Why is the immobilizer disabled?
The main reasons for turning off the device are:
- Lost key. Since it is impossible to start the car without it, the problem can only be solved by turning it off.
- Failure of the system or its individual parts. If software or hardware failures occur in the device, drivers most often encounter a problem when the immobilizer has blocked the engine from starting.
- The immobilizer does not see the key. In this situation, it will also not be possible to start the car and the immobilizer firmware will be required.
- Desire to start the engine remotely. The autostart function is especially helpful in winter, but it is incompatible with the standard anti-theft system.
A burning light on the panel will indicate a problem with the device.
How does an immobilizer differ from a regular alarm system?
The main difference between an immobilizer and an alarm system is its shorter range of action and a more advanced, one might say, intelligent principle of protection. All this significantly reduces the likelihood of car theft.
For example, in order to intercept a signal coming from the key fob of a conventional security system, an attacker can be located at a considerable distance from the car - several tens of meters.
This will not work with an immobilizer; to intercept the signal you need to be directly next to the car, and this limits the possibilities of car thieves significantly.
Another advantage of the immobilizer is the almost impossibility of copying it, because for this you will need a special master card, which cannot be said about alarm key fobs, which in our time, by knowledgeable people, can simply be duplicated.
Device types
Now there are three main types of immobilizers:
- Protective while moving (engine blocking while moving);
- Contact (the most common);
- Contactless.
The first type of immobilizers is characterized by a greater range of action, thanks to a more powerful board and antenna. Its task is to block the engine while the car is moving.
The device is actively used not only by various financial and other organizations, but also by individuals.
The bottom line is that if instead of the rightful owner, as a result of violent actions against him, there was another driver, it would be possible to block the engine while driving at a great distance. The main thing is that the control key fob remains with the owner of the car.
True, this can also be done with mobile systems via a smartphone or GPS control systems, for example, car satellite search modules.
The second type (contact immobilizers) requires the presence of a special reading board in the ignition switch and a key with a chip in which a unique code is stitched.
The disadvantage of such devices is that losing or getting the key into the wrong hands can lead to unpleasant consequences. Therefore, some car owners are forced to spend money on installing additional security measures, such as fingerprint scanning devices or a small keyboard for entering a code.
The third type is contactless immobilizers. They are more reliable in terms of protection than contact ones. The fact is that the basis here is a special chip that sends a signal from a short distance (up to 0.1 meters) to the receiving board.
The chip can be mounted in any unattractive thing, and the board can receive a signal through an antenna placed in any place known only to the owner of the car. Those. if the chip falls into the wrong hands, you also need to know where to put it in order to start the car.
Nowadays, most new car models come with standard immobilizers. They are installed at the factory, and therefore these devices are maximally integrated into the electronics and design of the machine.
But if they do not meet the car owner’s safety criteria, you can additionally install another immobilizer as an anti-theft device.
Why does the lamp light up?
Normally, the immobilizer lamp flashes if the ignition switch is in the LOCK, OFF or ACC position, and thereby confirms the serviceability of the standard engine anti-theft system.
As soon as the immo correlates the key identification chip with its data and recognizes the match, the icon goes out and the engine starts.
If the operation of the immobilizer is disrupted, the indicator lights up and does not go out when the ignition is turned on in the ON position. But the engine does not start or stalls immediately after starting.
The reason for such malfunctions, as a rule, is that the system “does not recognize” the owner’s key or the device is not activated.
How the immobilizer works, design features
To figure out how to unlock the immobilizer, you need to understand what it consists of and how it works. Let's look at the example of a contact type device.
The main structural elements of the immobilizer: electronic control unit, control system with a coil, actuators, programmed chip (transponder).
- The basis of the ECU (not to be confused with the main electronic unit) is a microcircuit into which a special action program and exchange code are sewn. The latter queries the key to determine whether it belongs to a specific car.
- The task of the coil in the control system is to quickly read all the information from the key. It is built into the ignition switch.
- The task of the actuators is to interrupt and send signals to the electronic systems that control the fuel supply, ignition and starter. It is also possible to use them to activate an additional electromagnetic system with the help of which the mechanical elements of the car are blocked.
