Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    iphonefd
    @iphonefd
    hi people
    askumar101
    @askumar101
    One day u can release the feature stated on website that has been ongoing now for years; rolling codes ffs....instead of more expensive variants.
    Djamil Elaidi
    @trollwookiee
    yes I hope too. Still working on it.
    askumar101
    @askumar101
    Its good to know you're hopeful, as it means there's hope.....so thx.
    zwt2135
    @zwt2135
    I have a rouge pro and I can not seem to get the De Bruijn attack to work. I know my garage is effected by this attack as I can see the dip switches and I can also capture and replay an attack with my hackrf one. However I can not capture and replay with the pandwarf rouge pro and I can not brute force with De Bruijn. I have even tried to measure the data rate and set this but it says it is different every time. Any idea what is going on?
    Djamil Elaidi
    @trollwookiee
    @zwt2135 what is App version, Nordic FW version and CC1111 FW version please ?
    TadasSu
    @TadasSu
    De Bruijn never worked for me too. How it is possible to send WHOLE
    Debruijn sequence in 3 seconds
    ?
    While python debruijn script sends sequence in tens of seconds if no more
    Djamil Elaidi
    @trollwookiee
    @TadasSu DeBruijn is fast
    De Bruijn Sequence length: k^n = 2^13 = 8192
    with the wrap: k^n + (n-1) = 2^13 + 12 = 8204 bits to send
    At PandwaRF default Data rate (3200 bits/s), 1 bits is sent in 1/3200 s = 312.5 ns
    So to send 8204 bits, duration is 8204 * 312.5 ns = 2.56s
    @TadasSu check the above logic and tell me where I am wrong
    Please note that DeBruijn only work with receivers that are built with shift registers
    TadasSu
    @TadasSu
    Ok. One day I will capture DeBruijn Sequence with URH and send to you. Pandwarf opens the garage successfully with python script but do not open with the app with same settings.
    zwt2135
    @zwt2135

    @trollwookiee App version is 1.5.6 pub release Nordic FW version is 0.11.5 and CC1111 FW version is 1.1.7

    How common is it to find garage doors with shift registers? I was under the impression that all or most garages utilizing dip switches were vulnerable to debruijn. Either way doesn't make sense why my pandwarf rouge cant do a replay attack so something must be going on. Thanks for the help guys.

    zwt2135
    @zwt2135
    @trollwookiee I have also tested measuring the baud rate with a known garage controller. I continue to get different baud rates each time. This seems odd to me and could be the source of the problem as it seems I can not get a consistent and accurate baud rate during these tests. Any idea how to fix this?
    zwt2135
    @zwt2135
    @TadasSu have you ever gotten the python de bruijn to work? I can't seem to find a garage that is susceptible to this.
    TadasSu
    @TadasSu
    @zwt2135 yes. I generate de bruijn sequence with python and send it with rfcat. It works for me.
    zwt2135
    @zwt2135
    @TadasSu do you have any suggestions of specific models that are susceptible to de bruijn? Would like to get a garage controller that is confirmed to be vulnerable to run some tests.
    TadasSu
    @TadasSu
    @zwt2135 I cant. I know that this is very old garage controller, but do not know model name.
    pwncc
    @pwncc
    Hey boys, anyone have the pandwarf APK without the 300mhz min limit? For testing purposes
    Djamil Elaidi
    @trollwookiee
    @pwncc the 300MHz limit is also enforced in the FW, so it will be difficult to bypass only with the app. What frequency did you expect?
    pwncc
    @pwncc
    I would like somewhere 100-300mhz as well for VHF purposes.
    Any possible way to do this?
    @trollwookiee
    Djamil Elaidi
    @trollwookiee
    ok, enter a ticket in github and we will see what we can do
    Cufaru81
    @Cufaru81
    Hello, if I jam let's say the 433 frequency and press a remote control button will the pandwarf be able to isolate, demodulate and store that specifical signal, ignoring the jamming frequency? I want to buy a pandwarf and want to know if it can do that. Thank you
    leowahid
    @leowahid
    Hello, I bought the rogue pro and I want to know if it can be updated to Rigue Gov, since the apk is different, it incorporates new functions. Thanks and greetings to all
    askumar101
    @askumar101
    @Cufaru81 Not for 💩 can it do that....if ur jamming 433 the noise is all u get....
    @leowahid LOL im guessing no, due to the fact there's a price difference of a few thousand euro's between the two models...
    Cufaru81
    @Cufaru81
    @askumar101 well seems like hackrf will be the choice since it can do that and it's cheaper than rogue pro. Thank you for your answer
    Djamil Elaidi
    @trollwookiee
    @Cufaru81 no PandwaRF cannot do that and I am curious to see the hackrf doing that(or any other sdr). The jamming is made to render any demodulation inefficient.
    @leowahid there is no update possible between PandwaRF and Rogue, or between different Rogue variants
    Cufaru81
    @Cufaru81
    @trollwookiee there is a vid on youtube with hackrf and a yardstick one as a jammer, I'm sure you can find it
    Cufaru81
    @Cufaru81
    @trollwookiee and here is the link in case you couldn't find it https://youtu.be/ZMQrEv_fMh8
    askumar101
    @askumar101
    @Cufaru81 cheapest way iv seen is using 2 yard sticks like here https://youtu.be/sqLYpxzEQCw
    Djamil Elaidi
    @trollwookiee
    @Cufaru81 the video you sent is a Rolljam attack. The YS1 is used to jam at 434.3MHz, while the HackRF is capturing data at 434MHz. So the HackRf has no need to retrieve correct data from noise since the 2 frequencies are different.
    And 2 PandwaRF can also do that (jamming at frequency X while receiving at frequency Y)
    Djamil Elaidi
    @trollwookiee
    @/all Marauder application is now available in beta
    TadasSu
    @TadasSu
    @trollwookiee Marauder app beta only for those who is using pandwarf marauder?
    Djamil Elaidi
    @trollwookiee
    @TadasSu Marauder app is available publicly, but app will require a Marauder to connect...
    Djamil Elaidi
    @trollwookiee
    @/all A regression in last CC1111 FW (1.1.9/1.1.10) has been spotted. It prevents TX and Brute force. It shall be fixed soon. Sorry for delay.
    Djamil Elaidi
    @trollwookiee
    @/all TX issue issue fixed in CC1111 FW v1.1.11 available to download if you have Android app 1.6.1 and Nordic FW 0.11.7
    askumar101
    @askumar101
    And could you pls remind us the cost of th3 Marauder?
    TadasSu
    @TadasSu
    @trollwookiee app shows server not running. Cannot update fw
    @trollwookiee and what about rolling codes?
    Djamil Elaidi
    @trollwookiee
    @/all For those who experience server issue, I would appreciate that you send us a debug trace (from help menu) after you have experienced this "Server not running" issue
    TadasSu
    @TadasSu
    @trollwookiee I have sent you debug trace
    Djamil Elaidi
    @trollwookiee
    @TadasSu thanks