[topspin]

I think your conception of the sophistication of all this is a good deal too high. Fobs are extremely low power devices with truly terrible (undersized) antennas. Fabricating a digital repeater to produce a modest amplification is not difficult. The high frequencies involved are a benefit to the attacker because a high gain antenna remains reasonably portable. The active bits are low cost, widely available COTS digital transceivers and MMICs; the same stuff the fob and vehicle is made from.

A obvious countermeasure for such attacks would be to have the car measure the RTT between the car and fob, exchanging some cryptographic credential. If it takes too long the fob is too far away and/or an attackers repeater is adding delay.

[MuffinFlavored]

isn’t the car keyless go system the transponder and the key fob the receiver or vice versa?

[topspin]

Typically the fob is the transponder. The fob has a tiny battery: frequent transmissions would rapidly kill that battery. The car has an ample battery, so it transmits periodically and detects the responses from the fob transponder.

For the purposes of a "relay attack" this doesn't actually matter: all else being equal you could devise a relay system that works regardless of the roles of car and fob in the protocol.