Dismantling

 Megamos  Crypto:  Wirelessly  

Lockpicking  a  Vehicle  Immobilizer  

Roel  Verdult   Flavio  D.  Garcia   Baris  Ege  

Radboud  University   University  of   Radboud  University  
Nijmegen,  NL   Birmingham,  UK   Nijmegen,  NL  
 Why  this  special  paper  presentaCon?  
•  This  paper  was  first  accepted  at  Usenix  Security’13  
•  VW  sought  an  injuncCon  from  the  High  Court  of  
London  to  prevent  publicaCon  
•  The  High  Court  of  London  granted  an  interim  
injuncCon  and  therefore  we  had  to  withdraw  the  
arCcle    
•  We  have  now  reached  an  amicable  seOlement  
without  any  admission  of  liability  
•  We  will  talk  about  the  technical  content  of  the  
paper  but  not  about  the  details  of  the  case  
 1$2"+%$(344*5"%"6$#&(
•! P0&&"8$(>Q3R(E0/&(SKTU(=M6V(
•! P#$8$.9(2*9WF"#"./(
•! X0.?09*#'(
–! Y@#*-$(SY7(R"#$+C8$(ZU[U\[YNV(
–! ]@&9#0%"0(S]I[A^I(_\`KaKZZZV(
–! N0.0?0(SN]A[7)N(ILLbW(ZbV(
•! P#$8$.9(".&@#0.+$(:#0@?(
•! I2*@%?(.*9(5$(+*.:@&$?(F"92((
#$4*9$(+*.9#*%&(9209(@.%*+,((
92$(+0#(?**#&(S_LL(XM6V(
1$2"+%$(344*5"%"6$#&(
Three  main  immobilizer  chips  used  (2012-­‐13)  

•  TI’s  DST                    (40-­‐bit  key)  

–  Bono  et  al.  “Security  Analysis  of  a  Cryptographically-­‐
Enabled  RFID  Device”        [Usenix  Security’05]  
 
•  NXP’s  Hitag2                (48-­‐bit  key)  
–  Analysed  in  our  paper  “Gone  in  360  Seconds:  
Hijacking  with  Hitag2”        [Usenix  Security’12]  
 
•  EM’s  Megamos  Crypto          (96-­‐bit  key)  
–  This  talk              
X$/04*&(N#'-9*(7&0/$(ST`KLV(
suspect the use of so-called ` car diagnostic' devices. Such a device uses all kind
of custom and proprietary techniques to bypass the immobilizer and start a car
without a genuine key. This motivated us to evaluate the security of vehicle
immobilizer transponders.

Make Models
Alfa Romeo 147, 156, GT
A1, A2, A3, A4 (2000), A6, A8 (1998), Allroad, Cabrio, Coupe,
Audi
Q7, S2, S3, S4, S6, S8, TT (2000)
Buick Regal
Cadillac CTS-V, SRX
Chevrolet Aveo, Kalos, Matiz, Nubira, Spark, Evanda, Tacuma
Citroen Jumper (2008), Relay
Daewoo Kalos, Lanos, Leganza, Matiz, Nubira, Tacuma
DAF CF, LF, XF
Ferrari California, 612 Schaglietti
Albea, Doblo, Idea, Mille, Multipla, Palio, Punto (2002),
Fiat
Seicento, Siena, Stilo (2001), Ducato (2004)
Holden Barina, Frontera
Accord, Civic, CR-V, FR-V, HR-V, Insight, Jazz (2002, 2006),
Honda
Legend, Logo, S2000, Shuttle, Stream
Isuzu Rodeo
Iveco Eurocargo, Daily
Kia Carnival, Clarus, Pride, Shuma, Sportage
Lancia Lybra, Musa, Thesis, Y
Maserati Quattroporte
Opel Frontera
Pontiac G3
Porsche 911, 968, Boxster
Seat Altea, Cordoba, Ibiza (2014), Leon, Toledo
Skoda Fabia (2011), Felicia, Octavia, Roomster, Super, Yeti
Ssangyong Korando, Musso, Rexton
Tagaz Road Partner
Amarok, Beetle, Bora, Caddy, Crafter, Cross Golf,
Dasher, Eos, Fox, Gol, Golf (2006, 2008), Individual,
Volkswagen Jetta, Multivan, New Beetle, Parati, Polo, Quantum,
Rabbit, Saveiro, Santana, Scirocco (2011), Touran,
Tiguan (2010), Voyage, Passat (1998, 2005), Transporter
C30, S40 (2005), S60, S80, V50 (2005), V70, XC70,
Volvo
XC90, XC94

