Dear Kaiju Users,

This post explains the Secure Decrypt feature and how to use it inside Kaiju.

Secure Decrypt is intended for seed-based keyfobs that cannot be identified by Kaiju’s normal analysis and require heavy computation. These seed-based remotes typically appear as Unknown remote in Kaiju.

 

What is a seed?

In rolling-code systems, a seed is the initial value (usually random) from which the device encryption key is derived. The seed is typically combined with a vendor/manufacturer secret to produce the device key (for example, 64 bits in KeeLoq).

The seed is transmitted only once during pairing between the keyfob and the receiver and is never sent again. To recover or derive a device key for a complex system you normally need at least two distinct codewords captured from the same remote. More captures with different counters improves the probability of success.

Seed-based models currently supported by Kaiju

Kaiju currently supports the following families:

  • FAAC SLH: XTx 433 SLH, XTx 868 SLH
  • Genius/Casali: AMIGOLD, JA332 AMIGO, JA40, AMIGO, KILO
  • BFT: Mitto, Mitto BRCB, MittoM, BRC B Clear ICE, BRC B VINEYARD, KLEIO, RB
  • Erreka: IRIS, LIRA, ROLLER, SOL433, SOL868, Vega
  • Sminn: BALEA, DUO, DUPLO, QUATRO

If your device is not listed, the operation will fail.

How to run Secure Decrypt

  1. Capture frames from the target remote. Minimum required: two distinct codewords from the same transmitter.
    Recommendation: capture 3–5 codewords where possible; codewords with incremented counters are most valuable.
  2. Start the Secure Decrypt process using one of two options:
    • Paste codewords directly (binary or hexadecimal). Enter at least two codewords separated by a comma , or semicolon ;.
    • Select two previously analyzed remotes from Kaiju’s history (both must be from the same physical remote).
  3. Select the brands/models to test from the supported list. If you select an unsupported model, the operation will fail.
  4. Click Compute to begin the Secure Decrypt process.
  5. Wait. Processing can take a few seconds to several minutes depending on complexity and the number of attempts required.

 

Mobile integration

Secure Decrypt is fully integrated into the PandwaRF Android app, so you can launch it immediately after capturing data with PandwaRF Rogue.

Licensing

The KeeLoq Secure Seed Decrypt license is available here: Kaiju Licenses page.

Precautions and best practices

  • At least two distinct codewords are mandatory; 3–5 captures significantly increase success chances.
  • Prefer captures where the remote’s internal counter has advanced (press the remote twice with some delay) rather than duplicated transmissions.
  • Use Secure Decrypt only on devices you own or for which you have explicit authorization. Unauthorized use is illegal and unethical.
  • If the first attempt fails, increase the number of captures and broaden or refine the set of tested models.