Encrypted algorithm question

temtronic · Posted: Fri Jul 11, 2025 6:12 pm

so.. you're saying the raw datastream from the RF section output is not encoded.
That means it'll be dead simple to decode !

bulut_01 · Joined: 24 Feb 2024 Posts: 261

There is no real-time changing key. If the raw data changes, the RF output data changes. If the raw data is constant, the RF output data is constant. I published the Excel on the top page. What do you think about encryption?

temtronic · Posted: Sat Jul 12, 2025 4:48 am

Well there has to be some sort of 'rolling' key process going on otherwise, every 'stop' keypress would result in the same 64 bits of data. You've posted 20+ 'STOP' data and they're all different.

bulut_01 · Joined: 24 Feb 2024 Posts: 261

temtronic · Posted: Sat Jul 12, 2025 6:34 am

1) it reminds me that 'rolling key' encryptions are a real pain ! They were specifically designed to be VERY DIFFICULT to 'hack'.

2) it might be, but no way to tell, unless you acquire 65,000 same key pressed data, then look for the 'start over point'

3) yes, as we've stated before you don't KNOW the encryption algorithm AND you don't KNOW the key.

Just because a PIC was used for the remote, there's no reason that KEELOQ was used. Think of it this was. Guys buy cars....they rip out the OEM radio, put in some aftermarket unit.....

Is it possible to 'reverse engineer' the remote to get the encryption. Yes.

bulut_01 · Joined: 24 Feb 2024 Posts: 261

temtronic · Posted: Sat Jul 12, 2025 7:21 am

1st step, press same key 65,000+ times and record the data streams.

2nd step, cut code to look for 2 identical data streams.

I'd program a PIC to 'press a key', once every 1 second, capture the data,add CRLF, then send to a PC . Have the PC run a terminal program to capture and save the data. Then cut a program to search the data file for 2 identical 'data stream'. To mimick the 'keypress', you could use a relay across the pushbutton contacts. To search for two identical data, you load 1st entry as the 'sample', then go through the remaining 65,000(end of file) to see if they are the same. If not, load #2 as the 'sample', then test from #3 to end of file. NO ? then load #3, test #4 to end of file.

If it really has a 'rolling key', it will 'repeat' BUT first you need to acquire all the data !

bulut_01 · Joined: 24 Feb 2024 Posts: 261

temtronic · Posted: Sat Jul 12, 2025 9:40 am

well one problem. in that spreadsheet the 'output data' you say is 64 bits actually has 16 hex characters for most of the 'key presses', so that'd be 256 bits of data......
another problem is the 'data' isn't always 16 characters......even for the same 'keypress'.

bulut_01 · Joined: 24 Feb 2024 Posts: 261

temtronic · Posted: Sat Jul 12, 2025 12:45 pm

1st you've got to get 'good' data ! I assume EVERY transmission is the same number of characters. For sure EVERY time you press '3', you NEED to get the SAME number of characters !!!
Until that happens you cannot decode/decrypt/ make sense of the data .

bulut_01 · Joined: 24 Feb 2024 Posts: 261

bulut_01 · Joined: 24 Feb 2024 Posts: 261

I share raw data with the logic analyzer and Manchester decodes
Excel bottom 3 data remote control identification data

I added an Excel file download link.

https://dosya.co/x3uc7u9jveoa/data_2.xlsx.html

temtronic · Posted: Sat Jul 12, 2025 3:52 pm

1st, link comes in as 'malware'.......
2nd, grabbed the screenshot and zoomed it up

3rd, don't know why the pink background is there

looks like totally random bytes, no 'pattern' so can't 'decode'....

bulut_01 · Joined: 24 Feb 2024 Posts: 261