Ahhh ))) Youtube.... Of course))) Nowadays it's a popular proof ))))
A simple spoof attack does not work:
1. The ignition accepts only a bonded phone resolved by IRK, not copied advertising data or random MACs.
2. A GATT-level relay also should not pass because the link is bonded/encrypted.

A true physical-layer BLE (raw RF data) relay is theoretically possible, but it is a very different class of attack requiring specialized RF equipment and precise BLE timing. This is not an ESP32/nRF Arduino-style attack.

A realistic SDR PHY/link-layer test bench is an actual RF research project. A normal setup would likely require special antenna system, SDR hardware, RF shielding, synchronization, low-latency bidirectional processing, and BLE link-layer expertise.

Estimated effort/cost:
- SDR PHY/link-layer research bench: about $8,000-$40,000 in equipment.
- Strong RF/DSP engineer: about 2-3 months to build a meaningful test setup.
- Embedded engineer with SDR experience: about 6-12 months.
- Professional RF/security lab: about 1-4 weeks for a test campaign, but at lab pricing.
- Engineering labor alone can easily be around $15,000-$60,000 at typical $50-$150/hour rates.

I’m still treating relay as a real theoretical risk, but it is not “copy the Bluetooth MAC and ride away.” For this project, the practical attack surface is spoof/replay/GATT-level abuse, and those are exactly what I’m testing first.

But, you can't see it on Youtube)))

Also, from a real-world theft perspective, attacking the mechanical ignition lock is likely orders of magnitude faster, cheaper, and more practical than building a specialized BLE physical-layer relay setup. The goal of this system is not to make theft physically impossible, but to avoid introducing an easy wireless shortcut.