KAT β€” Keyfob Analysis Toolkit

Terminal-based RF signal analysis for automotive keyfobs

Capture, Decode & Analyze Keyfob Signals

A real-time terminal UI for RF signal analysis with support for HackRF One and RTL-SDR hardware.

Get Started View on GitHub

Key Features

πŸ“‘ Real-Time Capture

Receive and demodulate AM/OOK keyfob signals at configurable frequencies with HackRF or RTL-SDR

πŸ”“ Multi-Protocol Decoding

18 protocol decoders including Kia V0–V6, Ford, Fiat, Mazda, Mitsubishi, Porsche, Subaru, Suzuki, VAG, PSA, and more

πŸ”‘ KeeLoq Keystore

Generic KeeLoq fallback with embedded manufacturer keys for automatic decoding

πŸ“€ Signal Retransmission

Transmit Lock, Unlock, Trunk, and Panic commands from decoded signals (HackRF only)

πŸ’Ύ Multiple Export Formats

.fob (JSON) and .sub (Flipper Zero compatible) formats for signal storage and sharing

πŸ”§ Rich Signal Details

View encoding, RF modulation, encryption, serial, counter, key data, CRC, and raw timing data

Supported Protocols

Kia

  • Kia V0
  • Kia V1
  • Kia V2
  • Kia V3 / V4
  • Kia V5
  • Kia V6

Other Manufacturers

  • Ford V0
  • Fiat V0 / V1
  • Mazda V0
  • Mitsubishi V0
  • Porsche Touareg
  • Subaru
  • Suzuki
  • VAG (VW/Audi/Seat/Skoda)
  • PSA (Peugeot/CitroΓ«n)

Generic

  • Scher-Khan
  • Star Line
  • KeeLoq (Generic)

Requirements

Hardware

  • HackRF One (or compatible) β€” Full receive and transmit capabilities
  • RTL433 / RTL-SDR β€” Receive-only; no transmit supported

Software

  • Rust 1.75+ (for building from source)
  • libhackrf β€” HackRF C library and headers
  • libusb β€” For RTL433/RTL-SDR support

Operating System

macOS, Linux, and other Unix-like systems. Precompiled binaries and installation instructions available on GitHub.

Protocol Documentation

Detailed protocol specifications and decoder documentation:

Kia V0 Kia V1 Kia V2 Kia V3/V4 Kia V5 Kia V6 Ford V0 Fiat V0 Fiat V1 Mazda V0 Mitsubishi V0 Porsche Touareg Subaru Suzuki VAG PSA Scher-Khan Star Line KeeLoq (Generic)

⚠️ Security and Legal Disclaimer

Use KAT only on systems and vehicles you own or have explicit, written permission to test. Capturing, decoding, or transmitting keyfob and vehicle-access signals without authorization may be illegal in your jurisdiction. You are solely responsible for ensuring your use complies with applicable laws. KAT is intended for security research, authorized penetration testing, education, and legitimate testing on your own equipment.