It is not always the desire to protect the car by everyone available means from possible encroachment by someone else's hands goes unpunished. An immobilizer is very good, especially if a standard version is used, proven by time and experience. Attempts to install additional system Alarms with remote control of the motor encounter the problem of unlocking the control board. It's worse if your car keys are lost. In these cases, you have to resort to an immobilizer bypass. But this must be done in such a way as not to devalue the existing protection.

There are few options for how to disable the immobilizer; some of them can be done with your own hands if you have a little skill in working with electronics:

• disable protection using modification program code;
• make a simple homemade crawler based on a spare key, which will be hidden in the depths of the torpedo and will be able to fool the standard immobilizer for a long time and reliably;
• use an expensive, truly effective, keyless immobilizer bypass manufactured by a well-known brand.

Important! The first option is really of interest if your car has a VATS system, which is focused on certain parameters of the calibrated resistance of the resistor inside the key. In other cases, for a system with passwords on a chip, experiments can lead to irreversible losses.

It’s worse if for a self-made lineman you use the entire spare ignition key or remove the chip from it. If you are a supporter of severe simplicity, order an additional copy of the factory key before installing the immobilizer bypasser on your car yourself. But such a pleasure is not cheap, the price of its production can reach 10 thousand rubles, and not every key can be duplicated. Sometimes the duplicate remains useless.

Among the numerous offers on the market, car enthusiasts are often encouraged to use specialized additional modules- linemen called upon to solve the problem automatic shutdown standard immobilizer. Most manufacturers are well aware of the problems that arise when installing car alarm models with built-in modules remote control and starting the engine.

Immobilizer bypassers based on a built-in transponder

Often, when installing an alarm on a car, technicians independently determine which module to bypass the standard immobilizer is preferable. For the most common inexpensive models Asian cars are most often offered by lineman immobilizer Starline bp 02, or immobilizer bypass module Starline bp 03 for RFID systems. Both crawlers are identical in circuit implementation. In practice, this is an antenna extension that allows you to reach the weakly magnetic transponder housing, or the key itself, using a small ring antenna placed on the installation site of the immobilizer coil. A simple trick allows you to hide the body of the immobilizer bypass in a treasured place and hope that the attacker will not find it, although the latter probably knows ten times more about immobilizers and bypasses than the driver. If necessary, he will find it with his eyes closed.

All inexpensive designs of crawlers based on a spare key with a transcoder are arranged in a similar way. The differences between the Sherkhan immobilizer bypass and the previously mentioned Starline bp 03 immobilizer bypass are only in the organization of turning the system on and off. The latter uses a wire with a negative pole for control. The red wire of the circuit is connected to +12 V, when a negative voltage is applied to the black wire, the control wire copies the password value from the transponder chip. Simplicity ensures reliability, but can give an attacker the opportunity to follow a wire chain from the alarm unit to the crawler and bypass it, like a car alarm. In more expensive crawler models, system control is carried out briefly code signal, which dramatically increases resistance to hacking of the circuit.

For your information! Often, the manufacturer does not advertise changes made to the system for security reasons. In this case, information about the keys, and there are always no more than two of them, is entered into the memory of the ECU and a couple of free memory cells, which only the company knows about. By using one of the standard keys to build a crawler, you may find yourself in a situation where a duplicate key will not be perceived by the control board or ECU.

They took an even more serious approach to the problem of stopping attempts to install crawlers and emulators at Bayerische MotorenWerke. IN latest versions The ECU and other control units store information about numbers and addresses electronic devices cars. If swindlers try to replace an ECU or any other unit, the system will recognize the fraud and block control of the car.

Keyless Bypass Module

Extremely negative factor in the construction of the previous crawler scheme is the use and placement in the car interior, even in a closed box, of a key with an encrypted secret password. This dramatically reduces the resistance to hacking of the engine start control system. Truly complete immobilizer emulators are keyless immobilizer bypassers, such as Starline f1 or Fortin.

These are truly challenging digital devices, designed to work primarily with a controller that receives control commands in a special format (exchange protocol) directly from the immobilizer. New option The lineman is called upon to connect to the line between the immobilizer and the controller’s control device and replace the first’s commands with his own messages.

