This is part two of "How to secure your code while breaking into a Ford." So far, the lessons have been that physical access is 80% of total access and even then, there's such a thing as too secure when legitimate users are just as excluded as illegitimate. In general, car alarms that require people's actions in are ineffective. Those that make it easier for valid users to access, or that add another layer of protection to annoy, but not make it impossible, are two ideal paths. And even so, a little bit of protection, applied in the right spot, can be much more effective than expensive, highly visible solutions.
The last thing about Beemers, and I'll stop harping on them. Pretty much every car has a physical connection from the visible part of the lock to the actual mechanism that does the actual work, even with electronic locks. BMW is the only exception, where it uses electronics to do the dirty work of popping up the lock when the key turns. What this means is that if you leave your lights on, and the car battery's dead, you can't unlock the car by just turning the key. Bad form. There's a trick to manually overriding, by lifting the handle all the way out, then turning the key in the lock- It slowly causes the lock to inch up. If you can pull off this trick, you probably can do all the emacs key commands. Manual override is always necessary, as you can expect for something unexpected to happen.
Sadly, the award for worst design goes to the latest VW and Audi passenger side keyholes; there aren't any. Having only the driver's door with a keyhole is a corner cutting trend that I hope dies quickly, because sometimes the plastic (yes, plastic) in the lock mechanism breaks, and there's no alternate way to enter, even if you've got the key in your hand. It's a shame really. VW once knew how to make cars that fail gracefully.
I mentioned a booklet. We have a booklet that has instructions for breaking into any car made in the last decade or so. After about a year, it's so second-nature that the booklet's hardly necessary. The booklet has instructions, such as lower this tool so many inches, then turn a quarter turn towards the rear. These instructions, by my guess, come from the car manufacturers themselves. Once, I arrived to a lockout of a PT Cruiser. The instructions were about 7 steps, some easy to do wrong. The member offhandedly said, "The last time I locked my keys in the car, the driver simply used a slim jim right about here." Sure enough, one simple move and it was unlocked. Never trust the level of security, or even the exploits, touted by the manufacturer.
The real advantage of the booklet is not the instructions, but often a picture of the inside of the door. Better than just somewhat vague instructions, we know where to grab, and what to move. And obviously, knowledge of the inner workings is significant in defeating the security. However, with a few exceptions, you can easily guess what's going on inside based on outside trappings. How we know when to use a slim jim? The lock's a popup, and there has to be something that connects it to the lock mechanism. It stands to reason. How we know when to pull up on the slim jim? The lock's top moves. Visible external changes can be very revealing on the internals.
Another time, a car mechanic had locked the keys of the car he was working on inside it. He specialized in Saabs, and despite having a popup lock, the linkage is quite different from what you expect. It's a good security thing, and even with the book, it wasn't unlocking. After I struggled with it for a while, he led me to another car he was working on. Its door interior was off, showing off the insides. After figuring out the linkage, sure enough, unlocking was easy. Security by obscurity is known to fail, simply because once it's out of your hands, it can be picked apart and secrets revealed.
Even if the innards are a complete mystery, security is far from ensured. Ultimately, a door has to open, and be unlocked by those inside. The other main tool, which I call a professional coat hanger, is the reach tool. A plastic wedge is used to either separate the glass from its lining up top (Acura), from the back of the door (Subaru), or if the glass is well-secured, wedge open the door from the frame (Toyota) and slip this long bit of metal inside. The great thing about the reach tool is that it's somewhat soft, so it's easy to bend. The bad thing about the reach tool is that it's soft, and it's easy to bend. But nevertheless, using this gives some level of access to the buttons and controls inside the car. So if an internal exploit can't be found, one posing as a user can. At the same time, the really good cars make it so the tip of the reach tool has trouble gripping the lock controls, while a real hand doesn't have this problem.
