EDIT I know, I know... this is a MASSIVELY long post... BUT, that's because I included the drafted spec for the hardware project. Everything should be easy to read pretty quickly! Don't be intimidated. Do not default to TL;DR!!



Alright, so I've drafted an interesting spec for a GPS tracker for my car. I'm looking to allow for 24/7 tracking (5 second delay in location transmission).

I've been doing a huge amount of research and I found the best thing to do is buy a CHEAP Boost Mobile phone and use InstaMapper, which is a free way to track your phone

The boost mobile phone will be running on its battery (and possibly a larger battery if I can create a custom housing for it, for extended battery life) and the charger will be wired directly to the car battery.
I've got a place where I'll be placing the phone itself, but I'll leave that out for those who know I'm active on Cemetech

In it's place there will be a couple different things done to it. First off, the phone will not be contained in its originally housing. The phone will be pieced apart and certain aspects will be extended and placed in different areas of the car.

Some features I want to add to the InstaMapper app would be telephony and SMS capabilities, as well as a passcode system. Nothing complex, or anything, but simply there for those who have no clue what I've got in the car.

Here's what I've got planned:
The antenna will be supplemented by an amplifier and external antenna which will be placed in an area that will allow the phone to get maximum reception. The keypad will be removed and placed in its own housing and arranged to be corded from the console. The keypad will only feature the numerical, pound, and star keys. The other keys will be hidden in another compartment accompanied by the screen for accessibility (this will allow me to access the phone's features completely).

The speaker will be rigged to a small amplifier that I have lying around which will branch out to three speakers placed inside the dash. The reason I won't be connecting them to the component speakers is because I want them to have a fixed volume and I don't want them very easily accessible without the removal of some panels (not impossible, just not out in the open). The microphone will be wired to right above the driver-side seat, concealed near the sunroof. This will allow for concealed, hands-free telephony.

An attachment will be made which will tap the car's lighter outlet to monitor whether or not the car is on. The cigarette lighter only gets power when the ignition is in stage 2 (full power and/or engine ignition). When the ignition is in stage 2, a sound affect will be played to notify the driver that a passcode needs to be entered.

Here's how all the "authentication" works:

When ignition is switched to stage 2:

1. Not Authenticated (NA) (OR, authenticated session is below 20 seconds [see below at "entered correctly"])
   • Begin 15 second timer to authenticate (pause countdown while keys are being pressed??? Although, I don't want people to be able to delay the count down for forever just by pressing a bunch of the keys endlessly .... Although the steps below might rememdy this anyway...)
   • Play soundeffect over phone's in-dash speakers to signal the need for authentication
     
   • Require keycode to authenticate
     Keycode entered by the following combination:
     * 4 digit key code #
     
     The star will allow me to start over if I mess up the four digits. Although... I could just make it so that it remembers that last four digits before the pound and uses that to authenticate. That would allow me to mess up like so
     e.g. Code is 1234
     Type in 125 (finger slips?)
     Type in 1234#
     The phone receives 1251234#, but only grabs the last 5 keys pressed so it authenticates with 1234#
   • IF code is
     • entered Correctly
       Start 4 hour timer to signify a "session", successfully "authenticating" the user (so long as the 4 hour timer is active)
       
       Short sessions?
       Maybe add the ability to start the session as a 'one-time/temporary' session by doing something like pressing the pound key twice instead of once when entering the passcode? This could then make the "session length" something like 1-5 minutes after the ignition is killed?
       Or maybe this could be the default, and two pounds would make it a 4 hour session?
       
       
     • entered Incorrrecrtly
       Return to the top ONCE
       The loop should only occur once, and after that the "Deny Auth" steps should be taken.
       
       
     • NOT entered
       After the 15 second timer runs out then authentication fails and the app moves to "Deny Auth" steps
   
   
2. Authenticated
   • Play different sonudeffect symbolizing an active sesssion
     
   • Send an SMS text to specified phone letting me know that the car's ignition has just entered stage 2
     
   • Pause (*or reset?) the time so long as the car is in stage 2 ignition (*if so, start at 4 hours after ignition is shut off)
   
   
3. Deny Auth
   • Send an SMS text to specified phone letting me know that the car was not authorized and is running
     
   • If a reply is received with the numerical keycode, the engine is left alone and the session is authenticated
     
   • If no reply in 30 seconds, kill the ignition and call the specified phone
     Since the microphone and speakers are amplified, I'll be able to speak directly to the unauthorized driver (or "thief" ) and possibly unlock the ignition.
     NOTE All replies will be ignored during the 30 second timer, unless they match the keycode. If a bad keycode is sent, it simply treats it like a "no reply".

