I'm interested in developing a new proprietary remote keyless entry system with rolling code. I know, there are many on the market. Many times I read about some transmitter/keyfob that claims to be "universal", in other words it is able to clone another transmitter, even if it uses a rolling code algorithm. http://www.ebay.com/itm/Universal-Rolling-Code-Garage-Door-Cloning-Remote-Control-Key-Fob-433mhz-New-/191736426365 How is it possible? It seems to me impossible to clone a true rolling-code keyfob, without knowing the used algorithm and the secret key. Even if I know the algorithm used by the original keyfob and I use the same algorithm on a new keyfob, they can't be used with the same receiver. Indeed, the rolling-code receiver accepts only new codes (in a limited window) and the two keyfobs can't be synchronized.
Remote keyless entry systems with rolling code: are transmitters really clonable?
Started by ●December 11, 2015
Reply by ●December 11, 20152015-12-11
Am 11.12.2015 um 13:18 schrieb pozz:> I'm interested in developing a new proprietary remote keyless entry > system with rolling code. I know, there are many on the market.If you really want to develop a new system, how is it that all you seem interested in is how to break into existing ones?> How is it possible? It seems to me impossible to clone a true > rolling-code keyfob, without knowing the used algorithm and the secret key.It's only as impossible as the rolling code is well-designed. Many apparently aren't. It appears the usual design goal in the garage-door opener business is just to avoid the naive playback attack and to avoid that your neighbour's garage opens, too.> Even if I know the algorithm used by the original keyfob and I use the > same algorithm on a new keyfob, they can't be used with the same > receiver.Actually, in that case they might be. All but the most braindead systems will offer a way to (re-)synch a keyfob with the receiver, to cover use cases like battery switching in the fob, or addition / replacement of fobs.
Reply by ●December 11, 20152015-12-11
Il 11/12/2015 15:05, Hans-Bernhard Br�ker ha scritto:> Am 11.12.2015 um 13:18 schrieb pozz: >> I'm interested in developing a new proprietary remote keyless entry >> system with rolling code. I know, there are many on the market. > > If you really want to develop a new system, how is it that all you seem > interested in is how to break into existing ones?I'm interested in knowing hot other break existing systems so I can design a better system.>> How is it possible? It seems to me impossible to clone a true >> rolling-code keyfob, without knowing the used algorithm and the secret >> key. > > It's only as impossible as the rolling code is well-designed. Many > apparently aren't. It appears the usual design goal in the garage-door > opener business is just to avoid the naive playback attack and to avoid > that your neighbour's garage opens, too. > >> Even if I know the algorithm used by the original keyfob and I use the >> same algorithm on a new keyfob, they can't be used with the same >> receiver. > > Actually, in that case they might be. All but the most braindead > systems will offer a way to (re-)synch a keyfob with the receiver, to > cover use cases like battery switching in the fob, or addition / > replacement of fobs.Yes, but many "universal" transmitters claim to clone a rolling code transmitter simply putting the original and new face-to-face, without touching receiver. I agree with you, I think it's impossible with a well-designed system.
Reply by ●December 11, 20152015-12-11
pozz <pozzugno@gmail.com> wrote:> I'm interested in developing a new proprietary remote keyless entry > system with rolling code. I know, there are many on the market.> Many times I read about some transmitter/keyfob that claims to be > "universal", in other words it is able to clone another transmitter, > even if it uses a rolling code algorithm. > http://www.ebay.com/itm/Universal-Rolling-Code-Garage-Door-Cloning-Remote-Control-Key-Fob-433mhz-New-/191736426365> How is it possible? It seems to me impossible to clone a true > rolling-code keyfob, without knowing the used algorithm and the secret key.As I understand it, with enough sequential codes you can break it. The idea is that in normal use, there won't be enough, but if you hold down the button long enough, so that it can get enough codes, it can do it. The cloning process is specific on how long you need to do it. That is close to how well I know it. I don't know how much computation is needed after you have a code sequence. Maybe longer sequences require less computation. In addition, the receiver has to accept non-sequential codes, as you might press the button away from the receiver. It has to be able to catch up. -- glen
Reply by ●December 11, 20152015-12-11
pozz <pozzugno@gmail.com> writes:> How is it possible? It seems to me impossible to clone a true > rolling-code keyfob, without knowing the used algorithm and the secret > key.https://en.wikipedia.org/wiki/Rolling_code has some details, particularly on the KeeLoq system which also has a separate article. Basically those fobs could have been designed securely, but they weren't.
Reply by ●December 12, 20152015-12-12
Il 12/12/2015 00:25, Paul Rubin ha scritto: > pozz <pozzugno@gmail.com> writes: >> How is it possible? It seems to me impossible to clone a true >> rolling-code keyfob, without knowing the used algorithm and the secret >> key. > > https://en.wikipedia.org/wiki/Rolling_code has some details, > particularly on the KeeLoq system which also has a separate article. > Basically those fobs could have been designed securely, but they > weren't. I already read that articles, but I can't find anything about the possibility to *clone* an original keyfob. First of all, attacks referenced in those articles are only for Keeloq system. If another system is used, how a "universal" transmitter can replicate the behaviour of the original transmitter? Even for Keeloq, they talk about "Replay attack" and "Side-channel attack" that are oriented to thieves that need only one-time valid code to open and steal the car. "Bute-force" could work, but they can't be used to *clone* an original transmitter. It seems to me, the cracks of Keeloq system can be used to clone an original keyfob.
