Skip to content

Linux RfCat For PandwaRF

Djamil Elaidi edited this page Nov 23, 2021 · 7 revisions

PandwaRF is compatible with the amazing RfCat.

But we have forked some time ago, and added new features, such as UART support, specific messages with bandwitdh optimization, power management, etc...

Modified RfCat Python script for PandwaRF can be found here: https://github.com/ComThings/PandwaRF/tree/master/SW/rfcat

Custom RfCat commands for PandwaRF & PandwaRF Rogue Pro

Function Usage Parameter Target
getFwVersion requests the CC1111 FW version
setPmSleep sets the CC1111 into specified sleep mode (0 to 3)
sendDataRateDetectionStart requests the CC1111 to perform a data rate measurement occurence_threshold: number of occurence needed for a duration to be elected as the winner
sendDataRateDetectionStop requests the CC1111 to stop data rate measurement
recvDataRateReceive extract a data rate measurement message timeout
recvDataRateReceiveEnd extract a data rate measurement end message timeout
doDataRateDetect starts the Data rate measurement procedure. Frequency needs to be setup first. occurence_threshold: number of occurence needed for a duration to be elected as the winner
setAmpMode set the amplifier mode (RF amp external to CC1111)
getAmpMode get the amplifier mode (RF amp external to CC1111)
sendJammingStart requests the CC1111 to perform a RF jamming freqStart, freqStop, dataRate, modulation Rogue Pro
sendJammingStop requests the CC1111 to stop RF jamming Rogue Pro
doJamming starts RF jamming freqStart, freqStop, dataRate, modulation Rogue Pro
sendBruteForceStart requests the CC1111 to perform a RF Brute force attack,Legacy Brute force for public version.,Deprecated in favor of CMD_RF_BRUTE_FORCE_SETUP_ATTACK (+ CMD_RF_BRUTE_FORCE_SETUP_FUNCTION) + CMD_RF_BRUTE_FORCE_START_SYNC_CODE_TAIL.,Includes Setup + Start in the same message. freq, dataRate, modulation, codeLength, startValue, stopValue, repeat, littleEndian, delayMs, encSymbolZero, encSymbolOne, encSymbolTwo, encSymbolThree, syncWord
sendBruteForceSetup Brute Force setup. Must be the first message of the BF because it resets CC1111. freq, dataRate, modulation, delayMs, encSymbolZero, encSymbolOne, encSymbolTwo, encSymbolThree
sendBruteForceSetupFunction Brute Force setup of the Function Mask and Value. maskWord, valueWord
sendBruteForceStartSyncCodeTail Starts a brute force after setup has been done. Warning: codeLength is max 32bits. codeLength, startValue, stopValue, repeat, littleEndian, syncWord, tailWord Rogue Pro
sendBruteForceStop requests the CC1111 to stop RF Brute force attack
recvBruteForeStatusUpdate extract a Brute force status update message
doBruteForce starts the brute force procedure freq, dataRate, modulation, codeLength, startValue, stopValue, repeat, littleEndian, delayMs, encSymbolZero, encSymbolOne, encSymbolTwo, encSymbolThree, syncWord, maskWord, valueWord

More details about these new functions can be found in https://github.com/ComThings/PandwaRF/blob/master/SW/rfcat/rflib/cc1111gollum.py

Project Information

PandwaRF Android Application (Normal Mode)

PandwaRF Android Application (Dev Mode)

Marauder Android Application

iOS Application

Linux

Hardware

For developers

Support

Gimme moar!

Clone this wiki locally