1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Keyfob Hacking

Discussion in 'Gen 2 Prius Accessories & Modifications' started by dluks, Sep 2, 2014.

  1. dluks

    dluks Junior Member

    Joined:
    Oct 28, 2008
    5
    0
    0
    Vehicle:
    2008 Prius
    SKS is really nice, but with the ubiquity of BLE on just about all smart phones, it would awesome to ditch the keyfob and replace it with my phone.

    Does anyone have access to detailed information on how the keyfob works at the RF and or schematic / BOM level? To the best of my knowledge there are 2 systems. A far field 400ish MHz system for normal lock / unlock door activity, and a near field 125 KHz system for proximity detection and operation with the key in your pocket. Are there any reverse engineered schematics? BOM? Are the ICs available from distributors like Digikey?

    Any info would be awesome. Thanks!
     
    #1 dluks, Sep 2, 2014
    Last edited: Sep 2, 2014
  2. wa-chiss

    wa-chiss Member

    Joined:
    Aug 28, 2014
    124
    36
    0
    Location:
    Brownwood, Texas
    Vehicle:
    2005 Prius
    Model:
    N/A
    I suppose if you figured out just the type of codes required (number of digits, numbers and/or letters), the exact frequencies, and have an app on your phone to generate the same signal types, then I would assume the vehicle wouldn't know the difference between the actual smart key and your phone. You'd have to figure out the exact codes from the key though, as you cant plug your phone into the slot to program it as a new key in the immobilizer ecu. I've never heard of this, but you have my curiosity.
     
    #2 wa-chiss, Sep 3, 2014
  3. dluks

    dluks Junior Member

    Joined:
    Oct 28, 2008
    5
    0
    0
    Vehicle:
    2008 Prius
    @wa-chiss,
    This would be a device that sat in the car to bridge the keyfob and phone/BLE worlds. Phones have native support for generating events when a BLE "beacon" proximity changes. That event would trigger the phone to ask the bridge to open the door.

    If I were willing to hack apart my spare remote, it would be really easy to implement a proof of concept. I'm a bit more interested in how the keyfob works so that I can have more control. Having a schematic and BOM would get me most of the way there.
     
    #3 dluks, Sep 3, 2014
  4. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    107,747
    48,962
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    no, never been done, and probably can't be.
     
    #4 bisco, Sep 3, 2014
(You must log in or sign up to post here.)