1) A master device (which is us in fact) sends a request;
2) slave (the car module) updates EEPROM with current random number array;
3) slave generates a hash using SHA1 on random number and sends it to master;
4) meantime slave stores original SHA1 to RAM for further identification and generates another SHA1 over SHA1 (we love recursion yet, do we?);
5) slave combines initially generated hash (20 bytes) with a new hash (which sized 20 bytes as well) that just been made; (done for safe sake, not really required)
6) slave sends generared 40 bytes packet to the master (or only the first half as per option);
Second Stage
1) upon reception, master parses packet, extracts first 20 bytes to RAM, ignoring 2nd half of the packet (if present)
2) master adds to the last (20-th) byte of received sha1 alarm 'state byte' making sha1 size of total 21 bytes;
3) master makes HASH on the received HASH (again, that is) using secret key with alarm byte just added;
4) master sends generared 21 bytes packet to the slave;
Third Stage
1) upon reception, slave parses packet, forming an array with the packet received;
2) slave adds to the last [20] byte of previously generated sha1 alarm state '0', thus effectively making sha1 size of 21 bytes;
3) slave makes a hash on locally stored HASH using secret key with 'alarm byte' just added;
4) slave compares received hmac-sha1 with one just generated;
5) if values match, alarm state is found (zero); slave sets the new alarm state; done;
6) if not, slave adds to last [20] byte of received HASH alarm 'byte 1' (incremented byte) again making hash size of 21 bytes;
7) steps 4 and 5 are repeated until either equal hash found, or incremented byte reaches its predefined limit.
8) Once either condition is met, slave flushes previously generated HASH and executes the command given it was identified.
That's basically it.