Kaiju - Rolling code analyzer & generator

Main goal

Kaiju is an online rolling code analyzer & generator.
Its primary purpose is to attack systems that implement rolling codes (sometimes called hopping codes), such as KeeLoq. These systems are commonly found on Remote Keyless Entry (RKE) key fobs for gate & garage openers, cars, alarms, etc.

Rolling code analysis

Kaiju takes an (encrypted) input stream captured from a target keyfob, process it, breaks its encryption, and returns details about the target keyfob:

brand
model
serial number
sync counter
encryption scheme
cipher text
plain text
etc...

Rolling code generation

Once stream encryption has been broken, Kaiju can also generate new valid rolling codes with the same serial number as originally found in the input stream.

Usage

Typical usage requires usage of a capture device, like a Software Defined Radio, a PandwaRF Rogue or any other RF module.

Using a capture device, user shall capture data & demodulate it
User copy/paste demodulated data into Kaiju
Kaiju will take care of the rest and provide requested result: simple analysis or rolling code generation
User shall copy the rolling codes generated by Kaiju and use them in any transmission capable device, with the same RF parameters (frequency, modulation, data rate, ...) as original captured
Kaiju generated rolling codes are strictly equals to the original rolling codes, eg. act as a clone of the original keyfob.

Requirements

To break a rolling code, Kaiju only needs an input stream, which can be a binary or hexadecimal stream.
Kaiju requires that at least 1 codeword of the target keyfob is present in the provided input stream.
The input stream must contain the header, preamble or synchro bits if they exist.
The input stream can be at the same data rate as the target keyfob (sampling rate = data rate), or oversampled (sampling rate > data rate).
However the sampling rate of the input stream cannot be lower than the target data rate.
Kaiju is hardware-agnostic, which means it doesn't depend on a specific HW to function.
Kaiju is also not aware of the modulation used by the original capture, so the input stream (binary or hexadecimal) must be provided demodulated.
Kaiju doesn't accept (yet) raw I/Q samples from an SDR.

Plans

You can create an account with an email or Google Sign-In.

Kaiju Free Plan allows users to create and analyse remotes with a standard limited quota, due to limited CPU available on our servers.
Using your PandwaRF (Rogue or Marauder variants) along with the PandwaRF Android App will unlock more CPU quota.
The PandwaRF Android App requires a Google account.
The data sent from PandwaRF Android app will be available on Kaiju if you signed-in with the same Google account as in PandwaRF Android App.

Licenses

Complete remote information and rolling codes generation can be enabled with a Kaiju License.

Remote Information without corresponding Kaiju License can be cleared from database at any time.

Rolling code API

Kaiju comes with a REST API support.
You can call the Kaiju API with the tool or language of your choice, and Kaiju will return nicely JSON-formatted results.

Support

We provide support via Discord.

Please check also our Youtube videos.

Disclaimer

This site is for educational purpose only.

You are responsible to use this website and the generated data legally. Please respect the applicable law in your country before usage. USE AT YOUR OWN RISK.

Warning

All Free Plan accounts and associated data may be cleared at any time.

Legal Notice

Features

Rolling code analysis
Rolling code generation
Pending job queue
Web dashboard
REST API support
Data sent using API is available on Dashboard and vice-versa
Fully integrated with PandwaRF Rogue
Free-to-use
Running 24/7

Register

Don’t have an account?

Create an account with your email

Log In

Already have an account?

Supported devices (Gate Openers)

