Infiniti Q50 Forum banner
1 - 20 of 24 Posts

·
Registered
Joined
·
32 Posts
Discussion Starter · #1 · (Edited)
So, I just finished cleaning out my IT closet and dug out an Arduino that I've used to reflash a semi-dead CMOS chip a couple of years ago. I stared at it for a minute, googled some and thought to myself - with the increasing rate of Q50's being stolen (especially in my area), wouldn't it be nice to collectively build a solution that could possibly prevent theft?

Wheel Tire Vehicle Car Land vehicle


We're not reinventing the wheel again, the solutions (code) are all out there already; we just need to tweak it for our application.

I liked the RFID method. It's done by implementing a reader that can control a relay (fuel pump or starter), so when you're getting in the car, you don't necessarily need to scan your tag. There are different kinds with different range, so it should pick up the signal and let you start the car. Say, your car gets stolen somehow anyway, we can include a GPS module that will send you the location to your telegram message via a bot that you can view on google maps.

The possibilities are endless, we are limited by our creativity and by the amount we want to spend.

I already have my Arduino, just need to brainstorm the idea and figure out the parts list and integration preferably without cutting any wires.

Passive circuit component Circuit component Electronic instrument Hardware programmer Electronic component


Any interest on this?
 

·
Registered
Joined
·
6,778 Posts
Hmmm I'd just install a toggle switch and tap the fuel pump if all one's goal is theft prevention, now if you just want to brainstorm a few different ideas I'm sure there are a few gaps the community would love to see. @nickdaria was working on getting some of the 2G connectivity working that was lost when the carrier was turned off if I'm not mistaken. But I'm a bit of a tech minimalist when it comes to my car, which is admittedly pretty odd for someone who also works in the IT sector. lol
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #3 ·
I don't really trust toggle switches anymore. That just adds something for me to think about and do each time I get in and out. These dudes are able to jack your car within a few minutes and that includes replacing the bcm; they just come with their keys and take your car like it's theirs. You can even buy a "jack a q50 kit" on ebay, here's one example - 2014-2016 OEM INFINITI Q50 3.5 HYBRID ECU BCM FOB KEY SET ENGINE COMPUTER 68k | eBay

The same method was used to steal my neighbor's 370z. When the car was recovered, his keys no longer worked. These dudes are really that quick...

That said, toggle switches do work if someone wants to add toggling to their routine, but I would imagine those who steal are well aware of these and do look for them in common places. That's why I'd like to do something a little more advanced. With RFID tags, you don't even have to do anything, and I like the idea of integrating it somewhere and make it look OEMish; they won't ever figure it out and most likely give up within seconds.

I do see that there are some "ready to go" solutions on eBay and Amazon; but they are no brand name, so I don't really trust them.
 

·
Registered
Joined
·
1,397 Posts
I can help with this. I have a CAN integrated module that will give you more access than ever. Could easily integrate a starter motor relay (much safer than fuel pump since a failed relay could cause loss of power on the road) into one of its outputs.

As for inputs, I would just use something a little less obtrusive. These cars don't get stolen much, and when they do it's because of proximity relay attacks.

I would personally just make a CAN based rule that requires the parking brake to be engaged and transmission to be in neutral to start (enable starter relay). This means you can quickly and easily start your car, but no thief is going to understand why your car isn't cranking and they certainly won't troubleshoot for a couple minutes. You could also add an exception so that it is bypassed with remote start - which can not be emulated by a proximity attack.

Alternatively, you could just toggle the starter enable relay via the SOS button on the roof since my module takes that over. As with the previous idea - it's not obnoxious however no thief will guess it.
 

·
Registered
Joined
·
6,778 Posts
Aye it's not a perfect solution but no system is, each will have pros and con's but at the end of the day its about how much time/money people want to put into it. Do most thieves want to spend the extra time trying to locate a kill switch in a car while in the act of stealing it? Probably not, most are likely to try for a few minutes then give up and look for easier prey and not risk getting caught.

