How the keyless entry system works

Keyless access – pros and cons.

“Sore” question for some, which stops many from buying “not modern” or “poor in equipment” cars, deprived of the now fashionable option – keyless access!

I suggest you read a couple of articles and watch a couple of videos and then have a “crap” – need / don’t need))).

Long Distance Emergency Start System (ESS-L). It is used to steal Toyota and Lexus cars of 2008-2020 model years

Unlocker is a device for disabling original alarm system and opening doors. Connected by “needles” to the headlight socket

Fresh article from Autoreview:

…it is acupuncture that allows you to open up any modern Toyota or Lexus accurately and almost without damage. The main thing is to be able to get close to the digital bus, which is used for communication between the electronic units, and know exactly where to apply the injection. For example, the most easily accessible vulnerable place of Land Cruiser family SUVs is the left headlight. Breaking off the corner of the bumper and connected “needles” to the bus, we send a simple non-coded command in the chain of control of the central lock – and the car disarms and unlocks the doors. Judging by how failsafe this uncomplicated backdoor works, in the circuitry of Toyota and Lexus cars such a “back porch” was incorporated intentionally – probably to make it easier to break into cars in case of loss of keys. Next, to start the engine, you can go two ways: write a new key to the control unit or clone the current key by reading the transponder data from the block. In both cases, an arsenal of criminal emulators and “starters”, of which there are a great many for Toyota and Lexus cars, will help us. All of them are connected to the diagnostic connector OBD and in their work using another built-in vulnerability cars – the ability to record new transponder tags without a master key (made this, obviously, to simplify the procedure for complete key recovery for their loss). Where to get such a “wind-up”? A cursory search of the Internet opens an incredible number of sites and trading platforms that sell such gizmos, and, in order to avoid violating Article 138.1 of the Criminal Code (“Illegal trafficking of special technical means designed for tacit information acquisition”), dealers position their goods as “diagnostic” equipment, naively warning buyers against misuse. Judging by the prices, these sites do not live poorly, but not for long: at least one is already closed. According to our information, his owner was prosecuted, convicted and sentenced to … a fine of 200 thousand rubles. He didn’t destroy any evidence, actively cooperated with the investigation, pleaded guilty and repented wholeheartedly! Toyota and Lexus car thefts peaked in 2016, and then a number of independent Russian experts put on a show of thefts for the Japanese, showing them the frightening criminal vulnerability of the cars. They say they were impressed. The range of cars, which could be programmatically hijacked by criminal “starters” of the old generation and a simple replacement of the engine control unit, then substantially reduced. A 15-minute delay was introduced to key programming, and the Toyota Land Cruiser 200 SUVs and Lexus vehicles were made vulnerable, allowing emulation of the keys through the diagnostic connector. Non-volatile sirens, tilt, towing, interior volume, and trunk door glass break sensors appeared, and the first step was taken to protect the keyless channel, the biggest security hole in keyless cars. Fans of opening their cars with “handles”, ouch! Already understand that today there is no easier, safer and faster way to seize your property than theft by repeater: one person stays near the parked car, the second approaches you at an innocent distance – and good riddance!

In the five years since our experiments with a similar device, the Relay Station Attack method has become epidemic, and the development of the technology has gone in the direction we predicted: the key is now “stolen” right from the apartment, making it respond through the wall. There is no longer any dependence on the skill of the operators, because the request, the response of the tag and the synchronization status of both devices are now shown on the displays. The communication range between repeater units is increased to 600 meters, so you can witness your own car being stolen while smoking near the window. Or you might not – and then it will be even harder to find it.

Article from Autoreview 5 years ago:

A car standing by the sidewalk recognized me from a few steps away. It turned on the interior lights, opened the mirrors and responded to my outstretched hand with a characteristic click of the central lock. I start the engine, move off, and notice the warning inscription on the display: “Key not found”. That’s right, I really don’t have the key to this car. And I didn’t have one. But there is an electronic device that allows you to open and start the car telepathically, from a distance. The hijackers call it the Long Arm.