Figure 2: Vehicles that used Megamos Crypto for some version/year [11].
 M0#?F0#$(I$9@-(

•! P#*H40#,(333(
–! KTU(,M6<(KLcU\(XM6(
–! ]RN<(@N(0.?(QPi](
–! j-$.(?$&"/.[&*@#+$(
 respon
using a PIN code pin. A valid PIN code resets the access
conditions and enables again writing of k, pin, um and When th
E0/(X$4*#'(%0'*@9((
l. The PIN code has to be known or overwritten to the and-forwar
S:#*4(?090&2$$9V(
transponder before it is locked, otherwise an exhaustive
search of the PIN code is required.
are exchan
transponde
( user memo
Block Content Denoted by ticate using
0 user memory um0 : : : um15
fails, the ca
1 user memory, lock bits um16 : : : um29 l0 l1
2 device identi cation id0 : : : id15 the dashbo
3 device identi cation id16 : : : id31 the transpo
4 crypto key k0 : : : k15 of a Germa
5 crypto key k16 : : : k31
6 crypto key k32 : : : k47 amos Cryp
7 crypto key k48 : : : k63 To the b
8 crypto key k64 : : : k79 available d
9 crypto key k80 : : : k95
10 pin code pin0 : : : pin15
amos Cryp
11 pin code pin16 : : : pin31 tion of the
12 user memory um30 : : : um45 EM4170 a
13 user memory um46 : : : um61 read-only
It does no
14 user memory um62 : : : um77 write-only
15 user memory um78 : : : um93 read-write
messages a
der must p
nonce nC =
 Megamos  AuthenCcaCon  Protocol  

id
←−−−−−−−−
nC , aC
−−−−−−−−→
aT
←−−−−−−−−

Figure 4: Megamos
id = 32-bit Tag identifierCrypto authentication protocol
nC = 56-bit Car nonce
aC = 28-bit Car authenticator (keystream)
aT = 20-bit Tag authenticator (keystream)
reports on the dashboard that the immobilizer failed to a
ponder. Figure 5 shows an eavesdropped trace of a Germ
 >$8$#&$($./".$$#"./(X$/04*&(N#'-9*(

•! !$(?"&+*8$#$?(9209(92$(E0./*(P#*/#044$#(S+0#(
?"0/.*&C+(9**%V(@&$&(92$(X$/04*&(N#'-9*(
0%/*#"924(&".+$(T``Z(S:*#(9$&C./(-@#-*&$&(*.%'V(
•! !$(#$8$#&$W$./".$$#$?(92$(0%/*#"924(:#*4(92$(
:#$$%'(080"%05%$(E0./*(&*kF0#$(-0+,0/$(
5'-0&&"./("9&(*5:@&+0C*.c(
m(5@9('*@(+0.(0%&*(#$0?("9(?"#$+9%'(:#*4(92$(+0#J&(YN7(

AYN(@PRlbP`bL(20&(&"4-%'(&-*1/-',7F-&*
 N#'-90.0%'&"&(W(P#$W#$n@"&"9$&(
•! >$n@"#$&(0++$&&(9*(92$(7%/*
%&:*'D,*7%/*E,0*
•! ]?8$#&0#'(.$$?&(9*(9@#.(
92$("/."C*.(*.(9F"+$(0.?(
$08$&?#*-(9F*(9#0+$&(
Origin Message Description
Car 3 Read identi er
Transponder A9 08 4D EC Ident er id31 : : : id0
Car 5 Read user memory and lock-bits
Transponder 80 00 95 13 First user memory l1 l0 um29 : : : um0
Car F Read large user memory (EM4170)
Transponder AA AA AA AA AA AA AA AA Second user memory um93 : : : um30
Car 6 | 3F FE 1F B6 CC 51 3F | 07 | F3 55 F1 A Authentication, nC55 : : : nC0 , 07 , aC
Transponder 60 9D 6 Car authenticated successful, send back aT