RFID also has some issues, you need to carry another key of some kind to authenticate, they have higher upkeep and most importantly they broadcasts for about 100M and aren't encrypted. So anyone with an RFID reader would be able to collect it as its being broadcast, which car thieves already do by setting up collector stations in neighborhoods to steal Key Fobs (which also operate on RFID) and bypass the method they used to steal you're neighbors Z (Relay attack). Granted not all cars are vulnerable to that particular exploit.

As you said making something look OEM is a good way to hide something in place sight , you could pretty easily disguise a fuel cut-off as a blank button near the Traction control button or even replace the snow-mode switch in the Q50 and none would be the wiser.

Fixture Electric blue Rectangle Auto part Automotive exterior


End of the day though these are luxury cars, with owners in nicer neighborhoods and usually get parked in garages so I think an RFID tag system is over kill, even if my inner nerd thinks its a cool idea.
 

·
Registered
Joined
·
1,397 Posts
Anything that stops a thief for 45 seconds is suffice. Most of them look for quick and easy targets and want to avoid being seen.

That's why I believe you need to first determine if this is necessary, and if it is - implement a simple barrier.

Realistically, your car is just going to get broken into for whatever is inside. Thieves stealing cars aren't looking for Infinitis. They want domestics (Dodge) and BMWs.
 

·
Registered
Joined
·
1,185 Posts
On my Chevelle, have a removable relay for the starter. Unless they have one on their person or have time/know how to jump it and can find it, good luck. Something similar could be done with the fuel pump (especially if you were to install an aftermarket one to let it get full voltage)...Little more of a PITA but a good method if you are really worried.
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #8 ·
I have a CAN integrated module that will give you more access than ever.
I like this idea. I don't have the SOS button but I'd imagine any sequence of any buttons could be used to trigger the scenario.

These cars don't get stolen much, and when they do it's because of proximity relay attacks.
I wish this was the case for my area. Where I'm from (without revealing my location) it's a number one hood rat mobile (not just Q's, all other Infiniti's, Altima's, etc.). These low lifes used to amplify the signal to perform the relay attack and some of them were caught on Ring doorbell videos, so now they've moved on to just replacing the BCM and leaving with their own key. The whole procedure can be done in a just a minute or two, especially if they enter through the sunroof.

Either way it goes, I am interested in an additional authentication method here with Arduino or without. If we avoid using anything extra, even better.

RFID also has some issues, you need to carry another key of some kind to authenticate, they have higher upkeep and most importantly they broadcasts for about 100M and aren't encrypted.
There are low frequency RFID tags (not gonna go in details) and thus come with decreased range, which is still more than we need but as for RFID being unsecure, then we sure can just go straight to NFC, which is more secure with way less of a range. I believe the RFID module also reads NFC tags but I need to verify that. The difference here is that you would have to find a place to mount the reader and physically touch the tag to authenticate with NFC by its serial number for example. With RFID you wouldn't have to worry about that due to again the greater range. If you place the reader somewhere around the cup holder, then you just slip your wallet in there and start the car. I'd def authenticate with one of my credit cards because it's always with me and my wallet is always in the cup holder. There are a gazzilion ways of going about it.

So anyone with an RFID reader would be able to collect it as its being broadcast, which car thieves already do by setting up collector stations in neighborhoods to steal Key Fobs (which also operate on RFID) and bypass the method they used to steal you're neighbors Z (Relay attack)
That's true but the hood rats we are dealing with are not THAT smart. As mentioned earlier, they show up with their own BCM and keys which you can either buy on eBay (or probably get it cheaper from salvage yards) and be on your way. My neighbor's Z was stolen with a BCM/key from another Z. This is more of a physical method than anything else and in my books it could be prevented if an additional authentication method was implemented.

End of the day though these are luxury cars, with owners in nicer neighborhoods and usually get parked in garages so I think an RFID tag system is over kill, even if my inner nerd thinks its a cool idea.
RFID or anything additional is def not for everyone. A base Q50 is not all expensive and I see all kinds of people driving them. There are a lot of people owning them who live in various apartment complexes, which is where the one above was stolen from. That person hadn't even received the perm tags before someone jacked it...
 