To do this, the immobilizer crawler is connected twice, the first time to collect information circulating between the controller and the transponder. Then it is removed and, based on the collected information, specially programmed using standard key ignition with transponder. After which the lineman returns to the place and successfully exchanges information with both the immobilizer and the controller.

This is roughly how the Starline f1 keyless immobilizer bypass works. A fundamentally new solution provides a very high percentage of operational reliability of the new bypass module for the standard Starline immobilizer.

But the undisputed leader in the lineman market position is Fortin, Canada. The linemen of this company work on all car models. For example, standard model Fortin OVERRIDE-ALL consists of several options for a keyless crawler in one circuit and can be installed on more than a thousand (1000) different car models.

Immobilizer bypassers built on the VATS system

For the most part, a similar immobilizer system is equipped American cars. Unlike magnetic and electromagnetic contactless systems RFID, these keys are made on the principle of direct connection to the immobilizer terminals of an individual calibrated resistance sealed in the key design. To make an immobilizer bypasser without using a key, it is enough to assemble the circuit shown in the figure and measure the resistance of the built-in resistor as accurately as possible.

IN various models In cars, the wires that read the VATS control board are located under the steering column, usually painted in contrasting colors, emphasizing that they belong to the same circuit. Two wires white, or one purple and white, the other black, or orange and black.

To measure, it is necessary to connect an ohmmeter to an open circuit of any wire. With one probe - to the bare end of the wire leading to the lock, we connect the second probe to the unbroken wire, and measure the resistance value with maximum accuracy, with hundredths. Before measuring, you must turn on the ignition switch.

To build an ignition key emulator you need variable resistor select the exact value and connect it to the circuit through a relay, as shown in the diagram.

We connect the contact of the broken wire to which the ohmmeter was connected to the contact on the relay (NC). We send the second part from the wire break to the common connection. We connect the selected resistance with the NR and the uncut wire. We supply +12 V to the relay coil, and send the second contact to the negative control contact of the alarm.

In the video you can see what the immobilizer crawler looks like and how to install it:

It has long become the norm that prevents the engine from starting by turning the ignition lock cylinder. However, this automatically made auto-start impossible: without “seeing” the ignition key in the lock, the injection ECU will not allow the engine to start. Therefore, it is necessary to use immobilizer bypassers - devices that imitate a key or chip card.

The site employs an auto electrician-diagnostician, a certified StarLine specialist. If you have questions about car alarms, ask them at the end of the article in the comments or on Vkontakte.

How does the immobilizer bypass work?

Key bypassman of the standard immobilizer

The most common principle of reading keys in modern immobilizers is simple: a chip is installed in the key, which is an RFID tag with a unique code written on it. Contactless intercom keys, metro cards, and much more work the same way. A coil antenna is installed around the ignition switch, which picks up the signal from the tag when the ignition is turned on.

The simplest immobilizer bypass is, in fact, two antennas of a similar type, open through a relay. One antenna is wound around the standard one, the chip removed from the key or the key itself is inserted inside the second. Since the circuit is open, the immobilizer does not see the chip in the crawler. Only at the moment when the alarm closes the crawler relay, the request pulse from the standard antenna is transmitted to the crawler antenna, reaches the chip, and the chip transmits a response signal.

This method cannot be called perfect for the following reasons:

1. One of the standard keys stops working, and you won’t be able to start the car with it. If several people use one machine, this is inconvenient. I'll have to order additional key: either from the officials (a new one, with a unique code that will have to be entered into the immobilizer memory), or from the “craftsmen” to clone the original one. In addition, insurers do not like this method; by installing an alarm system with auto start, the CASCO price will increase if the owner does not have two working keys.
2. There may be problems reading the chip. The device of two additional antennas is sensitive to the location of both the chip and the standard transponder relative to the windings. On some vehicles, the standard crawler antenna is not enough to efficient work– you have to wind the antenna yourself.
   If standard keys do not use a passive tag (activated by a signal from the reader), but an active one (with its own power source), then there are even more inconveniences and disadvantages. You have to use a crawler like Pandora DI-03 and regularly (although not so often) change the battery in it.

