Author Topic: Concours 14 Passive FOB replacement from locksmith  (Read 20075 times)

Offline jwh20

  • Full Member
  • ***
  • Posts: 364
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #20 on: October 28, 2018, 05:37:52 PM »
I didn't say the FOB is constantly broadcasting.  In fact I said the opposite.

Offline Gabriel

  • Full Member
  • ***
  • Posts: 105
  • Country: 00
  • Near Galveston
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #21 on: October 28, 2018, 06:10:07 PM »
I have faith in this locksmith, he processed that passive key first time with no mistakes.
One of his readers suggested a key that he said was expensive so he used another reader to get an alternative which is what I have.
He did not say definitively that he could clone my active fob, he just said he did not see why not.
I think getting a suitable fob for this is why he wanted a few days.
One thing he was clear about and that is there is nothing special about this fob, he said it was dated technology.
This shop has been in the same place for 25 years catering to an upscale client area (NASA) so I'm sure he has seen it all.
I think he said he paid 7K just for the software to do this and gets updates often.
I don't know one way or the other but the two previous locksmiths said if he can't do it it can't be done...

It would be nice to have a spare fob for under 100 bucks! I wish whoever it was at Kawasaki that approved this system would wake up in the morning with every lost FOB up his back side...

Offline just gone

  • Sr. Member
  • ****
  • Posts: 1655
  • Country: us
  • COG#9712 '10 ABS
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #22 on: October 28, 2018, 06:43:31 PM »
I didn't say the FOB is constantly broadcasting.  In fact I said the opposite.

Yeah I know, I was agreeing with you. In the first part I was referring to MOB but I was typing while you were posting so I thought in my "edit" I was making it clearer...guess not.  :(

Offline MAN OF BLUES

  • Arena
  • Sr. Member
  • ****
  • Posts: 2898
  • Country: 00
  • WHISKEY.Tango.Foxtrot.
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #23 on: October 28, 2018, 06:57:46 PM »
 :popcorn: :popcorn: :cool:
is it broadcasting after a signal invokes it, or isn't it...

the handheld reciever is a hammer simplistic tool for saying one way or another..
if a tree falls in the forest, and no body hears it, it still made a sound...

https://www.elprocus.com/different-types-of-modulation-techniques-in-communication-systems/


46 YEARS OF KAW.....  47 years of DEVO..

Offline VirginiaJim

  • Administrator
  • Elite Member
  • *****
  • Posts: 11333
  • Country: england
  • I've forgotten more than I'll ever know...
    • Kawasaki 1400GTR
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #24 on: October 29, 2018, 04:48:48 AM »
Just thinking out loud here.....  Let's not 'stifle' someone because they are willing to experiment with the bike against all odds.  Let's give the OP a chance to see what his locksmith can do.  I'm interested in this from a purely scientific viewpoint and I'm not going to lock this thread.  I'll just start removing posts and that won't make me happy at all.
"LOCTITE®"  The original thread locker...  #11  2020 Indian Roadmaster, ABS, Cruise control, heated grips and seats/w/AC 46 Monitoring with cutting edge technology U.N.I.T is Back! Member in good standing with the Knights of MEH.

Offline Gabriel

  • Full Member
  • ***
  • Posts: 105
  • Country: 00
  • Near Galveston
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #25 on: October 29, 2018, 05:20:39 AM »
Just thinking out loud here.....  Let's not 'stifle' someone because they are willing to experiment with the bike against all odds.  Let's give the OP a chance to see what his locksmith can do.  I'm interested in this from a purely scientific viewpoint and I'm not going to lock this thread.  I'll just start removing posts and that won't make me happy at all.

Good, because I will post back here everything (in detail) that I find. I think this is a very important topic for all of us for all the reasons we already know.

Offline PH14

  • Sr. Member
  • ****
  • Posts: 1254
  • Country: 00
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #26 on: October 29, 2018, 10:27:31 AM »
yep... that works....


Oh, passive chip works, but if you loose the Active fob, that has the chip for the passive immobilizer, it doesn't matter if the battery is in or out... because it was LOST.......

http://youtu.be/QWLBtMz5OuY

 :rotflmao:  Of course, but you can send the fob in and have it cloned. I did read everything, but just happened to key on the assertion that an active fob can't be cloned, still naively dreaming we were still on topic, and forgetting it strayed into area 51 territory . I was commenting based on the fact the fob can be used to clone a new passive chip. I see that you were commenting on the paranoia regarding someone cloning the fob somewhere out in the open for nefarious reason. Carry on.