Have you ever driven a car with a Golden Key? The one that automatically arm the car, open the doors and allows you to start the engine with a button, without taking the keychain out of your pocket? Cool stuff! The system is so smart, that now an ordinary ignition key is like a stone axe. In industry terminology, such systems are called PKES (Passive Keyless Entry and Start), and in a simplified form their work looks like this. As soon as the driver approaches the car and presses the button on the door handle (instead of it there may be a touchpad or an electronic gate, responsive to the hand), the car “wakes up” and starts a dialogue with the key:

– Hi, I’m car X with electronic number Y and code ID Z. Who are you?

I opened the cars of my acquaintances this way. At first I waited until the rightful owner parked the car, got out, closed the door, looked around … Now, holding in his bag pre-installed “emulator”, I approach the driver’s door – and at the moment when my accomplice with the “reader” approaches the owner of the car (our actions we coordinate via phone, using innocent verbal expressions), I press the button on the door handle. The car gives out a search query, the “emulator” receives it, demodulates it, amplifies it – and immediately transmits it via radio bridge to the accomplice. His equipment performs the reverse action – and “interrogates” the key in the owner’s pocket. Grabbing the response parcel, “extender” the same way sends it back – and through the “emulator” retransmits to the car. I pull the handle – and the door opens hospitably! Before starting the engine, the access system asks for the key once again (via the antenna in the driver’s seat backrest), so I still hold the “emulator” near me – and after pressing the “Start/Stop” button, I hear the cheerful roar of the starter. Let’s go! Now I don’t need the key – neither real, nor “emulated”: the engine will run until I turn it off myself!

What about the ban on “radio spectacles”? The trick is that information between units is transmitted without digital signal processing, by direct spectrum transfer – and it allows keeping within the time limit given by the car access system for a dialog with the key.

Here’s my catch. Infiniti Q50 sedan, Nissan X-Trail, Nissan Pathfinder, Toyota Highlander, Toyota Land Cruiser 200, Toyota RAV4 and Lexus RX 350. Not bad in a couple of days?

Keyless access to the car: what it is and how it works

Cars produced in recent times, namely in the twentieth century, are opened and closed with a key, since they have a mechanical lock.

The XXI century has made adjustments to the principles of automotive engineering, almost all mid-range vehicles use technology where keys and standard locks are no longer needed to get into the car.

What is keyless entry? This electronic system allows you to recognize the owner of the car with a special chip, which is usually located in the key fob. The owner of the vehicle gets access to the cabin, trunk and engine start without any key. Also keyless access allows you to protect the car from theft. Some automakers even suggest using a smartphone as a control device. But based on personal safety, the smartphone can be lost and anyone can gain access to the car. The cost of a keyless entry system depends on the features and functions it performs.

1. How it works. The operation is based on the following algorithm, which has a two-level check:
2. The car owner, approaching the car at a distance of 2-3 meters, presses the button on the key fob, the system sends a corresponding signal to the block system, which is located in the car itself;
3. The signal received is processed by the system and in response sends an encrypted signal to the key fob.
4. The unit, located in the key fob, after processing the encrypted signal received from the unit system again sends a code signal in response to the request, but on a different frequency.

The system in the car, having received a positive response to all requests, allows the driver to open the door by removing the car from the alarm system.

If you use a smartphone rather than a key fob for keyless access, in which case the data will be transmitted via Bluetooth or via Wi-Fi network, which is made much less often.

Also, automakers have now stepped forward in the development of the keyless access system and incorporated driver recognition. When starting the car, if the driver has significant deviations from previously set weight and height parameters, the system will ask for a password. If the car owner is driving, he will be able to unlock the system knowing the password, but if it is a car thief who managed to hack the system, the attempt to steal the car will not succeed.

How to install. Cars that are produced nowadays, almost all are equipped with keyless entry with an expanded choice of options. But if the car is already with mileage and you want to implement a new technology, there is a system of Smart Key, which you can install yourself if you have experience with electronics, or contact a special center.

• It is worth remembering that the installation of the system will require interference in the control unit of the car engine and car alarm key fob. Also the installation process may differ from the given depending on the model. In general, the installation is as follows:
• First, the key fob keyless access is installed, the most suitable place for this is under the torpedo;
• The next step will be the connection to the alarm control unit, then the configuration of systems and synchronization;
• The start button is installed and connected;

The entire system is synchronized with the chip that will be responsible for remote access.

In exceptional cases, with a very sensitive system, you will need to configure it to avoid triggering the system from a distance of more than 2-3 meters for security purposes.