Anyone knows if KEELOQ has been compromised yet?

by mh » 3 Mar 2006 8:39

Dear all,

You probably have heard of KEELOQ (R) by Microchip, a rolling code system widely used for car remote controls.
It uses some proprietary cryptographic algorithm to "sign" each transmission. Each transmission includes the value of a 16bit counter ('rolling code') and the last 32k transmissions are not accepted by the receiver.

Now this technology is also embedded in a module that I could mount on the inside of a door, which then will turn the key as I command with a remote control

e.g.: http://www2.produktinfo.conrad.com/date ... -fr-nl.pdf
Nice product idea, not too expensive, will work with existing (Euro-) door hardware, etc.

However, I'm concerned about the security of the remote control. Assuming that there is no 'backdoor' engineered into that system, it might still be weak, esp. because it is on the market already for a long time, and the use in car remote controls might have inspired some people to actually invest time & money in compromising that system.

And if 'hacks' for this are already available, I would not want to put it on my front door.

Anybody knows if KEELOQ has been compromised yet?

Thanks,
mh

by **Isakill** » 3 Mar 2006 9:10

This sounds like a thread that belongs on the advanced part of the forum

by mh » 3 Mar 2006 9:17

This sounds like a thread that belongs on the advanced part of the forum

Maybe, but I'm not looking for information *how* to compromise that system.
I just want to learn *if* it has been done, and something about the risk around using this system - like:
- how many 'open'/'close' transmissions would a burglar need to intercept before he can generate his own 'open' transmission
- how long will it take to 'calculate' that transmission with current computers (minutes? years?)
- can I borrow the electronic 'key' to someone and be sure that he cannot copy it (e.g. by triggering 64k transmissions and recording them)?

Thanks,
mh

by **Shrub** » 3 Mar 2006 9:17

I think as long as its kept to a yes or no it will be fine.

by mh » 22 Jun 2007 10:54

As an update:

recent research would make that a "yes".

Cheers,
mh

by **TOWCH** » 22 Jun 2007 11:34

Didn't blackbag have an article on the compromise of these?

by mh » 22 Jun 2007 14:31

TOWCH wrote:Didn't blackbag have an article on the compromise of these?

At least I couldn't find that. Blackbag's recent electronics stuff is about voting machines.

The research I found -by accident- is pretty new (Feb. 2007)

Cheers,
mh

by **raimundo** » 23 Jun 2007 9:34

As its something digital, the real experts probably are hanging around the 2600 site.

by **unjust** » 23 Jun 2007 10:38

to the best of my knowledge the only -non-compromised keyless entry system is the floating key led method that some folks at cornell came up with. several common auto systems (i'm not sure about that one) can be compromised with only one access with the proper hardware/software.

by **dosman** » 23 Jun 2007 11:15

Once upon a time I had found some dead links off a Russian site for original Microchip sourcecode to implement keeloq, while inconclusive I consider it to be broken. Also floating around out there is an IEEE review of keeloq where some engineers attack the system (I assume both the algorithm and implementations of it). I was never able to get my hands on the article though.

by mh » 23 Jun 2007 15:47

dosman wrote:I was never able to get my hands on the article though.

Same with me when I started this thread.

Now it's all in Wikipedia.

Cheers,
mh

Anyone knows if KEELOQ has been compromised yet?

Anyone knows if KEELOQ has been compromised yet?

2600

Who is online