·
Registered
Joined
·
6,778 Posts
I wish this was the case for my area. Where I'm from (without revealing my location) it's a number one hood rat mobile (not just Q's, all other Infiniti's, Altima's, etc.). These low lifes used to amplify the signal to perform the relay attack and some of them were caught on Ring doorbell videos, so now they've moved on to just replacing the BCM and leaving with their own key. The whole procedure can be done in a just a minute or two, especially if they enter through the sunroof.


There are low frequency RFID tags (not gonna go in details) and thus come with decreased range, which is still more than we need but as for RFID being unsecure, then we sure can just go straight to NFC, which is more secure with way less of a range. I believe the RFID module also reads NFC tags but I need to verify that. The difference here is that you would have to find a place to mount the reader and physically touch the tag to authenticate with NFC by its serial number for example. With RFID you wouldn't have to worry about that due to again the greater range. If you place the reader somewhere around the cup holder, then you just slip your wallet in there and start the car. I'd def authenticate with one of my credit cards because it's always with me and my wallet is always in the cup holder. There are a gazzilion ways of going about it.

That's true but the hood rats we are dealing with are not THAT smart. As mentioned earlier, they show up with their own BCM and keys which you can either buy on eBay (or probably get it cheaper from salvage yards) and be on your way. My neighbor's Z was stolen with a BCM/key from another Z. This is more of a physical method than anything else and in my books it could be prevented if an additional authentication method was implemented.


RFID or anything additional is def not for everyone. A base Q50 is not all expensive and I see all kinds of people driving them. There are a lot of people owning them who live in various apartment complexes, which is where the one above was stolen from. That person hadn't even received the perm tags before someone jacked it...
Man that's crazy always hear about these stories but its another thing to see it in action.

But yeah a low output RFID tag would be a good alternative if you don't go the NFC route, they use a similar setup for the Door sensors and Trunk Lid for our cars so long as its not actively broadcasting it's a pretty good compromise. I'm a bit rusty with NFC but I recall its classified as a Hight frequency radio signal so with the correct RFID scanner yeah it can probably pick up NFC tags.

The effective range of NFC is actually about 1ft so you could potentially place it in the center console or under a cupholder, but yeah they typically operate much better a few cm's away. I have my phone sitting in my cup-holder plugged into a USB cable when I get in my car so its how I'd do it myself, a credit card of wallet isn't a bad idea either.

But I agree any type of secondary authentication method would be a good road block for any would be thieves.
 

·
Administrator
Newport, Oregon
Joined
·
17,718 Posts
Man that's crazy always hear about these stories but its another thing to see it in action.

But yeah a low output RFID tag would be a good alternative if you don't go the NFC route, they use a similar setup for the Door sensors and Trunk Lid for our cars so long as its not actively broadcasting it's a pretty good compromise. I'm a bit rusty with NFC but I recall its classified as a Hight frequency radio signal so with the correct RFID scanner yeah it can probably pick up NFC tags.

The effective range of NFC is actually about 1ft so you could potentially place it in the center console or under a cupholder, but yeah they typically operate much better a few cm's away. I have my phone sitting in my cup-holder plugged into a USB cable when I get in my car so its how I'd do it myself, a credit card of wallet isn't a bad idea either.

But I agree any type of secondary authentication method would be a good road block for any would be thieves.
My Sprint Booster is a lot harder to get at than the BCM so I feel fairly confident when it's on Pedal Lock that even if someone gets the car started by either proximity relay or BCM replacement, it will only idle and not respond to pedal input.
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #11 ·
My Sprint Booster is a lot harder to get at than the BCM so I feel fairly confident when it's on Pedal Lock that even if someone gets the car started by either proximity relay or BCM replacement, it will only idle and not respond to pedal input.
Interesting. How much was it?

Sent from my Pixel 6a using Tapatalk
 

·
Registered
Joined
·
1,397 Posts
Yeah do a tune/pedal commander/simple starter relay based theft prevention device. No need to reinvent the wheel.

However the attack you are describing has a simpler fix. It involves using a device to amplify your key fobs signal so the car thinks the key is there.

Easy solution is to keep your keys in a faraday cage which blocks any signal from your key exiting the box. Then, it's impossible to do this relay attack and any thief will just move on to the next car. You can get cheap box ones on Amazon or other styles like bags. You can also literally wrap your keys in tin foil.

