Newer devices support Remote Key Provisioning (RKP), so you still can't export keys but you can import them. (Physical attacks are still possible, just very difficult)
If the data is going through the air or a wire it can be sniffed, right? Is every message signed or encrypted like ssl/tls, or is this just some kind of extra header(s)?
Yes, it can be sniffed. It will at least use transport encryption, like TLS. For everything, yes. So you'll only get encrypted data you cannot read. You could attempt a Man-in-the-middle attack on this connection. Unless the app is badly made, this will not succeed.
And then, even if you could look inside, there's another type of asymmetric cryptography going on: the remote attestation itself. Again, if properly designed and possibly backed by a hardware security chip, it cannot be spoofed. This isn't something trivial like a shared secret in an HTTP header.
Okay, well that's a start. Could you help me understand where I went wrong? I'm not trying to be stupid here but just saying "wrong" is extremely unhelpful.
The github OP reports that browser-based login still works, so it'll likely be circumventable.
Wouldn’t any Volkswagen keys need to cross the network to get into the Secure Enclave? Or couldn’t you exploit the Volkswagen app itself?
Keys in the Secure Enclave never leave the device (or the SE for that matter) and cannot be extracted even physically.
Newer devices support Remote Key Provisioning (RKP), so you still can't export keys but you can import them. (Physical attacks are still possible, just very difficult)
If the data is going through the air or a wire it can be sniffed, right? Is every message signed or encrypted like ssl/tls, or is this just some kind of extra header(s)?
Yes, it can be sniffed. It will at least use transport encryption, like TLS. For everything, yes. So you'll only get encrypted data you cannot read. You could attempt a Man-in-the-middle attack on this connection. Unless the app is badly made, this will not succeed.
And then, even if you could look inside, there's another type of asymmetric cryptography going on: the remote attestation itself. Again, if properly designed and possibly backed by a hardware security chip, it cannot be spoofed. This isn't something trivial like a shared secret in an HTTP header.
Wrong.
Okay, well that's a start. Could you help me understand where I went wrong? I'm not trying to be stupid here but just saying "wrong" is extremely unhelpful.