Offline B.D.F.

  • Hero Member
  • *****
  • Posts: 4955
  • Country: 00
  • It's only really cold if you fall down in it.
    • C-14 farkles you almost cannot ride without.
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #27 on: October 29, 2018, 11:33:16 AM »
Right Marty, the fob does not continuously broadcast. It only sends out a signal when it receives a signal from the KiPass ECU on the bike. This occurs when the main ignition switch is pressed down and then at a couple (maybe three?) distinct times during the ride: when the bike passes 20 kph in speed, when the bike is shifted into 6th and there may be one more time. Continuous broadcasting by the fob would quickly kill the battery and make it a useless system. As an aside, this is why the KiPass ECU does not 'know' if or when the fob was lost BTW.

As to cloning the RF fob, no reason why that cannot be done- provided the encryption does not get in the way. But as far as what the OP laid out, that can be done. It would take some RF equipment and then signal analysis but both are far more available today, at reasonable prices, than back in, say, the '80's. It would have to work like this: Cloning machine sends out a 'ping' for the fob. The fob responds with its code. Cloning machine reads said code and then programs a similar (but not same brand) RF device to duplicate the same code the fob sent out in the first place. In fact, not only is it possible, it is quite likely such 'cloning' machines are showing up these days with so many remote authorization devices in use world- wide.

The only fall- down to the process would be as I already mentioned, the built in encryption system (Mitsubishi's MISTY in our case). The most simple method of doing this is with a simple algorithm in both units (KiPass ECU and fob): so as a very simple example, the ECU sends out the number 6. The fob gets this number and puts it through the algorithm, which might be to square the original number, then divide by three, then multiply it by 7 and add 32 and subtract 14. Very simple stuff- until one is on the outside, looking in and trying to reverse engineer that algorithm.

Brian

Do you have a documented source (document title with page numbers etc.) for this info???

I find it hard to believe that the fob is constantly ("continually") broadcasting. I've heard this several times from different posts going back to the days where someone said that if you keep your FOB on the bike you need to wrap it up in aluminum foil etc.....I left my FOB on the bike without foil or battery life effect for months. I just don't think it does that, (either thing: continually broadcasts; or run down it's coin battery if left near the bike.) but I'll believe it if a Kawasaki or Mitsubishi document says so.

edit: Ok I was typing slower than you, but I'm in agreement. However, MOB types it with such authority ...that I was hoping he had some documentation to back it up.
Homo Sapiens Sapiens and just a tad of Neanderthal but it usually does not show....  My Private mail is blocked; it is not you, it is me, just like that dating partner said all those years ago. Please send an e-mail if you want to contact me privately.

KiPass keeping you up at night? Fuel gauge warning burning your retinas? Get unlimited peace and harmony here: www.incontrolne.com

Offline just gone

  • Sr. Member
  • ****
  • Posts: 1655
  • Country: us
  • COG#9712 '10 ABS
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #28 on: October 29, 2018, 01:26:43 PM »
:popcorn: :popcorn: :cool:
is it broadcasting after a signal invokes it, or isn't it...

the handheld reciever is a hammer simplistic tool for saying one way or another..
if a tree falls in the forest, and no body hears it, it still made a sound...
https://www.elprocus.com/different-types-of-modulation-techniques-in-communication-systems/

So no official documentation then, just typing out the a.. -->
.....even tho it's (the fob) continually broadcasting.
-------------------------------------------------------------
***************************************
The only fall- down to the process would be as I already mentioned, the built in encryption system (Mitsubishi's MISTY in our case). The most simple method of doing this is with a simple algorithm in both units (KiPass ECU and fob): so as a very simple example, the ECU sends out the number 6. The fob gets this number and puts it through the algorithm, which might be to square the original number, then divide by three, then multiply it by 7 and add 32 and subtract 14. Very simple stuff- until one is on the outside, looking in and trying to reverse engineer that algorithm.

As nice as it would be as a legal owner to be able to get an active FOB at a more reasonable price, I truly hope that an encryption algorithm is involved so that my bike if stolen just becomes a bunch of spare parts for sale and not a viable cheap vehicle for someone else. I know, they would have to follow me as I went through 20 kph, or be nearby with a code interceptor when I started the bike to catch the signal and then have access to the bike to steal it. Still, it would be reassuring to know that even then it couldn't be done. Now these bikes are getting cheaper, but in 25 years my son is going to have a classic on his hands and the value will be much higher than it is now, and I want him to still have an almost un-steal-able bike. (last sentence was tongue in cheek wishful thinking)

Offline B.D.F.