- The chip is a transponder, located in the ignition key. It has a unique code stitched into it that the ECU recognizes. If the code does not correspond to a specific car, then the electronic unit will not give the command to start the engine.
Some immobilizers can work without the driver's participation, protecting the car from robbery, but this applies to expensive models.
Due to their compactness, modern immobilizers are installed so hidden that it is almost impossible to identify them, much less their type, which gives them another plus.
How it all happens
Let's look at the example of Lada Kalina, Priora, Grant, Niva Chevrolet cars that have a standard APS 6 immobilizer installed.
As we know, the ignition key has a transponder chip with a unique code, this applies to both the training key with a red mark and the working one.
When you insert the key into the ignition using a coil located nearby in a circle, the code is read from the transponder chip. The information is immediately transmitted to the APS block 6.
This block compares the received code with the code that is located in the computer in permanent memory.
If the codes match, then the APS gives permission to start the engine. Otherwise, you will not be able to start the car.
Immobilizer check
Before you start searching for the cause of the immobilizer failure, you should check and correct, if necessary, the following parts of the car:
- Battery, and in case of insufficient charge, recharge.
- Use the original ignition key used in the specific car model.
- Remove electronic gadgets and other devices that can interfere with the immobilizer signal.
You can check the functionality of the device by wrapping the key in food foil and inserting it into the ignition switch. If the key indicator on the dashboard does not light up due to signal shielding, the car will not start. When the foil is removed, the engine should start.
There are two types of immobilizer malfunctions:
- Software, caused by a software failure: a problem in the device itself or desynchronization of components (motor unit and key). Eliminated when restoring the software.
- Hardware having a mechanical cause. Occur when communication wires, contacts or board elements are damaged. Eliminated by repairing the immobilizer.
Principle of operation
The immo's task is to prevent an attacker from starting a car in order to steal it. The device body is small in size and is located in places that are difficult to break into. If a standard alarm can only scare away a thief, then the immobilizer does not allow the car to start if the person does not have a special electronic key (tag).
There are 3 groups of protective devices:
- contact;
- code;
- contactless.
Contact and code immobilizers give away their location to an attacker due to the presence of a reader or device for entering a code. To start the motor, you need to enter a code or touch the chip to the contact pad. These devices will only prevent the engine from starting during initial startup. This protection mode resembles the operation mode of a secret button. Installing a secret button is cheaper than the cost of these devices, so they have not gained much popularity.
Modern Russian cars are equipped with standard contactless immobilizers, in which a chip with a code is located in the ignition key. The protection device works as follows:
- The driver inserts the key into the ignition switch; when the key is turned, current from the on-board network is supplied to a coil of copper wire wound around the lock.
- The generated electromagnetic field pulse, propagating in space, induces current in the microantenna, which is located in the ignition key body, and charges the capacitance that supplies voltage to the chip containing the code.
- The complex electromagnetic signal generated by the chip is transmitted back to a coil wound around the ignition switch. The code in the form of an electrical signal is sent to the immobilizer, which carries out the recognition procedure. If the immo confirms the authenticity of the code, it sends a command to the electronic engine control unit (ECU) to start the car engine.
This type of protective device tests the chip once when the engine is started; more advanced immobilizers have a “WAIT-UP” relay that does not block engine operation when the vehicle is not moving. This anti-theft system tests the chip at specified intervals.
If the car starts moving and there is no chip with a tag inside it, the engine will be turned off.
Such systems operate at 2.4 GHz, are miniature in size and are located in a wiring harness to hide them from intruders. The tag is equipped with a battery, and it is tested by the anti-theft system at a specified frequency. The encoded chip should be stored separately from the ignition key. This increases the vehicle's protection from possible theft. If the driver is forcibly removed from the car, the engine will stall after a preset time.
If the engine is blocked from starting
On domestic cars, there are often cases when, due to the appearance of various malfunctions, the immobilizer system begins to fail, the immobilizer lights up on the panel, preventing the vehicle’s engine from starting.
