TB003
®
An Introduction to KEELOQ Code Hopping
A remote control transmitter of the type normally used
Author: Kobus Marneweck
Microchip Technology Inc.
in vehicle security systems, is nothing but a small radio
transmitter that transmits a code number on a certain
frequency. This code number is normally generated by
an integrated circuit encoder.The transmit frequency is
normally fixed by legislation within a particular country,
enabling anybody to build a simple receiver that can
receive signals from all such transmitters.
INTRODUCTION
Remote Control Systems
Remote control via RF or IR is popular for many appli-
cations, including vehicle alarms and automatic garage
doors. Conventional remote control systems are based
on unidirectional transmission and have limited secu-
rity. More sophisticated devices based on bi-directional
transmission are also available but, because of their
high cost and certain practical disadvantages, they are
not widely used in commercial remote control devices.
It is a simple matter to build a circuit to record such
transmissions captured by the receiver. Such a device
is known as a code or key grabber. A would-be vehicle
thief would typically lurk in a parking lot, waiting until a
vehicle owner arms his alarm with a remote control.
The key grabber would capture the transmitted code,
enabling the thief to retransmit this code as soon as the
owner leaves the parking lot.Typically, this would leave
the alarm and/or immobilizer disabled and even the
central locking unlocked.
The popular unidirectional transmission systems cur-
rently have two very important security shortcomings:
the codes they transmit are usually fixed and the num-
ber of possible code combinations is relatively small.
Either of these shortcomings can lead to unauthorized
access.
The Solution
It is apparent that secure remote control systems can
only be implemented if two conditions are met. The
®
Code Scanning
KEELOQ code hopping system meets both these con-
ditions with ease.
The limited number of possible combinations available in
most remote control systems makes it possible to trans-
mit all possible combinations in a relatively short time. A
hand held microprocessor-based system for this pur-
pose (called a code scanner) can easily be constructed.
• A large number of possible combinations must be
available.
A 66-bit transmission code is used to make scan-
ning impossible. The 32-bit encrypted portion pro-
vides for more than 4 billion code combinations. A
complete scan would take 17 years! If the 34-bit
fixed portion is taken into account, the time
required for a complete scan jumps to 5,600 bil-
lion years!
In systems using eight DIP switches (256 combina-
tions), this scanning process can typically be accom-
plished in less than 32 seconds (when trying eight
combinations per second). Even in systems using
16-bit keys (yielding roughly 65,000 combinations),
only 2.25 hours would be required to try all possible
combinations. It should also be noted that the scanner
may gain access in far less than this maximum time—
the average time would in fact be half of the total time.
• The system may never respond twice to the same
transmitted code.
The random code algorithm will never respond to
the same code twice over several lifetimes of a
typical system.
Scanning is counteracted by increasing the number of
possible code combinations. A 66-bit code will yield
Every time a remote control button is pushed, the sys-
tem will transmit a different code. These codes appear
random to an outsider – there is no apparent relation-
ship between any code and the previous or next code.
19
11
7.3 x 10 combination and will take 2.3 x 10 years to
scan.
Code Grabbing
A far easier way of gaining unauthorized access to a
security system is freely available—such a unit is being
advertised as a tool for the “legal repossession of vehi-
cles.” To understand its operation, it is useful to know
something about remote controls.
KEELOQ is a registered trademark of Microchip Technology, Inc.
Microchip’s Secure Data Products are covered by some or all of the following patents:
Code hopping encoder patents issued in Europe, U.S.A., and R.S.A. — U.S.A.: 5,517,187; Europe: 0459781; R.S.A.: ZA93/4726
Secure learning patents issued in the U.S.A. and R.S.A. — U.S.A.: 5,686,904; R.S.A.: 95/5429
Ó 1996 Microchip Technology Inc.
DS91002A-page 1
5秒后页面跳转
三星深化印度制造布局,供应链本地化进程加速
芯擎科技“星辰一号”自动驾驶芯片点亮成功,2025年量产在即
纳微科技震撼发布GaNSlim革新氮化镓功率芯片
意法半导体发布第四代SiC技术,助力电动汽车电驱
微信公众号
抖音公众号
浙公网安备 33010502006866号 浙ICP备10014259号-119
营业执照ICP证
数据手册
如果您发现信息不准确,
