TOYOTA Avensis

A sakra, co způsobí takový nevinný dotaz ohledně vstřiků.. :-) ;-)

No, fakt nechci strašit, vstřiky Denso mají plánovanou životnost 350 tisíc km, ale mají tu nechutnou vlastnost stejně jako konkurenční výrobky ODEJÍT PŘI ŠPATNÉM ZACHÁZENÍ TĚSNĚ PO ZÁRUCE... Jestli máš to auto rád, co kdybys s ním zacházel trošku líp? Nafta z Makra v zásadě nevadí, ale ty ostatní levné nafty - ještě to zvaž.

Už jsem jel cca 3km na naftu s benzínem 1:1, asi 5x mi došla nafta do mrtě, tankuju jen nejlevnější naftu u Makra a auto šlape jako hodinky. To s tím bezínem byl přehmat, s tím docházením nafty se snažím a od té doby co na mě tady někdo udělal bububu mi ještě nedošla, ale včera jsem si znovu natankoval u Makra za krásných 26,40 :-) Holt budu pokusný králík a prověřím kvalitu Toyoty :-)

Brázdič: No, jen aby si brzy nechrochtal nějaký prodejce... Ty jsi byl vždycky příliš velký optimista. Já bych byl opatrnější. Vstřik stojí u Toyoty 12 tisíc a v síti Denso myslím 7,5 tisíc (bez DPH). Prostě bych byl opatrnější kde tankuji a alespoň občas bych přidal dobré aditivum.

Jojo, já mám 99tis a auto si na naftu od Makra jen chrochtá. Zrovna dnes jsem tam zase tankoval >:D

Ahoj, zdravím toyoťáky, tak jsem přelouskal celé toto forum /uf, docela fuška/, a skoro jsem se nesetkal /mimo problémů Kadla/ s nějakými většími potížemi se vstřikováním. Rozmýšlím se mezi Fordem Mondeo a Avensisem /ach ta cena../ a na foru Mondeo se stále řeší vstřiky, čerpadla,skok motoru do nouzového provozu z důvodu vadných či protékajících vstřiků...Že by Denso vychytalo mouchy lépe než Delphi? ;-\ A to Brázdič píše, že tankuje u nejlevnějších benzinek, MAKRO...atd. Skutečně nemáte nějakou špatnou zkušenost co se týče servisování vstřikovacího systému? Protože pokud ne, abych začal víc šetřit na Toyotu, raději řešit povrzávající zadní roletu než kdy začnou v Hale repasovat vstřiky ;-) ;-)

nevidim forum o yarise, ale to je fuk - celkom ma prekvapilo, ze po 50tis km a 3 rocnej prevadzke je nutne vymenit loziska v prevodovke, zacalo to hucat. Oprava stoji 5tis sk.
Najvacsi problem je, ze sme to presvihli o 2 tyzdne po zaruke a uz to nechcu robit zo zaruky. hm...

