When a car dealer asks you 130+ € for a remote and you find it in AliExpress for 2.72€, you start to evaluate some alternatives.
Did you get one and manage to get it to work? Cheap keys are a crap shoot.
That comment didn’t age well, did it? LOL. Hyundai and Kia have shown how easy it is to steal a car these days.
Some FYI on tech chronology and how it works… I did a paper on the Hitachi H1 passive transponder system like 16 years ago; rolling code(Nissan, Mazda, Toyota). A security company did one on the TI system(Ford, GM) about 14 years ago… Ford had a system back in the 90s that was only a resistor in the key(Passkey) which was immediately defeated… There were some guys at a EU hacker con who actually beat a SKIM stored algorithm about 10 years ago.
The algorithm is always stored in the BCM(usually under middle or right of the dash), or a SKIM(usually close to the steering column). I’ve never seen the algorithm stored in the media board or ECM. Jeep stored the seed in the ECM for a while, and a lot of OBD2 tools could blank it and the Jeep would still run.
1975-1984 Anti-Hotwire circuits; Nissan had them all the way up till the 90s in the Maxima and other models. In the 70s it was mostly Italian and German cars. Northern EU and Russian cars didn’t have anything till transponders were common around 2001
1985 GM had the first chip-key; I believe in the Corvette… it’s in the BCM I believe; no details on the ASIC debug capabilities
1995 Ford started resistor based Passkey program, Honda and other JDM started non-rolling transponder systems; stored in BCM. GM didn’t start a program till 1998; also BCM based. Not all JDM cars had it
2000-2006 Everything had BCM or SKIM stored non rolling systems; Hitatchi H1, TI’. ASIC typically had debug fuse blown, but you could blank seed or set new seed in ECM and start with any key. Suzuki and maybe Kia had no chips this era
2006+ Rolling code algorithms; same algo storage; different ECM configurations for seed or checksum
Regarding Rolling Code: The passive transponder has memory… If it was just the car chips you wouldn’t have the replay problem where it goes out of sync and you have to have a dealer’s network access to reset and rekey…
Pro car thieves in California had dealer access and would swap ECM on a lot of GM cars that had a special seed that would allow any key to work, and they had the cut code for owner keys from the network too; they stole rolling code GM cars in under two-minutes… The Hellcat theft wave was relay or dealer access; they swapped boards after transport and stripped the cars…
Bypass kits put the key or fob in a RFID antenna enclosure wired-in the circuit …
All UHF 315MHz or 433MHz
TL;DR; You’d need the algorithm to maintain response-sync; open the BCM or SKIM and look for unlocked SPI or JTAG, or some form of VRM or clock glitch attack to dump firmware over some exposed bus. This is how Chinese chip programmers are made. I’ve only seen two algorithms defeated outside the programmer market; nobody really looks, though
These companies are all cheap and lazy… You can likely glitch and dump the algorithms on everything and make tools…
Do u know the names of any of these devices?