How Those Car Unlock Key Chain Things Work...

By: Brandt E


Ever wondered how those car key chain thingies unlock your car? Well, wonder no more, those key chains are a form of remote keyless entry or RKE for short. Those key chain ones that unlock your car are called key fob RKE's. Another form of RKE is those things that you usually have in your car to open your garage, there are also RKE's to disarm your house alarm, but they are less common.

RKE's started showing up around 1989, as an option to some American auto-mobiles. RKE's started becoming popular when came with General Motors' W-platform vehicles such as the Buick Regal, Oldsmobile cutlass supreme, etc.

Here is a picture of the inside of a common key fob RKE:
inside of key fob

In your key fob RKE there is a small chip that creates the code that gets transmitted; the small silver can is the transmitter, which is about the size of a pea. Here is the outside case, or shell, of a common RKE:

outside shell of common key fob diagram

The controller chip of a modern day car uses something called a hopping code or a rolling code to provide security( a rolling code means the code is different every time, with prevents thefts with a high-tech recording device from using the recorded message to unlock your car). Systems may use a different number bit code. For example, a device that uses a 40-bit rolling code provides about 1 trillion possible codes.

How it Works:

The transmitter controller chip has a memory location that holds the current 40-bit code. When you push a button on your key fob, it sends that 40-bit code and a function code that tells the car what you want to do (lock the doors, unlock the doors, open the trunk, panic, etc.).

Both the transmitter and the receiver use the same pseudo-random number generator. When the transmitter sends a 40-bit code, it uses the pseudo-random number generator to pick a new code, which it stores in memory. On the other end, when the receiver receives a valid code, it uses the same pseudo-random number generator to pick a new one. In this way, the transmitter and the receiver are synchronized. The receiver only opens the door if it receives the code it expects.
If you are a mile away from your car a
diagram of how a key fob RKE works
nd accidentally push the button on the transmitter, the transmitter and receiver are no longer synchronized. The receiver solves this problem by accepting any of the next 256 possible valid codes in the pseudo-random number sequence that is in its memory. This way, you could push a button on the transmitter up to 256 times and it would be okay -- the receiver would still accept the transmission and perform the requested function. However, if you push the button 257 times, the receiver will totally ignore your transmitter. It won't work anymore. :'(

Re-Syncronizing your RKE

What If you DO press the button 300 times, don’t worry! Most cars have the option to re-sync your car with your RKE. Here is a common way to re-sync your RKE:

Turn the ignition key on and off eight times in less than 10 seconds. This tells the security system in the car to switch over to programming mode.
Press a button on all of the transmitters you want the car to recognize. Most cars allow at least four transmitters.
Switch the ignition off.

Not too hard really, but if you have the option don’t do it in a crowded parking lot, there is the chance someone unlocks/locks there car in the process, making it synced with your car.

Given a 40-bit code, four transmitters and up to 256 levels of look-ahead in the pseudo-random number generator to avoid desynchronizing, there is a one-in-a-billion chance of your transmitter opening another car's doors. When you take into account the fact that all car manufacturers use different systems and that the newest systems use many more bits, you can see that it is nearly impossible for any RKE to open any other car door.

