Revise keyfob emulation details and update To Do list

Updated the README to reflect changes in keyfob emulation and Keeloq Key Manager status.

.github/ISSUE_TEMPLATE/01_bug_report.yml

@@ -1,45 +1,77 @@
-name: Bug report
+name: Bug Report
-description: File a bug reports regarding the firmware.
+description: Report a bug in Flipper-ARF firmware.
 labels: ["bug"]
 body:
   - type: markdown
     attributes:
       value: |
-        Thank you for taking the time to fill out an issue, this template is meant for any issues related to the Flipper Zero unleashed firmware.
+        Thanks for reporting a bug in Flipper-ARF. Please fill in as much detail as possible.
+  - type: input
+    id: firmware-version
+    attributes:
+      label: Firmware version
+      description: "ARF version or git commit hash."
+      placeholder: "e.g. ARF 0.1.2 or commit abc1234"
+    validations:
+      required: true
+  - type: dropdown
+    id: hardware
+    attributes:
+      label: Hardware setup
+      description: "Which hardware configuration are you using?"
+      options:
+        - Flipper Zero (stock)
+        - Flipper Zero (modded antenna)
+        - Flipper Zero + external CC1101
+        - Other (describe below)
+    validations:
+      required: true
+  - type: input
+    id: protocol
+    attributes:
+      label: Protocol affected
+      description: "Which protocol is affected, if applicable?"
+      placeholder: "e.g. Kia V3/V4, PSA GROUP, Keeloq, Fiat Mystery"
+  - type: input
+    id: frequency
+    attributes:
+      label: Frequency & modulation
+      description: "RF frequency and modulation used, if relevant."
+      placeholder: "e.g. 433.92 MHz AM"
   - type: textarea
     id: description
     attributes:
-      label: Describe the bug.
+      label: Bug description
-      description: "A clear and concise description of what the bug is."
+      description: "A clear and concise description of the bug."
     validations:
       required: true
   - type: textarea
     id: repro
     attributes:
-      label: Reproduction
+      label: Steps to reproduce
       description: "How can this bug be reproduced?"
       placeholder: |
-        1. Switch on...
+        1. Open SubGhz app
-        2. Press button '....'
+        2. Load saved .sub file
-        3. Wait for the moon phase
+        3. Press Send
-        4. It burns
+        4. Observe error / unexpected behavior
     validations:
       required: true
-  - type: input
+  - type: textarea
-    id: target
+    id: expected
     attributes:
-      label: Target
+      label: Expected vs actual behavior
-      description: Specify the target
+      description: "What did you expect to happen, and what actually happened?"
-      # Target seems to be largely ignored by outside sources.
+    validations:
+      required: true
   - type: textarea
     id: logs
     attributes:
-      label: Logs
+      label: Logs / screenshots
-      description: Attach your debug logs here
+      description: "Attach debug logs (via serial CLI) or screenshots if available."
       render: Text
-      # Avoid rendering as Markdown here.
   - type: textarea
     id: anything-else
     attributes:
-      label: Anything else?
+      label: Additional context
-      description: Let us know if you have anything else to share.
+      description: "Any other information that might help (vehicle model, .sub file contents, etc.)."

.github/ISSUE_TEMPLATE/02_enhancements.yml

@@ -1,20 +0,0 @@
-name: Enhancements
-description: Suggest improvements for any existing functionality within the firmware.
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thank you for taking the time to fill out an issue. This template is meant for feature requests and improvements to already existing functionality.
-  - type: textarea
-    id: proposal
-    attributes:
-      label: "Describe the enhancement you're suggesting."
-      description: |
-        Feel free to describe in as much detail as you wish.
-    validations:
-      required: true
-  - type: textarea
-    id: anything-else
-    attributes:
-      label: Anything else?
-      description: Let us know if you have anything else to share.

