Practical application of KeeLoq breaking: a low-cost approach
Abstract
This work presents a low-cost attack against the HCS201 integrated circuit, widely used in access control systems based on KeeLoq. Through differential power analysis, it was possible to extract the cryptographic key stored in the device, demonstrating the feasibility of the attack without the need for highcost measurement equipment. The experiments showed that the manufacturers analyzed use the same cryptographic key across all their devices, making them highly vulnerable to large-scale cloning and piracy attacks. As a possible mitigation strategy, the adoption of key derivation mechanisms, such as HKDF, is proposed to generate unique keys for each transmitter, preventing the extraction of a single key from compromising the entire system.References
Bogdanov, A. (2007). Attacks on the keeloq block cipher and authentication systems. In 3rd Conference on RFID Security, volume 2007.
Courtois, N. T., Bard, G. V., and Wagner, D. (2008). Algebraic and slide attacks on keeloq. In Fast Software Encryption: 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers 15, pages 97–115. Springer.
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., and Shalmani, M. T. M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In Advances in Cryptology–CRYPTO 2008: 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008. Proceedings 28, pages 203–220. Springer.
Indesteege, S., Keller, N., Dunkelman, O., Biham, E., and Preneel, B. (2008). A practical attack on keeloq. In Advances in Cryptology–EUROCRYPT 2008: 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings 27, pages 1–18. Springer.
Ji, Y., Wang, R., Ngo, K., Dubrova, E., and Backlund, L. (2023). A side-channel attack on a hardware implementation of crystals-kyber. In 2023 IEEE European Test Symposium (ETS), pages 1–5. IEEE.
Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In Advances in Cryptology—CRYPTO’99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15–19, 1999 Proceedings 19, pages 388–397. Springer.
Kocher, P. C. (1996). Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Advances in Cryptology—CRYPTO’96: 16th Annual International Cryptology Conference Santa Barbara, California, USA August 18–22, 1996 Proceedings 16, pages 104–113. Springer.
Marneweck, K. (1996). An introduction to keeloq code hopping. Microchip Technology Inc. Rev. 1.0.
Microchip, T. I. (2001). HCS201 - KEELOQ® Code Hopping Encoder. Microchip Technology Inc. Rev. 1.0.
Paar, C., Eisenbarth, T., Kasper, M., Kasper, T., and Moradi, A. (2009). Keeloq and side-channel analysis-evolution of an attack. In 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pages 65–69. IEEE.
Soto-Cruz, J., Ruiz-Ibarra, E., Vázquez-Castillo, J., Espinoza-Ruiz, A., Castillo-Atoche, A., and Mass-Sanchez, J. (2024). A survey of efficient lightweight cryptography for power-constrained microcontrollers. Technologies, 13(1):3.
Sun, P., Wan, Y., Wu, Z., Fang, Z., and Li, Q. (2025). A survey on privacy and security issues in iot-based environments: Technologies, protection measures and future directions. Computers & Security, 148:104097.
Thabit, F., Can, O., Aljahdali, A. O., Al-Gaphari, G. H., and Alkhzaimi, H. A. (2023). Cryptography algorithms for enhancing iot security. Internet of Things, 22:100759.
Courtois, N. T., Bard, G. V., and Wagner, D. (2008). Algebraic and slide attacks on keeloq. In Fast Software Encryption: 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers 15, pages 97–115. Springer.
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., and Shalmani, M. T. M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In Advances in Cryptology–CRYPTO 2008: 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008. Proceedings 28, pages 203–220. Springer.
Indesteege, S., Keller, N., Dunkelman, O., Biham, E., and Preneel, B. (2008). A practical attack on keeloq. In Advances in Cryptology–EUROCRYPT 2008: 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings 27, pages 1–18. Springer.
Ji, Y., Wang, R., Ngo, K., Dubrova, E., and Backlund, L. (2023). A side-channel attack on a hardware implementation of crystals-kyber. In 2023 IEEE European Test Symposium (ETS), pages 1–5. IEEE.
Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In Advances in Cryptology—CRYPTO’99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15–19, 1999 Proceedings 19, pages 388–397. Springer.
Kocher, P. C. (1996). Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Advances in Cryptology—CRYPTO’96: 16th Annual International Cryptology Conference Santa Barbara, California, USA August 18–22, 1996 Proceedings 16, pages 104–113. Springer.
Marneweck, K. (1996). An introduction to keeloq code hopping. Microchip Technology Inc. Rev. 1.0.
Microchip, T. I. (2001). HCS201 - KEELOQ® Code Hopping Encoder. Microchip Technology Inc. Rev. 1.0.
Paar, C., Eisenbarth, T., Kasper, M., Kasper, T., and Moradi, A. (2009). Keeloq and side-channel analysis-evolution of an attack. In 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pages 65–69. IEEE.
Soto-Cruz, J., Ruiz-Ibarra, E., Vázquez-Castillo, J., Espinoza-Ruiz, A., Castillo-Atoche, A., and Mass-Sanchez, J. (2024). A survey of efficient lightweight cryptography for power-constrained microcontrollers. Technologies, 13(1):3.
Sun, P., Wan, Y., Wu, Z., Fang, Z., and Li, Q. (2025). A survey on privacy and security issues in iot-based environments: Technologies, protection measures and future directions. Computers & Security, 148:104097.
Thabit, F., Can, O., Aljahdali, A. O., Al-Gaphari, G. H., and Alkhzaimi, H. A. (2023). Cryptography algorithms for enhancing iot security. Internet of Things, 22:100759.
Published
2025-09-01
How to Cite
M. JUNIOR, Edison; LAGROTA, Vinícius.
Practical application of KeeLoq breaking: a low-cost approach. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 114-130.
DOI: https://doi.org/10.5753/sbseg.2025.8775.
