If you have a garage door motor that was installed in the last 20 years, it almost certainly uses rolling code technology. You may not have known this, and it is likely you have never had reason to think about it. But rolling codes are the reason your garage door cannot be opened by someone who records your remote's signal, and understanding how the technology works gives you a clear picture of why modern systems are far more secure than older ones.

This guide explains the problem that rolling codes were designed to solve, how the technology works in practice, its limitations, and what it means for how you manage and replace your remote.

---

The Problem Rolling Codes Were Designed to Solve

To understand rolling codes, it helps to understand what they replaced. Older garage door systems used fixed code technology, where the remote transmitted the same signal every single time the button was pressed. The motor's receiver was programmed to recognise that specific code and open the door whenever it received it.

The fundamental weakness of this approach is that anyone with a radio receiver capable of capturing the signal could record it and replay it later. This attack is known as a replay attack. The equipment needed to perform it has become progressively cheaper and more accessible over time, to the point where relatively inexpensive consumer devices can capture and replay radio frequency signals. Against a fixed code system, this is a straightforward way to gain unauthorised access.

Rolling code technology was developed in the early 1990s as a direct solution to this vulnerability. The first widely adopted implementation was KeeLoq, developed by Nanoteq and later acquired by Microchip Technology. By the mid-1990s rolling code technology had become standard on new garage door systems from major manufacturers, and it has remained the industry standard ever since.

---

How Rolling Codes Work

The core principle of rolling code technology is that the access code used to open the door changes with every button press, in a way that is unpredictable to anyone who does not have access to the underlying algorithm and the shared secret values that seed it.

Synchronisation between remote and receiver

When a rolling code remote is first programmed to a motor, the two devices synchronise their shared secret values. These include a seed value unique to that remote and a counter that tracks how many button presses have been made. Both the remote and the receiver store copies of these values.

When you press the remote's button, it uses the shared algorithm and the current counter value to generate a code. It transmits this code along with a serial number that identifies which remote is sending the signal. The counter then advances to the next value in preparation for the next press.

When the receiver receives the signal, it identifies the remote by its serial number, retrieves the shared secret values for that remote, and uses the same algorithm to calculate what the expected next valid code should be. If the received code matches, the door opens. The receiver's counter then advances in the same way.

Why a captured code cannot be replayed

The moment you press the remote button, the code it transmits is consumed. The receiver advances its counter and will never accept that code again. Even if someone captures the signal at the exact moment you use the remote, they now have a code that has already been used. The receiver will reject it. The same code can only be used once, making replay attacks ineffective.

How the system handles out-of-sync situations

A practical challenge with rolling codes is that the remote can get out of sync with the receiver. This happens when you press the remote button many times outside the receiver's range, advancing the remote's counter while the receiver's counter stays in place. Most rolling code receivers handle this by accepting a range of future valid codes rather than only the exact next one, typically a window of several hundred codes ahead. This means that even if you have pressed the button many times out of range, the system will resynchronise the next time you use it successfully.

---

The Role of the KeeLoq Algorithm

KeeLoq is the most widely used algorithm for rolling code garage door systems, though other implementations exist including Microchip's own HCS series and proprietary algorithms used by individual manufacturers. KeeLoq uses a 64-bit block cipher with a 64-bit key to generate its rolling codes.

The algorithm itself is not secret: it has been publicly documented and analysed by cryptographers. The security of the system rests not on keeping the algorithm hidden but on the fact that without knowing the specific seed values and counter state for a given remote, predicting future valid codes is computationally infeasible under normal circumstances.

In 2008 researchers published a cryptanalytic attack against KeeLoq that demonstrated theoretical vulnerabilities in the algorithm. This attack requires capturing a significant number of messages from a specific remote and performing intensive computation, making it impractical for opportunistic criminals but a reminder that no security system is permanently immune to advances in attack techniques.

---

Advanced Rolling Code Implementations

In response to both academic research and the general maturation of the security landscape, several manufacturers have developed enhanced versions of rolling code technology that offer stronger protection than standard KeeLoq.

Hormann BiSecur

Hormann's BiSecur system, introduced in 2012, uses AES-128 encryption rather than KeeLoq. AES-128 is a well-established cryptographic standard used in banking and government communications. BiSecur is considered significantly more resistant to known attack methods than standard KeeLoq implementations and is widely regarded as one of the most secure residential garage door systems currently available.

Chamberlain Security+ 2.0

Chamberlain and LiftMaster's Security+ 2.0 system uses a 128-bit rolling code encryption system that updates the access code with every use. It is compatible with their myQ smart home platform and is designed to resist known replay and scanning attacks.

Other proprietary systems

Many manufacturers have developed their own rolling code implementations with varying levels of security. The general direction across the industry has been towards stronger encryption and more sophisticated anti-replay measures, driven by both increasing awareness of security vulnerabilities and the growing commercial value of home access control.

---

What Rolling Code Technology Means for Remote Replacement

Rolling code technology has one important practical implication for remote replacement: you cannot clone a rolling code remote. Because the code changes with every use and both devices must maintain synchronised counters seeded with shared secret values, there is no way to create a functional duplicate simply by copying a signal.

To add a new remote to a rolling code system, you must go through the motor's programming process. This involves putting the receiver into a learning mode and presenting the new remote so the receiver can store its serial number and shared secret values. A compatible replacement remote purchased from a reputable supplier and programmed correctly to your motor will then work exactly as the original did.

This also means that if a remote is lost or stolen, the found remote will continue to work on your door until you delete it from the receiver's memory. Rolling code security protects against electronic interception, not against someone physically using a valid remote. Deleting lost or stolen remotes from the motor's memory remains important for physical security.

---

Summary

Rolling code technology addresses the fundamental vulnerability of fixed code systems by ensuring that every button press generates a unique, unpredictable access code that can only be used once. The remote and receiver maintain synchronised counters and share a cryptographic algorithm that makes it computationally infeasible to predict future valid codes without access to the shared secret values.

Modern implementations such as Hormann's BiSecur and Chamberlain's Security+ 2.0 have extended this protection with stronger encryption algorithms. For the vast majority of homeowners, the practical implication is straightforward: a modern rolling code system is effectively secure against the electronic attacks that made older fixed code systems vulnerable.

If you need a replacement remote for a rolling code system, browse our range of compatible garage door remote controls to find one that will programme correctly to your motor.