great !

@@justanengineer5599 Hello. I have a small question. I have now created my light timer module to turn ON/OFF my indoor lights when I'm away. I noticed that when the CC1101 is powered up, it permanently jams my car key & other electronic switches in the house. This is even when I am not sending messages. I fixed it by setting the gain with ELECHOUSE_cc1101.setPA(10), sending Playraw(), then ELECHOUSE_cc1101.setPA(-30). Does this make sense? Does the CC1101 transmit even when not sending messages? Thanks.

I am not a genius I am just an engineer. This is just an example how to use the knowledge in practice. Knowledge is power.

@@justanengineer5599 wow sir amazing work thank you so much for your reply I will show my friends all your vids as well

​@@justanengineer5599 - Some of my customers call me "Bill you're a magician!"... and I always say "I'm not a magician, just a technician". hehe

Great ! I made it simple and cheap so everyone could replicate this device on his own. When using ESP8266 modules the building cost decreases even further to 5 USD and you have 4KB of non-volatile Flash memory for signal recording storage. That amount is sufficient for most of RF attacks. Try to build couple of these devices and use chat function

@@justanengineer5599 yeah im planning on trying to adapt it start 3 cameras on a track car with one button press. They all use radio remote controls. I ill have to look into how this could work. Thanks for sharing all your hard work

great. which board did u use ?

@@justanengineer5599 ESP32. The api to open the garage trough the esp is working and I’ve managed to add it to home assist. Last goal would be to have it in HomeKit.

Well I leave it to others... But I can give you a hint... If you would attach the device to the PC over serial port and use Python to collect the radio transmissions you might be able to play with decoding : github.com/robert-mcdermott/rolling-code-auth

​@@justanengineer5599 - Honestly I was thinking about the same, you would need a large enough number of samples with a hopefully small enough key size to be able to reverse the algo. If they are using anything over a 128 bits encryption, it would take too many years to decode.

​@@justanengineer5599 - With larger keys, you're probably better off attacking the Code Validation Tolerance instead, by trying to extend the validation window indefinitely till you hit the right code. ;)

super! I plan to introduce wifi communication for esp32 and esp8266 versions but it will take some time...

@@justanengineer5599 Looking forward to it!😀

check out my WIFI version for ESP8266 based boards. You will not need bluetooth adapter anymore.. You need a WIFI access point to which ESP8266 will connect to , also you need to populate settings in the source code : WIFI SSID, WIFI password, IP address of ESP8266 board and IP address of WIFI router (default gateway) : IPAddress ip(192, 168, 1, 200); // Local Static IP address that you will telnet to IPAddress gateway(192, 168, 1, 254); // Gateway IP address of your WIFI router IPAddress subnet(255, 255, 255, 0); // Subnet Mask const char ssid[] = "your-WIFI-SSID-here"; // Change to your Router SSID const char password[] = "your-WIFI-PASSWORD-here"; // Change to your Router Password the source code is here raw.githubusercontent.com/mcore1976/cc1101-tool/main/cc1101-tool-esp8266-wifi.ino Also ESP8266 as a WIFI ACCESS POINT version is here raw.githubusercontent.com/mcore1976/cc1101-tool/main/cc1101-tool-esp8266-wifi-ap.ino

i think Universal Radio Hacker has an option to decode FSK but you need to switch it on manually

Thank you for the reply! I’ll check. I’ll also use your device :)

yes. dip switches based doors can be easily cloned

yes. the main requirement is to use 3.3V TTL logic in arduino. If this is met then it should work For GDOx pins you may use any of free available pins, you just need to set pin number in the code accordingly

@@justanengineer5599OK Thanks! I have some pro mini boards in stock. I am waiting for the cc1101 board and the SDR key to continue my project. Meanwhile, if you please, I have 2 more questions after studying this tutorial in detail: 1. The .373usec bit duration that you calculated is configured where in the cc1101 tool? 2. What is the purpose of adding those hex zero letters after the 6-letter preamble and the 50-letter data stream (Nbletters)? For me, the number of zeros (Nbzeros) seems to be calculated by Nbsmpls2 (value displayed after "pause:") and "Nbsmpls1 selected" using the formula Nbzeros=(Nbsmpls2/Nbsmps1)*Nbletters. Can you confirm? Thank you!

