1. The algorithm requires two-way data exchange. In simple signaling (which are opened by a grabber), the data flow is unidirectional: in the key fob the transmitter, in the base unit - the receiver.
1.1 If we already have a two-way channel, what prevents us from using normal cryptographic authentication protocols? Logic suggests that this is how it is done in modern signaling. I won’t name specific models, it’s very interesting. Manufacturers for some reason carefully hide information about their protocols.
2. You need to request passwords not in order, but randomly (but making sure that there are no repetitions). Otherwise, the following attack is possible:
- The victim removes the alarm from the car. The keychain starts the session. The alarm asks for password number 100500. The key fob says the password and command. We remember the number.
- The victim gets into the car and drives, we follow her.
— The victim puts the car on the alarm. The keychain starts the session. We put a hindrance, the base hears nothing.
- We pretend to be the base and ask for password number 100501. The key fob says the password and command. We write down.
The victim sees that nothing happened and presses the button again. The keychain starts the session. Again we put a hindrance, the base hears nothing again.
- We pretend to be the base and ask for password number 100502. The key fob says the password and command. We write down.
- We pretend to be a keychain and start the session. The base asks for password number 100501. We say the password and the command.
- The car becomes alarmed, the victim leaves.
- We pretend to be a keychain and start the session. The base asks for password number 100502. We say the password and the command. Our car.
3. The key fob will be poorly protected from copying. It is one thing to store 128 bits of a key in secure memory inside a cryptoprocessor, and another to store hundreds of megabytes of one-time keys. You will need an external flash drive that can be easily read.
4. What to do when the keys still run out? Reflash signaling? Generate new ones? And how then to pour them into the keychain? This point needs to be carefully considered.
5. What will the procedure for adding a new keyfob to the system look like?
In general, the idea is good and, if implemented correctly, will work reliably. But the devil, as always, is in the details :)

Probably, the developers of such systems benefit from stealing cars and buying new ones. I don’t see any other explanations, given the current level of technology development.

after all, asymmetric encryption solves the problem best of all.

Many systems initiate a session not by pressing a button on the key fob, but by its appearance in the "visibility zone" of the base. These are opened by relaying the signal.

In general, for a long time, almost all car alarms began to use a dynamic code. Started when I was a little boy and worked as an auto electrician/alarm installer. 15 years ago. Although such people are being robbed now, but I think it’s still necessary to look for an alarm with a fixed code. Can be installed with a dialog code, they are not opened by grabbers. But a lot depends on the setting.

Put on mechanical protection!

Now the most resistant to electronic hacking alarms with a dialogue code.
I can recommend Pandora (DXL lines above 3210, LX, Pandect X)
Or any Starline (with an index above 60 - a61, e60, a64, etc.)
These manufacturers guarantee protection against electronic hacking. If someone manages to hack, the manufacturers promise to pay 5 million rubles. as a reward.

You can advise a comprehensive solution like Pandora 4970 of the Pandora DXL line