ACM: TX4, TX2 COLOR, TX2 SMALL
AERF: Sabutom, Tmp, Tmp-1, Tmp-2, Hydom, Terra, Medva, M_EVO-3A, Other
AN-motors: AT-4, AT-4B, AT-4A, AT-4N
ATA: PTX4, SecuraCode
Aprimatic: TR, TM 4
Aprimatic: TX-E, TX4E, TXE
Aprimatic: TXM, TX4S, TX2P
Avidsen: 104250, 104250 OLD2, 104250 RED, 614701, 104257, 104350, 104700, 654100, 654300, RMC-1LM 664700, 654250, 104250 BLUE, 104250 NOIR, 504257 White
BFT: Mitto, Mitto BRCB, MittoM, BRC B Clear ICE, BRC B VINEYARD, KLEIO, RB
Ballan: TMxx
Beninca: TO.GO2VA, TO.GO4VA, IRI.TX4VA, IRI.TX4AK, TO.GO2A, TO.GO4A, TO.GO2AS, TO.GO4AS, TO.GO2AK, TO.GO4AK, HAPPY.2VA, HAPPY.4VA, HAPPY.2AK, HAPPY.4AK, TOGOVA
Beninca/Allmatic: APPLE, CUPIDO, IO, LOT WCV, ROLLKEY, T4WK, T4WV, TOGO WK, TOGO WV, B.ROxWN, TECH3 PLUS, B.RO STAR, B.RO OVER
CLEMSA: Mutancode, Mutancode 433, Mutancode 868, Mutancode Mini 433, Mutancode Mini 868
Came: Atomo EV, Ato, Atomo
Came: Space, SP2, SP4
Cardin: S435, S437 TX
Cardin: S508, S437 TX
Cardin FM: S449, S449 QZ, S449 QZP, S449 QZPNEW
Celinsa: MoveCode, X-2, Z-2
Centurion: NOVA-TX
Chamberlain: 5433E, 94334E, 94335E, 94335E-OLD, 94335EML, 9433E, 75EML, 8433, V1
Chamberlain: 891LM, 892LM, 893LM, 891MAX, 892MAX, 893MAX, 951EV, 952EV, 953EV, TX4RUNI, V2
Comunello: KEEP, KEEP 2/4, VICTOR 2/4
DEA: Genie R 273, GOLDR, GOLDS, GT2, GTI2, GTI4, GTI2M, GTI4M
DTM Poland: Neo
Dickert: HS868-00
Ditec: BIXLG, BIXLP, GOL4, ZEN, Rolltore MPSTP2E
Ditec: ZENP2, ZENP2MT, ZENP4, ZENP4MT, ZENP
Doormatic: MILENY
E.T. Systems: ET-Blu Mix, ET-Blue, BLUE, MIX
ETDOOR: Maguisa
ETDOOR: Type 2
EcoStar: RSC, RSE, RSZ
Elmes: U2T, U4T, U2TK, UMB100HT, DWB100HT, CH4HT, CH4H200T, DW200HT, ST200HT, CH8HT, DWM50HT
Elvox: ERT 1, ETR 2, ETR 4, ETR 5
Erreka: IRIS 433, IRIS 868, LIRA 433, LIRA 868, ROLLER 2, ROLLER 2 868, ROLLER 4, ROLLER 4 868, SOL433, SOL868, Vega 433, Vega 868
FAAC: RC, XT 433 RC
FAAC: XT2 433 SLH, XT4 433 SLH, XT2 868 SLH, XT4 868 SLH, XT4 868 SLH LR, DL 868 SLH, T 433 SLH, T 868 SLH, TML 433 SLH, SLH
Fadini: Birio, Jubi 433, Jubi Small
GSN: TXRC09
Genius: Bravo/Echo, Bravo, Echo, ECHO TX RC
Genius: Genius SLH, Genius Amigo, SLH
Gibidi: Mako, AU1600, AU1680, Domino, Mako AU031xx
Gimson Robotics: GLA-CU-X2
Go: Jcm, Forsa, Roper, Emfa, Hibrid, Dmil, Nueva Castilla, Cyacsa, Hydom, Baleato, Noratek, Zibor, Norton, Gibidi, Cubells, +Kom, Caren
IO-Homecontrol: KeyGo
Intratone: 09-01xx
JCM Gen1: JCM Tech, JCM GO PRO MINI STANDARD, Forsa/O&O, GO FORSA, Emfa, GO EMFA, Hybrid Plus, GO HYBRID PLUS, DMIL, GO DMIL, Nueva Castilla, GO NUEVA CASTILLA , Hydom, GO HYDOM, Zibor, GO ZIBOR, Neo/Sagem(Tabaco), JCM Tech, Cubells, GO CUBELLS, Norton, Cyacsa, Gandara, Gibidi, Gibidi_2, Cas, Puertas Lorenzo, Baleato, Antonio Oneca, GO-2, ServiParking, NEO SERVIPARKING, Pujol, GO PUJOL, Other, NEO20-ACC
JCM Gen2: Cubells, Norton, +KOM, TPH, Roper, Other
Key: TXB-42R, TXG-44R
King Gates: STYLOxK*
King Gates: STYLOxK*, STYLO2K*, STYLO4K*
Ligur/Schellenberg: Stilmatic, 60853
Linear: HCS, HCS TX2T-A, HCS TX3T-A, HCS TX4T-A
Mc Garcia: Unknown
Merlin: M830/M230
Motorline: MX4SP
Nice: Era, ONE, ON ERA, INTI, ERGO, PLANO
Nice: FloR, ERA-FLOR, INTI, ON, ON4E, VERY-VR
Nice: MHouse, GTX, GTXC, Moovo MT4G, Moovo MT4V, RT3, TX4, Smilo, SMILO SM2, SMILO SM4
Normstahl/Entrematic: EA433-K, EA4333-KM, RCU433-xK, T433
Novoferm/Crawford: Novoferm/Tormatic, MCHS, MNHS, NOVOTRON, EA433K, EA433KM, T-433
Peccinin: 3C
Prastel: BFOR, MPSTLE, MPSTPE, MTE, TC4E
Pujol: Vario, Neo, TWIN, Universal, VARIO, VARIO MARS, VARIO OCEAN, VARIO SECURE
Roper: Go, Mini Go, Neo
Rossi: CT
Ruku/Ansonic: ANSIC-R0
SEA: HEAD, COCCINELLA ROLL
SEAV: BE GOOD, HAPPY RH, HAPPY RS
Silvelox: ECO-TSM2, Mhz 2007, QUARZ SAW, ECO-TSM4, 3400155
Skymaster/Doorhan: MHZ, MHZ00, TX4
Sminn: BALEA, DUO, DUPLO, QUATRO
Sminn: BALEA, DUO, DUPLO, QUATRO
Somfy: Keasy, RTS V1
Somfy: Keytis, Keytis RTS, Keytis RTS NS, RTS V2
Somfy: RTS V1
Sommer: TCX3-868-4, 4020, 4026, 4031, 4025, 4025 433, 4025 868 BLACK, 4025 868 BLUE
Stagnoli: KALLISTO, VENUS
Telcoma: FM, FM402
V2: V2, HANDY, Match, PHOENIX, PHOENIX NEGRO, PHOX, TRC, TSC, TXC, ACM PIX2
VDS: ECO-R
Wisniowski: LUNAR, 4A433, COVER, 4GO, 2H433, U-MOVE, Unknown2

Supported devices (Roller Shutters)

Jarolift: TDRC08
Somfy: Telis, Telis RTS, Telis RTS Negro, Telis RTS Patio, Telis RTS Pure, RTS V1