Micca KE700 Brute-force vulnerability due to low entropy

Vulnerability details: predictable or brute-forceable rolling code

Description 

The system's rolling code generation is weak because it does not use a secure, standard algorithm like KeeLoq. The next valid code is composed of a 16-bit random number, a 16-bit counter, and a 9-bit Key Fob ID.

The flaw is that two of these three components are predictable:

The 16-bit counter is not random; it simply increments by 1 for the next transmission.

The 9-bit Key Fob ID is a constant value.

Therefore, the only unknown part an attacker must guess is the 16-bit random number. This low entropy results in only 65,536 (2^16) possible combinations, making a brute-force attack computationally feasible.

Attack Path 

The attack is automated after obtaining one piece of prerequisite information.

The attacker first sniffs a single transmission to learn the current counter value. (This is possible because of Vulnerability 1: "Rolling Code in Plain Text" ).

The attacker calculates the next valid counter value by adding 1 to the sniffed value.

The attacker then launches the brute-force attack, rapidly transmitting all 65,535 possible 16-bit random numbers, each in a frame using the predicted counter and the known Key Fob ID.

At a transmission rate of one code every 380 ms, the entire keyspace can be tried in just 6.9 hours.

PoC video – Brute-force attack: 

https://drive.google.com/file/d/1okt4gqnQRng6hY_I-O0e7giqMhRFcqrv/view

CWE references

CWE-331 (Insufficient entropy):

The security of the next code relies on a keyspace of only 16 bits, which is insufficient to protect against a guessing attack.

CWE-330 (Use of Insufficiently random values):

The "random number" component is not large enough to be considered cryptographically random.

Impact

Successful exploitation allows an attacker to guess the next valid rolling code, granting them unauthorized access to the car. This attack allows unlocking the vehicle without ever capturing a

future

signal from the legitimate key.

This vulnerability is categorized as Medium severity.

Tools and techniques

AutoRFKiller tool

Recommendations

Increase entropy:

The "random" or variable component of the code must be significantly larger. A 16-bit keyspace is insecure by modern standards. A minimum of 64 bits of entropy would make a brute-force attack computationally infeasible.

Use proven algorithms:

Do not use proprietary, "home-brewed" rolling code logic. The system must be redesigned to implement a standard, publicly vetted protocol, such as the recommended KeeLoq or an AES-based equivalent.

Additional information

The vulnerability was reported by Danilo Erazo (

[email protected]

)