If the car does not start, you can use the emergency immobilizer shutdown procedure by entering a special code into the electronic engine control unit by pressing the accelerator pedal in a given sequence. Each car model has its own instructions for this procedure, developed by the vehicle manufacturer.
Causes
A faulty immobilizer blocks the engine from starting and prevents the driver from using the vehicle for its intended purpose. What can lead to immobilizer failure:
- a dead battery in the identification chip in the immo operating on a radio channel;
- failure of the chip with the code, which is built into the key;
- damage and breakage of the coil wound on the ignition switch;
- damage to the electrical circuits powering the immobilizer or connecting it to the electronic engine control system;
- damage to information in the read-only memory (ROM) of the anti-theft system or engine ECU due to powerful electromagnetic disturbance;
- starting the starter and engine ignition system when the battery is insufficiently charged;
- removing the terminals from the battery with the ignition on.
What to do
If the immobilizer has blocked the engine from starting, you must do the following:
- If you suspect that the battery in the identification chip is low, use a duplicate or replace the battery in it. In cars of medium and high price categories, there is a special slot in which, when placed in it, an electronic key with a discharged battery will work.
- When purchasing a car, the driver is given 3 keys. 2 working black and 1 training with red insert. The chips of the working keys are registered in the memory of the anti-theft system, and with their help you can write 5 more keys into it yourself according to the factory instructions. Having spare chips will eliminate the problem of their failure.
- Unlocking the engine ignition system in the event of failure of the power supply circuits of the immo and engine ECU will occur when the fault is repaired by an auto electrician.
- An open circuit in the pumping circuit at the ignition switch can be checked using an additional emulator connected in parallel via a diode and a relay to the main coil. If it works and the engine starts, then the coil has failed. You can also check it “for an open circuit” using a multimeter, after first disconnecting it from the electrical circuit.
- Unblocking engine starting if information in the ROM of the electronic engine control unit or immobilizer is deleted or damaged is only possible after deleting the damaged data and flashing the memory using special equipment and software.
General check for immobilizer malfunctions
Before turning off the unit and repairing the problem yourself, you should understand the signs and causes of the breakdown.
To do this, you should check and carry out certain actions that will make sure that it is the immo that is broken:
- Charge the battery. If it is discharged, remove the battery and recharge it using a charger.
- If a non-original key is used to unlock the immobilizer, we recommend using the original device recommended by the manufacturer. Perhaps the reason the blocker is not working is due to the failure of the tag. Then there is no point in repairing the standard immobilizer; it is advisable to repair the key or replace it with a working one.
- Remove the ignition key from the lock and try to find the problem with it.
- An immobilizer is an electronic device, so any gadgets and devices can cause interference when transmitting a signal between the unit and the key. We recommend that you turn off and remove any devices that may cause interference. If after this the operation of the immobilizer stabilizes, then the blocker is working.
Blocker connection diagram
Signs of damage
What signs can be used to determine the presence of an error in the operation of a car immobilizer:
- The starter device does not rotate the crankshaft when trying to start the power unit.
- The starter rotates the crankshaft, but does not start the engine.
- An indicator appeared on the control panel of the car in the form of a faulty immobilizer or a Check Engine icon.
- The car owner tries to open or lock the car doors using the remote control, but the device does not respond.
When the first signs appear, you need to check the blocker, otherwise it will fail at the most inopportune moment.
Causes of malfunctions
Problems with the immo can be one of two types:
- Software problems. Such breakdowns are associated with incorrect operation of the software of the motor control module, blocker or chip in the key fob. The problem can be solved by dismantling the device and reflashing it. If the cause of the problem is related to the key, then its chip must be repaired if the problem is not serious.
- Hardware problems. With such a problem, boards break or problems appear in the functioning of one of the main elements of the system. To determine the cause, detailed diagnostics are required.
Alexey Z in his video told how to repair the power unit blocker.
What are the causes of problems:
- The battery was disconnected from the on-board network when the ignition was activated. This mistake is often made by inexperienced car enthusiasts. If the vehicle is tightly bound to the key, then there will be no malfunctions in the operation of the immobilizer. But some Mercedes and BMW car models are quite sensitive to this nuance. To resolve the problem, you will need the help of a specialist.
