-
Notifications
You must be signed in to change notification settings - Fork 53
Linux RfCat For PandwaRF
Djamil Elaidi edited this page Nov 23, 2021
·
7 revisions
PandwaRF is compatible with the amazing RfCat.
But we have forked some time ago, and added new features, such as UART support, specific messages with bandwitdh optimization, power management, etc...
Modified RfCat Python script for PandwaRF can be found here: https://github.com/ComThings/PandwaRF/tree/master/SW/rfcat
Function | Usage | Parameter | Target |
---|---|---|---|
getFwVersion | requests the CC1111 FW version | ||
setPmSleep | sets the CC1111 into specified sleep mode (0 to 3) | ||
sendDataRateDetectionStart | requests the CC1111 to perform a data rate measurement | occurence_threshold: number of occurence needed for a duration to be elected as the winner | |
sendDataRateDetectionStop | requests the CC1111 to stop data rate measurement | ||
recvDataRateReceive | extract a data rate measurement message | timeout | |
recvDataRateReceiveEnd | extract a data rate measurement end message | timeout | |
doDataRateDetect | starts the Data rate measurement procedure. Frequency needs to be setup first. | occurence_threshold: number of occurence needed for a duration to be elected as the winner | |
setAmpMode | set the amplifier mode (RF amp external to CC1111) | ||
getAmpMode | get the amplifier mode (RF amp external to CC1111) | ||
sendJammingStart | requests the CC1111 to perform a RF jamming | freqStart, freqStop, dataRate, modulation | Rogue Pro |
sendJammingStop | requests the CC1111 to stop RF jamming | Rogue Pro | |
doJamming | starts RF jamming | freqStart, freqStop, dataRate, modulation | Rogue Pro |
sendBruteForceStart | requests the CC1111 to perform a RF Brute force attack,Legacy Brute force for public version.,Deprecated in favor of CMD_RF_BRUTE_FORCE_SETUP_ATTACK (+ CMD_RF_BRUTE_FORCE_SETUP_FUNCTION) + CMD_RF_BRUTE_FORCE_START_SYNC_CODE_TAIL.,Includes Setup + Start in the same message. | freq, dataRate, modulation, codeLength, startValue, stopValue, repeat, littleEndian, delayMs, encSymbolZero, encSymbolOne, encSymbolTwo, encSymbolThree, syncWord | |
sendBruteForceSetup | Brute Force setup. Must be the first message of the BF because it resets CC1111. | freq, dataRate, modulation, delayMs, encSymbolZero, encSymbolOne, encSymbolTwo, encSymbolThree | |
sendBruteForceSetupFunction | Brute Force setup of the Function Mask and Value. | maskWord, valueWord | |
sendBruteForceStartSyncCodeTail | Starts a brute force after setup has been done. Warning: codeLength is max 32bits. | codeLength, startValue, stopValue, repeat, littleEndian, syncWord, tailWord | Rogue Pro |
sendBruteForceStop | requests the CC1111 to stop RF Brute force attack | ||
recvBruteForeStatusUpdate | extract a Brute force status update message | ||
doBruteForce | starts the brute force procedure | freq, dataRate, modulation, codeLength, startValue, stopValue, repeat, littleEndian, delayMs, encSymbolZero, encSymbolOne, encSymbolTwo, encSymbolThree, syncWord, maskWord, valueWord |
More details about these new functions can be found in https://github.com/ComThings/PandwaRF/blob/master/SW/rfcat/rflib/cc1111gollum.py
Questions or need help? Get in touch or open an Issue!
Project Information
- PandwaRF Home
- General Overview
- Technical Overview
- Possible Applications
- Development Status
- Requirements
PandwaRF Android Application (Normal Mode)
- Quick Start
- Navigation
- Navigation on Tablet
- Android Permissions
- Activity states
- Kaiju account connection
- Kaiju delete account
- Scan
- Bus Service
- Rx/Tx
- Kaiju Analysis
- Rolling code analysis & generation
- Rx Data Rate Measurement
- Spectrum Analyzer
- RF Power Amplifiers
- RF Brute Force
- RF Brute Force Tutorial
- RF Brute Force Session Import Tutorial
- RF Brute Force De Bruijn
- Protocols
- Jamming
- JavaScript
- FW Update
- Dev Mode
- USB Connection
- Pairing/Bonding
- Keeloq Secure Decrypt
- Get PandwaRF Gov App
PandwaRF Android Application (Dev Mode)
- BLE Perf measurement
- CC1111 RF registers direct access
- BLE Errors
- Bus Service Extended
- BLE Parameters
Marauder Android Application
iOS Application
Linux
Hardware
- Architecture
- Power Management
- Buttons
- LEDs Indication States
- Schematics
- Programming
- Battery
- Antennas
- PandwaRF Bare Settings
- FW releases Nordic
- FW releases CC1111
For developers
- Scripting with JavaScript
- JavaScript Functions Mapping
- Scripting with Python
- BLE Services & Characteristics
- CC1111 RfCat Commands
- PandwaRF Android SDK
- PandwaRF Android API
- RX Data Post Rest API
- Software and available applications
Support
- User Guides
- FAQ
- Tested Devices
- Known Issues
- BLE connection issues
- How to clear secure pairing
- How to report an issue
- PandwaRF test procedure
- Recovery mode
- PandwaRF Device Bounty
- Product return information
- Discord Server
- Forum (legacy)
- Chat (legacy)
- Privacy Policy
- Terms & Conditions
Gimme moar!