Heat treatment is a dark art. What works for one heat treater may not work for the other. Also, heat treaters are somewhat reluctant to share their secret sauce with customers.
General hardening is no problem. The challenge is when a company needs a very specific hardness. There is a fair amount of trial and error with the heat treater (at least at first) before they get it right.
As the previous comment says, there's a requirement to eavesdrop on at least one successful authentication.
My guess is that they're then doing the brute-forcing "offline", not against the vehicle's system. If you know the algorithm and the keysize, and you can see one successful authentication, you could ship the work of workig out which key replicates the authentication you just saw off to AWS or custom hardware (I wonder how readily Bitcoin mining ASICs can be tweaked to attack embedded or IoT authentication?) (Though it seems there's flaws somewhere in the crypto anyway - they somehow broke a 96bit key with under 2^18 attempts...)
Agreed. Excel bashing often comes from web developers who lack real business experience in a gritty production environment.
Belittling Excel is an effective way to burnish one's programming credentials.
I know many languages (Flex, Html, PHP, JS, C# etc). Excel and VBA have their place, especially for very rapid app development.
Web apps are perfect for trapping data. However, output is best handled in Excel. The first thing people ask when getting a report is "How can I get this into Excel?". People like to play with their numbers.