- The battery was discharged when starting the engine. If there were malfunctions in the operation of the power unit, but the driver tried to start the engine by turning the starter, problems may arise. This is especially true for the cold season. At this time, car owners often turn the crankshaft with the starter device until the last minute until the battery is discharged.
- The reason may be related to the replacement of the power unit or control module. If the engine cannot be repaired or it is not financially feasible to repair it, the car owner will replace it. When purchasing a used power unit, we recommend purchasing the entire set for controlling the internal combustion engine - a central module, immo, as well as a chip tag. Otherwise, you will have to re-bind the key to the control module, and not everyone can do this on their own.
- Malfunctions in the functioning of electrical devices and equipment. For example, the safety device responsible for the safety of the engine blocker could have burned out.
- Firmware failure. All coding of blocking devices is stored on the eeprom board. This circuit belongs to the category of read-only memories. As a result of prolonged use or software failures, the firmware will “flip”, and the circuit will have to be programmed again.
- Damage to the chip itself. This element is installed in the immobilizer control key. It is not easy to extract an element from it and diagnose it; special equipment is required. On sale you can find special devices designed to detect problems in the operation of chips. When using them, the device does not have to be removed.
1. Lock key
2. Control module
Disconnection methods
There are several ways to remove the engine start lock by disabling the immobilizer.
Code deactivation
Emergency shutdown of the immobilizer is provided for by the standard factory procedure. The instructions were developed by manufacturers of domestic cars and are included in the vehicle documentation. If you carry out this process, the anti-theft system will turn off until the next time the ignition is turned on. The system allows the engine to start within 5 seconds after it is turned off.
For example, when locked, the Priora will start if the driver has activated the immobilizer emergency shutdown function in advance and written the access code into the system memory. The driver performs the manipulations by turning the ignition on and off, pressing the accelerator pedal according to a given algorithm.
Let's figure out how to bypass the immobilizer and what you need for this.
Using a spare key
When placing a spare key in the car, you can disable the anti-theft system yourself. To do this, you need to find a place as close as possible to the pump circuit of the chip, and attach a spare key with an encoded chip there. When you turn on the autostart system or start the engine with a simple key, the system will always detect the presence of a chip in the car and start the engine.
Use of special programs and devices
You can disable the immobilizer on a Man car only using a programmer and a computer. Using special software, the chips of the electronic engine control unit are interrogated, information about the presence of an immobilizer is cut out from them, and the car’s brains stop responding to its signals.
The principle of operation of the immobilizer
The immobilizer system includes the following devices:
- chip built into the key;
- an inflator loop, usually located near the ignition switch or card reader (if a card is used as a key);
- in some cars, a radio channel operating at a distance of up to 5 meters is used to poll the chip;
- immobilizer unit;
- the engine control unit.
Sometimes the pumping loop and the immobilizer unit are combined into a single structural unit.
When the ignition is turned on, a pulse voltage is supplied to the pump loop to activate the chip. Next, the loop reads the identification code of the chip located in the key. The data is sent to the immobilizer unit.
Most often this unit is located in the area of the center console in the car interior. It generates a special code that is transmitted to the engine control unit. If this code corresponds to a valid one, then the control unit operates in normal mode, allowing the engine to start. Otherwise, the engine control unit blocks the engine from starting or starts it for a few seconds, then turns it off.
Video - a specialist’s story about how the immobilizer works:
The immobilizer operation algorithm is complex, so the immobilizer malfunction is classified as critical. In most cases, solving this problem requires the intervention of a specialist, and not just an auto electrician, but a chipmaker who has equipment for working with immobilizers and relevant experience. Such work is expensive.
Bypassing immobilizer locks is very difficult, much more difficult than a car alarm or a non-standard immobilizer. Usually the fuel supply, ignition, and starter circuits are blocked. Even if you manage to somehow start the engine, bypassing the blockages, operating the car in normal mode will be difficult.
Before deciding to contact a specialized service station, it is necessary to perform a number of operations to make sure that the problem is in the electronic part of the immobilizer system.
What is an immobilizer bypass and why is it needed?