Keyless crawlers

Operating principle of a keyless crawler

The solution to the problem was systems keyless bypass. In order for the standard immobilizer to give the command to allow start, it only needs to receive a certain signal from its antenna. To do this, it is not at all necessary to have a chip next to the antenna - if you connect to it a device capable of generating the desired signal, then recognition will be successful, and all keys will remain operational.

Keyless immobilizer bypasser Fortin EVO-KEY

Perhaps the most famous keyless immobilizer bypass module works on this principle - the Canadian Fortin F1 and its newer models up to Fortin Evo-All. During installation, it is connected to the alarm system and wires through which the immobilizer unit communicates with the reader. Then the training procedure is performed: first, the crawler unit, “listening” to the signal from the antenna, remembers the code of the chip located in the ignition key, and then imitates it.

Moreover, such modules work successfully not only on the simplest immobilizers with a constant code, but also on systems with a dynamically changing code - the main thing is that the manufacturer provides support for a specific car model. Using a laptop with software provided by the developer, you can decrypt the encryption key, after which the keyless bypass block will be able to imitate dynamic code just like a standard immobilizer chip would do.

StarLine engineers primarily had a hand in the popularity of Fortin modules in Russia. These units were not only sold complete with a number of alarms, but also software adjusted to market needs. Therefore, Fortin modules (relabeled as StarLine F1) also work with cars premium brands, and with the popular budget cars in our country from Kia/Hyundai, GM, Renault and so on.

Fortin modules are initially designed with maximum versatility. But their competitors from iDataLink preferred to take the path of creating more specialized models: for example, the START-BM1 module is intended exclusively for BMW/Mini, START-BZ1 - for Mercedes-Benz, START-VW2 - for cars VAG concern and so on. Similar systems more convenient to install. Their wiring harness is connected to standard plug-in wiring (Fortin also offers something similar, but a “highly specialized” harness will most likely have to be purchased on ebay); the algorithms themselves are better “tailored” for specific applications. In addition, there is no connection to a specific brand of alarms. The same StarLine F1 with alarms from other manufacturers is far from guaranteed to work, as indicated in the passport. Systems from iDataLink are complete autostart devices - the engine can be started using the car's standard radio key.

There are also other specialized keyless crawlers on sale. For example, the BPImmo TL-1 module has become popular due to the prevalence of right-hand drive Toyotas. This is the only keyless crawler that officially supports domestic Japanese Corolla Fielder, Mark X and so on.

Interestingly, the t developers also did not “reinvent the wheel”, like their St. Petersburg colleagues. The proposed Pandora RMD-7 autostart module itself does not have a keyless bypass function, but is integrated with a universal bypass driver from iDataLink operating via a CAN bus, implementing the so-called “smart” bypass.

"Smart" immobilizer bypass

Integration of on-board electronic units into a common network on a digital bus gives the broadest opportunities, including “smart” immobilizer bypass. This does not require additional connections– it is enough to connect the crawler or alarm system with “smart” bypass to the bus and carry out training if the instructions require it.

Video: Review of Starline immobilizer bypassers

The immobilizer is a standard means of the car security system or part of an installed alternative anti-theft complex. Despite his positive traits Often there is a need to bypass this security block. This can be done by installing a factory model, or you can make an immobilizer bypasser with your own hands.

Description of RFID and VATS systems

Principle of operation anti-theft system consists of blocking the ability to start the engine if certain conditions are not met. This may be necessary in case of loss of the key, incompatibility between the operation of the standard alarm and an additionally installed one, for remote or automatic start engine. Factory immobilizer bypass devices not only perform direct assignment, but also have a CAN bus to increase functionality.

But is it possible and how to deceive the immobilizer without buying a factory lineman? This problem can be solved in several ways. The main condition is to preserve the original functions car alarms. Installing additional components or upgrading the system should not affect its functionality and reliability.

