inside when she realized that she didn't have the fob. I don't recommend trying it if you don't live in a little tiny town.
Only as long as the two radios are in range
FirstTimeRamDriver
Well-Known Member
- Joined
- Jan 26, 2019
- Messages
- 332
- Reaction score
- 249
- Points
- 43
You are right, I stand corrected. I got it confused with another GM vehicle of mine that can be slowed down by OnStar if it was stolen
DM-SC
Active Member
- Joined
- Mar 3, 2019
- Messages
- 127
- Reaction score
- 118
- Points
- 43
- Age
- 61
From what I've read about it, the device mimics the fob until it's turned off or changed to grab another fob's frequency.
I'm no expert. Just going off of what I've read, so...
Sent from my SM-G960U using Tapatalk
One radio picks up the signal coming from the fob and rebroadcasts it to another radio by the vehicle . If the distance becomes too great between the two radios, the truck will loose the fob. The distance this works depends on the output power of the radios, and whatever obstacles are between the two radios. I would think the first building you went behind would kill the signal. The signal from the fob constantly changes based on feedback from the truck.
DM-SC
Active Member
- Joined
- Mar 3, 2019
- Messages
- 127
- Reaction score
- 118
- Points
- 43
- Age
- 61
My understanding of the device is that it mimics the fob, after it determines the fobs frequency. The device sends the commands to the vehicle.
If it is merely repeating the signal from the fob, then the unlock/start commands would have to be initiated by the actual fob.
But, like I said, I'm just parroting what I've read about it.
Sent from my SM-G960U using Tapatalk
If it is merely repeating the signal from the fob, then the unlock/start commands would have to be initiated by the actual fob.
But, like I said, I'm just parroting what I've read about it.
Sent from my SM-G960U using Tapatalk
NoRamForUconnect
Active Member
Half the people on this forums keys dont work when they are in the car what makes you think they can get signal through your house wall.
As the information exchanged between the fob and vehicle are encrypted and are frequency agile, just knowing the initial frequency is of limited use.
grinch72
Well-Known Member
- Joined
- Sep 22, 2018
- Messages
- 407
- Reaction score
- 290
- Points
- 63
- Age
- 53
I can sit my fob on my kitchen table and park in my driveway right next to it. the doors will unlock with the fob inside. truck won't start but the signal is strong enough to unlock the door!Half the people on this forums keys dont work when they are in the car what makes you think they can get signal through your house wall.
NoRamForUconnect
Active Member
Thats strange the fob doesn't transmit multiple signals so if it unlocks the door shouldn't it start the truck too?
grinch72
Well-Known Member
- Joined
- Sep 22, 2018
- Messages
- 407
- Reaction score
- 290
- Points
- 63
- Age
- 53
It must use some sort of power meter if you will to determine how close it is to the truck. I can place my fob outside of the truck on the roof, etc and my truck won't start BUT it will unlock with the fob feet away! craziness. Id be curious if you tried the same, what your results were!
Chris
Active Member
I’m not an expert on radio frequencies nor do I know for certain what Ram uses, but I think you are overthinking the entire concept of the fob; I do not think the fob sends a constant signal at all, or else I think the fob battery would die much more quickly by constantly transmitting a signal at least a half dozen feet and through clothing and often body parts.
Instead, I think it has a LF receiver and an HF transmitter; the truck itself send a low power LF signal when you grab a handle, then listens for a response; the signal is specifically designed to only travel a short distance, so the fob must be “near” by.
When the fob receives this signal, it sends a HF response, which the truck detects before unlocking. If the fob doesn’t send the response, the truck doesn’t unlock. Same thing with ignition, except the truck uses a different transmitter and strength so the signal is only sent inside the cab.
What these “hacking” devices do is listen for the LF signal the vehicle sends, then amplify and repeat it over a long distance so your fob can detect it and send a response. Since the fob doesn’t transmit without getting a signal first, it can’t just copy your fob by being near it. Since it essentially only clones and repeats a signal, the device can be fairly simple and cheap.
