In the early 1990s, I was approached by the Nissan Anti-Theft Taskforce to participate in a “Benchmarking” session at their Torrance, California, offices. It was a real eye-opening experience for me that answered a lot of nagging questions.
Before that, I had heard the term “benchmarking” applied only to the process of cartography (mapmaking) during the early days of exploration. I soon learned that benchmarking also is a well-established technique for the standardization of manufactured products that dates to the early days of firearms and ammunition. In modern times, benchmarking also is used by manufacturers to keep abreast of what the competition is doing.
In the automotive world, a benchmarking session consists of a group of engineers, designers and technicians who disassemble vehicles made by competitors to see how other manufacturers solved various problems. The knowledge gained from these sessions then is applied to future vehicles, which explains why so many different vehicles have almost identical subsystems.
During the benchmarking session that I participated in, we examined the anti-theft systems on vehicles made by General Motors, Lexus, Mercedes and Volvo, among others. This took place long before automotive transponders were introduced and mostly dealt with the physical security of vehicle doors.
I’m sure that the same thing is being done today with transponder and computerized security systems. I assume that this is why vehicles other than those manufactured by Fiat Chrysler Automobiles (FCA) now are equipped with “security gateways.” This also helps to explain why the screen that pops up on my Autel IM608 for the 2020 and up Nissan Sentra looks so much like the screen for the 2019 Toyota RAV4 and other Toyota or Lexus vehicles that use Toyota’s new security system.
But before I jump into the huge headache that is the 2020 and up Nissan Sentra (Image 1), let me go over a few basics of the other systems that might or might not be related to the Nissan system.
FCA Security Gateway
This system reared its ugly head on the 2017 Chrysler Pacifica (Image 2). It came about as the result of a “proof of concept” video that came out in 2015 where hackers proved that they could use the internet to take over a 2014 Jeep Cherokee remotely by exploiting a weakness in the RF Hub that allows an onboard internet connection for certain FCA vehicles.
The hackers claimed that their goal was to get FCA to correct the problems with the RF Hub or to eliminate the device entirely. Instead, FCA doubled down on the system by expanding the use of the RF Hub and adding another level of security.
This supposedly was meant to provide protection, but, in actuality, these changes made FCA vehicles much more difficult to service by anyone outside of the dealership. That was music to the ears of FCA corporate management, who would like nothing better than to have all service on their vehicles performed only at their dealerships.
I’ve covered the Chrysler system before. The point is that a lot of new vehicles now use similar systems or soon will. One of the most basic pieces of information necessary to service the Chrysler vehicles is the location of the security gateway. (See “Known FCA Security Gateway Locations.”)
The new Toyota system was used first on the 2018 Lexus LS500 and LS500h vehicles that used a proximity fob system. In 2019, the system was expanded to many other Toyota and Lexus vehicles, including some that used keyed ignitions. (See “New Toyota System Models.”)
This system accomplishes several things in the name of “increased security” that are designed to drive vehicle owners back to the dealership for extra and replacement keys:
- On proximity systems, only new OEM fobs can be programmed. Refurbished and aftermarket fobs aren’t compatible with the system at this time.
- If a fob is deleted from the system, it can’t be programmed back in later.
- Programming keys and fobs requires information available only through the “Toyota Information System” (TIS) and also requires an NASTF LSID to access the information. (Images 3 and 4)
- Your programming device must have compatible software to read the OutCode and enter the InCode after you have obtained it.
- The InCode and OutCode change every time you hook up to the vehicle.
- The InCode must be entered within a certain time after you get the OutCode. If the process “times out,” you have to start over again, and the OutCode will change.
In the case of vehicles that use a keyed ignition, you can clone an existing key, as long as you have a working key. However, in an “all keys lost” situation, you won’t be able to program a new key unless you have the proper software, access to the TIS system and an NASTF LSID.
The Nissan System
At the time of publication, three Nissan vehicles that I know of are equipped with the new system. (See “Nissan Security System Vehicles.”) Of these, the 2020 and up Sentra is the only one, so far, that’s equipped with the Nissan version of a security gateway. This extra layer of security has caused a lot of headaches for locksmiths and Nissan technicians, as well as tech-support providers.
The rest of the Nissan vehicles equipped with this system can be dealt with much more easily. Advanced Diagnostics introduced software for all these vehicles, except the Sentra, in April 2020. If you have a Smart Pro, then you are good to go on the other vehicles. The Smart Pro provides a stand-alone solution for everything except the Sentra without the necessity for an online connection or NASTF.
The Sentra, however, is a vehicle that I will avoid until a reliable solution comes along, and I recommend that you do the same. My encounter with a 2020 Sentra caught me completely unprepared.