To choose the optimal scheme for a homemade lineman, you need to know the types of immobilizers. They differ in their operating principle, on the basis of which methods of temporary or permanent shutdown are developed:

• RFID Most often they are installed on cars made in Europe and Asia. Inside the ignition key there is a transponder (transmitter), which, when activated, sends a signal to the system and activates it. The receiving part is located in the ignition switch design;
• VAT. Typical for American-made models. Inside the ignition key there is a resistor that has a certain resistance value. To turn on the engine, you must insert the key into the lock. If the resistance value differs from the normalized value, the engine will not start.

For each of the systems, it is necessary to develop a universal model of an immobilizer crawler, which is not difficult to make with your own hands. It is important to know the principles of design and selection of components.

Methods for bypassing RFID system immobilizers

The presence of a standard immobilizer is the main reason for using additional funds to bypass it. It cannot be removed and therefore it is necessary to properly think through the scheme of the future crawler.

When drawing up a diagram, the following conditions must be met:

• Versatility of connection and lack of negative influence to work car alarms;
• Adaptation for a specific immobilizer model. Be sure to first study its structure;
• Retaining the functionality of standard keys to start the ignition.

Standard immobilizer models can be installed in the ignition switch or on the engine start keys. This is where the system is being upgraded.

Manufacturing an RFID immobilizer crawler

The most common way to bypass the immobilizer using a DIY device is to install an additional circuit on the ignition switch. Wherein remote functions immobilizer will remain. Its operation will be disabled when the key is installed in the ignition.

To make a loop for a reel, you need to prepare a thin case, which will subsequently be mounted on a lock. Most often it is made from cardboard. Then you should follow these steps.

1. Check the inner diameter of the lineman. He must be a little larger size the core of the castle.
2. Scotch tape or electrical tape is installed on the outer part of the mandrel. Its adhesive part is on the outside.
3. Then you should disassemble one coil automotive relay. The wire from there is wound onto the winding. The number of turns is usually 20-30 pcs.
4. The resulting structure is installed on top of the ignition switch.

A similar design must be made for the spare key. He subsequently hides in the car. The components in the system are connected according to the following diagram:

In some cases, this method is not applicable due to the small space for installing the immobilizer crawler. Then it is necessary to use alternative methods.

Upgrading the RFID immobilizer bypass circuit

To begin with, a relay is made, consisting of five contacts. It is necessary for proper operation designs.

In the shown state, contact “30” is closed with “87A”. When 12 V is applied to the relay (contacts “86” and “85”), “30” will switch from “87A” to “87”. In this way, the crawler will work using the technology described above.

But if it is impossible to install a loop on the ignition switch, the circuit should be modernized.

In this case, there is no need to install a hinge on the lock body. The connection is made to installed immobilizer. The assembly of such a structure is carried out according to the following scheme.

1. We cut one of the contacts of the standard antenna.
2. The voltage is supplied from the ignition switch “+”, connected to contact “86”. The “-” connection is made from car alarms to pin “85”.
3. We install a diode between the resulting connections: the anode at “86” and the cathode at “85” contacts. This minimizes the likelihood of failure of the transistor in the alarm system due to reverse voltage.
4. The wire from the antenna is soldered to contact “87A”. One of the ends of the lineman with a key is connected to the same place.
5. At “87” the second end of the lineman’s antenna is soldered.
6. A wire from the standard antenna is attached to “30”.

Thus, the feed “-” to car alarms Happens only during autostart.

When starting with the key, the power is on homemade relay not served. Hence - The operation of the standard immobilizer is not affected.

In addition to the above-described principle of constructing a crawler, more complex ones can be applied.

They almost completely eliminate the possibility spontaneous shutdown engine when switching from autostart of the car to the ignition key.

Ways to bypass the VAT immobilizer

Making an immobilizer bypass with your own hands for VAT type models is somewhat easier. To do this, you will need to accurately measure the resistance value of the resistor built into the key. If the key is lost for some reason, it is imperative to restore it.

On average, the resistor value can range from 400 to 11800 Ohms. After determining the exact result, you should select a similar component with the same parameter.

The essence of the system modernization is that the key resistance function will be built into the immobilizer. Before installation, the diagram of the standard car alarm system is studied. To determine the exact location of installation of the resistance, you can use general scheme connections.

