Code Scanning
The limited number of possible combinations available in most remote control systems makes it possible to transmit all possible combinations in a relatively short time. A hand held microprocessor based system for this purpose (called a code scanner) can easily be constructed.
In systems using eight DIP switches (256 combinations), this scanning process can typically be accomplished in less than 32 seconds (when trying eight combinations per second). Even in systems using 16-bit keys (yielding roughly 65,000 combinations), only 2.25 hours would be required to try all possible combinations. It should also be noted that the scanner may gain access in far less than this maximum time— the average time would in fact be half of the total time.
Scanning is counteracted by increasing the number of possible code combinations. A 66-bit code will yield 7.3 x 1019 combination and will take 2.3 x 1011 years to scan.
Code Grabbing
A remote control transmitter of the type normally used in vehicle security systems, is nothing but a small radio transmitter that transmits a code number on a certain frequency. This code number is normally generated by an integrated circuit encoder. The transmit frequency is normally fixed by legislation within a particular country, enabling anybody to build a simple receiver that can receive signals from all such transmitters.
It is a simple matter to build a circuit to record such transmissions captured by the receiver. Such a device is known as a code or key grabber. A would-be vehicle thief would typically lurk in a parking lot, waiting until a vehicle owner arms his alarm with a remote control. The key grabber would capture the transmitted code, enabling the thief to retransmit this code as soon as the owner leaves the parking lot. Typically, this would leave the alarm and/or immobilizer disabled and even the central locking unlocked.
The Solution
It is apparent that secure remote control systems can only be implemented if two conditions are met. The KEELOQ® code hopping system meets both these conditions with ease.
• A large number of possible combinations must be available.
A 66-bit transmission code is used to make scanning impossible. The 32-bit encrypted portion provides for more than 4 billion code combinations. A complete scan would take 17 years! If the 34-bit fixed portion is taken into account, the time required for a complete scan jumps to 5,600 billion years!
• The system may never respond twice to the same transmitted code.
The random code algorithm will never respond to the same code twice over several lifetimes of a typical system.
Every time a remote control button is pushed, the system will transmit a different code. These codes appear random to an outsider – there is no apparent relationship between any code and the previous or next code.