  • Hero Member
  • *****
  • Posts: 4955
  • Country: 00
  • It's only really cold if you fall down in it.
    • C-14 farkles you almost cannot ride without.
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #29 on: October 29, 2018, 02:27:14 PM »
That would the the downfall of the cloning idea Marty. The example I gave you was far too simple to even be considered of use; in practice, usually part of the algorithm is transmitted along with the code that very algorithm, as part of the larger algorithm built into the devices, making the difficulty of reverse engineering any working system basically impossible. It has been stated that to break modern digital codes would take a supercomputer approximately one year per bit of encryption and MISTY uses either 128 or 140 bit encryption (I cannot remember which). Just my opinion but I think your son's inheritance is very safe..... provided YOU do not mash it in any way having nothing whatsoever to do with KiPass. :-)

As far as theft goes, I do not see how being able to clone an RF fob really makes that any easier. If someone were going to steal and then clone your fob, why not just skip the cloning and use the OEM fob to steal the bike?

As to picking up the transmitted code from a fob on your person, I just do not see how that is even remotely likely, if even possible. Surely you would notice someone standing w/in 5 feet of you, holding a suitcase with a whip antenna on it before you started the bike, right? And as far as following you and picking up the code, again, if ANYTHING was w/in 5 feet of you while riding, I suspect collision would be the far bigger worry.

But the person who brought this up was polite, not arrogant or dismissive of the system or anything else so I try to respond in kind by not attacking or belittling him (her?) and instead just waiting to see what s/he comes back with once s/he has more information. Not sure just when, but this thread did take an unscheduled turn into Obnoxiousville somehow.....

Brian


<snip>

As nice as it would be as a legal owner to be able to get an active FOB at a more reasonable price, I truly hope that an encryption algorithm is involved so that my bike if stolen just becomes a bunch of spare parts for sale and not a viable cheap vehicle for someone else. I know, they would have to follow me as I went through 20 kph, or be nearby with a code interceptor when I started the bike to catch the signal and then have access to the bike to steal it. Still, it would be reassuring to know that even then it couldn't be done. Now these bikes are getting cheaper, but in 25 years my son is going to have a classic on his hands and the value will be much higher than it is now, and I want him to still have an almost un-steal-able bike. (last sentence was tongue in cheek wishful thinking)
Homo Sapiens Sapiens and just a tad of Neanderthal but it usually does not show....  My Private mail is blocked; it is not you, it is me, just like that dating partner said all those years ago. Please send an e-mail if you want to contact me privately.

KiPass keeping you up at night? Fuel gauge warning burning your retinas? Get unlimited peace and harmony here: www.incontrolne.com

Offline MAN OF BLUES

  • Arena
  • Sr. Member
  • ****
  • Posts: 2898
  • Country: 00
  • WHISKEY.Tango.Foxtrot.
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #30 on: October 29, 2018, 03:38:55 PM »
So no official documentation then, just typing out the a.. --> -------------------------------------------------------------


I think you missed the tongue in cheek aimed remark I made about "continuous broadcasting" that was made as a response to Gabe's locksmith's description..
and took it as "my words"... which was not my intent,
Well this is true that the control unit has to programed to the fob which means if you can duplicate the fob it's a home run.
This locksmith tells me that these devices do not communicate back and forth, that the fob sends a signal that the control unit can relate to. (ad-libbed)
I will find out for sure
If you felt any of what I said was "talking out my butt", so be it.
I do have a bit of desire to see what transpires, and didn't mean to be obnoxious about it... so apologies for any humor injections.
I also know a bit about the system, which is why is exactly why I asked about the "ping" when using the Passive chip part of the FOB..held next to the switch..and the key is pressed...
I also find the "ping", which I call a "query" signal, probably would not be the same as a "programming protocol" type, which could be possibly used for re-programming the code within an Active FOB.

46 YEARS OF KAW.....  47 years of DEVO..

Offline jwh20

  • Full Member
  • ***
  • Posts: 364
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #31 on: October 29, 2018, 04:03:04 PM »
As with all robust cryptographic methods, knowing the algorithm, in this case MISTY, does you no good.  In fact here is a document with the details:

https://tools.ietf.org/html/rfc2994

BTW, MISTY-1 was cracked in 2015:

https://eprint.iacr.org/2015/746.pdf

So have at it!

