Rf replay not working m5stick cplus 2 #608
Comments
|
It was fixed in this commit e92a3ab please test it with the last beta |
|
Tried with latest beta in the website. I've tried with my garage door and now reply works but not working when I go to "main menu > rf > custom subhhz > select file", it appears "sending" but nothing happens I'm using CC1101. Spectrum and jammer works fine |
|
Ok, I'll keep looking into the Raw signal detection/saving.. it'll take some time tho |
|
As you have a HackRF, can you check one thing for me? I believe the signal is being saved "inverted"... Like high times and Low times swapped... If this is the problem, I might need to add one dummy time at the beginning to invert it.. If you can send a snapshot of both original signal and replayed signal, where we can see the first 10 square waves, maybe it can help me debugging this issue |
|
I don't know if it has anything to do with it, but checking the .sub file, it is missing ":" after the version, so no .sub file processor accepts it. |
|
It is not the problem.. this version section is nothing but a comment |
Let me help you with that since I was analyzing simmilar yesterday with URH. What i noticed is that binary values of bruce sub compared with EvilC didnt match at all. But I didnt thought about signal being inverted and didnt look into that. Will also check this later today since I am going out now. Anyway let me at least share files with you since it might help. Below are recordings of remote door unlock signal data transferred via 433.92MHz. Recordings are with EvilCrowRFv2 (which can also be successfully replicated) and recording of same data (same button on remote) )with Bruce where sending data is not working correctly. Description of each shared file:
Edit: Forgot to mention that Bruce recording and sending was done with LilyGo Tembed cc1101 modul flashed with latest beta firmware. ffa4c1f Hope it helps! |
|
Today I could successfully open my gate with the RAW data collected with Cardputer and T-Embed CC1101 with this last version available on Beta @rustysun9 if you could do the testing please |
Wich version? Because this afternoon I updated last beta and I just received dozens of fake raw signals in m5stick cplus2 I thought may be there was some noise in the air, but I checked with flipper zero also and nothing. Also I installed latest stable and no noise (but not working for sure) |
|
I've installed latest beta and device is not booting, I've had to install again latest stable |
@bmorcelli Great. I will test it today and let you know. |
|
I just tested with the latest beta my 433mhz car remote, it captures the raw signal but the replay doesn't work. I also tried saving more signals but no luck :( |
You mean your Cars Keyfob? Please dont try this. You can cause issues and lock yourself out of the vehicle. Its also not likely to work. |
@bmorcelli; sadly, testing was not successfull yet. I have tested opening and locking doors with two different Tembed devices (one with external antenna and second with stock HW). Both running 63a1be3 commit. |
|
@rouing Flipper Zero works the replay without causing damage. Isn't this possible with bruce? Meaning I can't carry out RF tests on my car? |
You can cause your keyfob to get out of sync with the car. Then you will be locked out. |
|
@rouing I didn't understand the answer and for that I apologize. can you explain me better? Raw signal replay should work and cause no damage... |
|
https://tcm-sec.com/intro-to-car-hacking-replay-attacks/ "Some of these attacks may put a key fob and car out of sync, causing the key fob to no longer work until the car and fob are reprogrammed." Everything you need to know is in that article. |
|
Bruce should still be working yes though, were having issues apparently. |
|
What devices are you using? I've tried again to flash via the website latest beta in m5stic cplus 2 and not booting, it just turn on green led when press power on… but not booting Then I go back to stable 1.8 and boots perfectly |
|
@rouing Ok now at least we know not to even try. Hopefully this will be different for Bruce in the future, even if it means risking my devices I should be able to do it. Thanks for the reply! |
|
It may be worth having separate menu entries for raw and decoded signals replay. I've found sometimes the RcSwitch library skips a part of the signal for some reason. For instance, this is the output of the initial row ( |
This is the preamble part that usually is prepared by the The raw reading is reading the timings completely... You can activate RAW Only if you have DevMode activated and try to catch and replay it.. I tested like this:
|
|
@bmorcelli Above it says that we cannot do the raw replay of the car remote control (now it doesn't work anyway) because we could damage and remain locked out. Is it normal for it to be problematic? Or is it just about Bruce? Flipper zero does not cause this damage and it works. |
|
Depending on the system, if it has rolling code, there's a small risk of desynchronization of the key fob and the car.. Mostly RAW reading is a Bruce problem, that we need to figure out a way to do read and replay successfully.. Flipper Zero has tons of people developing for it, and a lot of resources (money, people amd hardware) to play with...and bruce, it the other hand, has only myself trying to make this raw reading work by messing with the RCSwitch library, with no money, no Flipper and no hackRf and low time 😔 |
|
@bmorcelli The thing that people started to compare Bruce to Flipper Zero is only confirmation that firmware which you are developing (mostly on your own) is coming to a phase where in the near future it could really be best alternative to FZ. Meaning that you are doing great job. |
|
@bmorcelli I've tested just now to flash latest beta from the web flasher, tested to capture my garage door, saving and then opening and it works! In the latests betas I received lot of noise when capturing and it didn't work, now without noise and working! @rustysun9 , @eadmaster , @hunt3rbb666NotFound & @MayLaOwn can you try also to doublecheck that works also for you? |
|
@thanatos84 awesome 😎 |
|
@thanatos84 Great. I will try with the latest beta tomorrow. |
Describe the bug:
RF replay not working on m5stick C plus 2
Steps To Reproduce:
Select all ranges, intercept signal and reply. Neither works if I save it and then I try to replay it
The text was updated successfully, but these errors were encountered: