Programming of Remotes and Anti Code Grab

Does anyone know where the new code is stored, when we program a remote? Is it stored in a chip in the remote or in a chip in the alarm?

That raises another set of questions. Most remotes have anti code-grabbing technology inbuilt. Does that mean a new code is generated each time we press the lock or unlock? If yes, how does this new code get stored in the second (and third if we have a third) remote? (Assuming the code is stored in the remote).

If the new code is stored in the alarm, how does the new code get copied back from my other remote(s)?   OR does the new code get stored in both the remote and alarm? This really makes most sense for most security. Anyone knows what really happens?

Why I asked about 3 remotes? Because I have three remotes (Omegas' 2 and Echo's 1)

Code hopping is usually done algorithmically. So when you press the button the remote and the alarm go to the next code. Since they use the same algorithm to choose it, they will have the same one. They don't copy codes back and forth.

Most manuals for alarms with code hopping say something like, "if you press the buttons on the remote too many times while out of range of the car you will have to resync the remote." and then they give instructions for doing this.

As for how they can handle multiple remotes, well that is a good question. You would think that if you used one remote for a long time, it and the alarm brain would have moved on and then if you pull out a spare remote, it would be far out of sync. Perhaps they use a two-part code, a fixed portion that is learned by the brain (to identify valid remotes) and then a rolling portion that changes each time?

In short, I don't know. You should ask the manufacturer of your alarm. I would not bother to ask them how it works (and maybe they don't want to tell you ), just ask them if the spare remotes will get out of sync if they are not used for a while.

If the code gets changed in both the remote and alarm brain, how is the remote to "know" that the code has been changed successfully in the brain?

Let's say I pressed the unlock button 5 times before getting within range of the car. The remote has no way to know that the brain hasn't been keeping up to the changes, and therefore will the brain not respond to my legitimate keyless remote?. Doesn't sound like the theory is right. The remotes are 1 way, therefore they have no way to know if the alarm brain has been changing codes along with it. (It could be a possible theory in 2 way remotes)

It looks more like the remote changes codes and the alarm just stores the remote's algorithm so it knows which codes are valid. Now you may say that if a thief has my code (by whatever means such as code grabbing), it will pass through the brain;s algorithm making my alarm brain okay the thief's code, right? The algorighm would also probably incorporate the fact that once a code has been used, not to use it again but to look for the "next" code in the algorighm until the billion or trillion of codes have been "recycled". I don't know for sure but would like to know just how the safety is being carried out so that I feel more safe with my remote.    

Needless to say, I also use a shield and club since you never know when the thieves will come up with something new.

HowStuffWorks.com - Remote Entry

Includes a description of how code hopping works and how the sync issue is handled.

It doesn't mention the multiple remote issue. My guess is that since the brains have limits on how many remotes they can learn, the probably maintain a separate rolling code for each learned remote. This would mean the remotes themselves may have "fixed" id codes from the factory (but really, even with as little as 40 bits, that's 1 billion different remotes - plenty for a given model line.)

LOL!

You are beyond the realm of basic alarm knowledge now and crossing into the realm of automotive electronics, which is my honest career so I might be able to help.

Code hopping really isn't that complex. Lemme see if I can simplify it a little. First, your fob (remote) contains circuitry to GENERATE, STORE and TRANSMIT code. The alarm brain contains circuitry to GENERATE, RECEIVE, STORE, and VALIDATE this code. Now what makes code hopping possible between the brain and fobs is pseudo-random number generation, which is how a computer "picks" a random number. Both the brain and fob have pseudo-random number generators on-board. Each time the fob sends a command, the next pseudo-random number is generated and stored for the next transmission. Each time the brain receives a command, the next pseudo-random number is generated and stored for the next validation. The key to their operation is that each generator starts with the same base code, or "seed" and mathematically generates off that seed for subsequent coding. FYI - each time you learn a fob, you essentially learn the seed to the brain, and each brain can learn multiple seeds - the number of seeds it can learn is the number of fobs that can be used on the system (usually 4 in most modern alarms)

Now when the brain and fob receive and send the same number of times respectively, this results in synchronization or both having the same exact code. Now what you have been questioning is when the brain and fobs are no longer synchronized - i.e., have that same exact code. This is not a problem until you exceed 256 non-synchronized commands - e.g., 256 fob presses to a brain that's out of range. Here's where I'll probably loose you. When the brain receives a pseudo-random code that does not match the one it has stored, it will keep generating codes off the seed to compare the code it received to.

The number of codes calculated for comparison is bounded by the maximum of 1 data byte in transmitters of this class. Since there are 8 bits in a byte, you have 256 binary combinations (binary is a base-2 system so 2^8=256). So, the brain will generate up to next 256 pseudo-random codes to compare the code it received to. If it finds a match it will perform the command. If not, it will not respond and you will need to resynchronize the fob to the brain. So, unless you have a nervous twitch that keeps you pressing the fob buttons out of range, or you have a spare remote that never leaves that safe spot, you won't have a problem.

Now to answer your question about grabbing that code - it's a slim chance! Here's the math for DEI's 2^66 rolling codes for one of their brains that accepts 4 fobs:

(((2^8)*4))/(2^66)) = 1/(2^56) = 1/72,057,594,037,927,936

or in terms of probability, a one in 72 quadrillion chance that your code can be generated! That would take some time to roll through those possibilities! A grabber is useless because it will grab the present code, but that code immediately changes next command because of the math off the seed. A grabber cannot determine the seed.

Sorry if I totally lost you or baked a few brain cells...

Your description is pretty much the same as the HowStuffWorks article I provided a link to, with a bit more math thrown in and a confirmation of the rolling-code-per-remote theory.

Thanks for the details.

Thanks a lot to both of you! I feel a lot safer with my remotes and my alarms. Thumbs up to whoever invented anti-code grabbing technology.