Cloning RFID car keys.

Description of your first forum.

Cloning RFID car keys.

Postby smen » February 22nd, 2011, 3:42 am

I only have one key for a 1999 subaru forester I recently purchased. It has a "transponder" in the key which disables the immobiliser when the key is in the ignition.

Locksmiths have "special equipment" to clone keys, but will often charge over $100 just to program a key for you.

After a bit of googling, it seems that these "transponders" are in fact just rfid keys.

Would I be able to buy a RFID reader/writer to read the code of my working key, and program it onto another one?

How can I be sure that the reader/writer will work with my keys?

I thought here would be the place to post, I've been following hackaday for years, and it always seems to be the place where rfid hacks pop up.
smen
 
Posts: 4
Joined: February 22nd, 2011, 3:35 am

Re: Cloning RFID car keys.

Postby MS3FGX » February 22nd, 2011, 10:01 am

Well, the short answer is "no".

The locksmith certainly does have "special equipment", something you won't be able to replicate cheaply. You won't be able to write to the chip in a blank transponder key with any kind of normal RFID reader, so the cost alone of buying a proper transponder key reader/writer would cost many times what just getting a new key made would (if you could even find somebody to sell you one).

I think you might also be greatly underestimating the complexity of the transponder key system. When the locksmith makes another key for such a car, there are many additional steps that differ between the make and model of the vehicle. The first thing to understand is that they don't simply copy your existing key's tag, they generate a new tag and register that with the car's ECM. This often involves calling the manufacturer of the car and giving them the VIN, as the manufacturer needs to generate a code for that particular code to allow a new key to be programmed.

Finally, while a rather bad idea from a security standpoint, you could always break the chip out of your existing transponder key and mount it somewhere in the steering column near the ignition switch. This will effectively disable the immobilizer system completely, at which point you can just get new non-transponder keys cut for the car. I know a few people who went this route when they saw how much money and trouble it takes to make new keys, but obviously you do this at your own risk.
MS3FGX
 
Posts: 356
Joined: January 25th, 2011, 10:47 pm

Re: Cloning RFID car keys.

Postby Velifer » February 22nd, 2011, 2:56 pm

MS3FGX wrote:they generate a new tag and register that with the car's ECM. This often involves calling the manufacturer of the car and giving them the VIN, as the manufacturer needs to generate a code for that particular code to allow a new key to be programmed.


This often involves reading the manual, (or for Subaru, reading the dealer service bulletin) putting a working key in, turning it on and off in the described pattern, swapping in the new key, then turning it on and off in the described pattern. In every case I've heard of, the ECM gets programmed to the new key, the key does not get "programmed" to the car.

Dealers like to keep that a secret, because it's quick money. There are links online for how to do this.
User avatar
Velifer
 
Posts: 33
Joined: January 26th, 2011, 2:00 pm

Re: Cloning RFID car keys.

Postby smen » February 22nd, 2011, 3:44 pm

Velifer wrote:
MS3FGX wrote:they generate a new tag and register that with the car's ECM. This often involves calling the manufacturer of the car and giving them the VIN, as the manufacturer needs to generate a code for that particular code to allow a new key to be programmed.


This often involves reading the manual, (or for Subaru, reading the dealer service bulletin) putting a working key in, turning it on and off in the described pattern, swapping in the new key, then turning it on and off in the described pattern. In every case I've heard of, the ECM gets programmed to the new key, the key does not get "programmed" to the car.

Dealers like to keep that a secret, because it's quick money. There are links online for how to do this.

Thanks gents. Good info to know.
I haven't been able to find links online for 1999 era subarus to register keys to the car.
smen
 
Posts: 4
Joined: February 22nd, 2011, 3:35 am

Re: Cloning RFID car keys.

Postby MS3FGX » February 22nd, 2011, 4:11 pm

Velifer wrote:
MS3FGX wrote:they generate a new tag and register that with the car's ECM. This often involves calling the manufacturer of the car and giving them the VIN, as the manufacturer needs to generate a code for that particular code to allow a new key to be programmed.


This often involves reading the manual, (or for Subaru, reading the dealer service bulletin) putting a working key in, turning it on and off in the described pattern, swapping in the new key, then turning it on and off in the described pattern. In every case I've heard of, the ECM gets programmed to the new key, the key does not get "programmed" to the car.

Dealers like to keep that a secret, because it's quick money. There are links online for how to do this.


