fortysevenbteg brings me interesting news about idiots and weak

[theweaselking]

So, you know those cars with that keyless entry pad? The one under the driver's side handle? Well, if you look closely you will see that there are really only 5 buttons, labeled "1/2", "3/4", "5/6", "7/8", "9/0". In an effort to avoid a little confusion, I'm going to call those buttons 1, 3, 5, 7, and 9, respectively.

A little experimentation will reveal that, if the code is 11357, and you type 5113579, the door will still open! This means that with 7 characters we managed to try out 3 sequences - 51135, 11357, and 13579. After the initial 4 numbers (which sort of primed the pump) every digit tries one new sequence. Since there are 55 length 5 sequences of characters from an alphabet of size 5, we know that we'll need to try 3125 sequences total. With our intuition from above, we would hope that we could find a sequence of size 4 + 3125 (priming the pump, followed by one new sequence every keypress). It turns out that a mathematician named de Bruijn has already done all of the hard work for us on this one, and all of the relevant math can found under the names de Bruijn sequence and de Bruijn graph. But I'm not going to talk about math any further here. Right now, I am going to give you a sequence of minimal length that, when you enter it into a car's numeric keypad, is guaranteed to unlock the doors of said car. It is exactly 3129 keypresses long, which should take you around 20 minutes to go through.

Comments

[ismarc.livejournal.com]

It's funny you should post this. Not too long ago I was thinking about those "dual numbered" car keypads (I think about weird stuff sometimes) and I did some informal mental exercises. I'd concluded that the things couldn't be too secure and could be brute force hacked in a short time.

It's nice to see my suspicions confirmed by some formal number crunching.

[paoconnell.livejournal.com]

I think that what is needed is an "Enter button" (such as pulling the door handle) to be hit after the fixed length code, which should make the task a bit harder for the potential thief.
I've tried entering a car with one of these keypads (my father in law's) and was surprised there was no equivalent to an Enter button. Once the right code was entered, the lock opened with an audible click.

[netdef.livejournal.com]

Oh, excellent!

Scary as hell really, since if you wanted to be really creative you would find a way to induce those membrane switches electronically with a simply magnetic gadget, and you could run the entire sequence with a handheld device held over the keybad in a matter of seconds. The only tricks would be to determine the fastest response time of the cars security module, and whether it has a lockout on code fail feature.

[elffin.livejournal.com]

The ones described don't have a lockout on code failure.

[kjn]

And how long is 20 minutes compared to the normal time for an experienced thief to break the lock on a car?

[theweaselking.livejournal.com]

#1: Depends on the car. Seriously.
#2: This requires no equipment, no training, no skill, and does no damage to the vehicle.

[toku666.livejournal.com]

...and without skill, equipment, or training, you can't actually steal the car, which is likely the only thing worth taking at that point.

[thormation.livejournal.com]

No, but you can steal whatever is *in* the car.

Alternately, it allows you to gain access to the car to (a) stow away in, with an option to carjack later, and/or (b) place contraband (incriminating objects, recording devices, bombs, tracking devices, poisonous snakes, etc.).

[toku666.livejournal.com]

Poisonous snakes. Okay.

[jerril]

The important thing here is that my Uncle, a teacher, bought one of these cars in a fit of stupidity. His students immediately set themselves to cracking his combo the brute force way, forcing him to reset his password DAILY to stop them from working through the sequence.

In other words, these doors aren't enough to keep eight year olds out of your car for more than two or three lunch breaks and the occasional after-school-before-school-bus effort.

At least the experienced thieves aren't common. Eight year olds are a dime a dozen.

[silmaril.livejournal.com]

Oh. My. Eru.

I can't stop laughing; I hadn't realized that their passwords have no start/stop requirement. That's... wow, that's stupid.

Whee!

[argaive.livejournal.com]

If you add a "1" to the end of that sequence, you don't have to enter the initial four "9"s thus completing it in 3126 keypresses rather than 3129.

Thereby saving you, like, three seconds.

:-)

A.

[argaive.livejournal.com]

Okay, not.

However you can start this sequence anywhere in the middle as long as you circle back to where you started.

Cool.

:-)

A.

[argaive.livejournal.com]

Ahh, but if you do that, you have to repeat the first four keypresses. In this case you can omit the first four nines.

:-)

A.

[argaive.livejournal.com]

But you can't escape 3129 keypresses.

:-)

A.

[drjamez.livejournal.com]

Yet another reason for me to get a new vehicle. Thanks. ;-)

- James -

...who has had to hack into his own SUV before and it is, indeed, frighteningly easy.

[toku666.livejournal.com]

I was actually unaware that they were still making cars with these.

This was brought up when they first came out, and I know that on at least some Ford models, entering too many numbers will briefly end input.

[amazonpanda.livejournal.com]

ok thats funny!

[tsunami-ryuu.livejournal.com]

Heh, wow. Failure on the part of the designers. This makes me glad my car hails from the early 90s and has nothing in the way of keyless entry in it.