Car key immobilizer question

Ok, so I’m talking about the passive transponder in a key, not the active transponders that can be “walkie-talkied” here. I believe they are 125khz, not 433khz like in the active transponders.

So we have a 2015 jeep Wrangler, like zero features or security, but one thing we have noticed is our spare key will start the car for about 2 sec, then turn off, the other key starts and runs no problem. So I’m assuming this has to be a key without (or without being programmed) a transponder.

Can these transponders be read by the proxmark? Has anyone cloned one of these? (They clone them at home depot, right? So it can’t be that hard).

The reason I ask, is I was looking at used cars and one is an early 2k Mercedes and someone lost the keys for it. I was wondering if brute forcing the transponder data would be possible, estimated time, etc.

You might be better off asking on the Proxmark forum for this one.

Thanks. I also just found this.

My guess would be the same

Should be

Try an LF Search ( at a guess it is a HiTag, but could equally be something else but that is where I would start )

Was going to, but found an easier option ( Will be below :arrow_heading_down: )

I can’t answer that for you, but when you have the correct key loading tools, it is very simple, so If they have one, then no, its not difficult
You other option would be go to a “Jeep” dealership, they will be able to do it for you, although it will likely cost a bit more but :man_shrugging:

I am not familiar with what Mercedes is using, but if it is HiTag there has been some new work done “recently” with hiTag, and i’m pretty sure there are some specific PM3 sniff commands
??? lf hitag sniff list…or something along those lines

Cars tend to use specific car tags that have shit 40bit challenge response “security” built in… nxp makes some, as do Texas Instruments… but while this is easily cracked, you need a working tag to cap a few transactions to crack it.

The other issue is that the t5577 doesn’t have a way to emulate this behavior either… so cracking can be useful to emulate with active electronics, but I don’t know of any passive transponders that can do this.

You might be better off taking it to a dealer to get a replacement key added to the ECU

1 Like


Or a good automotive locksmith can do it for you.

The equipment to do it isn’t too expensive, but more than an amateur would normally want to spend for a one or two use item.

1 Like