Unlocking AZKOYEN STEP (Keeloq) with Flipper :

This “exploit” works with ALL Azkoyen Step machines in Portugal - Europe and most likely can be applyed way more widely.


Machines are locked so that children / underage people can’t buy from the machine. It uses JCM Gen1 Neo/Sagem(Tabaco) KeeLoq !

How to attack (does work on ALL machines at least in Portugal) :

  • Set Flipper to READ RAW - Set frequency to 433.92 and set modulation to AM650.
    -Capture a SINGLE press of the original/working remote and save it.
  • To unlock the machine replay the captured data 2 or 3 times. Machine will be unlocked even if current status of KeeLoq is way further from captures.

With non-official firmare :

Set flipper to READ on 433.92/AM650 and capture A SINGLE KEELOQ SEQUENCE/CODE. Save it.
-Just re-send the code 2 or 3 times. Same code, no need to have a valid sequence. Having 1 code in enought.
-Machine will unlock.

“all of your tobacco are belong to us”


  • This is even worse of what i was expecting as i was expecting to need a sequence of valid keeloq codes to execute this “attack” / re-sync but it does look like machine re-sync on a single code as long as it’s valid and that code is on the margin of allowed codes once re-sync so whe you manage to press 2 or 3 times the same code it will be re-sync to that and machine will now accept that single/same code without need of re-sync. Only if you use original remote to advance on the sync count you will need to send the same captured code 2 or 3 times for it to be valid again and so on …

A single valid code can be re-used … FOREVER.


Spying on your competitors with Flipper !!!

  • Install the JCM_Tech manufacturer key on your flipper and now you will be able to emulate AZKOYEN keyfobs and check the counter of the keeloq.

  • Go in the morning to a coffee shop and ask for tobacco, use Flipper to READ the signal and get the counter of the keeloq.

  • Go there in the night and do the same.

  • Subtract the value in hex of the counter and you will know how many times the machine was activated during the day, and more or less know how many tobacco was sold by the machine.

  • Do the same in several coffee shops on your local area. You will know the ones who are selling more !!!


Where can we find this one ?

Not allowed here. Please check PM.

1 Like

Please would u mind sharing? Thanks

1 Like

Hello !
I’m also interested in having the MF key of JCM Tech…
Thanks a lot !

1 Like

Official firmware devs already have access to this info/keys so it’s up to them now to implement them (or not) on flipper official firmware. Regards.

I just checked the frame and it is from an AZKOYEN controller manufactured by JCM TECH

1 Like

Yes, it is.

I am interested in having the program to program the PIC16F630 of the AZKOYEN receiver.
Due to a programmer error (manufacturer) the KeeLoq counter is lost…

Counter isn’t an issue as long as you still have original remote.
Those machines don’t care about counter at all. You only need to send a single valid code even if it was already sent… You need to have correct key on reciever that match remote. Just that.

1 Like

Hi, Portuguese here too. Mind sharing? Thanks.

Please check PM !

Hello Spildit, c

Hello all,
Can il have jcm Keys for garage Doors wirh Rolling code please ?

What a careless implementation. Who are these people? Honda? :joy: /teasing

It’s available on non-official firmware. Just check firmware repository and you will find it.

1 Like

Hi Spildit!

Thank you so much for knowledge sharing.
can I have MF key of JCM Tech Please :heart_eyes: ? THANKS !

it’s available in non-official firmware not supported here. simply goolge for it.

also for those machines you don’t need the rolling code at all. as long as you have a single valid keeloq code you are ok so you can simply record a raw signal from a valid remote and use that as long as you want.

They don’t care about security, the more someone bypass it the better as they will selll more tobacco lolololioliol

it’s just done to prevent kids from using the machine.

1 Like