chooze
Posts: 20
Joined: Sat Aug 08, 2015 3:37 pm
Location: Peoria, IL

Could LeafSpy program keys?

Thu Oct 10, 2019 7:07 pm

Would it be possible for LeafSpy to program key fobs and pair them with a car? I've been dealing with a destroyed key recently and came across the world of key programing devices. Here is an example of one in action:

[youtube]https://www.youtube.com/watch?v=7CXNk_ail6w[/youtube]

It seems that it is exploiting a vulnerability in Nissan's security to automatically generate the security codes.

It just connects to the OBD port and can program keys in a minute or so. It would be amazing if LeafSpy were able to do the same thing. I imagine one thing to be evaluated would be if it uses the standard pins or ones typical obd dongles don't connect to.

Dala
Posts: 102
Joined: Sun Oct 28, 2018 11:24 am
Delivery Date: 01 Jan 2015
Leaf Number: 316851

Re: Could LeafSpy program keys?

Fri Oct 11, 2019 12:14 am

Bad idea to make a readily available app possible to program keys. I would be strongly against it!

goldbrick
Posts: 624
Joined: Tue Aug 01, 2017 3:33 pm
Delivery Date: 01 Aug 2017
Leaf Number: 311806
Location: Boulder, CO

Re: Could LeafSpy program keys?

Fri Oct 11, 2019 9:20 am

Dala wrote:
Fri Oct 11, 2019 12:14 am
Bad idea to make a readily available app possible to program keys. I would be strongly against it!
+1. I recently found out that a cheap Chinese knock-off code reader for my ICE cars can reset the odometer :shock: I knew it was possible with software available on the seamier parts of the web but I bought this reader on Amazon. I have previously encountered cars that have been rolled back but I never knew how easy it was.

chooze
Posts: 20
Joined: Sat Aug 08, 2015 3:37 pm
Location: Peoria, IL

Re: Could LeafSpy program keys?

Thu Oct 17, 2019 7:59 pm

Dala wrote: Bad idea to make a readily available app possible to program keys. I would be strongly against it!
goldbrick wrote: +1
Dala, goldbrick, What do you feel the risks are?

I would not see theft as much of a risk at all. As you mentioned, devices that already do this are readily available on Amazon and eBay some model specific ones for as little as $17 (I'm not sure if any of the more affordable ones work for the Leaf). I wouldn't think the cost of these tools is what is preventing them from being used for theft and that making this avalible in the $20 LeafSpy Pro is going to change the economics. I think they are not use for theft for two reasons 1) you still need to get into the car some how and 2) they are fairly slow and complicated. If someone is going to steel a push button start car they are going to use the key relay method which overcomes both of these issues:

[youtube]https://www.youtube.com/watch?v=hj3ZRv9cMBw[/youtube]

I would see a larger risk of acquaintances abusing this. From somewhat harmless practical jokes on up to stalkers. Two things happen when you program the keys:
  1. All keys are erased / loose access
  2. Present keys including new ones gain access
So assuming you have unrestricted access to an unlocked car you can:
  1. Make the car inoperable by deleting all keys and not adding any back
  2. Try to add an extra key the owner does not know about
If you have unrestricted access to an unlocked car you can pretty much alway make it inoperable. I guess this would be a lower point of entry as the process is more easily reversed than some other permanent damage someone could inflict.

Adding an extra key is a bit riskier. To do it correctly you'd have to have all the owner's keys since any not present are going to be disabled. A key that stops working would be a hint that something is up and if the owner reprograms them then the extra key would be deleted.

I'm not sure how much of a risk these scenarios present. Again they are already possible today with the standalone programers on the market LeafShy would just make it cheaper and less conspicuous.

I thought there might be a third risk to that those that leave OBD connected could have their keys erases even without access to the inside of the car but this is not possible. The hazard lights have to be on for the programing process to start so you cannot do this without access. Had this one proved out to be a real risk I would have agreed this feature should not be implemented. In general it is a terrible idea to leave an unsecured Bluetooth, BLE, or WiFi OBD dongle attached to your car. I have not looked recently but a few years ago there was not a single secure option available on the market.

I think the convenience and cost saving of being able to program your own keys outweigh the risks highlighted here. Now, I may not have thought of all the risks or maybe I'm under estimating the severity of some of this and I'd be glad to hear what others think.

chooze
Posts: 20
Joined: Sat Aug 08, 2015 3:37 pm
Location: Peoria, IL

Re: Could LeafSpy program keys?

Thu Oct 17, 2019 8:00 pm

goldbrick wrote: I recently found out that a cheap Chinese knock-off code reader for my ICE cars can reset the odometer :shock
Yeah, I found that out when investigating the key programers. Could not think of a legitimate use for that.

Return to “LEAF CANBus”