Help! Lost 433Mhz Passive Car Key indoors.

Discussion in 'General Electronics Chat' started by Franko99, Apr 28, 2018.

  1. Franko99

    Thread Starter New Member

    Apr 28, 2018
    2
    0
    Somewhere in my house lies a 433Mhz passive entry car key. What I would like to do is build or buy some sort of electronic detector tuned to help me home in on it.
    Can anyone help or advise please?
    Many thanks,
    Franko
     
  2. Reloadron

    Distinguished Member

    Jan 15, 2015
    3,456
    1,535
    Here is the problem:
    Passive Keyless Entry (PKE)
    Now with the above in mind Short of literally removing the transceiver from the vehicle and dragging it around the house till you get in range of the key fob there is no easy way around this. The problem is also compounded by the rolling code feature.

    The question then becomes how can I build a device or transceiver or is there a "hack"? Your best bet may be an automotive forum many of which cover things like lost PKE Key Fobs and locating them.

    Ron
     
  3. AlbertHall

    AAC Fanatic!

    Jun 4, 2014
    6,193
    1,444
    A metal detector?
     
    -live wire- and Reloadron like this.
  4. Reloadron

    Distinguished Member

    Jan 15, 2015
    3,456
    1,535
    Good idea and you may find wealth in your couch cushions which incidentally is where I always find lost keys and key fobs.

    Ron
     
    -live wire- and nsaspook like this.
  5. Franko99

    Thread Starter New Member

    Apr 28, 2018
    2
    0
    Thanks for your advice and explanation Ron.
    What you say now allows me to appreciate the extent of my problem.
    The ‘rolling code feature’ would seem to be the blocker in my case.
    I will have a search in automobile forums as you suggest but fter two days searching though I think I may have to bite the bullet and pay an exorbitant price for a dealer to programme a new key.
    Thanks for your sound advice which is much appreciated.
    Franko.
     
  6. Hymie

    Member

    Mar 30, 2018
    465
    96
    I’ve always wondered how these rolling code fobs work when you have more than one key fob for the vehicle – how does the fob that has been sitting in your wife’s handbag for over a week know what the current code is?
     
  7. nsaspook

    AAC Fanatic!

    Aug 27, 2009
    4,673
    4,990
    Both the fob and car have 'wheels' filled with secret numbers that spin in synchronization (from the pairing sequence) but may be out of synchronization (a window) by a few number slots over time until they communicate, agree on the code and synchronize again.
    [​IMG] [​IMG]
    The fob(s) in purse keeps spinning (between sleeping to save energy) in sequence so when it transmits the code to the car the numbers 'match' in the designed window of slots in the sequence.

    If a person recorded the sequence fob sequence and then played it back later the results would be much like this.
    [​IMG] 220px-Wheel_of_Fortune_Round_1_template_Season_31.png
    Totally Out of sequence and out of the number slot window tolerance.
     
    -live wire- and Reloadron like this.
  8. Raymond Genovese

    Active Member

    Mar 5, 2016
    957
    530
    ...and if one knocks out the receiver and records the fob, they will have valid unused codes....the user presses twice because the first time didn't unlock the door. The invader sends the first code to unlock the door, pacifying the user and keeps the second valid code to gain entry later....now that is about 10 years old and has been written and programed about extensively...please tell me that it does not work that way any more.

    Also, I thought (and I really don't keep up on these things) that in PKE the car wakes up the fob on a different frequency (that's why the user does not need to press a button sometimes...just pull on the door handle, for example, which the transceiver in the car recognizes and send a wake up to the fob and starts negotiating. The fob once awake sends an ID at 433 in the OPs case. If that is true, one could conceivably construct a fob finder by sending out the wake up frequency and listening for a 433 burst. No?
     
  9. nsaspook

    AAC Fanatic!

    Aug 27, 2009
    4,673
    4,990
    That was the old "Rolljam" attack crack. If you include a incremental counter in the key fob coded transmission then additional transmissions with the old incremental count are invalid at the receiver. This can be broken too as keyless entry one way systems with limited code space and keys will likely remain vulnerable. Two way communications can offer much better security.
     
Loading...