We are pleased to announce the Alpha version of our online rolling code analyzer & generator – codename Kaiju.

Kaiju‘s primary purpose is to attack systems that implement rolling codes (sometimes called hopping codes), such as KeeLoq. These systems are commonly found on Remote Keyless Entry (RKE) key fobs for gate & garage openers, cars, alarms, etc.

Kaiju mainly supports rolling codes for gate openers, car alarms, and soon car keyfobs.

Disclaimer

Kaiju is for educational purpose only. Your are responsible to use this website and the generated data legally.
Please respect the applicable laws in your country before usage. USE AT YOUR OWN RISK.

Rolling code analysis

Kaiju takes an (encrypted) input stream captured from a target keyfob, process it, breaks its encryption, and returns details about the target keyfob:

  • brand
  • model
  • serial number
  • sync counter
  • encryption scheme
  • cipher text
  • plain text
  • etc…
 

Rolling code generation

Once stream encryption has been broken, Kaiju can also generate new valid rolling codes with the same serial number as originally found in the input stream.

 

Usage

Typical usage requires usage of a capture device, like a Software Defined Radio, a PandwaRF Rogue or any other RF module.

  1. Using a capture device, user shall capture data & demodulate it
  2. User copy/paste demodulated data into Kaiju
  3. Kaiju will take care of the rest and provide requested result: simple analysis or rolling code generation
  4. User shall copy the rolling codes generated by Kaiju and use them in any transmission capable device, with the same RF parameters (frequency, modulation, data rate, …) as original captured
  5. Kaiju generated rolling codes are strictly equals to the original rolling codes, eg. act as a clone of the original keyfob.
 

Requirements

  • To break a rolling code, Kaiju only needs an input stream, which can be a binary or hexadecimal stream.
  • The stream can be at the same data rate as the target keyfob (sampling rate = data rate), or over-sampled (sampling rate > data rate).
  • However the sampling rate of the input stream cannot be lower than the target data rate.
  • Kaiju is hardware-agnostic, which means it doesn’t depend on a specific HW to function.
  • Kaiju is also not aware of the modulation used by the original capture, so the input stream (binary or hexadecimal) must be provided demodulated.
  • Kaiju doesn’t accept raw I/Q samples from an SDR.
  • Kaiju requires that at least 1 codeword of the target keyfob is present in the provided input stream.
 

Rolling code API

Kaiju comes with a REST API support.
You can call the Kaiju API with the tool or language of your choice, and Kaiju will return nicely JSON-formatted results.

Kaiju requires an account to be used, and has some limitation in the amount of processing power used for each user.

Feel free to use and provide some feedback.