Five Years of Rolling Code Analysis, Decoding, and Generation
RF Captures, Bad Assumptions, and Zero Clue
Five years ago, Kaiju started as a simple but ambitious project: to understand, analyze, and exploit rolling code RF systems properly.
It began during a strange period, marked by COVID-19 curfews, empty streets, and closed offices. One person, countless RF captures that made no sense at all, and a long series of failures and wrong assumptions. I designed and built Kaiju with almost no understanding of how rolling codes were supposed to work. Protocols were misunderstood, assumptions were incorrect, and many approaches failed completely. Progress came slowly, through repetition, failure, and constantly rethinking everything from scratch.
The Moment Rolling Codes Stopped Being “Magic”
Then came the first real breakthrough: the successful recovery of our first KeeLoq manufacturer key.
That moment mattered because it proved something fundamental: rolling-code systems could be systematically analyzed, understood, and broken, not guessed. In fact, in some cases, rolling codes can even be guessed. It was not obscure black magic cast by demi-god wizards, but simply algorithms with strengths and weaknesses.
That achievement became Kaiju’s first true milestone and the foundation for everything that followed.
From Experiment to Production Tool
Today, Kaiju has grown into a mature RF analysis platform used daily by law enforcement agencies, security professionals, and advanced researchers worldwide. Behind every Kaiju release and every newly supported system, there is a team, a structured process, and thousands of unit tests.
This anniversary is a good opportunity to pause, look back, and put some concrete numbers on what has been built.
Kaiju in Numbers (5-Year Snapshot)
Some numbers tell the story better than marketing slogans:
- Active users worldwide: 5,000+
- Supported rolling code RF systems: 650+
- Releases: 600+
- Years of development: 6
- First release: Nov. 26, 2020
- Total Git commits: 7,650+ and counting
- Lines of code: 450K
These figures reflect continuous development, not a frozen tool. Kaiju is actively updated, extended, and maintained.
Designed for Real-World Operations
Kaiju was built with operational constraints in mind:
- Supports offline forensic analysis (through the Kaiju dashboard) and live field workflows (using PandwaRF Rogue or the Marauder Android app)
- Works with professional RF capture hardware, supporting multiple input and output formats (modulated/demodulated, pulses, binary, IQ files, etc.)
- Integrates with PandwaRF Rogue, Marauder, Barracuda, Flipper Zero, and many SDR platforms
This is why Kaiju is relied upon in daily operations by law enforcement and specialized technical units worldwide.
Five Years Is a Milestone, Not a Finish Line
Reaching five years does not mean Kaiju is “done”. It means the foundations are solid.
Current and future development continues to focus on:
- Support for additional encrypted RF systems
- Development of new RF attacks
- Improved automation and protocol classification (fingerprinting)
- Tighter integration with capture devices (SDRs, Flipper Zero, …) or RF analysis tools (Universal Radio Hacker (URH), …)
- Performance, scalability, and reliability improvements
- Partnerships, custom development and reverse engineering for law enforcement agencies (LEA)
- Training programs for LEA agencies focused on rolling codes and advanced RF attacks
The RF access control landscape keeps evolving. Kaiju evolves with it.
Thank You
To the 5,000+ users, partners, and agencies who trust Kaiju every day: thank you. Your feedback, real-world use cases, and operational constraints are a major reason the platform is where it is today.
Five years later, Kaiju stands as a reference platform for rolling code RF analysis, and we are very proud of it.
And yes, the next five years are already in progress.
Djamil & the Kaiju team
