# So Tell Me About Hacking Car Remotes

• I recently bought a vehicle with remote door locks but no alarm. Every now and then the locks seem to be unlocked, when I am fairly certain that I locked them (remotely) the last time I left the vehicle. A few times I have hit the buttons accidentally while stuffing my keys into a pocket, so I avoid doing that at all now if possible.
• What are the chances something is randomly tripping my remote locks?
• What are the chances that it is being tripped by other people with remotes/vehicles set to the same code as mine? - DougC

I have a VIPER 550 alarm system, which uses radio frequency to activate the system. According to the book, there are over 4 Million possible codes that it could send. This makes it virtually impossible for someone to stand next to your ride with the remote from thier own system and jam the buttons for a few hours and get in.

I am not sure exactly how the remote and brain remain in sync with each other though. If I hit the button on my remote far out of range of the car, you would think that the code would cycle in the remote and would not open the system when I returned to the car later on because the codes wouldn’t match. I am guessing that the brain sends a confirmation back to the remote that lets it know that the signal was recieved and to cycle to the next code. If you are out of range of the car then the remote will never recieve the confirmation so won’t cycle.

Thats my guess.

**A special digital coding system is used to separate one system from the next. For example, if you have a garage door opener, you’ll most likely find a series of small switches inside which you can use to set the “code.” This code is actually a binary number that differentiates your garage door system from your neighbors’. If you accidentally set the code to the same as your neighbor, and both of your systems are on the same frequency, both of your doors will operate at the same time!

How does this code work? It’s actually fairly simple. A digital circuit in the transmitter creates a serial pattern of ones and zeros which are sent by the transmitter repeatedly to the receiver at the far end. The receiver recovers the pattern of ones and zeros, which are sent to a decoder circuit. When the decoder circuit gets a pattern that matches what has been set by the user (the little switches you set at each end) it provides a control signal to whatever the gadget is that you want to control, be it a motor to open the garage door, or a switch to turn off the alarm in your car.**

I got this from a website describing how different kinds remotes work. What this makes me wonder is could you just make a simple device that rapidly cycles through frequencies until the car door opens? Doesn’t seem very difficult at all.

This is actually a simple problem for a radio tech. Heres how it works.

** KEEPING SYNC **

The remote and the central processing unit of the alarm keep in sync using a program encoded into both units. When the alarm is activated for the first time it sends out a radio wave to the car. The car responds by generating a random number, usually based off an internal clock. The remote stores that until the next time it needs access. Then it sends down the code.

To my understanding each of the coded numbers is a random factor of some small route number so that no matter what number the remote throws at the alarm, it will match.
** HOW TO STEAL THIS INFORMATION **

Now this is the expensive part. To steal someones code you need a piece of equipment refered to as a Spectrum Analizer. An O-Scope is a primitave version of this device. Using the SA you scan for radio frequencies. Preferably with just the analizer and the remote. Once you hit on the correct frequency you simply program a new remote to the correct frequency. That gets you the frequency, but not the clock sequence. For that, you need the vendor specific codes.

I saw a TV segment where the TV people had a device which captured the codes as people locked their cars and then they could open the car.

They did it many times at a big mall parking lot. Someone would arrive and walk away from the car. The crew would approach him and say “look, we can lock/unlock your car as we please”. People were surprised. The moral of the story is that for someone with such a gadget your car has no locks.

How Stuff Works - remote entry