Has anyone successfully used a 433.93hz (USA) receiver to locate car key fobs?
Considering buying a shield and using one of the libraries to create a receiver, and then walking it around my house to find my d%^@ keys. Figuring there can not be too many RF 433hz signals in my house and it should get me with in a few feet of my lost keys.
Unfortunately any documentation out there is shady people trying to unlock cars so its not really credible. I have a pile of arduino boards. the transmitter/receiver shields look fairly cheap and the libraries look fairly simple. But I have been down this path with Arduinos before and its turned into a research project.
Thanks for any advice you may have. And yes I have a spare set of keys, yes I have the key code to get a new one. But I don't feel like a trip to Subaru and the cost involved. I also have a separate remote start fob, my front door key, and all my grocery rewards cards on the lost set of keys.
Given how feeble the batteries in key fobs are and how surprisingly long they last, I would not expect that they transmit except when the buttons are pressed. In consequence, finding the keys in the way you propose is unlikely to work. Have you looked in the fridge
The fob activates the side lights on the car at a range of about 4ft, so I am assuming its a passive RFID on the fob. Made me think if the car can see it and arduino should be able to also. Don't care about the data, see a mess on the serial monitor and assume something must be close.
Unlikely to be passive RFID at those distances. More likely the car (with its huge battery) is sending a periodic probe and looking for a reply. If you can figure out what the car sends and what the fob replies you might be able to build an active RFID reader.
The key is likely to have a passive RFID chip for backup (in case the fob battery dies). If you get an RFID reader and put on a larger antenna, so it can read a passive chip at a longer distance, you can sweep your house for passive RFID chips.
Did You check the previous coat, trousers, bags.....? Do as I do, have a strict routine for handling keys and wallet! Else, be aware of Yourself! I know from myself.
I am using a key fob with two buttons that run on the frequency range you mention. I can ASSURE you that the fob ONLY is active when power is supplied by pressing one of the buttons. You are assuming that fob is always transmitting and you can find it with a suitable receiver. If that was the case, the battery in the fob would be gone in a day or so. In a fob, they may last 10 years.
The "Remote Keyless Entry" fobs transmit only when you hit one of the buttons.
So called "Smart Keys" are apparently transponders in the sense that the fob will transmit when it is triggered by a query from the car and the range for that query is, by design, short range. The Wikipedia article linked below describes the query (and inside/outside car) as being on a low frequency (LF) channel at 125 kHz, so probably some form of RFID-like proximity technology, with the key fob transmitting on 315 or 433 MHz.
This is what I get for being a drunk over the holiday season!
I think Mr Mark is understanding what I have as there is clearly a signal from the car and a return from the fob without any buttons being pressed. When the fob is within range of the car there are lights on the mirrors that turn on and the doors and hatch will unlock when the sensor and button is pressed.
Its sounding like this is a fairly complex handshake and I have no motivation to crack Subaru's code. I was hoping that this was a common RFID protocol like the cheap card reader I have. That way I could be in the right frequency with a transmitter, activate the chip, and turn on an LED. So basically a scanner that just shows the presence of an RFID device. Then we could share this with the next idiot that can not find his keys.
All the same thanks for the sanity check, I am going back to blaming my wife for my lost keys!
scouser1023:
Its sounding like this is a fairly complex handshake and I have no motivation to crack Subaru's code. I was hoping that this was a common RFID protocol like the cheap card reader I have. That way I could be in the right frequency with a transmitter, activate the chip, and turn on an LED. So basically a scanner that just shows the presence of an RFID device. Then we could share this with the next idiot that can not find his keys.
All the same thanks for the sanity check, I am going back to blaming my wife for my lost keys!
If you have an RFID reader for 125 kHz it would be interesting to see what happens if the spare smart key is comes in range.
The reader shouldn't need any special programming. RFID works by reader sending an unmodulated (125 kHz in this case) carrier and the tag magnetically couples to this to receive it's power. Once powered the tag modulates the load on its antenna which the reader sees and demodulates. If the smart key works like this, presumably the reader would see some code associated with the smart key.
As I understand the wiki article, when the key sees power on 125 kHz it also responds on 433 MHz. If this understanding is correct, a "smart key finder" that intermittently transmits a carrier on 125 kHz and looks for response activity, that is a time-coincident transmission that doesn't need to be demodulated/decoded, on 433 MHz might be a workable solution and a reasonably straightforward project.
What isn't clear is if there is some coded information from the reader/car side that the smart key has to see before activating. If this is the case, the problem may be a lot harder to crack.
I have a Toyota vehicle with a smart key system, but don't have any 125 kHz RFID bits on hand or I'd give this a try. That means it goes to the very long list of "someday" projects.
Mark, think about 4 identical Toyotas parked side by side. When you approach them, only YOUR Toyota will respond. There HAS to be different coded information sent by each truck or chaos would be the result.
Paul_KD7HB:
Mark, think about 4 identical Toyotas parked side by side. When you approach them, only YOUR Toyota will respond. There HAS to be different coded information sent by each truck or chaos would be the result.
Paul
Maybe not. The relay attack described in the Wikipedia article implies that any transmission can trigger the smart key to respond. So any of those four cars can make the fob respond, but only your car will recognize the cryptographic key it sends and will unlock if you're close enough.
Paul_KD7HB:
Mark, think about 4 identical Toyotas parked side by side. When you approach them, only YOUR Toyota will respond. There HAS to be different coded information sent by each truck or chaos would be the result.
Paul
I'm postulating that the car's response is to either the "unlock" signal on the 433 MHz channel of the key fob which is the same rolling code one would get by pushing the button or else the car is seeing a unique RFID from the fob on 150 kHz as with common RFID. Perhaps both are required.
On the cars that we own, one also has to be pull on the door handle or touch a (presumably capacitive) sensor to unlock the door. This suggests the car's exterior RFID-like stuff that triggers a fob response isn't activated until that happens. Also the 150 kHz channel is magnetically coupled so the useful range is probably on the order of a meter or less.
I'm admittedly speculating on how this stuff works from my reading of the wiki article and a few other sources and would be interested in any information that supports or contradicts what I've described.
FYI finally found my keys a month later. Took me 3 hours. Anyway if this was easier there would be a market given the dealership told me it’s $350 to replace key fobs.
If anyone stumbles across this the short answer is it’s not worth it lol. You would have to know a lot about the car and encryption to make something useable. And there are a few different frequencies that would require different hardware to get this started. I think this would be very easy for the car manufacturer to do, but why would they!
