I was reading an article about how keyless entry systems for automobiles prevent people from recoding the signal and replaying it to open someone's car. In the article they describe the process as below:
- The transmitter's controller chip has a memory location that holds the current 40-bit code. When you push a button on your key fob, it sends that 40-bit code along with a function code that tells the car what you want to do (lock the doors, unlock the doors, open the trunk, etc.).
- The receiver's controller chip also has a memory location that holds the current 40-bit code. If the receiver gets the 40-bit code it expects, then it performs the requested function. If not, it does nothing.
- Both the transmitter and the receiver use the same pseudo-random number generator. When the transmitter sends a 40-bit code, it uses the pseudo-random number generator to pick a new code, which it stores in memory. On the other end, when the receiver receives a valid code, it uses the same pseudo-random number generator to pick a new one. In this way, the transmitter and the receiver are synchronized. The receiver only opens the door if it receives the code it expects.
I was curious if anyone had any more information on how the "...it uses the pseudo-random number generator to pick a new code..." portion of the process works?
My first thought was that both systems share an encryption key and they are just incrementing a number and comparing the encrypted values, but that was just a guess. Does anyone know of somewhere that documents how this process actually works?
Aucun commentaire:
Enregistrer un commentaire