How does XM talk to my car?
October 2, 2009 7:45 AM Subscribe
How would XM stop my radio from working when my trial offer expires?
I bought a new car that came with a 3 month trial subscription to XM radio. I actually like it and plan on continuing the subscription, but I was wondering how they could stop my radio from working, or re-enable it if I later decided to subscribe, since they really have no way of talking directly to my radio (cuz my radio can't talk back to their satellites).
I assume they do something like periodically broadcast lists of valid/invalid radio IDs.
Anybody know any more details?
Thanks!
I bought a new car that came with a 3 month trial subscription to XM radio. I actually like it and plan on continuing the subscription, but I was wondering how they could stop my radio from working, or re-enable it if I later decided to subscribe, since they really have no way of talking directly to my radio (cuz my radio can't talk back to their satellites).
I assume they do something like periodically broadcast lists of valid/invalid radio IDs.
Anybody know any more details?
Thanks!
Yes, you have it right. There's no way to defeat this (yet) since the transmissions are encrypted. If you wanted an initial stab at exploring it, the best place to start might be disassembling the hardware and building a prototype in GNURadio.
The message is repeated frequently so there's no way to "dodge" it (e.g. it happens on a repeat, you can't turn off your radio at 12am every night and stop it).
posted by arimathea at 8:02 AM on October 2, 2009
The message is repeated frequently so there's no way to "dodge" it (e.g. it happens on a repeat, you can't turn off your radio at 12am every night and stop it).
posted by arimathea at 8:02 AM on October 2, 2009
Of course hardware modifications are a different story.
posted by arimathea at 8:04 AM on October 2, 2009
posted by arimathea at 8:04 AM on October 2, 2009
Certicom is company that does the security for XM, and they have a PDF flyer on it which gives a broad outline.
posted by smackfu at 8:04 AM on October 2, 2009
posted by smackfu at 8:04 AM on October 2, 2009
Best answer: More details from 2600. Lots of guesses and such, but this stuff is not public and the DMCA encourages it to stay that way.
posted by smackfu at 8:13 AM on October 2, 2009
posted by smackfu at 8:13 AM on October 2, 2009
Best answer: They are pretty secretive about this, but at a high level, encryption is behind this, and is used in a couple of different ways.
The main program material (the stuff you want to listen to) is encrypted using a secret key (code). Your receiver can only decrypt the main program if it knows what this key is. Let's call this the "program key".
Although every authorized receiver knows what the program key is, the program key is changed frequently. In order to keep working, your receiver has to find out somehow what the new program key is, every time it changes.
Your receiver has another secret key built into its hardware. Let's call this the "receiver key". It is different in every receiver. The XM service can encrypt a message using your receiver key, and only your receiver will be able to decrypt and make sense of that message.
This is how your receiver finds out what the program key is. The program key is included in the signal, but never "in the clear". It's encrypted by each authorized receiver's key in turn. If there are 1 million authorized receivers, the broadcast key will be sent 1 million times in a loop, each time encrypted by a different receiver's key.
Your receiver won't be able to make sense of 999,999 of those messages, but one of them will be encrypted using your receiver's key. Your receiver can decrypt that one, and since the message contains the program key, your receiver now knows what that is and will keep working.
To de-authorize your receiver, all they have to do is stop transmitting the message that is encrypted with your receiver's key. Then next time the program key changes, your receiver won't have a way to find out what it is, and will stop working because it doesn't have the right key to decrypt the program material any more.
posted by FishBike at 8:44 AM on October 2, 2009 [1 favorite]
The main program material (the stuff you want to listen to) is encrypted using a secret key (code). Your receiver can only decrypt the main program if it knows what this key is. Let's call this the "program key".
Although every authorized receiver knows what the program key is, the program key is changed frequently. In order to keep working, your receiver has to find out somehow what the new program key is, every time it changes.
Your receiver has another secret key built into its hardware. Let's call this the "receiver key". It is different in every receiver. The XM service can encrypt a message using your receiver key, and only your receiver will be able to decrypt and make sense of that message.
This is how your receiver finds out what the program key is. The program key is included in the signal, but never "in the clear". It's encrypted by each authorized receiver's key in turn. If there are 1 million authorized receivers, the broadcast key will be sent 1 million times in a loop, each time encrypted by a different receiver's key.
Your receiver won't be able to make sense of 999,999 of those messages, but one of them will be encrypted using your receiver's key. Your receiver can decrypt that one, and since the message contains the program key, your receiver now knows what that is and will keep working.