Tohlej sem našel na internetu, když jsem hledal něco o tom jak je zabezpečený imobilizér. Psal to očividně člověk, jehož znalosti a schopnosti v dané oblasti cca 10x přesahují ty moje, ale bohužel potvrdil to co jsem psal. Z hlediska dnešních možností je zabezpečení aut tristní. Autor textu uvádí, že se v autech používají šifrovací klíče s délkou 40 nebo 48 bitů. Já jen dodávám, že jakýkoliv kód s délkou klíče pod 80 bitů je dnes považován za nedostatečný a cokoliv s délkou klíče výrazně pod 64 bitů za totální výsměch ...
Toyota (minimálně ta americká) a další automobilky jako Ford a Nissan bohužel onen 40 bitový systém minimálně ještě nedávno používali.
Viz. [odkaz]
A zde je onen text (z diskusního fóra, kde se řešila krádež audi q7):
Hello again everybodey, please do not get bored form thi ssubject i think its in evry bodey 's conacern...i have searched ..and look what i found on yahoo...i realy think var producers should do the same reaserch before they implement any security system in theire cars and then they sell it to us ..please read:
( this information is for educational purposes only, to help you with security)
You could find out what kind of cryptography they are using for the locks that would make it 10x easier to pick the lock and your one step closer to stealing it. Organic vs Electronic security have both their flaws. A metal key or an electronic key, both can be breached using brute force. Normally the Diablo or typicllay any Lamborgini will have radio-frequency keylocks and igigniton starters. Using Radio-Frequency Identification (RFID) from your labtop you could easily unlock the Diablo and start it. That is were my knowledge comes in handy.
I myself have cracked RFID, and TI DST. The encryption algorithm used in the TI DST tags is an unpublished, proprietary cipher that uses a 40-bit key. The algorithm was designed in the early 1990's by engineers at Texas Intruments, but is still being deploying in current systems. By today's standards, a 40-bit key is unacceptably short: advances in computing power have made such keys succeptable to brute-force key guessing attacks. Therefore, the actual security of the DST system rests with the secrecy of the proprietary algorithm used in the tags. One of the most important principles in cryptographic design states, however, that the security of a system should be based only on the secrecy of the keys, never on the secrecy of the algorithm.
We used some new special-purpose cryptanalytic techniques to reconstruct the algorithm used in the DST tags, by simply observing the responses that actual DST tags computed when presented with a large number of specially chosen challeneges. Using this black-box reverse-engineering method, we were able to implement a software program that, when given the same challenge and key as an actual tag, would compute the same response.
Our next step was to recover the secret key from a deployed DST device, using a brute-force key search. Unfortunately, it would have taken more than 2 weeks for our software implementation to find a key when running on 10 very fast PCs. We therefore implemented our key-search on a field programmable gate array (FPGA). The FPGA evaluation board we used is available online for under $200 in single quantities with all of the neccesary development software and cabling. Our implementation cracks 32 keys in parallel on a single FPGA running at 100MHz. At this rate, a single FPGA is expected to crack a key in just over 10 hours.
To decrease this key-cracking time even furthur, we connected 16 FPGAs together at a total cost of under $3,500. Texas Instruments provided us with 5 DST tags whose keys we did not know. The 16-way parallel cracker was able to recover all 5 keys in well under 2 hours.
We are currently developing and testing even faster and cheaper methods for recovering DST keys and will update this page with these results when they become available. The details are available in our academic paper.
After recovering a key, in order to attack a real DST system, we needed to create a radio device that could speak the same protocol as a hardware DST tag. This device would allow us to quickly extract the information needed to recover a key from a target DST device, and once the key was cracked, completely emulate the DST to a legitimate reader.
To accomplish this, we equipped a small and easily portable PC with a Measurement Computing digital-to-analog conversion (DAC) board; this board is also capable of analog-to-digital conversion. The DAC board can perform 12-bit A/D conversions on an input signal at a rate of 1.25 MHz and can perform D/A conversions and generate an output signal at a rate of 1 MHz.
We connected the input and output channels on our DAC board to an antenna tuned to the correct frequency range. We wrote modulation and demodulation software routines to decode and produce the analog AM signals transmitted by the TI reader as well as FM-FSK analog signals transmitted by the transponders. Using these routines, our equipment can eavesdrop on the communication protocol between a DST reader and transponder, or participate actively in a protocol by emulating either device. More details on this software radio solution are available in the academic paper.
To validate our attack, we extracted the key from our own SpeedPass token and simulated it in our independent programmable RF device. We purchased gasoline successfully at an ExxonMobil station multiple times in the course of a single day using this digital simulator. Similarly, we recovered the cryptographic key from a DST in the ignition key of our 2005 model Ford Escape SUV. By simulating the DST, we spoofed the immobilizer authentication system and started the vehicle with a bare ignition key, that is, with one that possessed no DST at all. Viewed another way, we created the pre-conditions for hot-wiring the vehicle.
Our attack on the DST cipher by no means implies wholesale dismantling of the security of the SpeedPass network, nor easy theft of automobiles. The cryptographic challenge-response protocols of DST devices constitute only one of several layers of security in these systems. The SpeedPass network has on-line fraud detection mechanisms loosely analogous to those employed for traditional credit-card transaction processing. Thus an attacker that simulates a target DST cannot do so with complete impunity; suspicious usage patterns may result in flagging and disabling of a SpeedPass device in the network. The most serious system-wide threat lies in the ability of an attacker to target and simulate multiple DSTs, as suggested in our example scenarios below. In some sense, the threat to automobile immobilizers is more serious, as: (1) An automobile is effectively an off-line security system and (2) A single successful attack on an automobile immobilizer can result in full compromise of the vehicle. While compromise of a DST does not immediately permit theft of an automobile, it renders an automobile with an immobilizer as vulnerable to theft as an automobile without one. Such a rollback in automobile security has serious implications. As noted above, significant declines in automobile theft rates - up to 90% - have been attributed to immobilizers during their initial introduction. Even now, automobile theft is an enormous criminal industry, with 1,260,471 automobile thefts registered by the FBI in 2003 in the United States alone, for a total estimated loss of $8.6 billion.
Extracting the key from a DST device requires the harvesting of two challenge-response pairs. As a result, there are certain physical obstacles to successful attack. Nonetheless, bypassing the cryptographic protections in DST devices results in considerably elevated real-world threats.
There are effectively two different methods by which an attacker may harvest signals from a target DST, and two different corresponding physical ranges.
The equipment needed to capture the data required to clone a DST tag at close range. From left, a microreader, a laptop, and a serial cable.
The first mode of attack is active scanning: The attacker brings a reader in her control within scanning range of the target DST. DSTs of the type found in SpeedPass and automobile ignition keys are designed for short range scanning - on the order of a few centimeters. In practice, however, a longer range is achievable. In preliminary experiments, we have achieved an effective range of several inches for a DST on a keyring in the pocket of a simulated victim using a tiny antenna. A DST may respond to as many as eight queries per second. Thus, it is possible to perform the two scans requisite for our simulation attacks in as little as one-quarter of a second. At the limit of the range achievable by a given antenna, however, scanning becomes somewhat unreliable, and can require more time.
The second mode of attack is passive eavesdropping. Limitations on the effective range of active scanning stem from the requirement that a reader antenna furnish power to the target DST. An attacker might instead eavesdrop on the communication between a legitimate reader and a target DST during a valid authentication session. In this case, the attacker need not furnish power to the DST; the effective eavesdropping range then depends solely on the ability to intercept the signal emitted by the DST. We have not performed any experiments to determine the range at which this attack might be mounted. It is worth noting purported U.S. Department of Homeland Security reports, however, of successful eavesdropping of this kind on 13.56 Mhz tags at a distance of some tens of feet. The DST, however, operates at 134 kHz. Signals at this considerably lower frequency penetrate obstacles more effectively, which may facilitate eavesdropping; on the other hand, larger antennas are required for effective signal interception.
Only careful experimentation will permit accurate assessment of the degree of these two threats. Our cursory experiments, however, suggest that the threats are well within the realm of practical execution.
The most straightforward architectural fix to the problems we describe here is simple: The underlying cryptography should be based on a standard, publicly scrutinized algorithm with an adequate key length, e.g., the Advanced Encryption Standard (AES) in its 128-bit form, or more appropriately for this application, HMAC-SHA1. From a commercial standpoint, this approach may be problematic in two respects. First, the required circuitry would result in a substantially increased manufacturing cost, and might have other impacts on the overall system architecture due to increased power consumption. Second, there is the problem of backwards compatability. It would be expensive to replace all existing DST-based immobilizer keys. Indeed, given the long production cycles for automobiles, it might be difficult to introduce a new cipher into the immobilizers of a particular make of vehicle for a matter of years. TI has indicated to the authors that they have more secure RFID products available at present; in lieu of specifying these products, they refer to the site www.ti-rfid.com for information.
In fact, RFID chips with somewhat longer key-lengths are already available in the marketplace and used in a range of automobile immobilizers. Philips offers two cryptographically enabled RFID chips for immobilizers. The Philips HITAG 2, however, has a 48-bit secret key, and thus offers only marginally better resistance to a brute-force attack-- certainly not a comfortable level for long-term security. The Philips SECT, in contrast, has a 128-bit key. The HITAG 2 algorithm is proprietary, while Philips data sheets do not appear to offer information about the cryptographic algorithm underpinning their SECT device. It is difficult to say, therefore, whether these algorithms are well designed.
Faraday shielding offers a short-term, partial remedy. In particular, users may encase their DSTs in aluminum foil or some suitable radio-reflective shielding when not using them. This would defend against active scanning attacks, but not against passive eavesdropping. Moreover, this approach is rather inconvenient, and would probably prove an unworkable imposition on most users. A different measure worth investigation is the placement of metal shielding in the form of a partial cylinder around the ignition-key slot in automobiles. This could have the effect of attenuating the effective eavesdropping range.
In the long-term, the best approach is, of course, the development of solid, well-modeled cryptographic protocols predicated on industry-standard algorithms, with key lengths suitable for long-term hardware deployment.

