How did a cheap amazon RF key managed to clone master key with rolling codes? [migrated]
I have a garage and I have the master key which is 433MHz and the specifications say it is a rolling code. Here is a table of the specifications:
- Range in open field (m): 100
- Frequency: 433.92 MHz
- Coding type: Rolling code
- Number of buttons (channels): 2 push buttons
- Programming:*Teach transmitter into receiver
I wanted my friend to also use the garage so I bought a simple 433MHz "universal" RC key from Amazon and it managed to clone the key. My friend can use the Amazon key to open the garage door.
I wanted to know more and decided to hook up a RC receiver to an arduino to check the data.
rcSwitch shows random raw data, however the binary shows a 15bit of positives (111111111111111). I'm guessing the random data is because of the rolling code.
I tried to resend some of the signals received from the key with an RC transmitter also hooked to another arduino but the garage door won't open. I'm guessing because of the rolling code.
So how did the amazon "universal" key manage to clone the rolling code algorithm/secret? Has it to do something with the "Programming" specification?