The only major problem with all this is that once the phone call has been placed to the specified phone number, I don't know if the phone returns to the application that placed the call or not, and if it it does whether or not the application is completely restarted or simply "paused" via interrupts. I haven't bought my $20 phone with the $10/month unlimited data just yet!

And, imho, $.10/min for calls is perfectly reasonable if my car is potentially being stolen. No need for a monthly plan. Text messages are a different story, though, and depending no how much boost mobile charges I'll probably get that unlimited too. (in fact, for a complex tracking and vehicle security system like this, their $50 unlimited everything would probably work fine!).




As for the phone to be used, I want to just get the i290, but it doesn't look like you can buy it online. I'll check around at my local Target and Best Buy (any other retailers?) and find the cheapest iDEN they've got.



ALSO, I've heard about iDEN phones being tethered to the Adruino? Does anyone think that I should look into doing this with the Adruino instead of the phone? The difference would probably be greater flexibility with hardware, at the cost of no 1v1 convo (I really like this idea ) and also money. (I think for $20-$30, a 3G GPS-enabled phone is perfectly reasonable, given the fact that the whole thing will be coded as a MIDlet app in Java!).

I'm heading off to market, so I don't have time to give this post the full response that it deserves, but this looks awesome! I'm even curious about trying this with my phone; it has GPS and an unlimited data plan, but I'm not too sure about the Java capabilities (or at least how much is exposed to programs). I think this will be a very fun project, and I look forward to contributing all the EE and programming help that I can.

I'll read more about this later, but you don't want to do this. If you do, you *drastically* cut down on the number of possible combinations, and there are actually some number strings floating around that will hit every possible combination this way in like 50 digits or something like that. Makes brute forcing it way easy.

This is stupid.

Ah, you make an excellent point. For example, to solve all possible 2-digit codes 11, 12, 13, ... 43, 44, a total of 16 combinations and 32 digits, you'd just need: 11234413214224331, a total of 17 digits. Indeed, I'd be willing to guess that for the (digit possibilities)^(number of digits) combinations, say d^n, you need only enter 1+d^n or so digits instead of n(d^n). For larger n and smaller d, this could be a huge difference.

Hm. I don't think paying 20$ a month is a great idea for a car that will likely never get stolen; at worst broken into.

As far as authenticating. Authenticate with a text message as well. It'll stay "pre-authenticated" for 45 seconds then it'll de-authenticate. That could allow, say, remote access to your car.

So you can get your locked keys, so a friend can get into the car after you send a text or just for the convenience of not showing everyone the hidden keypad in your dash.

As for determining authentication periods, shouldn't there be a spike in power as you start the car? And a drop as you turn it off, since the radio/clock and lights won't be on. You could determine sessions that way.

It sounds like you've already got the premise for that with the "Stage Two Ignition Position" for Authentication.

Do post updates!

Another thing I notice - you talk about things like "killing the ignition". I dunno about cars, but that kind of thing in a computer would void its warranty if it was under warranty, or maybe in terms of cars make it not pass inspection? Is that safe and all that?

Car warranties are complicated (they can't just blanket void your warranty), but chances are he doesn't have a warranty in the first place. Doesn't swivel drive some crappy used Honda?

Wrong. Although a 4-digit code is easier to brute then 5, the point is that the last four digits preceeding the pound are matched. It's not going to pick out 1234 from 0981234567. You only have two tries to enter a code before it kills the ignition and contacts me. So putting in a punch of random numbers and slapping a pound key on the end isn't going to do jacksht. You're not going to be able to brute it. That's the point of limiting it to two tries in 15 seconds. Do explain your logic differently if I didn't catch it. The last thing I want is an easy to do brute force attack.


Also, I planned on removing the 30 second wait for my approval before killing the car. 45 seconds is a bit much, imho. If the car is on for 15 seconds and then it dies and contacts me then they can't really do much in the first place. Then with my reply approving them, they can just restart the car and be on their way.


I found a remedy for the return-to-app problem. Nextel released some codes that'll allow me to run the app as a service: Start on boot, always on in background, etc...

With the codes I'll be able to remove needless protected applications (giving me more space to work with) and add protect to my application.


Kerm, as Kllrnohj said, car warranties are complicated. There's a lot that I can do to a car without voiding the warranty. If I tap the ignition and kill power to the car via a security mechanism, it definitely won't void a warranty...

And yes Kllrnohj, I do drive a crappy used Honda


Honda Accords are chopped all the time where I'm at... You won't see many 5-speed CD5 Accord Coupes around here, which actually makes my car a target. Regardless, it's not necessarily because my car is a target, or that I'm worried it'll get stolen (I live in a pretty clean neighborhood for now ).