Fleggy: uprimnou soustrast :'-(
S tim imobilizerem je to zajimavy, pro nas ostatni to muze byt signal, ze kdyz zacne blbnout imobilizer, tak to muze znamenat, ze jsme cilem budouci kradeze :!: .
Faktem je, ze z hlediska kryptografie neni jednoduche uchranit jednoduchy a levny system s malym vypocetnim vykonem }auto, resp. klicek) proti utocnikovi s vypocetnim vykonem jako maji dnesni PC. Neni to jednoduche, ale jde to. Bohuzel vyrobci nejevi velkou ochotu implemntovat do aut zabezpecovaci techniku na urovni 21 stoleti.
Aby ziskali utocnici (tj. zlodeji) data pro kryptograficke vypocty, tak musi donutit auto komunikovat - coz mohou byt ony zaznamenane 3 tydny stare pokusy. Nemusi jit tedy o to, ze by meli utocnici spatny software, ale proste treba potrebovali nasbirat data aktivnim zpusobem a ne pasivnim odposlechem komunikace klicek-autoimobilizer.
Do budoucna doporucuji kombinaci zamek zpatecky + Bullock. Samotny zamek zpatecky je k smichu, ale tato dvojkombinace uz trochu zivot zneprijemni (bohuzel nejen zlodeji, ale i ridici).
Zajimavym doplnkem je interierova sirena. Bohuzel je Avensis natolik odhlucneny, ze hodne utlumi i sirenu zamontovanou do palubni desky :'-( Pokud si auto vyhledli, tak pak asi neni pomoci (leda nechat v aute vyhladleho jedovateho hada, nebo tchyni podobnych parametru).

