Re: Using car key fob as generic remote control

probably not much in the RF you need to do, basically you'll be pulling off the shelf items. The single code non-rolling simple fobs are probably easy to decode and use the buttons, just listen for the same code sequence again and again...hence it's vulnerable to replay attacks. Need rolling code to thwart the replay attacks.

Re: Using car key fob as generic remote control

Forgot to link to some of the stuff I mentioned that claims to read rolling codes, so here it is...

Re: Using car key fob as generic remote control

If you get a receiver that knows about your transmitter from the get go, then things are easy once again... I'm sure there are probably multiple distinct examples out there and they're pretty much clones of these so perhaps things would be easier to deal with in this case, but if you have a one off transmitter, it would be quite a challenge to use these.

Re: Using car key fob as generic remote control

After doing some more reading, I learned (or rather inferred) some more about this particular PCF chip, despite the info being very scarce. It's quite complex. Inside the key fob, the chip isn't actually transmitting anything itself (i.e. it doesn't drive the antenna directly): instead, it "hands off" whatever data needs transmitting to a dedicated transmitter chip, which is what actually does the transmitting.

The PCF chip also handles the immobilizer part, which prevents the car from starting if the key is turned in the barrel, but the fob is not actually IN the barrel. I actually confirmed this myself a while back when I replaced the shell of my fob and tried giving it a turn without the board in the shell: the engine started for a second, but it immediately turned off. I don't care about that part at all and I probably don't care about the encrypted part of the 433Mhz message either - all I want is to pick up the "payload" (?) and work out what button was pushed.

I found something HERE, but again, I'm not sure if it'd work with my particular fob. I need to get myself a receiver and actually try it. I imagine it should pick up SOMETHING at least (it IS 433Mhz after all), even if the info would be encrypted/incomplete. It's not an issue, because as the guy said in the end of his article, we don't care about that data anyway because we don't want to interact with the car itself...

Re: Using car key fob as generic remote control

your wrong,
the "remote" and immobiliser are seperate.
the immobiliser is an RFID chip encased in epoxy that can be removed from the key and does not require a battery.

i experimented with them a while back to see if i could jam them from a reasonable distance

Re: Using car key fob as generic remote control

Ok, good to know - that's why I said "inferred" . What threw me off is the antenna coil in the datasheet for the PCF chip, connected to the "IN" pins on the left - apparently those receive something back from the car ? I thought those represented the NFC antenna for the immobilizer...or something.

Is the immobilizer the little coil here ? That's the board the fob for my Renault uses, by the way.

Re: Using car key fob as generic remote control

the immobilizer looks like a little black wedge - it's not on the pcb

Re: Using car key fob as generic remote control

Then I think it's THIS. I ran across them when I searching for stuff for this project, but couldn't tell what it is and where it's located. I guess it's in the car then, since it's not in the fob...

Re: Using car key fob as generic remote control

one goes in the key .

Re: Using car key fob as generic remote control

it's in the fob, it interacts with a coil around the ignition barrel.

Re: Using car key fob as generic remote control

There isn't anything else on the PCB, as you can see in the pic I showed (the other side only has the battery), hence why I think the PCF chip in the fob handles the immobilizer too...

That's not important anyway. I just ordered some 433Mhz receiver boards and will try this project. Obviously the fob will be different, but it should give me something I can work with...

Re: Using car key fob as generic remote control

Ok, I just had a go with these RXB6 modules and I get absolutely nothing out of them. The program the chap shows in his article uploaded fine, but I get no data in the serial monitor at all. I tried both my car fob which I'm most interested in and also a generic 433Mhz remote. I was expecting to see at least some garbage in the serial monitor. It could be any number of things: either the remotes don't match this module at all, or the code doesn't pick them up. It's worth noting my board is a Mega, unlike the Uno used in the article, so perhaps something else doesn't match.

I'll try some other resources to see if I get this module to pick up ANYTHING for a proof of concept test...

Re: Using car key fob as generic remote control

Rather than trying to defeat the security of the key, what about install a transmitter in the car connected to the door locks? Lock your car when it's near your house and it turns on the lights if it's dark.

Re: Using car key fob as generic remote control

if you read the first post,
it's not about the car, he wants to re-use the keyfob for other things.

Re: Using car key fob as generic remote control

Correct.

Re: Using car key fob as generic remote control

Check the RXB6 pinout, it has an enable pin 6 which floats high to enable data, not power save.
Some of those 433MHz RX modules have extremely weak data output 10uA (!) so a low value pullup or LED there will prevent any signal from being seen.
The SYN470R/SYN480R IC is totally gutless for output and try shut off the Arduino internal pullup resistor, no pullups anywhere and see if you get data.
There is always RX noise blips to be seen.

To troubleshoot- I took a CMOS inverter CD4049 etc. and connected it to the 433MHz RX module's output, as a buffer to then drive other gates for an LED and a speaker, and Arduino.
You can listen for what the module is picking up, beeps and boops or noise.

Re: Using car key fob as generic remote control

The problem is getting a receiver to interpret the encrypted communications, so the simplest solution would be to make use of the receiver in the car that's already set up for that purpose.

Using an Arduino compatible microcontroller and some sort of transmitter module, it would be quite easy for it to send packets when the doors are locked/unlocked, when a door is opened/closed, and when the car is started/stopped (to name a few events) just by connecting the GPIOs using voltage dividers to divide down the 12V to the 5V or 3.3V the Arduino uses.

Re: Using car key fob as generic remote control

Again, it's not about using the car as a receiver, since it's too far from anything (I live in in an apartment complex, so it's down in the parking lot) - it's about using the car's fob as a remote for stuff around the house.

Anyway, I don't even know where the receiver for the fob is located in the car and it's most likely potted in epoxy anyway. I'm not going to fiddle with that. Think I'll just stick with an additional remote on the keychain after all. This PCF chip seems to be quite tricky to crack.