.github/ISSUE_TEMPLATE/03_feature_request.yml

@@ -1,23 +1,46 @@
 name: Feature Request
-description: For feature requests regarding the firmware.
+description: Suggest a new feature or improvement for Flipper-ARF.
 labels: ["feature request"]
 body:
   - type: markdown
     attributes:
       value: |
-        Thank you for taking the time to fill out an issue, this template is meant for any feature suggestions.
+        Thanks for suggesting a feature for Flipper-ARF. Please describe your idea in detail.
-  - type: textarea
+  - type: dropdown
-    id: proposal
+    id: category
     attributes:
-      label: "Description of the feature you're suggesting."
+      label: Category
-      description: |
+      description: "What area does this feature fall under?"
-        Please describe your feature request in as many details as possible.
+      options:
-          - Describe what it should do.
+        - New protocol
-          - Note whetever it is to extend existing functionality or introduce new functionality.
+        - Protocol improvement
+        - UI / UX
+        - Build system / tooling
+        - Other
+    validations:
+      required: true
+  - type: input
+    id: manufacturer
+    attributes:
+      label: Manufacturer / protocol
+      description: "Which manufacturer or protocol is this related to, if applicable?"
+      placeholder: "e.g. Toyota, Renault, Keeloq"
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: "Describe the feature you're suggesting."
+    validations:
+      required: true
+  - type: textarea
+    id: use-case
+    attributes:
+      label: Use case
+      description: "Why is this needed? What problem does it solve?"
     validations:
       required: true
   - type: textarea
     id: anything-else
     attributes:
-      label: Anything else?
+      label: Additional context
-      description: Let us know if you have anything else to share.
+      description: "Any references, datasheets, links, or examples that support this request."

.github/ISSUE_TEMPLATE/04_protocol_submission.yml

@@ -0,0 +1,111 @@
+name: Protocol / Algorithm Submission
+description: Submit a new protocol decoder, encoder, or cipher implementation.
+labels: ["protocol", "contribution"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this template to submit a new protocol implementation or algorithm for inclusion in Flipper-ARF.
+        Include as much technical detail as possible — timing, frame structure, cipher type, and test captures.
+  - type: input
+    id: protocol-name
+    attributes:
+      label: Protocol name
+      description: "Name for the protocol (as it should appear in the firmware)."
+      placeholder: "e.g. Renault V2, Opel Corsa, Nissan V0"
+    validations:
+      required: true
+  - type: input
+    id: manufacturer
+    attributes:
+      label: Manufacturer / vehicle
+      description: "Which manufacturer or vehicles use this protocol?"
+      placeholder: "e.g. Renault Clio 2010-2018, Opel/Vauxhall Corsa D"
+    validations:
+      required: true
+  - type: input
+    id: frequency
+    attributes:
+      label: Frequency & modulation
+      description: "RF frequency and modulation type."
+      placeholder: "e.g. 433.92 MHz FM (FSK)"
+    validations:
+      required: true
+  - type: dropdown
+    id: encoding
+    attributes:
+      label: Encoding
+      description: "How are bits encoded in the RF signal?"
+      options:
+        - PWM (Pulse Width Modulation)
+        - Manchester
+        - Differential Manchester
+        - OOK raw
+        - Other (describe in frame structure)
+    validations:
+      required: true
+  - type: textarea
+    id: timing
+    attributes:
+      label: Timing parameters
+      description: "Provide timing values for the protocol."
+      placeholder: |
+        te_short: 400 us
+        te_long: 800 us
+        te_delta: 150 us
+        Preamble: 16 pairs of alternating short pulses
+        Sync: 1200 us HIGH
+        Gap: 10000 us between bursts
+    validations:
+      required: true
+  - type: textarea
+    id: frame-structure
+    attributes:
+      label: Frame structure
+      description: "Describe the bit layout — field positions, sizes, fixed vs rolling parts."
+      placeholder: |
+        Total bits: 68
+        Bits 0-31: Encrypted (KeeLoq)
+        Bits 32-59: Serial (28 bits)
+        Bits 60-63: Button code (4 bits)
+        Bits 64-67: CRC (4 bits, XOR of nibbles)
+    validations:
+      required: true
+  - type: dropdown
+    id: cipher
+    attributes:
+      label: Cipher / rolling code type
+      description: "What cipher or rolling code scheme does this protocol use?"
+      options:
+        - None (static code)
+        - KeeLoq
+        - AES
+        - TEA / XTEA
+        - Hitag2
+        - Custom / proprietary
+        - Unknown (needs analysis)
+    validations:
+      required: true
+  - type: dropdown
+    id: status
+    attributes:
+      label: Implementation status
+      description: "How far along is the implementation?"
+      options:
+        - Concept only (analysis / documentation)
+        - Decoder working
+        - Encoder working
+        - Both decoder and encoder working
+    validations:
+      required: true
+  - type: textarea
+    id: captures
+    attributes:
+      label: Test captures
+      description: "Paste .sub file contents or raw pulse data for validation. Attach files if too large."
+      render: Text
+  - type: textarea
+    id: references
+    attributes:
+      label: References
+      description: "Links to datasheets, research papers, FCC filings, or related projects."