niekto evidentne potreboval motor.
inak ja sa v kruhoch zlodejov teda nepohybujem, ale co som zachytil informacie, tak aktivne vyhladavanie by ti asi moc nepomohlo. Po ukradnuti sa na auto vrhne partia chalanov a rozobera sa.
Nez si teda zistil, ze ti chyba auto, tak bolo kompletne rozobrane, cize urcite nasli aj vysielac vyhladavania, o ktorom sa sice tvrdi, ze sa ukryva, ale predsa len su len iste miesta kde sa moze dat a zlodeji o tom vedia.
drzim palce s poistovnou.

matuS: nepletes se ani v jednom. Dva SK benzinaky (sedan 2.4 a kombi nevim kolik) a jeden CZ naftak.
martinnn: myslim, ze dvojite zamykani jsem v aute nemel. Zkousel jsem zamykat dvakrat za sebou, ale zamykalo to normalne. Zacalo mi to blbnout v utery, a to uz jsem byl v BA. Ale v servisu mi rikali, ze podle diagnostiky se stejny problem vyskytl kratce uz drive, asi pred tremi tydny.
BTW taky mi tam proverili klimu a konecne mi to topilo i v rezimu Auto pri zapnutem kompresoru. Uzil jsem si to jeden den...
I policajti rikali, ze to bylo tutove na objednavku. Ukradenou Toyotu pry neresili skoro 2 roky.