I figured I'd add text-message authentication too. 45 seconds would be perfectly fine. And I agree; All great reasons to add support for it.

Also, when you turn the key it turns the power to the car on. Moving the ignition to stage 3 simply fires the chargger. The power 'surge' is because all the power is going to the starter to start the car.


I purchased my i290 phone today so it should be here in a week or two

Nice! You just need to figure out a way to send a text to your car and not let false messages in.

Obviously you can have the program listen to your number only. But if someone were to nab your phone and send a text to your car to unlock, it could be dangerous. And you can't visually protect info in a text like you can a password field, it'd be tricky. But I wouldn't worry about that unless you're super security conscious.

Though, you could set it so that the number could be a primeprimecomposite (so 070312, 010582) could be a working text authentication passcode and it can't be used twice within a two weeks.

That would also help in case someone did manage to get an outside text into the system.

Since it's a mobile plan, the car will have a phone number. The messages will be tagged with my phone's number and as long as they have the right code I presume it'll be OK. Although, brute force would be possible if you found out the car's phone number... but who the hell is going to know my custom 'lowjack' system's phone number? Regardless, I should probably think up a way to disable brute-force via text message.

EDIT I'll probably just restrict authentication to the contact number (the same number it set up for notifications and phone calls).


Explain the primeprimecomposite concept?


Just got off the phone with my brother and figured out a good way to disable the ignition completely before authentication. That way there's no way to even turn the car on before you authenticate. So, you type in the keycode and your car's ignition is unlocked. Instead of: turn car on, 15 seconds to authenticate, and then car is killed or stays on.

I was in my car today and I found some different areas for putting the mic and speakers, as well as some of the other components (including the "debug component" which will just be the extra keys and the screen, so that all the keys on the phone are accessible and the phone is still manageable via UI).

I can't wait to get the phone in! I'll be posting pic updates and such as I progress. I'll throw up a parts list and compile all this into a DIY type thing

So it'd be easy to remember a combination. Instead of remembering five random combinations, you could have a program split a number string you send into parts. Say, the parts are two digits long, or three or whatever. Then, it checks those parts to see if they are prime or composite. If the number string matches prime-prime-composite (or whatever you setup) it allows access to the following command(s) in the text (and/or for the next few minutes such as unlock car, pre-authenticate, etc)

If the number string doesn't match. The text is simply ignored.

And obviously, you'd rule out 000002, 010102, or whathaveyou incase something does try to brute force.

It will be relatively easy to move the keypad by, at the worst and most complicated case, soldering wires onto the comb-pattern PCB traces and connecting them to discrete buttons somewhere. You might want to leave the phone and its LCD together though; that would be very complex to make separate.

Alright, so I've purchased so far an i290 and an i265. Both should work perfectly, and I wanted two that I could experiment with.

KermMartian: Agreed. I could just cut out a hole in a portion of the phone (maybe where the battery goes?), leave the phone in the original housing, and run all the extensions through that hole. It would probably make it much easier.

I had that same idea to trace it. I'll build a separate keypad that will cap into the original keypad, and then the rest of the keys will be left intact on the original board.

comicIDIOT: Good idea. My only concern is that, if it's not a set passcode, how easy would it be for someone to guess a prime-prime-composite number combination?

Also, I wanted to clarify something... the $20 was in reference to the cost of the phone. The service is only $10.50/mon for unlimited data, $.10/min, and $.10/sms. Their prepaid services always come with a free $10 on the account too, so that will give me about 100 text messages to play with before having to add more onto the account. I'll just have to do a lot of research and such before I do any sort of sms or telephony testing. I doubt I'll go over 100 text messages for now, though. I'll need to keep ~$10 on the account every month in order to keep the account alive, but I can do that easily.

So far the cost of the project:
Code:


Of course, I'll narrow the "cost of the project" to one of those (which ever I decide to work with).

I just found the perfect places to hide the different components, including paths to wire it all into the car. Once I get the phones and take them apart I'll upload pics and update with a parts list that I'll have to come up with once I see the internals. Many of the items like the speakers (for inside the dash) can be salvaged from dead equipment I have lying around (thankfully). But, since this might be turned into sort of a DIY project, I might include sources to buy the different hardware for cheap.

I'm also looking at possibly building a separate module that will plug into the phone(s) serial port. The module will be constructed of one or more microprocessors to monitor a variety of different sensors I may integrate into the car (door open, monitor battery for closed-circuit, check for stage-2 ignition) as well as some other simple functions like even a simple little blinking red LED
The idea is that the module will send a certain code to the phone who will interpret it as an alarm or disregard it depending on the state of the security system.

