Development of DIY Electronic Upgrades

@Schlucki

If only it were that simple. Many people want to just "see it work"; however, I am the type of person that needs to see the whole picture.. the whole package. We bypass the engine cut off. Now what? Based on my previous discussion, this would be no different than me hopping inside the vehicle with my fob, starting it, and then going back inside (with or without locking the door). Since the brake pedal engine cutoff is no longer there, what is stopping a thief from entering the vehicle and driving off? With the brake pedal cutoff with the default system, a thief cannot do this. Sure, we can try to tap into the existing sensors to try and implement an engine kill if our system sees some funny business, but at the end of the day, since the default system doesn't know about our "add ons", a thief can easily just rewire it and bypass our attempt at security with a tiny bit of know how.

I know some people live in homes where they generally wouldn't have to worry about a thief stealing their vehicle. However, many of us, including me, do not. There is nothing stopping another tenant from just walking outside and getting into my vehicle and driving away once I go inside for a few minutes to wait for the truck to warm up.

Do you propose just leaving the security aspect out of it?

 

I am not proposing to leave the security aspect out at all.
Why not have the remote starter be controlled by a full aftermarket alarm? Something like a DEI Responder system. Then you have an armed status grounding output. Set it up so you can only remote start while the system is armed. You have it set up to die upon hitting the brake pedal only in the armed status. If someone breaks in with the vehicle running (and alarm armed since by default that is the only way to initiate the remote start process in this configuration), then the vehicle dies. Is there a reason this would not work?

 

Yes.. and that's what I am trying to convey, but probably poorly. It doesn't matter 'what' aftermarket electronics or systems that you put on the vehicle to try and secure it. 'Anything' other than something that completely replaces the stock ECU can be bypassed with a little bit of know how. I don't need an aftermarket alarm system to 'create' the electronics and protections that I can already create myself, just by tapping the same sensors and signals that such an aftermarket alarm would.

Thief breaks windows. Thief hops into car. Thief cuts the wiring to the aftermarket electronics. Aftermarket alarm has zero concept of what has happened. How does the aftermarket alarm prevent window breakage or detect that a window has been broken to kill the engine?

1. Window break sensor? Doesn't work for the windshield (different glass).
2. E field sensor (such as the whiz bang invisibeam crap?) False positives out the ying yang, doesn't work well, and doesn't work with people already in the car
3. Internal camera (IR or other)? Very complicated, expensive, and doesn't work with people already inside the vehicle

I know that people already inside the vehicle isn't a critical use case.. but its still there - that person could be sleeping or overpowered or whatever and a thief still drives off.

All I need to do to defeat the system is to gain access and cut the aftermarket electronics. The stock system 'cannot' be defeated in this way because the kill sequence is hard coded into the code of the control units. Cutting any combination of sensor wires or trying to spoof the communication will not work. The reason is that the control units will expect the system to be in a certain state. If it's not in that state, it doesn't allow you to drive the vehicle - cuts the engine. No brake pedal sensor connected? No shift lock release. This is why the only way to defeat the stock system would be to gain access to the vehicle and replace / rewire the ECU with something else. That won't be happening, because.. you know.. time.. complexity.. the fact that the new "fake" ECU won't have the proper fuel tables to run the engine correctly.. the list goes on.

How would a thief cut the wires to the aftermarket electronics you ask? I can just put them underneath the hood or create some other complicated metal box and put them there. The hood physically can't be opened because of the alarm system! There is one problem with such an approach. At the end of the day, I don't care where you put your electronics. There will need to be at least one wire coming into the cabin of the vehicle that taps a sensor in that cabin - for example the brake pedal sensor. Find that wire. System defeated, mission accomplished.

The only way that it 'might' be possible or make it harder is if you replaced parts of the wiring harness. This would completely kill the 'ease of use' aspect of installing such a remote start. Even then, a thief could just re splice the wires.

Believe me, I have spent weeks on running through scenarios of how add on electronics / security can be defeated - if this then that. I could fill ten pages with an analysis, but this is me being "brief". Am I looking for a perfect alarm system that can cover all of my scenarios? Maybe. Is that realistic? That's what I am trying to determine. The fact of the matter still stands though! The "perfect" catch all system right now is the engine kill via brake pedal with the stock system. It can't be defeated. Are you willing to have a remote start that works correctly but compromises on the security aspect? Give me an alarm system off the shelf, and I will tell you how I can defeat it and how the stock system can't be defeated. Will it be hard to defeat the aftermarket alarm system? Sure. However, the stock system can't be defeated in a security sense.

So here is the TLDR:
Are you willing to have a remote start that works correctly but give up some security for it?



There are only two relatively cheap and not super complicated mechanisms to have the same security as the stock system but also gain a correct remote start:

The first is trying out what I suggested in my previous post. Is it possible to put the vehicle into a state that is not covered by the stock system? Force the shifter into drive without the ECU knowing about the brake being pressed. Will the ECU shut off the engine once the brake sensor is reconnected? Or will it realize that killing the engine in drive is a safety hazard?

The second is to somehow come up with a foolproof method of detecting tampering of the add on electronics. After looking at myriads of sensors and cameras and solutions, I have come up short. There is only one thing that I can think of that 'could' be fairly cheap, not 'overly' complicated, and maintain the ease of use. Microchip sells a gesture IC that works similar to an e-field sensor. Basically its able to detect skin inside the created e-field regardless of obstruction (gloves, metal, wood, etc.). What I can think of doing is strategically installing these sensors around the sensitive wiring of the add on electronics. If a hand or body part comes into close proximity of the field, it just kills the engine flat. But doesn't the invisibeam alarm already do that? That sensor creates one large, non configurable field which does not work very well for any of the edge cases - false alarms, etc.. The gesture IC on the other hand, from what I know of it, can be tuned for the range and also the generated fields will be 'much' more granular.

Imagine a giant bubble around your vehicle. If anything enters that bubble, regardless of context, the engine shuts off. This means people walking next to your vehicle, touching your vehicle, etc. etc. Lots of false positives. You would not be able to enter the vehicle without a detection. This is the invisibeam sensor.

Now imagine smaller bubbles around certain parts of your electronic components like the brake pedal sensor or the push to start module. You can enter the vehicle without the vehicle shutting off, but if you swipe your hands or feet below the dash near the brake pedal, the engine shuts off. Why would you need to do that anyways unless you were a thief trying to bugger the electronics? The key point here is that you would get in the vehicle and keep your feet on the floor instead of near the brake pedal. Once you do an NFC swipe with your phone to the system to disarm it, pressing the brake won't kill the engine and you are good to drive.

 

Didn't read whole thread so if this concept has been discussed, I'm sorry.
Leave stock remote start security intact. Start the vehicle and let it warm or cool. As you approach the vehicle, either press a button or use RFID tech to defeat the engine off function.

 

If that was possible, it would have been done by somebody already. There is no way to defeat the engine off function by jamming after the vehicle has been remote started. The control electronics in the vehicle have a direct line to the brake pedal sensor. Once they see that the brake is actuated, they kill the engine. Jamming or spoofing this signal does no good, because the control electronics have to physically see the brake pedal depressed, otherwise it won't let you shift either (shift lock). Its a catch 22. You must press the brake in order to electronically release the shift lock to shift; however, if you do, it kills the engine