If this is wrong, I would appreciate a technical article directly from a vehicle manufacturer that describes the technology instead. If a technical article isn’t available, then it is just as likely and irrefutable that the device works by calling out to aliens, who then cloak and teleport into your vehicle to unlock it for you as anything else anyone claims.
Instead, I think it has a LF receiver and an HF transmitter; the truck itself send a low power LF signal when you grab a handle, then listens for a response; the signal is specifically designed to only travel a short distance, so the fob must be “near” by.
When the fob receives this signal, it sends a HF response, which the truck detects before unlocking. If the fob doesn’t send the response, the truck doesn’t unlock. Same thing with ignition, except the truck uses a different transmitter and strength so the signal is only sent inside the cab.
What these “hacking” devices do is listen for the LF signal the vehicle sends, then amplify and repeat it over a long distance so your fob can detect it and send a response. Since the fob doesn’t transmit without getting a signal first, it can’t just copy your fob by being near it. Since it essentially only clones and repeats a signal, the device can be fairly simple and cheap.
If this is wrong, I would appreciate a technical article directly from a vehicle manufacturer that describes the technology instead. If a technical article isn’t available, then it is just as likely and irrefutable that the device works by calling out to aliens, who then cloak and teleport into your vehicle to unlock it for you as anything else anyone claims.
Electrical
Ram Guru
- Joined
- Dec 16, 2018
- Messages
- 755
- Reaction score
- 463
- Points
- 63
- Age
- 124
Fob frequrncies are fixed: RF transmits at 433MHz, LF at 125kHz. The device is not mimicking a frequency, it's mimicking a "data packet". If the hacking device precisely repeats this packet, the truck will believe the key fob is near and it will do anything as when the fob is actually present. That's the theory anyway.
Confusing the RF and LF? Pressing a button is RF... with a range of 50 to 100 feet (capable of more but limited to conserve battery life). Fob detection, on the other hand, is LF with a range of only a few feet. Pressing a button to unlock the door is different from the truck detecting a fob nearby, which would then allow the truck to be started.
Cool observation! Power meter... in the sense of antenna directionality. It makes sense that antenna patterns were not directed towards the top of the truck as this is not a likely place for the fob to be detected.
I finally broke down and reviewed the Techconnect document @Neurobit posted. Sure enough, this is how the Ram's passive entry system is described. That document appears to say the keyfob is INACTIVE on both LF and RF until some action is taken by the owner, such as pressing a button or touching a passive entry door handle. So, the fob *should* not be sending out constant LF packets for someone to steal.
However, this Techconnect document is not a fully-featured service document and lots of information is simply not present. It says the RF Hub in the truck has two LF connections: 1) an LF antenna output circuit and 2) an LF antenna return circuit. What is this return circuit and where is that signal coming from? Overall I agree we have nothing to worry about, but my statement comes from a limited knowledge of the Ram's system.
One last comment. If the fob were consistently sending LF packets, the battery would surely have a shorter life than if it didn't do this. However, doing so and maintaining a reasonable life are not necessarily exclusive. After all, TPMS sensors consistently send tire pressure data (when the wheel is rolling); this, on the RF, with enough power to transmit through the tire, the wheel well, the fire wall, and whatever else. If coded efficiently, TPMS sensors can be made with reasonably safe transmit intervals of just a few seconds and still have a theoretical 8 to 10 year lifespan. I've personally done power budgets on these things. That Techconnect document estimates key fob battery life at about 3 years, which seems low to me... and makes me wonder what else is it spending its' battery juice on?
slimchance
Well-Known Member
here is another twist .. yesterday i washed my trk using one of those blue bristle brushes and when i was washing the driver or passenger door i noticed the lock post/button on the inside of the door going up and down ... every time i made a pass on the door the button would react, it was quite funny ... it's kinda like the truck was huxxing the brush .. so, you do not have to touch the door handle unlock area for the truck to unlock and no the door handle was not yet wet
The unlock "pad" inside the door handle is not only looking for uniquely human contact. It's just a capacitive pad that's open to all kinds of "input." Water is a well known trigger but you could come up with all kinds of things that would substitute for your hand.
Just wondering though - how were you washing the truck without getting the handles wet?