Ad.1. this microsecond symbol length is used in the commands playraw XXX recraw XXX rxraw XXX Ad.2. I have added leading zeros to warm up the transmitter. In fact zeros in ASK/OOK type of modulation mean no signal is sent

@@justanengineer5599Thank you!

you may want also to try with 2.4GHz CC2500 modules. According to this info it may work with my code aswell e2e.ti.com/support/wireless-connectivity/other-wireless-group/other-wireless/f/other-wireless-technologies-forum/281641/compatibility-between-cc1100-and-cc2500

it will do one big line, at least for showraw

komendy nieznane pojawia sie wtedy gdy zle rozpozna komende np. brak parametrow albo złe parametry lub tez jakis znak nie dojdzie co wskazuje na problem z portem OTG w telefonie. Jeśli chodzi o Recraw i inne z raw w nazwie to dobranie interwału czasowego dobrze można zrobić jedynie za pomocą Universal Radio Hacker co też pokazuję na filmie. Jeśli zrywa ci połączenie to na 100 procent wina portu OTG w twoim telefonie albo brak styku w gniazdku portu lub kabelku. Upewnij się też że prędkość portu szeregowego masz ustawioną na 115200 Sprobuj uzyc innego telefonu/kabelka/pc bo cos tam nie kontaktuje. Jak masz dobry sprzet to działa zawsze bezbłednie. Na aliexpress można kupic za dolara gotowe kabelki micro usb do usbc

zrobilem wersje na plytki esp8266 w ktorej łączysz sie po wifi zamiast kabelkiem. W kodzie przed wgraniem do płytki trzeba podać SSID rutera oraz hasło do WIFI i adres jaki ma ruter (default gateway) jak tez adres IP jaki ma miec esp8266. Następnie łączysz się przez telnet np. aplikacją Connectbot do tego wifi na wpisany adres esp8266 i śmiga git. raw.githubusercontent.com/mcore1976/cc1101-tool/main/cc1101-tool-esp8266-wifi.ino

Mam nadzieję, że urządzenie się sprawdza w terenie. Jak znajde troche czasu to dorobię dodatkową wersję z wifi. Niestety jest konieczne przerobienie całego kodu od podstaw EDIT wersja wifi dla ESP8266 gotowa raw.githubusercontent.com/mcore1976/cc1101-tool/main/cc1101-tool-esp8266-wifi.ino

it will not work. it has serial port

use recraw XXXX where xxxxx is a microseconds (did you read the help?). if you use this command without the number the esp8266 will restart itself

@@justanengineer5599 hey I did it worked very well

@@justanengineer5599 I am using esp8266 as wifi access point thanks for the code

well its hard to tell without seeing the signal. Is it some old type od radio keyfob or newer one? The most frequently the use ASK type of modulation. Also try to switch off Auto Gain in RTLSDR in URH

@@justanengineer5599 It’s an older one so I assumed it would have been property easy to decide. I’ll try your tip, hope it will help. I’ve tried playing with the gain a bit but no luck so far. If you want I can send you the recorded signal file

@@justanengineer5599 I cannot seem to find auto-gain in URH, any idea where the setting is?

www.oldergeeks.com/downloads/files/userguide.pdf its named "default gain" field when selecting your RTLSDR hardware as a source and choosing the frequency. Experiment with this value

which teensy board? you need to have something that is supported with SmartRC library

@@justanengineer5599 Teensy is compatible with Arduino IDE so no problem.

SmartRC library that I am using in this project only supports a subset of boards not all of them. So there is only a chance that it could work, nothing certain

@@justanengineer5599 👍

you can connect over wifi. there is already source code prepared for this but for ESP8266

a bit 😀

@@justanengineer5599 I want to contact you but there is no way . so what do I have to do

Have you clicked my email data in my channels description ?

to zależy od bramy. Ta brama zamyka się automatycznie.

great that my tool worked for you.. I have no experience with ESPHome therefore I am unable to help you with this

@@justanengineer5599 I guess what I'm trying to do is figure out how to convert the hex I get to the rc switch format

i think here is the answer esphome.io/components/remote_transmitter.html#remote-transmitter-transmit-raw-action the rcswitch operates on symbol length. negative values means 0 is send for particular time , positive number means 1 is send for specified time you have to use remote_transmitter.transmit_raw

@@justanengineer5599hmmm 🤔 then I guess my next question is how do I convert the hex to the format transmit raw format esphome expects?

if you do showbit command in my cc1101 tool it will display the stream of bits. then you have to use calculator and count the number of microsecon for each zero and one symbols. then prepare negative values for zeros and positive values for ones separated by comma

nope

Mój sygnał z włącznika wygląda tak: 1e0c48 00 8f0624 00 8f0624 00 8f0624 00 8f0624 00 8f0624 00 8f0624 000000000000 Zera to oczywiście pauzy, niestety po odtworzeniu przez Twoje narzędzie i ponowne nagranie w URH sygnał wygląda tak: c48 00 8f0624 00 8f0624 00 8f0624 00 8f0624 00 8f0624 00 8f0624 00 | 0624 00 8f0624 00 ... itd Czyli wygląda na to, że już na początku gubi "1e0" i potem kolejna sekwencja też nie ma "8f0" . Wiesz co może być nie tak?