Figure 5: Eavesdropped Megamos Crypto authentication using the 96-bit key 000000000000010405050905.
The structure of the secret key of the car suggests that it has an entropy of only 24 bits.
Complexity  analysis  of  the  cipher  
 E2$(X$/04*&(N#'-9*(N"-2$#(
g input h ⊕ ⊕

⊕ 0 1 2 ⊕ 3 ⊕ 4 ⊕ 5 ⊕ 6 7 8 9 101112 ⊕ 131415 ⊕ 16171819202122

0 1 2 3 4 5 6 7 8 9 101112
⊕ ⊕

j = l1 ⊕ m6

fl fm fr input

g22 ⊕
l ⊕ ⊕ ⊕ m ⊕ ⊕ ⊕ r ⊕
0 1 2 3 4 5 6 0 1 2 3 4 5 6 0 1 2 3 4 5 6

fo

output

G,7/,'*E,0*#"H,*I*AB*J"'#*
Figure 7: Schematic representation of the cipher
K&',/&%(*#'%',*#"H,*I*LM*N*OM*N*MPQ*I*RQ*J"'#***
De nition 3.8. The non-linear output lter function ned as
 X$/04*&(N#'-9*(3."C0%"60C*.(0.?(F*#,"./&(

,ZU(m(,_`(
o((
.*.+$(.+(

3.-@9( ,LZ(m(,`( `(m(`(

&`&( K( &l( &LU( &_`( &UU( C4$(

j@9-@9(
0+( 09(

nC = 56-bit Car nonce

aC = 28-bit Car authenticator (keystream)
aT = 20-bit Tag authenticator (keystream)
 N#'-90.0%'&"&(*:(X$/04*&(N#'-9*(
,ZU(m(,_`(
o((
.*.+$(.+(

3.-@9( ,LZ(m(,`( `(m(`(

&`&( K( &l( &LU( &_`( &UU( C4$(

j@9-@9(
0+( 09(

•! E0,$(92$(G#&9(0@92$.C+0C*.(9#0+$(
•! E#'"./(0%%(TU\(&909$&(&_`<(#@.."./(KU(&9$-&(?"&+0#?"./(*.(92$(*@9-@9(
%$08$&((T_K(+0.?"?09$(&909$&(
•! ]k$#(#@.."./(92$(+"-2$#(50+,F0#?&(9*(&l(F$(&C%%(208$(T_K(+0.?"?09$&(
•! >@.."./(50+,F0#?&(9*(&`(/@$&&"./(l(5"9(%$08$&(T_b(+0.?"?09$(,$'&c(
•! N2$+,(0/0".&9(0(&$+*.?(0@92$.C+0C*.(9#0+$(&"./%$&(*@9(92$(,$'c(
 Cryptanalysis  of  Megamos  Crypto  

•  Total  aOack  complexity  reduced  from  296  to  

less  than  256  encrypCons    
•  Takes  less  than  two  days  on  a  Copacobana‘05  
•  This  complexity  can  be  further  reduced  by  
precomputaCon:  
–  E.g.,  using  a  12  Terabyte  table  reduces  the  
complexity  to  249  table  lookups  
–  This  has  some  pracCcal  limitaCons  
 The EM4170 allows to set the lock-bit l0 back to z
using a PIN code pin. A valid PIN code resets the acc

P0#C0%(=$'W@-?09$(]O0+,(
conditions and enables again writing of k, pin, um
l. The PIN code has to be known or overwritten to
transponder before it is locked, otherwise an exhaus
search of the PIN code is required.

j5&$#80C*.&a( Block
0
Content
user memory
Denoted by
um0 : : : um15

(
1 user memory, lock bits um16 : : : um29 l0 l1
2 device identi cation id0 : : : id15

R@#"./(*@#(#$&$0#+2<(92$(40B*#"9'((
3 device identi cation id16 : : : id31
4 crypto key k0 : : : k15