.github/ISSUE_TEMPLATE/05_key_recording_submission.yml

@@ -0,0 +1,99 @@
+name: Key Recording Submission
+description: Contribute captured keyfob recordings for protocol analysis.
+labels: ["recording", "data"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this template to submit captured keyfob recordings (.sub files or raw data).
+        These recordings help with protocol reverse engineering, decoder validation, and cipher analysis.
+
+        **Tips for useful captures:**
+        - Record 10+ sequential presses per button without long gaps
+        - Note the exact button pressed for each capture
+        - If possible, capture from multiple buttons on the same fob
+        - Include the vehicle make, model, and year
+  - type: input
+    id: vehicle
+    attributes:
+      label: Vehicle / device
+      description: "Make, model, year, and any relevant trim info."
+      placeholder: "e.g. 2015 Fiat Panda 1.2 Pop"
+    validations:
+      required: true
+  - type: dropdown
+    id: protocol
+    attributes:
+      label: Protocol (if known)
+      description: "Which protocol was detected, or select Unknown if not yet identified."
+      options:
+        - Unknown / new protocol
+        - VAG GROUP
+        - Cayenne
+        - PSA GROUP
+        - Ford V0
+        - Fiat SpA
+        - Fiat Mystery
+        - Subaru
+        - Siemens (Mazda)
+        - Kia V0
+        - Kia V1
+        - Kia V2
+        - Kia V3/V4
+        - Kia V5
+        - Kia V6
+        - Suzuki
+        - Mitsubishi V0
+        - Keeloq
+        - Other (specify below)
+    validations:
+      required: true
+  - type: input
+    id: frequency
+    attributes:
+      label: Frequency & modulation used
+      description: "The frequency and modulation setting used during capture."
+      placeholder: "e.g. 433.92 MHz AM650"
+    validations:
+      required: true
+  - type: input
+    id: buttons
+    attributes:
+      label: Button / function
+      description: "Which buttons were recorded and what they do."
+      placeholder: "e.g. Lock (Btn A), Unlock (Btn B), Trunk (Btn C)"
+    validations:
+      required: true
+  - type: input
+    id: num-captures
+    attributes:
+      label: Number of captures
+      description: "How many presses were recorded per button?"
+      placeholder: "e.g. 10 sequential presses per button"
+    validations:
+      required: true
+  - type: dropdown
+    id: capture-method
+    attributes:
+      label: Capture method
+      description: "How were the signals captured?"
+      options:
+        - SubGhz Read RAW
+        - SubGhz decoded (saved .sub)
+        - External SDR (HackRF, RTL-SDR, etc.)
+        - Other
+    validations:
+      required: true
+  - type: textarea
+    id: capture-data
+    attributes:
+      label: Capture data
+      description: "Paste .sub file contents here, or attach files. For multiple files, use separate code blocks labeled by button."
+      render: Text
+    validations:
+      required: true
+  - type: textarea
+    id: notes
+    attributes:
+      label: Notes
+      description: "Any observations — counter gaps, time between captures, battery changes, multiple fobs, etc."

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +1 @@
 blank_issues_enabled: true
-contact_links:
-  - name: Telegram
-    url: https://t.me/flipperzero_unofficial
-    about: Unofficial Telegram chat
-  - name: Discord
-    url: https://discord.unleashedflip.com
-    about: Unofficial Discord Community

.github/pull_request_template.md

@@ -1,13 +1,25 @@
-# What's new
+## Summary
 
-- [ Describe changes here ]
+<!-- What changed and why? Keep it concise. -->
 
-# Verification 
+## Protocol(s) affected
 
-- [ Describe how to verify changes ]
+<!-- Which protocol(s) does this PR touch? e.g. Kia V3/V4, PSA GROUP, none -->
 
-# Checklist (For Reviewer)
+## Type of change
 
-- [ ] PR has description of feature/bug
+- [ ] Bug fix
-- [ ] Description contains actions to verify feature/bugfix
+- [ ] New protocol
-- [ ] I've built this code, uploaded it to the device and verified feature/bugfix
+- [ ] Protocol improvement (encoder/decoder/display)
+- [ ] Build system / infrastructure
+- [ ] Other
+
+## Testing
+
+<!-- How was this verified? Include hardware used, captures tested, etc. -->
+
+## Checklist
+
+- [ ] Built with `./fbt COMPACT=1 DEBUG=0 updater_package` (no errors)
+- [ ] Flashed and tested on Flipper Zero
+- [ ] No regressions in other protocols