After simple manipulations When the car starts automatically or is turned on using the key, the immobilizer functions will not be used. However, it is worth remembering that this technique can negatively affect the operation of the security alarm.

As alternative option specialists offer installation additional immobilizer, which will make it possible to carry out remote start. At the same time, the device will block this function while the car is moving.

The main requirement for the crawler design is to preserve security functions alarms. Therefore, the duplicate ignition key required to implement the RFID scheme should be carefully hidden in the vehicle interior. Increasing ease of use cannot have a negative impact on safety.

Today, almost all foreign cars sold in Russia are equipped with a system - standard immobilizer. The essence of this system is that the car can only be started with the “original” key, which is registered in the “brains” of the car. This is a kind of “friend or foe” identification system. And this is done in order to prevent the car engine from starting with a simple blank or directly - by shorting the wires.

How it works?

All keys, regardless of whether they have lock control buttons, contain a small chip called a transponder. It constantly emits a low power RF signal. The immobilizer antenna is located on the ignition switch, which reads this signal and if “its” chip is recognized, the car starts. In cars with keyless entry and the start/stop button, the principle of operation is exactly the same, only in the key, in addition to the chip, there is a special transmitter that increases the reading range of the key.

Installation of remote start.

Currently, they are becoming increasingly popular among car enthusiasts. What to do if you want to install an alarm system with auto start, but the car is equipped with an immobilizer? After all, you can’t leave the key in the ignition! There is an exit!

Standard crawler for standard immobilizer.

To implement the function of automatic or remote engine starting, use special device, called . IN this device the chip removed from the spare key or the entire key is placed. You can also make a key (approximately 3,000 rubles) or order an additional key from an authorized dealer.
The immobilizer bypass is hidden deep in the bowels of the car and is connected in a certain way to the car alarm and to the car's immobilizer system. The chip is read only at the time of auto start, with the permission of the car alarm. During normal operation It is impossible to start a car with a blank, because The functions of the standard immobilizer are not affected.

Keyless immobilizer bypass.

This type of device appeared relatively recently, in 2012 - 2013. The essence of their work is that in order to bypass the standard immobilizer and successfully start the engine, the physical presence of a key or no chip required inside the car. works with car electronics program level. Coordination with modern alarm systems occurs over a secure, encrypted interface, which makes the implementation of autorun completely safe.

In addition to its main purpose, with the help of these devices, on some cars, it is possible to implement a “standard” remote start, or as they also say - "autostart from standard key". The list of supported cars is constantly expanding.

Making an immobilizer crawler with your own hands

Having connected the alarm according to the diagram proposed by the equipment manufacturer, owners often encounter a problem - all functions work except autostart. Voltage appears at the starter, the motor shaft begins to rotate, but after a certain time it stops. In fact, this is how a standard immobilizer works, protecting the car from theft. Therefore, it is necessary to connect not only the ignition wires to the main alarm unit, but also the immobilizer bypass module. Then autostart can be carried out in the established mode, without fear of stopping the starter. Next we look at how to make an immobilizer bypass yourself. Happy reading.

What exactly will be implemented

Any workman for a standard immobilizer, both purchased and homemade, is designed simply:

1. A coil consisting of 50-100 turns is wound around the electronic key chip.
2. Another inductor, also containing 50-100 turns, is located near the ignition switch.
3. At the time of autostart, the coils are combined into a closed circuit. Due to this, the immobilizer behaves in the same way as if there is a key near the standard lock.

All crawlers, except Fortin, do not work without the key module placed in the car at all times. This is why insurers increase the cost of CASCO insurance. Typical scheme lineman is given below.

Schematic diagram of a homemade lineman

Factory-made devices repeat in their circuit what is shown in the first figure.

Factory manufactured device

For all those who have doubts, here is a view of the board from below.

Factory device circuit board

Installing and connecting a crawler, regardless of its model, always looks the same.

Starline signaling connection diagram

The block, painted gray, in its design contains a relay, as well as a coil wound around a key, which is also located inside the module.

When installing a lineman, the most difficult thing will be to choose the design of the coil wound around the lock. However, a simplified version is often used, adding elements to the gap of the “standard” wires. This option is illustrated in the drawing, but it is not recommended to be repeated.