Try it. If your keys are wrapped in tin foil, you can't get into your Q even standing next to it. Can't amplify nothing.
 

·
Administrator
Newport, Oregon
Joined
·
17,718 Posts
Interesting. How much was it?

Sent from my Pixel 6a using Tapatalk
If you have a motorized accelerator pedal with a 12-pin connector, you're limited to Sprint Booster to the best of my knowledge. If you don't, then you have a 6-pin connector and more options.

Sprint Booster - Currently $232 during cyber sale. Regularly $289.

Hike It - $159 - $229 depending on features.
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #14 ·
Yeah do a tune/pedal commander/simple starter relay based theft prevention device. No need to reinvent the wheel.

However the attack you are describing has a simpler fix. It involves using a device to amplify your key fobs signal so the car thinks the key is there.

Easy solution is to keep your keys in a faraday cage which blocks any signal from your key exiting the box. Then, it's impossible to do this relay attack and any thief will just move on to the next car. You can get cheap box ones on Amazon or other styles like bags. You can also literally wrap your keys in tin foil.

Try it. If your keys are wrapped in tin foil, you can't get into your Q even standing next to it. Can't amplify nothing.
I just spoke with my neighbor and he said he always kept his fobs in a signal blocking pouch. Clearly that didn't work. I believe that's the primary reason why the thieves opted for a physical method of replacing the bcm.

I'm just trying to use what I have and I know it's possible to build a simple and effective solution based on Arduino under $30.

I'm ordering the rest of the components soon and will get to it ASAP unless you want to share your methods using CAN and everything it takes.

Sent from my Pixel 6a using Tapatalk
 

·
Administrator
Newport, Oregon
Joined
·
17,718 Posts
If you have a motorized accelerator pedal with a 12-pin connector, you're limited to Sprint Booster to the best of my knowledge. If you don't, then you have a 6-pin connector and more options.

Sprint Booster - Currently $232 during cyber sale. Regularly $289.

Hike It - $159 - $229 depending on features.
Both pedal controllers have anti-theft, pedal lock features that only allow the engine to idle if engaged and the car started.
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #17 · (Edited)
Those are great questions that I wouldn't have an answer to as I never tried anything like this. I don't see a reason why it would not start though. You just plug it in and off you go.

There's probably a check engine light with some code about mismatched modules/different vin numbers but if they're able to start the car and leave, that's enough for me to conclude that Nissan failed to implement a safety mechanism to prevent possible theft on a supposedly luxury car. Oh wait, they probably thought that nobody's gonna steal a luxury car anyway lol.

All one has to do is spend $180 bucks and you've got yourself a kit to steal someone's car. I don't see another use for something like this. Even if you lost all your keys, would you really go down this route? I wouldn't. A new key is 60 dollars and under 100 to pair it to your car.

Font Machine Advertising Motor vehicle


Sent from my Pixel 6a using Tapatalk
 

·
Administrator
Newport, Oregon
Joined
·
17,718 Posts
IIRC the Q50 requires programming for a BCM replacement does it not?

Also how do they enter the car without setting off the alarm for a BCM replacement?
The BCM configuration settings:

Font Number Parallel Symmetry Document


I don't see any setting that would prevent the car from starting if the BCM is mismatched to the car. There will probably be a few warning lights though.
 

·
Registered
Joined
·
32 Posts
Discussion Starter · #19 ·
Both pedal controllers have anti-theft, pedal lock features that only allow the engine to idle if engaged and the car started.
How about something like this?


I like that there's no display and I can definitely hide it under there and be able to switch settings from my phone. I don't know about the anti theft mode though, I'll email them.

Sent from my Pixel 6a using Tapatalk
 

·
Registered
Joined
·
1,397 Posts
The BCM configuration settings:

View attachment 112503

I don't see any setting that would prevent the car from starting if the BCM is mismatched to the car. There will probably be a few warning lights though.
I assumed there would be ECM programming to pair the BCM but maybe there isn't.
 
1 - 20 of 24 Posts
Top