*:(?$-%*'$?(90/&(F$(:*@.?(F$#$a(
5 crypto key k16 : : : k31
6 crypto key k32 : : : k47
k48 : : : k63
•! 7.%*+,$?(%`(q(`(SF#"905%$V(
7 crypto key
8 crypto key k64 : : : k79
9 crypto key k80 : : : k95
•! N*@%?(5$(@.%*+,$?(F"92(0(( 10 pin code pin0 : : : pin15
11 pin code pin16 : : : pin31
?$:0@%9(P3A(+*?$(( 12
13
user memory
user memory
um30 : : : um45
um46 : : : um61 read-onl
14 user memory um62 : : : um77 write-on
15 user memory um78 : : : um93 read-wri

•! (E2$(Z\W5"9(&$+#$9(,$'("&(F#"O$.(9*(92$(
Figure 4: Megamos Crypto transponder memory lay
90/(".(5%*+,&(*:(K\(5"9&(".&9$0?(*:(5$"./(
0.(09*4"+(*-$#0C*.c( 3.2 Functionality and communication
The Megamos Crypto transponder supports four
ferent operations: read, write, reset
 P0#C0%(=$'W@-?09$(]O0+,(S&"4-%$V(

````((
```L((
```T((
```K(( ;%*+,(K(
````((
Y_QT((
```K(( Kb]N(
;%*+,(T( QQUT(
;%*+,(L( ;%*+,(_(
l;TT( ;%*+,(U(
bbNZ(

`( K\( LT( _b( \_( b`( Z\(

•! i$9(*.$(0@92$.C+0C*.(0O$4-9(:#*4(92$(+0#(
•! i@$&&(K\(5"9&<(F#"9$(*.(*.$(5%*+,(92$.(0@92$.C+09$(9*(
92$(90/c(
•! 3:("9(&@++$$?&('*@(%$0#.(K\(,$'(5"9&c(
•! E2"&(#$n@"#$&(\(H(TK\(F#"9$&(0.?(0@92$.C+09$(
•! E0,$&(TUJ(-$#(5%*+,(r(TcU(2*@#&(".(9*90%<(@&"./(0(P#*H40#,(
 P0#C0%(=$'W@-?09$(]O0+,(S*-C4"6$?V(

```L((
````(( Y_QT((
;%*+,(K(
````(( Kb]N(
````((
;%*+,(T( QQUT(
;%*+,(L( l;TT(
;%*+,(_( ;%*+,(U(
bbNZ(

`( K\( LT( _b( \_( b`( Z\(

•! I04$(-#".+"-%$(5@9(*.%'(F#"9$(6$#*&(*.+$(".(92$(G#&9(5%*+,(
•! E2$.(".+#$4$.9(92$(.*.+$(0.?(0@92$.C+09$(@.C%(92$(90/(
0++$-9&(
–! 8,$,$J,/(E,0*"#*%::,:*'-*'D,*&-&7,*?@#"./("."C0%"&0C*.(
•! >$-$09(:*#(0.*92$#(9F*(5%*+,&(92$.(+*45".$(F"92(92$(
+#'-90.0%'C+(0O0+,(&$0#+2"./(:*#(92$(#$40"."./(5"9&(
•! E2"&(0O0+,(#$n@"#$&(\(F#"9$&(0.?((L(H(TK\((0@92$.C+0C*.&(
F"92(92$(90/(0.?(.$/%"/"5%$(+*4-@90C*.0%(+*4-%$H"9'(
•! E2$(F2*%$(0O0+,(90,$&(sL`(4".@9$&(@&"./(0(P#*H40#,(333(
344*5"%"6$#(R$4*(
 !$0,(,$'(0O0+,(

G-$,*"&',/,#F&)*E,0#*S,*T-;&:*

`(m(`(( ,LT(m(,Z\(
`( LT( Z\(

•! 3:(92$(,$'(&90#9&(F"92(LT(6$#*(5"9&(92$.('*@(+0.(@&$(0(
C4$W4$4*#'(9#0?$W*t(0&(".(fj$+2&%".J`Lg(
•! ;@"%?(S*.+$V(0(KcU(E$#05'9$(#0".5*F(905%$(S%$&&(920.(
*.$(F$$,(9*(5@"%?V(
•! N*4-@90C*.0%(+*4-%$H"9'(*:(TLl($.+#'-C*.&(
•! Q$F(4".@9$&(+*4-@90C*.(*.(0(%0-9*-(
ed in Figure 2). To avoid naming concrete car mod
use A; B; C : : : to represent car makes. We write nu
!$0,(,$'(0O0+,(
s X : 1; X : 2; X : 3 : : : to represent different car models
ke X . G-$,*,4,&*$-/,*"&',/,#F&)*E,0#*S,*T-;&:*