Reply by ●December 12, 20152015-12-12
On 12/11/2015 9:13 AM, pozz wrote:> Il 11/12/2015 15:05, Hans-Bernhard Br�ker ha scritto: >> Am 11.12.2015 um 13:18 schrieb pozz: >>> I'm interested in developing a new proprietary remote keyless entry >>> system with rolling code. I know, there are many on the market. >> >> If you really want to develop a new system, how is it that all you seem >> interested in is how to break into existing ones? > > I'm interested in knowing hot other break existing systems so I can > design a better system. > > >>> How is it possible? It seems to me impossible to clone a true >>> rolling-code keyfob, without knowing the used algorithm and the secret >>> key. >> >> It's only as impossible as the rolling code is well-designed. Many >> apparently aren't. It appears the usual design goal in the garage-door >> opener business is just to avoid the naive playback attack and to avoid >> that your neighbour's garage opens, too. >> >>> Even if I know the algorithm used by the original keyfob and I use the >>> same algorithm on a new keyfob, they can't be used with the same >>> receiver. >> >> Actually, in that case they might be. All but the most braindead >> systems will offer a way to (re-)synch a keyfob with the receiver, to >> cover use cases like battery switching in the fob, or addition / >> replacement of fobs. > > Yes, but many "universal" transmitters claim to clone a rolling code > transmitter simply putting the original and new face-to-face, without > touching receiver. > > I agree with you, I think it's impossible with a well-designed system.What does "well designed" have to do with these systems? I expect the rolling code clone can work because there are only a few major makers and so only a few different rolling codes. -- Rick
Reply by ●December 12, 20152015-12-12
pozz <pozzugno@gmail.com> wrote:> Il 12/12/2015 00:25, Paul Rubin ha scritto: > > pozz <pozzugno@gmail.com> writes: > >> How is it possible? It seems to me impossible to clone a true > >> rolling-code keyfob, without knowing the used algorithm and the secret > >> key. > > > > https://en.wikipedia.org/wiki/Rolling_code has some details, > > particularly on the KeeLoq system which also has a separate article. > > Basically those fobs could have been designed securely, but they > > weren't. > > I already read that articles, but I can't find anything about the > possibility to *clone* an original keyfob. > > First of all, attacks referenced in those articles are only for Keeloq > system. If another system is used, how a "universal" transmitter can > replicate the behaviour of the original transmitter? > > Even for Keeloq, they talk about "Replay attack" and "Side-channel > attack" that are oriented to thieves that need only one-time valid code > to open and steal the car. > "Bute-force" could work, but they can't be used to *clone* an original > transmitter.From Keeloq article:> Applying what is called side-channel > analysis methods to the power traces, the researchers can extract the > manufacturer key from the receivers, which can be regarded as a master > key for generating valid keys for the remote controls of one particular > manufacturer.> The most devastating practical consequence of the side-channel analysis > is an attack in which an attacker, having previously learned the > system's master key, can clone any legitimate encoder by intercepting > only two messages from this encoder from a distance of up to 100 metres > (330 ft).IIUC all what is needed is to use side-channel to build katalog of master keys corresponding to various manufactures and then you can clone at will. AFAICS the main problems are: - use home-grown encryption method (such method frequently contain weaknness unknow to creator, but which can be find when details get known to the public) - large part of code is common to all devices from given manufacturer, so you can extract common part from one device and then easily break other - too short encrypted message With 128 bit messages you can use standard cipher, like AES. If you ensure that each encoder/decoder pair has its own key, than attack via common code no longer applies. Of course, jamming and reply attack still applies. To avoid reply attacks you need two way communication, there are well-known challenge-response protocals. Basically, if you ensure that attacker can not predict the challenge, then whole class of attacks becomes impossible. Now, practically you have problems: - ensuring that devices get good keys is tricky (think about installer which uses the same key for all devices or assigns codes in arithmetic progression). Note that assigning code at factory has risk that method used to genereate codes leaks and then all devices may be compromised. - strong encrytion and two-way communication may cause troubles with antiencription laws in some countries - IIUC individual device is allowed to transmit on 432 band only for tiny percentage of time, so you may run out of bandwidth when you try longer messages - you need more complicated device (probably processor) instead of simple hardware used for existing systems -- Waldek Hebisch
Reply by ●December 12, 20152015-12-12
rickman <gnuarm@gmail.com> writes:> I expect the rolling code clone can work because there are only a few > major makers and so only a few different rolling codes.There's a unique key in each device.
Reply by ●December 12, 20152015-12-12
On 12/12/2015 6:56 PM, Paul Rubin wrote:> rickman <gnuarm@gmail.com> writes: >> I expect the rolling code clone can work because there are only a few >> major makers and so only a few different rolling codes. > > There's a unique key in each device.But the algorithm can be determined. With a few samples you can determine the key. -- Rick
