last posts

Types Of Security Systems In Immobilizer

There are several types of security systems on the market that use RFID transponders.

Types Of security Systems In Immobilizer

Systems with a fixed password (fixed code)

These systems are the most common. First, when registering ignition keys, the ECU “learns” the passwords stored in each key transponder for a given vehicle. Transponder IDs are meant here, because the task of driver authentication in a system with a fixed password is reduced to identifying a transponder instance; in a more advanced version, the ECU additionally calculates checksums corresponding to the registered key labels. The driver then inserts the key into the ignition and the transponder ID is read and compared with IDs stored in the ECU memory.

The degree of protection here is determined primarily by the type of transponder used. There are write-once transponders that are issued without recording. Their programming is the responsibility of the user. Available read-write tools also allow you to find out the transponder ID when it is outside the vehicle, and then enter it into another, empty transponder. Thus, a fixed password can be copied into a duplicate, which will not differ in any way from the original (for example, transponders of early VAG immobilizers).

These Read Only systems are factory-set with passwords using a unique ID number. These systems do not allow copying.

This statement is not absolute: apparently, what is meant here are not just any transponders, but those developed by Texas Instruments. These transponders really cannot be duplicated by simple means, when the password is copied into a rewritable Read/Write transponder from the same company. The fact is that TI immobilizers recognize the type of transponder, and the task of identifying a duplicate is solved with a negative result, so even the correct authentication ID is not accepted. This is exactly what the authors meant by the words about the impossibility of copying and was true for about 10 years, counting from the appearance of the first transponders.

However, it remains possible to reproduce the data signal at radio frequency. Building a playback device for this purpose requires considerable effort and a good knowledge of radio.

Since 2004, special Keyline tags have been available on the market, allowing you to duplicate Texas Instruments transponders through just such emulation. To give an idea of the technical level of Keyline development, it is enough to say that this device, together with the power supply, fits into the head of a key of normal size, and the power supply is not intended to be replaced, i.e. is implied to be practically eternal for this design.

Rolling code systems

Rolling code systems operate in the same way as fixed code systems, with the difference that the password in the key remains valid temporarily, usually during one ignition cycle. The transponder used here is already regritable, of the Read/Write type, and the immobilizer ECU periodically programs its memory. The password changes, but in cryptographic terms it is still a static authentication procedure, one-way authentication.

To ensure system reliability, it is possible to resume synchronization in the event of an error or interruption in the transponder memory rewrite process. It is these synchronization failures that are the weakest point of the described system.

Password protected transponders

Simple mutual authentication can be accomplished using a transponder protected by a password. The transponder will deny access to secret data in its memory until a password is sent that identifies the device working with the key. The length of this password greatly affects the level of protection.

The password is usually broadcast by the ECU in clear text and can be learned or guessed if the transponder is available for such tests. Depending on the length of the password, the time to guess it can vary from several minutes to several years.

A limitation of the system is its overall response time, which may not be suitable for practical use.

Composite password-protected rolling systems

can also be robust through the use of rewritable gated transponders. They provide a high degree of protection. Weak points are synchronization and its failures (a typical problem with Mercedes-Benz ML).


Font Size
lines height