In all the cases I am aware of (and a quick search on Google indicates Subaru is the same), this process involves two registered keys. You put the registered key in first, then the new key, and finally a second registered key. This is designed to show that the person registering the new key is the owner of the vehicle, as all new cars come with two sets of keys. If the process only required a single registered key, this would make the system considerably less secure.

As the OP stated he only had one working key for the car, I didn't bother to bring this method up.
MS3FGX
 
Posts: 356
Joined: January 25th, 2011, 10:47 pm

Re: Cloning RFID car keys.

Postby Jo Nathen » February 22nd, 2011, 6:34 pm

My local junk yard gets keys in every so often for cars...check one of them.....or maybe EBAY....
Jo Nathen
 
Posts: 10
Joined: February 20th, 2011, 11:00 pm

Re: Cloning RFID car keys.

Postby smen » February 22nd, 2011, 7:52 pm

Jo Nathen wrote:My local junk yard gets keys in every so often for cars...check one of them.....or maybe EBAY....


I actually bought a second hand key from my local junk yard, but I bought it for the remote central locking bit, not the key itself.

Any second hand key from a wrecker will be paired and cut for another car, and will be virtually no use to me. The key I got *may* have enough meat left on it to cut one to match my car, but I will still be left with the issue of programming the transponder.

By the way, it turns out the chip in the keys for 1999 subarus are a "fixed" code unit. Meaning that a lock smith who has access to one key, would simply copy the code to the new key. Is there any reason I couldn't do this with an RFID reader/writer? surely it's worth a try? My only concern is making sure that I purchase a reader that is compatible with my key.
smen
 
Posts: 4
Joined: February 22nd, 2011, 3:35 am

Re: Cloning RFID car keys.

Postby smen » February 22nd, 2011, 9:23 pm

Subaru have just provided me with the key code, imobiliser code and "teach?" code.

I'll use the key code to get one cut.

The imobiliser is an 8 digit decimal number. Would this give some sort of hint to what sort of RFID chip is in the key?

I've got no idea what the teach code is, it's only 4 digits, maybe it's for the factory stereo.
smen
 
Posts: 4
Joined: February 22nd, 2011, 3:35 am

Re: Cloning RFID car keys.

Postby Cayla Kerr » January 8th, 2016, 12:42 pm

smen wrote:I only have one key for a 1999 subaru forester I recently purchased. It has a "transponder" in the key which disables the immobiliser when the key is in the ignition.

Locksmiths have "special equipment" to clone keys, but will often charge over $100 just to program a key for you.

After a bit of googling, it seems that these "transponders" are in fact just rfid keys.

Would I be able to buy a RFID reader/writer to read the code of my working key, and program it onto another one?

How can I be sure that the reader/writer will work with my keys?

I thought here would be the place to post, I've been following hackaday for years, and it always seems to be the place where rfid hacks pop up.



I had a problem smilier to yours but I actually lost my transponder key. I am sure mostly everybody has done that once or twice. I thought about doing it the way you plan "doing it my self." I am that type of person who doesn't really like asking for help and don't like paying for it thats for sure. I started to do my research on how to do this because I needed my car back quickly. Everything I was reading was going to state it was going to take time for me to receive the transponder key (I see you already have yours :) ) but once I also receive it based on my car it would it would need a professional to get it programmed to the car. There was a specific article that caught my eye http://united-locksmith.net/blog/how-ca ... -or-remote and decided to go with a professional and that really hard for me to do since I like doing everything myself. I don't know how much you were in a hurry to get your car back, but when I called my local locksmith they were there in 20 minutes max. They just verified the car was mine with some paper work and once that was done they made my key and programmed it. I was on my way in another 10 minutes. I did end up spending more money than if I would doing it myself but instead of taking me a week to just get a key took me 30 mins. ( Either way with my car I would of needed to go to my dealership or locksmith to get it programmed.) So I feel what I lost in money I gained in time. :D
Cayla Kerr
 
Posts: 2
Joined: November 19th, 2015, 4:13 pm

Re: Cloning RFID car keys.

Postby skuller » October 20th, 2016, 12:51 am

I had successfully cloned several RFID keys using a custom made RFID reader and Arduino micro controller. :mrgreen: :mrgreen:
skuller
 
Posts: 3
Joined: October 20th, 2016, 12:17 am
Location: Montreal

Next

Return to General Talk

Who is online

Users browsing this forum: Bing [Bot] and 1 guest