zlodejom by som ruky lamal.
povedz mi ak sa mylim: tie dva avensisy mali SK znacky a ty ako jediny si mal ceske?
alebo tie dva boli benzinaky a ty si mal jediny naftak?

fleggy, pouzival si dvojite zamykanie? Teda, stlacal si na ovladaci zamknutie dvakrat?
Moj nazor:
1. je malo pravdepodobne, ze sa pokazi imobilizer
2. je malo pravdepodobne, ze ukradnu Avensis
Preto si myslim, ze ak tieto dve veci nastanu naraz, je velka pravdepodobnost, ze spolu suvisia. Mozno sa ho pokusali ukradnut uz vtedy, ked ti zacal imobilizer blbnut, mali zly softver a pokaslali to. Kde si parkoval, ked to zacalo blbnut? V BA?

Ukradli jenom muj, ale stavame tam tri. Krome imobilizeru jsem tam nemel nic.
Myslel jsem, ze aktivni vyhledavani mi umozni lokalizovat vuz, at uz s nim odjedou jakkoliv. Ale na vyber je casu dost. Bohuzel...

To je fakt mrzuty. A mel jsi krome imobilizeru taky jine zabezpeceni (zamek zpatecky apod) ?
celkem jsme byli tri
To znamena ze ukradli tri auta nebo za tam byli tri Ave ? Mozna si ten tvuj vyhlidli, protoze byl nejmin zabezpeceny ?
No nic, pomalu objednavam noveho... S aktivnim vyhledavanim...
Aktivni vyhledavani ti moc nepomuze, pokud to auto nalozi a odvezou a nevyplati se ani cenove (to co usetris na pojistce zaplatis rocne jako pausal). Ikdyz pro ten klid ...

Maaara: Parkuju venku na ulici. Muj zakaznik mi sice plati byt, ale garaz ne :)
Po cele delce jsou kolma stani a muj Avensis byl jen jednim z mnoha (celkem jsme byli tri).

Ahoj fleggy, citim s tebou :-( Treba se najde ... A kde si ho mel zaparkovany ? Venku na sidlisti, pred domem, v garazi ?

:shock:
to teda cumim.

Vsechny tri klice mam. V aute byl jenom imobilizer, tak jak je dodany z fabriky. Okna piskovana nebyla (aspon o tom nevim). Zadne upravy jsem nedelal. Jezdil jsem s tim tak, jak jsem to koupil.
Na miste jsme s policii zadne stopy nenasli. Nemyslim, ze to odtahovali (rada kolmych stani hned u cesty). Podle vseho to byla kradez na objednavku.
Nedavno jsem tu psal, ze mi od te snehove nadilky stale svitila nebo nepravidelne blikala kontrolka imobilizeru. Vcera rano jsem s tim byl v servisu, kde mi rekli, ze je nejaka chyba v komunikaci mezi klicem a RJ. Pry ma v pameti jenom ten aktualne pouzivany klic a ze ty ostatni vypadly. Aby to mohli opravit, tak potrebovali i ostatni klice, ktere samozrejme u sebe nemam. Takze jsem nakonec jen podekoval a odjel. Rikali, ze v nejhorsim pripade mi prestane fungovat i ten posledni klic. Dnes rano jsem v prvni chvili myslel, ze by v tom mohli mit prsty, ale pak jsem to vyloucil, protoze neznali moji adresu a jsou celkem daleko od meho prechodneho bydliste v Bratislave. A ani nevedeli, ze v Blave bydlim.
No nic, pomalu objednavam noveho... S aktivnim vyhledavanim...

To je mi fakt luto.
Mozes nam povedat detaily? Mas vsetky kluce od auta? Fungoval imobilizer? (nemal si bypass imobilizeru koli dialkovemu startu?) Mal si nejake pridavne zabezpecenie / pieskovane VIN na oknach? Bolo na mieste rozbite sklo? Bolo okolo auta dost miesta na odtiahnutie lanom?