Years ago I had some insight into the "crypto" behind a garage door opener. It was essentially a rolling code and the controller stored the counter for each paired remote and checked it. The package sent by the remote also included its current counter value. If the controller received a counter that was higher than expected, it just updated the stored value and accepted the request, assuming the actual "ciphertext" is correct ofc. The only constraint was that the sequence number must be larger than the stored value.

This also means if you manage to clone a remote, you can just abuse humans. If you opened the door with your clone, the next time the original remote sends its package the sequence number will be too low and the controller will ignore it. But what do you do if your remote didn't work? You press it again, this time the sequence number matches and things work as they should.

For cloning you need to reconstruct the initial seed for the PRNG that is used to create the ciphertext based on the sequence number. Based on how little resources these remotes tend to have, more based on cost than battery life etc, and that some vendors design their own crypto, this can actually work. If you know the algorithm and the seed is only 32 bit, you can easily brute force it.

There’s a great answer here that describes a rolling code attack and above it, an answer describing that they have slack regarding where they are in the code sequence.

https://crypto.stackexchange.com/a/47440