The device consists of 2 loop antennas connected via a relay. One antenna loop receives information from the transponder located in the reading module, and the other sends it to the ignition switch (IZ). If the car is started with the key, the relay switches and the immobilizer (IMMO) is activated directly. If a command is given from the car alarm unit, the circuits are switched in such a way that information from the transponder is sent through the 3Z loop to the IMMO, which gives the command to start the engine.
Where is?
The standard IMMO is installed in the same place for all cars of the same brand. This is due to assembly line production. In Russian cars it is located:
- Lada Kalina. Located behind the dashboard, car radio and ventilation control drives.
- Lada Granta. It is installed behind the dashboard where the ignition switch antenna wires lead.
- Niva Chevrolet. Located in the center console near the driver's right foot.
Almost all cars have an immobilizer located behind the dashboard. A safe place to install the device is the engine compartment with a lockable car hood.
Types of devices
To bypass the standard IMMO, two types of devices are used: key and keyless. The first involves the use of a standard key or transponder located in a special device in the module. Based on a signal from the key fob or a command from the security system, data is transmitted from the lineman to the standard IMMO. In a keyless device, the order of pulse transmission occurs at the software level and does not depend on the chip.
The devices transmit information via CAN/Lin bus or special devices. Option 1 is the simplest and does not require additional investments. However, not all cars are equipped with such a tire. In the second case, the list of car models is much wider, and the linemen themselves are equipped with additional functions.
Cars from European and Asian manufacturers use IMMO with radio frequency identification (RFID). Here, data stored in the transponder is read or written using radio signals.
Devices using the VATS principle and installed on American cars use keys with a resistor. The decoder receives a signal in the form of a resistance of the set value and unlocks the engine start.
What is an immobilizer bypass?
The immobilizer bypass consists of two antennas operating through a switch, which is a relay. One of the antennas is used to read the signal from the key hidden in the car, and the second is used to transmit this signal to the ignition switch. The relay ensures the operation of the immobilizer circuit directly (when the key is in the lock) or bypass, after receiving a signal from the security alarm unit. In this case, the signal from the hidden key goes to the antenna in the lock, and then to the immobilizer control unit, which allows the engine to start.
Four methods are used to bypass the immobilizer circuit:
- Installation of the bypass control unit using the original car key. The key is placed in a special container that reads the signal and transmits it to the lock. The container is located in the dashboard of the car in a hard-to-reach place. This solution reduces the security of the car, since an attacker can find the key and steal the car.
- Using a control unit using a copy of the chip from the key. This is a more reliable solution because the copy of the key does not have the bit part.
- Installation of a special programmable module that emulates the signal from the chip.
- Complete disabling of the immobilizer. It was used on the first machines with such a device. Currently, the method is not used, since it is impossible to disable the immobilizer on modern cars.
The negative current pulse that activates the relay arrives only in autostart mode. During a standard engine start, relay contacts 30 and 87A are closed, connecting the standard antenna. In this case, the immobilizer unit reads data from the key installed in the lock. In autostart mode, the relay connects contacts 30 and 87, excluding the standard antenna from the circuit and activating the crawler.
In the case when there is only one key for a car, and it is impossible to make a duplicate chip, a scheme is used that involves installing a tag on the ignition switch. Then the car will be started with a regular key that fits into the ignition switch. Alternatively, a single key is placed in the walker unit, which is connected through a special relay. It allows you to activate immobilizer bypass both during auto start and when the car is disarmed. To start the engine, a copy of the key without a chip is used.
Description of RFID and VATS systems
The principle of operation of the anti-theft system is to block the ability to start the engine if certain conditions are not met. This may be necessary in case of loss of the key, incompatibility between the operation of the standard alarm system and the one installed additionally, for remote or automatic engine starting. Factory immobilizer bypass devices not only serve their intended purpose, but also have a CAN bus to increase functionality.
But is it possible and how to deceive the immobilizer without buying a factory lineman? This problem can be solved in several ways. The main condition is to preserve the original functions of the car alarm. Installing additional components or upgrading the system should not affect its functionality and reliability.
