Passive Entry Passive Start (PEPS):
As a matter of general interest on how the QQ security (key code relay) is likely being compromised. The schematic shown below from Texas Instruments (TI)...a very old, big and current electronic device manufacturer for much electronics and software both military and civil:
Diagram: Looking at the Key Fob at top left. An input (LF) is received when any door button is pressed. It arises from the car BCM unit/door antennas and sends a signal to the Key Fob. If in range and valid the Key Fob transmits code back to the car BCM at output (UHF/BLE) . Code comparison is done in the BCM and if valid the doors are opened or closed. Key must be in range at about 1mtr max for owner use. For thieves the LF signal is relayed to key fob vicinity ...maybe in house etc. So two signals are relayed in sequence when one thief presses a door button.
I'd say trying to get the Key code from a Key Fob button press direct is difficult. It can be jammed and Key Fob press output is captured by thief within 50 mtrs. Owner wonders why Key Fob didn't release the doors...on 2nd/3rd press it does. Thief has captured Key code.
So the test of the pouch (Faraday Cage things) is for the LF signal for one...meaning Low Frequency and much lower than the Key Fob coded signal. I think LF is one of 3 signals at...20khz, 125khz or 134khz. Likely car make specific and I need to find it for the QQ.
So, door buttons appear to be a rotten idea! I'd like to exchange the dumb S/S switch for a door button disable.....click! for security better!
How PEPS technology is opening our Car Doors..Theft
-
calnorth
- Posts: 2719
- Joined: Mon Feb 11, 2019 2:01 pm
- Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)
An example how Mercedes seems to have got it right...if you remember the simple disable sequence.
Not sure what happened with the hair do here?
Not sure what happened with the hair do here?
Mk2 Qashqai Facelift - J11b (2017–and onward)
1.6 Dig-T N-Connecta
1.6 Dig-T N-Connecta
-
calnorth
- Posts: 2719
- Joined: Mon Feb 11, 2019 2:01 pm
- Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)
Update to 1st post:
The LF function of the Key Fob appears to relate to S/S...critically. The LF antennas at the door handles + one in the roof (likely) combine to provide whats called a 3D view. Meaning determining whether the Key Fob is in or out of the car. If outside then the car cannot be started. Only start when inside...logical.
As such disabling the LF antenna in the Key Fob isn't an option by the look of it?
Think it really means that the door buttons themselves need to be disconnected. Key Fob only for entry and S/S which certainly should severely limit thieves.
Here's another view of relay theft...with frequencies of interest...red line is push button initial trigger. Its actually a double relay function...not just a relay.
The LF function of the Key Fob appears to relate to S/S...critically. The LF antennas at the door handles + one in the roof (likely) combine to provide whats called a 3D view. Meaning determining whether the Key Fob is in or out of the car. If outside then the car cannot be started. Only start when inside...logical.
As such disabling the LF antenna in the Key Fob isn't an option by the look of it?
Think it really means that the door buttons themselves need to be disconnected. Key Fob only for entry and S/S which certainly should severely limit thieves.
Here's another view of relay theft...with frequencies of interest...red line is push button initial trigger. Its actually a double relay function...not just a relay.
Last edited by calnorth on Wed Sep 25, 2019 10:13 am, edited 1 time in total.
Mk2 Qashqai Facelift - J11b (2017–and onward)
1.6 Dig-T N-Connecta
1.6 Dig-T N-Connecta
-
calnorth
- Posts: 2719
- Joined: Mon Feb 11, 2019 2:01 pm
- Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)
Update 2:
Here is the cheap device that is sold for experimental electronic/software projects....those innocent ones! About £150 from China and legal mainly in respect of its transmit power. It may not be legal though if it came to an investigation crunch, but is easily available anyway.
Its a Transmitter/Receiver covering a considerable frequency band that our Key Fobs operate within. It requires either a laptop or tablet to run it with related signal capture software and ability to re transmit it (relay/replay). A bolt on signal amplifier is often required.
I expect this to be the weapon of choice for both singular and rolling key codes. Car manufacturers are well aware of this device and as we know have done pretty much zero about it for legacy systems that we are stuck with.
Here is the cheap device that is sold for experimental electronic/software projects....those innocent ones! About £150 from China and legal mainly in respect of its transmit power. It may not be legal though if it came to an investigation crunch, but is easily available anyway.
Its a Transmitter/Receiver covering a considerable frequency band that our Key Fobs operate within. It requires either a laptop or tablet to run it with related signal capture software and ability to re transmit it (relay/replay). A bolt on signal amplifier is often required.
I expect this to be the weapon of choice for both singular and rolling key codes. Car manufacturers are well aware of this device and as we know have done pretty much zero about it for legacy systems that we are stuck with.
Mk2 Qashqai Facelift - J11b (2017–and onward)
1.6 Dig-T N-Connecta
1.6 Dig-T N-Connecta
-
gloucester
- Posts: 5194
- Joined: Sun Apr 03, 2016 7:04 am
- Location: Gloucestershire, England
- Qashqai Model: Mk.2 Qashqai - J11 (2013–2017)
Note it's compulsory to wear a hoody when operating it! 
(2015 Nissan Qashqai Tekna DIG-T 1.2 sold 15/6/18) ~ 2018 Suzuki Ignis SZ5 - 2018 Yamaha MT-07 ~ (2024 Volvo EX30 ordered)
-
calnorth
- Posts: 2719
- Joined: Mon Feb 11, 2019 2:01 pm
- Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)
Naturally.....fame could lead to disaster. Well, probably a very gentle telling off perhaps? Mustn't upset some folk.
Interestingly (sort of) HackRF is all over Youtube in respect of car attack.
Mk2 Qashqai Facelift - J11b (2017–and onward)
1.6 Dig-T N-Connecta
1.6 Dig-T N-Connecta
-
calnorth
- Posts: 2719
- Joined: Mon Feb 11, 2019 2:01 pm
- Qashqai Model: Mk.2 Qashqai Facelift - J11b (2017–2021)
Daily Express at it today...half cocked info really.
My bother is when the insurance companies crank up on legacy vehicle premiums... on the 2nd hand market. One way to stop it is to disable 12v from the Starter Motor pre-relay...not the solenoid. That could be a radio key arrangement or simple hidden switch..an older method of course, that pretty much replicates a function of current immobilisers.
Its likely possible to disconnect the driver door press button. Hopefully not flagging an error message? Other buttons can be disabled in Settings I think so disabling all stupid press button opening.
https://www.express.co.uk/life-style/cars/1182351/keyless-car-theft-stolen-vehicles-uk
My bother is when the insurance companies crank up on legacy vehicle premiums... on the 2nd hand market. One way to stop it is to disable 12v from the Starter Motor pre-relay...not the solenoid. That could be a radio key arrangement or simple hidden switch..an older method of course, that pretty much replicates a function of current immobilisers.
Its likely possible to disconnect the driver door press button. Hopefully not flagging an error message? Other buttons can be disabled in Settings I think so disabling all stupid press button opening.
https://www.express.co.uk/life-style/cars/1182351/keyless-car-theft-stolen-vehicles-uk
Mk2 Qashqai Facelift - J11b (2017–and onward)
1.6 Dig-T N-Connecta
1.6 Dig-T N-Connecta
