ProDarwin UltimaDork
1/9/20 7:31 p.m.

My car has a big clunky keyfob, as all modern cars do.  I don't use the buttons on it.  It doesn't make sense to.  The car knows when I am close and I can unlock it just by hitting the door handle.  Same with starting the car - no need to put it in the ignition.  How can I get a small RFID chip programmed so I don't have to carry around this stupid giant keyfob?


What I have:


What I want:

Knurled. MegaDork
1/9/20 7:35 p.m.

First world problems: the thread

Keith Tanner
Keith Tanner MegaDork
1/9/20 7:46 p.m.

It's an interesting question, I'd like to know myself. I'll ping some friends who might know.

miatafan New Reader
1/9/20 7:50 p.m.

Generally small RFID chips are not powered and need to be very close to the receiver to work.  Think RFID hotel keys.

RossD MegaDork
1/9/20 8:02 p.m.

Our jeep grand cherokee says if the battery in the key fob runs out use the fob to push the start button on the dash.

codrus UberDork
1/9/20 8:34 p.m.

I'm not 100% sure, but I don't think keys like this are just RFID.

For my Audi, there is an RFID portion, but only works when held up right next to special spot on the dashboard.  That's the unpowered backup, for when the battery is dead or when the standard RF module in the car has failed.  The keep-the-remote-in-your-pocket-and-touch-the-door thing is powered.

The other issue is one relating to how cryptographically secure it is.  Some RFIDs are plaintext: they power up, they transmit a number, they power down, and the number is always the same.  This makes them vulnerable to "replay attacks", because anyone who receives that number can replay it back and pretend to be the device.  Other RFIDs are cryptographic, and I think (or at least I HOPE) that auto keyfobs work this way.  That's going to be a lot harder to create a duplicate of, which is kind of the point.


nimblemotorsports Reader
1/9/20 11:29 p.m.

Yeah my volvo has that big blob of a key and I really dislike it, but it doesn't have that close range id thing.

  Well you could just leave it in the car and use a different system to lock/unlock that uses the passive rfid?


Knurled. MegaDork
1/10/20 7:38 a.m.

In reply to codrus :

Whether they are cryptographic or not, they're still fairly easily spoofed by a RF repeater as you are walking away from the car.  Said repeater is also used to start the car with the keyless start.  Car is gone before you even get into the building.

ProDarwin UltimaDork
1/10/20 9:21 a.m.

Some good points made.  I guess the question is, how do I retain the same wireless/smart unlocking (the car knows when I'm near it or in it) in a package as small as possible?

Keith Tanner
Keith Tanner MegaDork
1/10/20 9:47 a.m.

Speaking to a friend who knows this stuff inside and out right now. Basically, RFID is unpowered and short range almost by definition. That's the "battery dead" option for a lot of cars, and how the Tesla card keys work.

The more distance stuff is a two-way communication. You can query the car as to lock state. It'll be cryptographically signed (assuming the coding wasn't done by an idiot) so you can't simply record and replay the signal.

So if you're willing to get really close, you should be able to clone the RFID "backup". Let me look into that.

Just for fun, we're looking at ND Miata keys because that's what I have on my desk :) It looks like it's same as is used on a bunch of other cars too.

Here's the inside view.

Keith Tanner
Keith Tanner MegaDork
1/10/20 10:07 a.m.

I have better things to be doing, but this is interesting.

Getting into the car is just a matter of a transmission, there's no back and forth chatter mentioned in the Mazda service manuals. However, to start the car the key has to respond to a request. It's not clear just what this ID data is. And there is what looks like an RFID backup option in the case of a battery failure. I'll be back :)

mtn MegaDork
1/10/20 10:10 a.m.

Hyundai/Genesis and Kia have/had smart keys that were the size of a credit card, although noticeably thicker. I want to get one for the Angievan. I'd have to get a new wallet, but it wouldn't be too much more space in my wallet which is always on my person, and it would be less obtrusive in my pocket than the key fob - for me, anyways (I carry my wallet in my front pocket).

Advan046 UltraDork
1/10/20 11:55 a.m.

Interesting topic. I think the auto makers and makers of that key are very interested in you not being able to do what you want without major effort. Otherwise the security of the technology would be considered much less than a physical key. Getting the key makers or automakers to share that code with you would be very difficult to achieve. While it would be possible to shrink down the hand held device just to open the doors and start the car when nearby. I am not sure how you could get smaller than the actual board that does that job. 

The board, nicely modeled by Keith Tanner, may simply need to be transferred to another container. Discarding the push buttons and old case.

Hacks for getting into many RFID cars today depend on physical proximity to the owners' keys and car at the same time.

Keith Tanner
Keith Tanner MegaDork
1/10/20 12:05 p.m.

BTW, that picture is attached to the records for the FCC ID. 

93gsxturbo SuperDork
1/10/20 12:13 p.m.

Two points on this:

  • Credit card keys.  Some MFGs offer them, and even if they have them only on a high spec model (think Lexus/Toyota) within brands and style of immobilizers they are all typically similar so you may be able to add a credit card key.  Refer to your favorite brand-specific website for more detail
  • 3D printed case.  I have a 3D printed case made by YotaMD for my Land Cruiser fob.  Way smaller than OEM and much nicer feel.  Still retains all the buttons.  You could make one that was just the board with no buttons though if you wanted to.  You would be limited to the design of the OEM circuit board but you could lose the aux key, buttons, etc.

Stefan MegaDork
1/10/20 12:19 p.m.

Looks like making a new, slimmer case for the existing board shouldn't be too difficult using some CAD software and a 3D Printer.

It won't be an ideal solution, but it would perhaps be a stopgap, especially if you can design to fit into one of those slim key organizers.


Something like this:

With some slight tweaks to conform to the desired size and cover the important bits.

codrus UberDork
1/10/20 12:32 p.m.
Knurled. said:

In reply to codrus :

Whether they are cryptographic or not, they're still fairly easily spoofed by a RF repeater as you are walking away from the car.  Said repeater is also used to start the car with the keyless start.  Car is gone before you even get into the building.

While this vulnerability is real, it's a fairly sophisticated way of stealing a car and not all that common.

Snrub HalfDork
1/10/20 12:45 p.m.

Fobs are so pedestrian, you need a sub-dermal implant. This is from a friend of mine. He actually did it (to) himself. Lots of good info.

ebelements Reader
1/10/20 12:55 p.m.

At least one manufacturer is listening.

Jaguar has something called "activity key" that's basically an RFID bracelet that lets you do just about whatever you need to do and leave your keys in the car.


ProDarwin MegaDork
5/25/21 11:59 a.m.
RabidBullFrog New Reader
5/26/21 2:56 a.m.

So how do these systems work on the car side of it. Is there just a module that controls just the locks and starting? Or would it be built into the BCM or something? I have a 1990 Skyline GT-R and want to incorporate the keyless locks and starting from a newer R35 GT-R.

Our Preferred Partners