To choose the optimal scheme for a homemade lineman, you need to know the types of immobilizers. They differ in their operating principle, on the basis of which methods of temporary or permanent shutdown are developed:
- RF > transponder (transmitter), which, when activated, sends a signal to the system and activates it. The receiving part is located in the ignition switch design;
- VAT. Typical for American-made models. Inside the ignition key there is a resistor that has a certain resistance value. To turn on the engine, you must insert the key into the lock. If the resistance value differs from the normalized value, the engine will not start.
For each of the systems, it is necessary to develop a universal model of an immobilizer crawler, which is not difficult to make with your own hands. It is important to know the principles of design and selection of components.
Methods for bypassing RFID system immobilizers
The presence of a standard immobilizer is the main reason for using additional means to bypass it. It cannot be removed and therefore it is necessary to properly think through the scheme of the future crawler.
When drawing up a diagram, the following conditions must be met:
- Universal connection and no negative impact on the operation of the car alarm;
- Adaptation for a specific immobilizer model. Be sure to first study its structure;
- Retaining the functionality of standard keys to start the ignition.
Standard immobilizer models can be installed in the ignition switch or on the engine start keys. This is where the system is being upgraded.
Manufacturing an RFID immobilizer crawler
The most common way to bypass the immobilizer using a DIY device is to install an additional circuit on the ignition switch. At the same time, the remote functions of the immobilizer will remain. Its operation will be disabled when the key is installed in the ignition.
To make a loop for a reel, you need to prepare a thin case, which will subsequently be mounted on a lock. Most often it is made from cardboard. Then you should follow these steps.
- Check the inner diameter of the lineman. It should be slightly larger than the size of the lock core.
- Scotch tape or electrical tape is installed on the outer part of the mandrel. Its adhesive part is on the outside.
- Then you should disassemble one coil of the automotive relay. The wire from there is wound onto the winding. The number of turns is usually 20-30 pcs.
- The resulting structure is installed on top of the ignition switch.
A similar design must be made for the spare key. He subsequently hides in the car. The components in the system are connected according to the following diagram:
In some cases, this method is not applicable due to the small space for installing the immobilizer crawler. Then it is necessary to use alternative methods.
Upgrading the RFID immobilizer bypass circuit
To begin with, a relay is made, consisting of five contacts. It is necessary for the proper operation of the structure.
But if it is impossible to install a loop on the ignition switch, the circuit should be modernized.
When started using the key, power is not supplied to the homemade relay. Consequently, the operation of the standard immobilizer is not disrupted.
In addition to the above-described principle of constructing a crawler, more complex ones can be used.
They almost completely eliminate the possibility of spontaneous engine shutdown when switching from autostart of the car to the ignition key.
Disabling or bypassing the immobilizer
The car owner may need to disable the immobilizer for the following reasons:
- If you lose the key.
- If the ECU or other parts of the immobilizer break down.
- When installing a remote control for starting the engine.
- When a device is deliberately disabled due to the belief that only an alarm is sufficient to protect the machine.
- In the case where the car is not of interest to car thieves, and the use of an immobilizer is pointless.
The easiest way to disable the immobilizer is to dial the code (if this option is available). Another method, which is only suitable for models with a chip, is to attach the chip from the second key to the immobilizer antenna. Official dealers have devices (killers) or universal keys that can deactivate a standard device. A universal method is to programmatically disable the immobilizer, in which it is transferred to an inactive state.
There are several ways to bypass the immobilizer when installing an alarm system. For this purpose, bypass modules (bypassers) are used, which are purchased from companies that sell security systems and related equipment. The bypass module is an electronic circuit housed in a small housing and equipped with antennas inside and outside. A chip or key to the device is also placed inside.
When the engine starts from the alarm, the internal antenna reads the encrypted signal, and the external one sends it to the ignition switch. When starting the car with the key, the crawler does not work. An experienced specialist should select a lineman so that he is compatible with the equipment of a specific machine model. Sometimes the immobilizer signal is weak enough that it may need to be strengthened.
If you lose the key or have problems with the immobilizer, you can disable the device using an emulator. It bypasses the protection program in the ECU and does not affect the control of the car in any way.