> The modern versions of these keys cannot be cloned
The persistent rumor, of course, is that this has been cracked for specific models from specific manufacturers, with the help of someone at the dealership, maybe someone who owes large amounts of drug or gambling money to local criminal syndicate types. "All" you'd need to do then is use a valid challenge response pairs off as a cryptographic oracle to brute force the challenge-response algorithm and recover the seed value computation algorithm for the key and the car. Then "all" you need to do is record a challenge-response pair from the real key talking to the vehicle, and maybe the VIN, in order to duplicate the key, in order to steal the vehicle.
If this has been been done, the algorithm and seed-value recovery technique have not been publicly shared over the Internet, so it's only a rumor that it's been done, but given how high-tech thieves are these days, I don't consider it outside the realm of possibility.
What isn't outside the realm of possibility is the Rolling-PWN attack, which can be done with a $32 device and has been demonstrated against 10 years of Honda vehicles, up to 2022.
The persistent rumor, of course, is that this has been cracked for specific models from specific manufacturers, with the help of someone at the dealership, maybe someone who owes large amounts of drug or gambling money to local criminal syndicate types. "All" you'd need to do then is use a valid challenge response pairs off as a cryptographic oracle to brute force the challenge-response algorithm and recover the seed value computation algorithm for the key and the car. Then "all" you need to do is record a challenge-response pair from the real key talking to the vehicle, and maybe the VIN, in order to duplicate the key, in order to steal the vehicle.
If this has been been done, the algorithm and seed-value recovery technique have not been publicly shared over the Internet, so it's only a rumor that it's been done, but given how high-tech thieves are these days, I don't consider it outside the realm of possibility.
What isn't outside the realm of possibility is the Rolling-PWN attack, which can be done with a $32 device and has been demonstrated against 10 years of Honda vehicles, up to 2022.
https://rollingpwn.github.io/rolling-pwn/