It had come into one of my dealerships from a wholesale outlet that supposedly went through the vehicle to prepare it for resale. When I was introduced to the vehicle, it had two fobs, but the remote functions of both didn’t work, and only one of the fobs would start the vehicle. However, the fob that would start the vehicle wouldn’t operate as a proximity fob; it had to be pressed against the start button to start the car. That fob also had an uncut emergency key, and the emergency key in the other fob was cut but wouldn’t turn the door lock.
To make matters even more fun, the fob that would start the car had four buttons, but the nonworking fob had five. When I checked the nonworking fob, it became obvious that it was from another car and had a totally different Federal Communications Commission ID from the fob that would start the car.
I began by running the VIN through the local Nissan dealer and got the Nissan part number for the correct fob. I ordered two correct fobs from my distributor, because I wasn’t sure that the fob that started the car was correct. Someone had sprayed blue paint over the area on the fob where the FCC ID should have been, so I decided to just start with a clean slate and two fobs that I knew were correct.
The first time that I knew that there was something different about the 2020 Sentra was when I ordered the fobs from my distributor. The listing on their website warned me that the car might require special programming, so I researched the vehicle while I waited for the fobs to be delivered.
I live in Pensacola, Florida, which is a pretty good approximation of paradise, but there are no local locksmith distributors, so all my stock normally takes 2–3 days to arrive after I place my order. Although I was researching the 2020 Sentra, I discovered that it wasn’t supported by my Smart Pro, but my Autel IM608 claimed that it could do the job, as long as I had the Autel Nissan 16 + 32 Secure Gateway Adapter. (Image 5) I ordered the adapter and thought that I was ready to tackle the job.
When I got back to the car with what I thought would be all the tools and information necessary, the first task was to locate and disconnect the security gateway module. I had researched this and knew that it was located high up under the dash behind the instrument cluster. I didn’t have any trouble locating the module in this car, because the last person who worked on the car had left the module hanging from the wiring harness. Apparently, it was too much trouble to snap it back onto the mounting bracket. (Image 6)
The first thing that I noticed was the large warning about “Free Fall.” I showed it to one of the mechanics and made a joke about Thelma and Louise driving the car off a cliff and throwing the module away. He laughed politely and then told me that was “Nissan-speak” for “if you drop it, throw it away.” Apparently, Nissan uses the same notice on other components, including drive shafts.
After connecting the 16 + 32 Secure Gateway Adapter and my IM608, I thought I was ready to program the two new fobs. As it turned out, I was missing one critical piece of information. The description of the adapter said that it “Added key support for Autel MaximIM Tools.” Most of the description of the adapter was about diagnostic functions, clearing codes and “live data” graphing. I had no idea when I started working on the car that I would have to convert a 28-character PIN code (Image 7) to add or delete key fobs.
This conversion is much like the Toyota system and can be accomplished by using the Nissan software or through a “friendly” Nissan dealership. The real problem is that before you get this code, in typical Nissan “all at once programming” fashion, the system deletes all existing keys from the system. If you can’t get the PIN code conversion done quickly, you will have a vehicle that has no keys in its memory on your hands, which is exactly what happened to me.
I tried a lot of options over the next few days, but none worked. Every time I tried to program in the new fobs, I got a message that said “Since the BCM and keys are new, key learning is not possible. Requirements are as below: After replacing the BCM, use the original key to learn it.” (Image 8) This really had me worried that I might have accidentally “bricked” the computer.
But I am stubborn when it comes to this kind of thing, and I kept on plugging away trying to solve the problem. After spending some time with my distributor’s tech support department, I was referred to an Autel tech-support specialist. I can’t say enough good things about the tech who helped me. He spent almost two hours on the phone with me while controlling my IM608 remotely. The only internet connection that we could use at that dealership turned out to be tethering my cellphone to the tool, and this connection was anything but fast.
I wish I could tell you exactly what the tech-support technician did, but much of it happened too fast for me to document. We did two module resets that each took 20–30 minutes as a bar graph that charted progress slowly moved across my screen. After that was done, the car was back as I found it. The technician had located the info on the one fob that was programmed into the vehicle and set it back up in the system. The vehicle now would start with the fob that came with it but only if you pressed the start button with the fob — just as it did when I first saw the car.
I asked about programming the two new fobs that I had, but the technician said we should quit while we were ahead. The dealership sent the car off to the Nissan dealer, and I sincerely hope I never see it again!
This entire episode reinforced my belief in Murphy’s Law (anything that could go wrong, will go wrong) and underscored that the devil really is in the details. During the time I was on the phone with the technician, we chatted about many things, and he told me that since the new Sentra came out in 2020, he has spent most of his time doing exactly what he just did for me, but for other locksmiths all over the country.
He also said Autel was working hard on a solution for the problem but didn’t say what that solution was. I can’t help but wonder whether he was talking about the new MaxIM KM100 Universal Key Generator Programming Tool that I have heard so much about recently. I look forward to trying out this device!
Steve Young has been a locksmith since 1973 and has trained and taught locksmiths since 1988. He is a frequent contributor to Locksmith Ledger.