Main goal
Kaiju is an online rolling code analyzer & generator.
Its primary purpose is to attack systems that implement rolling codes (sometimes called hopping codes), such as KeeLoq. These systems are commonly found on Remote Keyless Entry (RKE) key fobs for gate & garage openers, cars, alarms, etc.
Rolling code analysis
Kaiju takes an (encrypted) input stream captured from a target keyfob, process it, breaks its encryption, and returns details about the target keyfob:
- brand
- model
- serial number
- sync counter
- encryption scheme
- cipher text
- plain text
- etc...
Rolling code generation
Once stream encryption has been broken, Kaiju can also generate new valid rolling codes with the same serial number as originally found in the input stream.
Usage
Typical usage requires usage of a capture device, like a Software Defined Radio, a PandwaRF Rogue or any other RF module.
- Using a capture device, user shall capture data & demodulate it
- User copy/paste demodulated data into Kaiju
- Kaiju will take care of the rest and provide requested result: simple analysis or rolling code generation
- User shall copy the rolling codes generated by Kaiju and use them in any transmission capable device, with the same RF parameters (frequency, modulation, data rate, ...) as original captured
- Kaiju generated rolling codes are strictly equals to the original rolling codes, eg. act as a clone of the original keyfob.
Requirements
- To break a rolling code, Kaiju only needs an input stream, which can be a binary or hexadecimal stream.
- Kaiju requires that at least 1 codeword of the target keyfob is present in the provided input stream.
- The input stream must contain the header, preamble or synchro bits if they exist.
- The input stream can be at the same data rate as the target keyfob (sampling rate = data rate), or oversampled (sampling rate > data rate).
- However the sampling rate of the input stream cannot be lower than the target data rate.
- Kaiju is hardware-agnostic, which means it doesn't depend on a specific HW to function.
- Kaiju is also not aware of the modulation used by the original capture, so the input stream (binary or hexadecimal) must be provided demodulated.
- Kaiju doesn't accept (yet) raw I/Q samples from an SDR.
Plans
You can create an account with an email or Google Sign-In.
- Kaiju Free Plan allows users to create and analyse remotes with a standard limited quota, due to limited CPU available on our servers.
- Using your PandwaRF (Rogue or Marauder variants) along with the PandwaRF Android App will unlock more CPU quota.
- The PandwaRF Android App requires a Google account.
- The data sent from PandwaRF Android app will be available on Kaiju if you signed-in with the same Google account as in PandwaRF Android App.
Licenses
Complete remote information and rolling codes generation can be enabled with a Kaiju License.
Remote Information without corresponding Kaiju License can be cleared from database at any time.
Rolling code API
Kaiju comes with a REST API support.
You can call the Kaiju API with the tool or language of your choice, and Kaiju will return nicely JSON-formatted results.
Support
We provide support via Discord.
Please check also our Youtube videos.