README.md

@@ -123,14 +123,14 @@ Flipper-ARF aims to achieve:
 - [x] D-Pad mapping (Lock / Unlock / Boot / Trunk) during emulation
 - [x] VAG MFKey support and updated Keeloq codes
 - [x] PSA XTEA brute force for saved → emulation workflow
-- [x] Brute force of counter in saved → emulation scene for smoother keyfob emulation
+- [x] Brute force of counter in saved → can be accellerated trough the companion app via bluetooth
 - [x] RollJam app (Internal CC1101 for RX & TX captured signal; External CC1101 for jamming) — requires more real-world testing
 
 ---
 
 ## To Do / Planned Features
 
-- [ ] Keeloq Key Manager inside firmware
+- [X] Keeloq Key Manager inside firmware
 - [ ] Add Scher Khan & Starline protocols
 - [ ] Fix and reintegrate RollJam app (future updates)
 - [ ] Expand and refine Subaru, Kia, PSA, and other manufacturer protocols
@@ -178,6 +178,53 @@ Contributions are welcome if they:
 ![Talk is cheap, submit patches](arf_pictures/send_patches.jpeg)
 ---
 
+## Citations & References
+
+The following academic publications have been invaluable to the development and understanding of the protocols implemented in this firmware.
+
+### Automotive RKE Security
+
+- **Lock It and Still Lose It — On the (In)Security of Automotive Remote Keyless Entry Systems**
+  Flavio D. Garcia, David Oswald, Timo Kasper, Pierre Pavlidès
+  *USENIX Security 2016*
+  https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf
+
+- **Clonable Key Fobs: Analyzing and Breaking RKE Protocols**
+  Roberto Gesteira-Miñarro, Gregorio López, Rafael Palacios
+  *International Journal of Information Security, Springer, May 2025, 24(3)*
+  DOI: [10.1007/s10207-025-01063-7](https://doi.org/10.1007/s10207-025-01063-7)
+
+- **The Role of Cryptographic Techniques in Remote Keyless Entry (RKE) Systems**
+  Jananga Chiran — Sri Lanka Institute of Information Technology
+  *November 2023*
+  DOI: [10.5281/zenodo.14677864](https://doi.org/10.5281/zenodo.14677864)
+
+### Immobiliser & Transponder Systems
+
+- **Dismantling DST80-based Immobiliser Systems**
+  Lennert Wouters, Jan Van den Herrewegen, Flavio D. Garcia, David Oswald, Benedikt Gierlichs, Bart Preneel
+  *IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), 2020, Vol. 2*
+  DOI: [10.13154/tches.v2020.i2.99-127](https://doi.org/10.13154/tches.v2020.i2.99-127)
+
+### RFID & Protocol Analysis Tooling
+
+- **A Toolbox for RFID Protocol Analysis**
+  Flavio D. Garcia
+  *IEEE International Conference on RFID, 2012*
+  DOI: [10.1109/rfid.2012.19](https://doi.org/10.1109/rfid.2012.19)
+
+### Relay & Replay Attacks
+
+- **Implementing and Testing RollJam on Software-Defined Radios**
+  *Università di Bologna (UNIBO), CRIS*
+  https://cris.unibo.it/handle/11585/999874
+
+- **Enhanced Vehicular Roll-Jam Attack Using a Known Noise Source**
+  *Inaugural International Symposium on Vehicle Security & Privacy, January 2023*
+  DOI: [10.14722/vehiclesec.2023.23037](https://doi.org/10.14722/vehiclesec.2023.23037)
+
+---
+
 # Disclaimer
 
 This project is provided solely for **educational, research, and interoperability purposes**.  

lib/subghz/protocols/kia_v3_v4.c

@@ -424,6 +424,11 @@ SubGhzProtocolStatus
 
         furi_string_free(temp_str);
 
+        if(hex_pos != 16) {
+            FURI_LOG_E(TAG, "Invalid key length: %zu nibbles", hex_pos);
+            break;
+        }
+
         instance->generic.data = key;
 
         flipper_format_rewind(flipper_format);