Connecting a lineman to the gap of a standard coil

Features of the practical implementation of the scheme

Let's say you plan to make an immobilizer bypass. Then, without the standard key registered in the control unit, nothing will work. Take the disassembled key chip and remove the battery.

Printed circuit board of the standard key fob

The design shown can be placed inside a heat shrink tube. And you need to wind a wire on top (exactly 50 turns).

The wire is wound around the chip

Let's look at how to make an immobilizer bypass module from easily purchased parts: 4-pin relay, 1N4001 diode, winding wire (d=0.35-0.5 mm).

When installing the module in a car, take care of the following: the module itself must be placed discreetly, and the power cord (1-2 A) must reach it. The lineman is assembled and installed according to two diagrams shown at the beginning of “Chapter 1”.

Making a crawler module

The standard immobilizer bypass module, if it is factory-made, may even contain active elements (transistors, etc.). However, the body of such modules is always made of plastic. This is no coincidence. If the body is made of metal, you will get the equivalent of a shorted turn in the main coil - the one wound around the key.

Plastic box and relay

When installing the module, this circumstance must also be taken into account. Do not place the case near metal surfaces (this is advisable).

Let's say you managed to make a box. Now take a 4-pin relay, rated for 12-14 Volts, and secure it inside the housing. By bypassing the immobilizer, you are switching less than an ampere of current. Therefore, the relay can be anything as long as it can withstand a significant number of operations.

Lineman switching element

It is better to solder the “1N4001” diode to the relay taps. At the same time, remember that the diode is turned on in reverse polarity (“arrow” is directed “from minus”).

There will be 4 wires coming out of the housing:

• Two-wire cable for connecting an external coil. Its installation is usually carried out “on site” by removing the casing from the lock.
• The power wire is of negative polarity (will go to the alarm).
• “+12 Volt” cord (power will be supplied to it constantly).

Once again check the diagram shown at the beginning. The immobilizer bypass itself does not contain only a “round” coil. It turns out that four cords come out of the module. They are listed in the list.

Subtleties of making a “cheating coil”

The inductor placed next to the lock should contain 50 turns of winding wire. It can be any brand, but the thin winding cable will constantly break. There are two options:

• A part called “coil” is made separately and secured to the lock casing when the system is being installed;
• The lock casing itself is dismantled, having first disconnected the electrical connector, and the cord is wound directly onto the casing.

In the first case, you can use a glass cup covered with insulating tape. Winding on last stage They are held together using epoxy resin.

The coil is separate from the lock

The result of all efforts will look as shown in the photo.

If we talk about “case 2”, the result may look even better.

Two coils - “ours” and “standard”

Having screwed the heated screws into black plastic, their caps are then used as terminals. A thin wire is soldered to the surface of the terminals, having previously stripped it. We wish you success.

Homemade lineman - questions and answers

A common question is: if you installed homemade lineman immobilizer, can it be replaced with a factory one over time? Roughly speaking, they ask whether it is permissible to connect a homemade antenna to serial equipment.

Let's say that in the serial walker circuit, the antenna circuit contains only a relay. Then the answer will be yes. In other cases, you need to look at the diagram. And if you have even the slightest doubt, don’t connect.

The standard immobilizer bypass module may contain a large set of elements, but they often relate not to the antenna circuit, but to the power circuit. For example, this is done in BP-05 devices (Starline):

One of the connection diagrams

The key electronics may not work if disconnected from the power supply. It is for such key fobs that the presence of a stabilizer is provided, which is turned on at the moment the lineman is triggered.

The question remains whether it is possible to use the key in the absence of a battery at all. It will be easy to find the answer: try starting the engine by removing the battery from the key fob.

The review would be incomplete if the following were not mentioned here. Bypassing the standard immobilizer can be done simply by sending codes via the CAN bus. These codes allow you to deactivate protection temporarily. Installing crawlers that use this principle, implies connection to two wires - CAN bus conductors.

Having a key, as you understand, is not required in such cases. But they do not recommend installing “keyless” crawlers according to next reason: The device may produce error codes that are written to the engine ECU, and then they have to be deleted.