To de-authorize your receiver, all they have to do is stop transmitting the message that is encrypted with your receiver's key. Then next time the program key changes, your receiver won't have a way to find out what it is, and will stop working because it doesn't have the right key to decrypt the program material any more.
posted by FishBike at 8:44 AM on October 2, 2009 [1 favorite]
From experience, I know that when your subscription expires (or in my case is canceled) the service doesn't stop on the day of expiration.
I think I got about an additional 10 or 12 days before it died, presumably in the hope you will phone them up and renew or change your mind. The radio never stopped working in mid-stream, one day it was receiving, the next all I got was the preview channel that you hear before the radio is activated.
posted by 543DoublePlay at 11:51 AM on October 2, 2009
I think I got about an additional 10 or 12 days before it died, presumably in the hope you will phone them up and renew or change your mind. The radio never stopped working in mid-stream, one day it was receiving, the next all I got was the preview channel that you hear before the radio is activated.
posted by 543DoublePlay at 11:51 AM on October 2, 2009
Best answer: "The message is repeated frequently so there's no way to "dodge" it (e.g. it happens on a repeat, you can't turn off your radio at 12am every night and stop it)."
A friend had stored a car in a deep underground concrete parking structure during the time his XM should was canceled, and for about 3 months after. His XM has worked perpetually to this day without legitimate service. Perhaps policy has changed, and anyway that would be a ridiculous amount of effort to go to (friend was out of country, not storing the vehicle there to avoid cancellation just a by-product,) but it seems there's a limit on how long they repeated it for.
posted by oblio_one at 12:23 PM on October 2, 2009
A friend had stored a car in a deep underground concrete parking structure during the time his XM should was canceled, and for about 3 months after. His XM has worked perpetually to this day without legitimate service. Perhaps policy has changed, and anyway that would be a ridiculous amount of effort to go to (friend was out of country, not storing the vehicle there to avoid cancellation just a by-product,) but it seems there's a limit on how long they repeated it for.
posted by oblio_one at 12:23 PM on October 2, 2009
A friend had stored a car in a deep underground concrete parking structure during the time his XM should was canceled, and for about 3 months after. His XM has worked perpetually to this day without legitimate service. Perhaps policy has changed, and anyway that would be a ridiculous amount of effort to go to (friend was out of country, not storing the vehicle there to avoid cancellation just a by-product,) but it seems there's a limit on how long they repeated it for.
This seems to confirm the description of the activation/cancellation process described in the link posted by smackfu, which is quite different from how I understood it to work and how similar systems work. Interesting.
The drawback to the way they appear to do it (activation and deactivation messages addressed to specific receivers) is not just that you can avoid them by keeping the receiver switched off long enough. It also means they have to trust the device to deactivate when told to, so it's vulnerable to various other kinds of hacking or even reverse-engineered hardware that just ignores the deactivation message.
Whereas the systems that control distribution of the encryption key as I described, and change it frequently, don't rely on any sort of trusted device at the other end, and don't even require the receiver to be switched on at the right time to disable it. They actually rely on the receiver being on at the right time to stay enabled.
I wonder if they also periodically distribute new encryption keys only to authorized receivers, to eventually cause these unauthorized ones to stop working even if they missed their deactivation message or are hacked in some other manner? Perhaps what I read way back when the system first came out was a description of this process, but that the main activation/deactivation method is the one from smackfu's link, with key-changes as kind of a long-term cleanup process?
posted by FishBike at 12:43 PM on October 2, 2009
This seems to confirm the description of the activation/cancellation process described in the link posted by smackfu, which is quite different from how I understood it to work and how similar systems work. Interesting.
The drawback to the way they appear to do it (activation and deactivation messages addressed to specific receivers) is not just that you can avoid them by keeping the receiver switched off long enough. It also means they have to trust the device to deactivate when told to, so it's vulnerable to various other kinds of hacking or even reverse-engineered hardware that just ignores the deactivation message.
Whereas the systems that control distribution of the encryption key as I described, and change it frequently, don't rely on any sort of trusted device at the other end, and don't even require the receiver to be switched on at the right time to disable it. They actually rely on the receiver being on at the right time to stay enabled.
I wonder if they also periodically distribute new encryption keys only to authorized receivers, to eventually cause these unauthorized ones to stop working even if they missed their deactivation message or are hacked in some other manner? Perhaps what I read way back when the system first came out was a description of this process, but that the main activation/deactivation method is the one from smackfu's link, with key-changes as kind of a long-term cleanup process?
posted by FishBike at 12:43 PM on October 2, 2009
« Older What are the rules on apartment subletting in New... | Where can I perform an online virus-scan of a USB? Newer »
This thread is closed to new comments.
That is, I believe, how satellite TV systems work, too.
posted by cerebus19 at 8:01 AM on October 2, 2009