Android Fragment RF Brute Force
PandwaRF has an integrated brute force feature. It can send many RF codes consecutively, and supports multiple types of encoding. Brute force mechanism runs entirely on the PandwaRF board, not on the smartphone, making it faster than a normal data transmission from smartphone (RX/TX page) or a JavaScript.
- Target Frequency in Hz: the range is [300000000, 928000000] Hz
- Target Data rate: you can go as high as 100000 Bits/s
- Target Modulation: 2-FSK, GFSK, MSK, ASK, and OOK modulation formats are supported
- Target code length: this is the key size that PandwaRF will attack. As the code length increases, the amount of time to find the correct code increases exponentially.
- Target start & stop values: specify the range of possible code to try. Can be used if you want to restart a previous brute force to where you stopped previously.
- Encoding: this defines how a logical bit (0 or 1) shall be converted before transmission into physical bits. The code key space is always scanned based on logical data. Predefined encoders: PT2262/IDK/MDT10P55/DIO Custom encoder: you can choose you own values of 0/1 mapping, eg. how a logical bit will be converted for transmission. Syncro word: this is the data that needs to be sent before each code word.
Exemple: To brute force device based on a PT2262 encoder/decoder, select a code length of 12 bits. The logical data generated will range from 0 (0b0000000000000) to 4096 (0b1000000000000). Then the PT2262 encoder option will convert each logical 0b0 into a 0x88 and each logical 0b1 into 0xee. So what will really be transmitted over the air will be: 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0xee 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0xee 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0x88 0xee 0xee ... ... 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0x88 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0xee 0xee