Dismantling DST80-based Immobiliser Systems

Lennart Wouters, Jan Van Den Herrewegen, Flavio D. Garcia, David Oswald, Benedikt Gierlichs, Bart Preneel

Research output: Contribution to journalArticlepeer-review


Car manufacturers deploy vehicle immobiliser systems in order to prevent car theft. However, in many cases the underlying cryptographic primitives used to authenticate a transponder are proprietary in nature and thus not open to public scrutiny. In this paper we publish the proprietary Texas Instruments DST80 cipher used in immobilisers of several manufacturers. Additionally, we expose serious flaws in immobiliser systems of major car manufacturers such as Toyota, Kia, Hyundai and Tesla. Specifically, by voltage glitching the firmware protection mechanisms of the microcontroller, we extracted the firmware from several immobiliser ECUs and reverse engineered the key diversification schemes employed within. We discovered that Kia and Hyundai immobiliser keys have only three bytes of entropy and that Toyota only relies on publicly readable information such as the transponder serial number and three constants to generate cryptographic keys. Furthermore, we present several practical attacks which can lead to recovering the full 80-bit cryptographic key in a matter of seconds or permanently disabling the transponder. Finally, even without key management or configuration issues, we demonstrate how an attacker can recover the cryptographic key using a profiled side-channel attack. We target the key loading procedure and investigate the practical applicability in the context of portability. Our work once again highlights the issues automotive vendors face in implementing cryptography securely.
Original languageEnglish
Pages (from-to)99-127
JournalIACR Transactions on Cryptographic Hardware and Embedded Systems
Issue number2
Publication statusPublished - 15 Dec 2019


  • Vehicle immobilisers
  • Digital Signature Transponder
  • DST80
  • key diversification
  • side-channel attacks


Dive into the research topics of 'Dismantling DST80-based Immobiliser Systems'. Together they form a unique fingerprint.

Cite this