But the thing that keeps it secure is the "secret".  In our case the secret, as I mentioned earlier, is the FOB ID.  That is NOT on the FOB itself, it is NOT shown in the KDS3 system.

Offline MAN OF BLUES

  • Arena
  • Sr. Member
  • ****
  • Posts: 2898
  • Country: 00
  • WHISKEY.Tango.Foxtrot.
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #32 on: October 29, 2018, 05:29:31 PM »
As with all robust cryptographic methods, knowing the algorithm, in this case MISTY, does you no good.  In fact here is a document with the details:

https://tools.ietf.org/html/rfc2994

BTW, MISTY-1 was cracked in 2015:

https://eprint.iacr.org/2015/746.pdf

So have at it!

But the thing that keeps it secure is the "secret".  In our case the secret, as I mentioned earlier, is the FOB ID.  That is NOT on the FOB itself, it is NOT shown in the KDS3 system.

ouch...
trying to read the Misty stuff had me thinking the room was spinning... and then caused extreme pain
now...


 :rotflmao: :rotflmao: :rotflmao: :yikes:

46 YEARS OF KAW.....  47 years of DEVO..

Offline just gone

  • Sr. Member
  • ****
  • Posts: 1655
  • Country: us
  • COG#9712 '10 ABS
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #33 on: October 30, 2018, 11:02:41 AM »
I think you missed the tongue in cheek aimed remark I made about "continuous broadcasting" that was made as a response to Gabe's locksmith's description..
and took it as "my words"... which was not my intent, If you felt any of what I said was "talking out my butt", so be it.

Well OK, I guess I'm just to stupid to tell when you tongue is in your cheek or when you're typing from somewhere deep and scary. I couldn't find anywhere Gab said his locksmith said it was "continuously broadcasting" but then maybe I don't read so well. So....just disregard what I said earlier because it was all tongue in cheek too.  :-\

Good luck Gab', and let us know how it goes.

Offline Summit670

  • Full Member
  • ***
  • Posts: 482
  • Country: us
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #34 on: October 30, 2018, 05:30:27 PM »
I sold my c10 last year.   Been riding a Yamaha Raider for 5 years or so but still like the c14 and may get one at some point so I ck these forums often so I dont get too far out of touch.

I say great to the guy and locksmith for trying to figure something out. 

Arctic Cat M8 163 rules

Sleds, Dirt Bikes, ATV's, Street Bikes, Mountain Bikes.  Heck, I guess if it has handlebars I'll give it a try.

Offline zrx mitch

  • Jr. Member
  • **
  • Posts: 78
  • Country: us
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #35 on: October 30, 2018, 06:52:26 PM »
Let us know how this goes, I need a reason to go across town.
IBA #18591

Offline Gabriel

  • Full Member
  • ***
  • Posts: 105
  • Country: 00
  • Near Galveston
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #36 on: October 30, 2018, 07:07:14 PM »
I will call him on Friday, that gives him a week...

Offline Gabriel

  • Full Member
  • ***
  • Posts: 105
  • Country: 00
  • Near Galveston
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #37 on: November 02, 2018, 01:32:19 PM »
I called the locksmith and he has not heard back from his sources, I told him I will call again on Tuesday

Offline Locksmith

  • Jr. Member
  • **
  • Posts: 38
  • Country: 00
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #38 on: November 05, 2018, 06:17:18 PM »
I decided to give it a shot making a key for my 2018 C14.  I am a locksmith and have been for 37 years.  Stopped doing automotive stuff long ago, so I had to have the young guys help me out.

I read my passive fob with the key reader.  It told me to use a TPX5 glass chip.  We wrote the chip and it works exactly like my passive fob.  Then I ordered a JMA TPOOKAW-9.P1 key blank without transponder chip.  My bike uses a "B" key.  I cut the key from my existing passive fob and inserted the chip.

I now have a key that operates my bags and gas cap and will also start the bike with the stove knob.  It will not replace the stove knob as the bike's antenna isn't big enough to read the chip that far away.

I took a picture of all the bits and pieces.  If anyone wants to post it up, send me a PM with your email address and I'll forward it to you.

Offline route66tc

  • Jr. Member
  • **
  • Posts: 56
Re: Concours 14 Passive FOB replacement from locksmith
« Reply #39 on: November 06, 2018, 05:29:16 PM »
Here's the pic.