I have been reading the documentations about KeeLoq Encoder and Decoders for some time. My goal is to build both the Transmitter side and the Receiver side using the KeeLoq system.
I almost completed the basics, but I can not understand how do people clone KeeLoq Remotes or other Rolling Code remotes that easy. There are lots of remotes on Ebay telling they are able to clone a Rolling Code Remote by just pressing some of those buttons. There also some videos showing the same things on Youtube.
Q1: If I build my own transmitter using a KeeLoq Decoder (e.g. HCS301), can they clone my transmitters too? Or, can they just teach another KeeLoq Remote to my receiver and use it in the case they have the access to the learn button on my receiver. As I understood, they have to know the Shared Key in order to teach the Remote to my receiver.
Q2: If they can not clone it or they can not teach new remotes to my receiver; do my costumers have to request a new remote from me every time they need another one?
Best Answer
Q1: since KeeLoq defines the crypto used: yes, if you use an insecure crypto method, then no matter how you implement it, it will stay insecure
Q2: doesn't apply.
Note that KeeLoq has a stronger variant with a secret internal seed that will be much harder to clone (it's possible, I think it's been shown that with all existing implementations you can apply power usage side channel attacks that work well).
Also note that you must not believe what is said about products on ebay. they lie. Remotely copying KeeLoq isn't that easy. You can certainly, by timing-specific jamming, grab two codes, and only forward the first one to make it seem like the system works normally, storing the second one for later unlocking, but that doesn't "copy" the remote, but only a single unlocking code. Still, it's a weak system; it can be replicated by observing a very limited amount of codes. (The improved system remedies that by including 60bit of entropy, which explodes the number of required observations). The rolling code remote replicators might apply to other, common, rolling codes (for example).
The wikipedia page has more info.