Car Secret key

A: 1 00000000d8 b3967c5a3c3b29
A: 2 00000000d9 b79d7a5b3c3b28
B: 1 0000000000 00010405050905
•! E2$&$(,$'&(0--$0#(9*(208$(09(4*&9(LT(5"9&(*:($.9#*-'(
igure 9: Recovered keys from our own cars. Besid
•! ].($H20@&C8$(&$0#+2(*.(&@+2(,$'(90,$&(*.%'(&$+*.?&((
he evident 32 leading zero bits, every second nibbl
 MiCgaCon  and  AlternaCves  
•  Car  owners  can  set  lock-­‐bit  l0  to  one,  set  a  
random  PIN.  This  prevents  our  parCal  key  
update  aOack.  
•  Set  full  entropy  keys  (locksmiths,  dealers)  
•  Vehicle  immobilizer  tags  based  on  the  Advanced  
EncrypCon  Standard  (AES)  
•  HITAG  Pro,  NXP  Semiconductors  (2007)  
•  ATA5580,  Atmel  CorporaCon  (2010)  
•  TRPWS21/TRPBS27,  Texas  Instruments  (2010)  
 Atmel  Open  Immobiliser  Protocol  Stack  
•  Atmel  CorporaCon  states  in  the  datasheets:  
“Rather  than  developing  its  own  proprietary  cryptographic  func7ons,  Atmel  selected  and  implemented  the  
128-­‐bit  AES-­‐128  global  benchmark  standard  as  its  data  encryp7on  and  decryp7on  source.  This  open  
source  standard  is  freely  available  to  Embedded
the  public   for  use  and  scru5ny.  Because  of  
AES Crypto Engine
this  it  con7nues  to  be  favored  by  industry  experts  over  private  and  proprietary  crypto  algorithms.“  
Protocols Recommended for Passive Go:
•  Key  Features   Challenge Response with Bilateral Authentication
Key Car Pull door handle

–  No  security  by  obscurity  

Wake up

Key ID Key
ID ID
memory memory memory

–  Use  of  128-­‐bits  AES   Random K Random K

–  Car  &  key  send  challenge  

AES-128 AES-128

Random C Random C

–  Open  protocol  design   AES-128 AES-128

–  Open  source  examples  

Ok, it is
the right Stop
car,
=
N
continue Y

AES-128

–  Allows  public  evaluaCon  

AES-128

= STOP Ok, it is the

N right key,
Y car & key
VALID match

Embedded AES-crypto engine 23

 Responsible  disclosure  
•  We  carefully  followed  the  official  guidelines  from  the  Dutch  
Government  [1]  
•  We  noCfied  the  chip  manufacturer  in  November  2012,  nine  
months  ahead  of  scheduled  publicaCon  at  Usenix’13.  
•  We  invested  many  days  to  inform  them  properly  
–  conference  call  
–  several  leOers  and  emails  
–  personal  meeCng    
•  We  understand  that  measures  have  been  taken  to  prevent  
our  weak-­‐key  and  parCal  key-­‐update  aOacks  in  newer  vehicles  

[1]  hOps://www.ncsc.nl/english/current-­‐topics/responsible-­‐disclosure-­‐guideline.html  
 Thanks  for  staying  around!  

Acknowledgements  
We  would  like  to  thank  the  following  colleagues  and  
friends  for  their  firm  support  (in  alphabeCcal  order)  
  Ross  Anderson   Sam  King  
  Robert  Carolina   Bas  Kortmann  
Tom  Chothia   Kenny  Paterson  
Riccardo  Focardi   Carolyn  Pike  
Dorine  Gebbink   Jon  Rowe  
Casey  Henderson   Mark  Ryan  
Bart  Jacobs   Graham  Steel