I'm probably going to need a lot of help from everyone to code the MIDlet (J2ME/Java) (I haven't coded in Java in quite some time!) and probably some pointers on the microprocessor coding.

Any tips on what type of microprocessor(s) to use for now? I'm very interested in TI's dev board (forgot the name, I'll use search in a sec). That should suffice, if I remember correctly. I just need something simple that can monitor multiple sensors. And if not, I can grab a couple cheap low-end microprocessors to work for different sets of sensors.

Help me understand the best sensors to use to monitor these, please? (afterall, this is my first ever hardware project. halp? :B )

Wire-tap on the door button (check current?)
Tap the battery wire to check for closed circuit (check current? 12v... too strong??)
Switch on ignition (? to turn ignition on and off via phone keypad)

And I'll list some others later. Right now I've gotta bring my Dad to the airport. For the last one, would it be better to wire the keypad to the module? I might be able to just have the module do all the sensors, keycode checking, and switching... and then have the module send a code to the phone depending on the action or sensor that was triggered? In this case, the phone would only worry about sending the GPS location 24/7, and monitoring the serial port for 1 code to tell it to send me a text message and/or call me.

It may also be a question of whether or not the phone's hardware is easier to work with, and whether or not the key components should be written in Java (may be easier) or C. Let me know your opinions, people!

One last thought... if the sensor module were to handle everything from the passcode, to the sensors, to the switches, it might be a pretty expensive module to create. Whereas, the phone is a full piece of hardware and already programmed.

My only concern is that if someone were to look at your phone's texts to the car, and notice the same password over and over. But, the chances of that happening are extremely slim, and you'd have to know some of the cruelest friends.

Letting it vary will help the "spies" and thieves stay out and those who actually stop and look at text after text to find a pattern, but you'd be more able to spot people doing that.

My only concern, in general, is security. I'm always the one to put my expensive belongings away from windows even though our yard is fenced, we have "house security" and a good neighborhood. I park close to entrances/windows and under lights in parking lots and keep everything in my trunk or centre console (leaving my glove box for car manuals and other important information).

And regarding my new computer I'll be purchasing, I didn't want to allow browsers getting online and perhaps other things. So, my view on security is pretty tight and I'm rambunctious when it comes to this sort of thing.

Agreed. The main priority in all of this is security. But would it be more secure to have more then one possible code? or to have one fixed code? When it comes to my phone, I change the passcode on it every 4 weeks or so, keeping everyone out of it except for me, my friend Nick, and my girlfriend. When it comes to text messages, I always delete random text messages, and keep my inbox nice and organized, so that would not be an issue for me. I could easily remember my car's phone number, so I wouldn't even need it in my list of contacts.

I still need to figure out a way to limit text-message brute-forcing.


Kerm, Ben, Kllrnohj, or anyone else have ideas on the subject of microprocessors I posted in my last post? I apologize I'm not the greatest at summarizing my posts and making them smaller. Haha!

I received my i290 yesterday in the mail. I'll have to run up to Target or something and grab a SIM card so I can start using the service, but at least I've got it to play with until then!

However, I'd still really appreciate some input on the idea for the sensors module. I haven't had time to do too much research this past week due to finals, which is why I was hoping to get others' input but I guess no one was interested enough. Hahah.

I'll update on my progress when I have time! I should have screenshots and such of the i290 soon after I pull it apart (hopefully on Monday maybe??)

Target doesn't sell Sim Cards, however, I could be wrong since Cell Phones are more for the Mobile Solutions teams. Their hours are 10-8p and are by Electronics' cash registers. Talk to them and see if they sell SIM cards for pay as you go phones.

I wouldn't imagine you need one, wouldn't it come with a SIM? Anyways, they'll be able to get you up and going with your Pay-as-You-Go phone as well. I'd imagine that means inserting a SIM if you need one.

Yes they do sell SIM cards. I bought my i290 used, so the starter-kit didn't come with a SIM card. All I need to do is run up to Target or Wal-Mart during the day and buy a starter-kit (a SIM card). After I buy my SIM card all I need to do is call Boost Mobile and I'm good to go. I've checked around quite a bit already about all this

I need to hold of for a day or two before I can buy the SIM card though, because something was just brought to my attention that I had forgotten about. I should be up and running by Tuesday or Wednesday though

As you probably know, comicIDIOT works at Target, so I'm going to take his word on this one. Cool deal on the phones, though; Im looking forward to seeing more progress on this. Do you still need microprocessor guidance?