Could LeafSpy program keys?

My Nissan Leaf Forum

Help Support My Nissan Leaf Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

chooze

Member
Joined
Aug 8, 2015
Messages
20
Location
Peoria, IL
Would it be possible for LeafSpy to program key fobs and pair them with a car? I've been dealing with a destroyed key recently and came across the world of key programing devices. Here is an example of one in action:

[youtube]https://www.youtube.com/watch?v=7CXNk_ail6w[/youtube]

It seems that it is exploiting a vulnerability in Nissan's security to automatically generate the security codes.

It just connects to the OBD port and can program keys in a minute or so. It would be amazing if LeafSpy were able to do the same thing. I imagine one thing to be evaluated would be if it uses the standard pins or ones typical obd dongles don't connect to.
 
Dala said:
Bad idea to make a readily available app possible to program keys. I would be strongly against it!

+1. I recently found out that a cheap Chinese knock-off code reader for my ICE cars can reset the odometer :shock: I knew it was possible with software available on the seamier parts of the web but I bought this reader on Amazon. I have previously encountered cars that have been rolled back but I never knew how easy it was.
 
Dala said:
Bad idea to make a readily available app possible to program keys. I would be strongly against it!
goldbrick said:

Dala, goldbrick, What do you feel the risks are?

I would not see theft as much of a risk at all. As you mentioned, devices that already do this are readily available on Amazon and eBay some model specific ones for as little as $17 (I'm not sure if any of the more affordable ones work for the Leaf). I wouldn't think the cost of these tools is what is preventing them from being used for theft and that making this avalible in the $20 LeafSpy Pro is going to change the economics. I think they are not use for theft for two reasons 1) you still need to get into the car some how and 2) they are fairly slow and complicated. If someone is going to steel a push button start car they are going to use the key relay method which overcomes both of these issues:

[youtube]https://www.youtube.com/watch?v=hj3ZRv9cMBw[/youtube]

I would see a larger risk of acquaintances abusing this. From somewhat harmless practical jokes on up to stalkers. Two things happen when you program the keys:

  1. All keys are erased / loose access
  2. Present keys including new ones gain access

So assuming you have unrestricted access to an unlocked car you can:
  1. Make the car inoperable by deleting all keys and not adding any back
  2. Try to add an extra key the owner does not know about

If you have unrestricted access to an unlocked car you can pretty much alway make it inoperable. I guess this would be a lower point of entry as the process is more easily reversed than some other permanent damage someone could inflict.

Adding an extra key is a bit riskier. To do it correctly you'd have to have all the owner's keys since any not present are going to be disabled. A key that stops working would be a hint that something is up and if the owner reprograms them then the extra key would be deleted.

I'm not sure how much of a risk these scenarios present. Again they are already possible today with the standalone programers on the market LeafShy would just make it cheaper and less conspicuous.

I thought there might be a third risk to that those that leave OBD connected could have their keys erases even without access to the inside of the car but this is not possible. The hazard lights have to be on for the programing process to start so you cannot do this without access. Had this one proved out to be a real risk I would have agreed this feature should not be implemented. In general it is a terrible idea to leave an unsecured Bluetooth, BLE, or WiFi OBD dongle attached to your car. I have not looked recently but a few years ago there was not a single secure option available on the market.

I think the convenience and cost saving of being able to program your own keys outweigh the risks highlighted here. Now, I may not have thought of all the risks or maybe I'm under estimating the severity of some of this and I'd be glad to hear what others think.
 
goldbrick said:
I recently found out that a cheap Chinese knock-off code reader for my ICE cars can reset the odometer :shock
Yeah, I found that out when investigating the key programers. Could not think of a legitimate use for that.
 
Back
Top