esp32 ma chodząca w tle obsługę wifi która robi przerwy w łapaniu/nadawaniu sygnału o których piszesz, to jest single core CPU. Dla esp8266 dorobiłem w odpowiednich miejscach funkcję yield() ale w przypadku esp32 to chyba tylko sam chiński projektant wie jak to działa mozesz dodac jakies zera 0000000 na poczatku w tej sekwencji to może nie zgubi następnego kawałka i pozwoli mu się "rozpędzić"

@@justanengineer5599 nie znam dobrze esp32 ale internety podają że to ma 2 rdzenie z czego pierwszy odpowiada za wifi a na drugim jest uruchamiany kod z Arduino, trochę to dziwne ale wcale się nie dziwię że są jakieś kwiatki na tym wynalazku

tu masz stronę producenta - zależy to od wersji ESP32. Na przykład ESP32C3 jest single core... Innymi słowy obsługa WIFI i TCP wywłaszcza twój kod programu.. www.espressif.com/en/products/socs dopiero wersja ESP32S3 jest dual core www.espressif.com/en/products/socs/esp32-s3

@@justanengineer5599 no to się zgadza, mam wersję D0WDQ6 czyli dual core

no because uno has 5V ttl logicnot 3.3v required for cc1101

@@justanengineer5599 I just checked the LSatan SmartRC-CC1101 lib and he says "A logic level converter is recommended for arduino. It also works well without. Use at your own risk." I'm tempted to give it a shot, or do you think I can blow stuff up?

you have to ask Evilcrow developers to make their device working this way. I am neither developing evilcrow nor have knowledge about their hardware.

or what device can do that,like send 433~440 all these freq at same time

not possible with single CC1101 board. You would have to use many boards at the same time, each one tuned to different frequency

no. This is for CC1101 boards only

spy cameras are using local storage - micro sd cards - for storing videos. they are not sending anything over radio. The exception are wifi based cameras

na razie ze stałym. Ze zmiennym to by czasu nie wystarczylo w tym filmie i zaraz by samochody kradli na mieście więc wprost takich rzeczy nie wolno mi tu demonstrować - polityka YT... W tym filmie pokazuje jak używać mojego narzędzia a jak ktoś nie potrafi sobie wyobrazic co z tym można zrobić no to sorry ale za głupi jest aby w ogóle tego używać

@@justanengineer5599 ja z tych głupich 🙂

Czyli na auta też może to działać po odpowiedniej konfiguracji ?@@justanengineer5599

oczywiście. Ale trzeba mieć dwie sztuki - poczytaj sobie 1) github.com/jordib123/replay-jamming-attack 2) www.hackster.io/news/hacking-a-car-s-key-fob-with-a-rolljam-attack-7f863c10c8da

no

depends on the frequencies you want to work on. On the beginning build this device and try to play with it to see what can you achieve. HackRF can operate also over 1GHz which is not possible with C1101 so there is a lot more of components needed that it is so expensive

EVERYTHING is on my github. If you cannot find it I have doubts you that are able to build and operate this device... Looked there ? github.com/mcore1976/cc1101-tool/blob/main/wemos-d1-mini-cc1101-E07-M1101D.png

buy some shielded one in alloy housing also try to look for version with RTL8232 and R820T chips (not R820T2 !)

the blue one that's 10€ work fine if you don't want to pay 30€ for your first dongle

dont ask me. This project is using cc1101 board not the cc2500

@@justanengineer5599 can i use cc2500 to work with higher frequencies than 1GHZ, if not what cheap product do u recommend If I wanted to work with frequencies higher than 1GHZ.

yes cc2500 is for 2.4GHz

Is there a way to change its frequency. I want it to operate on 1.8GHz. Is that possible or is it fixed to 2.4GHz.

also thanks for answering these questions.

The application name is Serial USB Terminal by Kai Morich

thank you so much,where are you ?i need help!

I was on vacation. I have seen your showraw output. You just need to adjust your addraw commands to your output of universal radio hacker. Every wireless key is different therefore yours may not use aaaa hex numbers or any other preambles

@@justanengineer5599 OMG! It worked,at beginning i forgot set modulation and mhz on terminal!!Hope you enjoy the vacation!

@@justanengineer5599 thanks a lot!

great! this tool is powerful but there is always some effort needed to reverse engineer the keyfob

many people are using an old type of rf locks. And if you have two of such devices you can perform rolljam attack. Yes you arent as much secure as you think man...

Are you telling you need an sdr decide apart from the cc1101 you did for this to work?​@@justanengineer5599