Skip to content

Android Fragment RF Brute Force De Bruijn

Jump to bottom
Djamil Elaidi edited this page Oct 29, 2021 · 4 revisions

The De Bruijn sequence is an algorithm used to efficiently produce every possible code in as few bits as possible. It is very effective against old receivers that contain shift registers. Using the De Bruijn mathematical algorithm, PandwaRF Rogue Gov is able to brute force a 12 bit code in 1.2 s instead of a normal brute forced duration of 8mn. Besides classical RF parameters such as frequency, data rate and modulation, the only parameter needed is the length of the codeword to Brute force. Old receivers usually use from 8 bit to 12 bit codewords.

PandwaRF_Android_Brute_Force_DeBruijn_Bits_encoding

Note on De Bruijn attack: this attack only works on some old receivers.

Symbol encoding

The De Bruijn Brute Force can also be made using Symbols Encoding. While normal De Bruijn brute force is made using binary symbols, using Symbol Encoding allows the translation of symbols onto a byte instead of a bit.

Bit encoding (normal De Bruijn)

  • symbol 0 => bit ‘0’
  • symbol 1 => bit ‘1’

Symbol encoding

  • symbol 0 => bit ‘0x88’
  • symbol 1 => bit ‘0x8E’

PandwaRF_Android_Brute_Force_DeBruijn_Symbols_encoding

Of course in the example above, encoding onto bytes ‘88’ and ‘8E’ is arbitrary and can be changed by user.

For more information about the De Bruijn attack and vulnerable devices, refer to http://samy.pl/opensesame/

Questions or need help? Get in touch or open an Issue!

Project Information

PandwaRF Android Application (Normal Mode)

PandwaRF Android Application (Dev Mode)

Marauder Android Application

iOS Application

Linux

Hardware

For developers

Support

Gimme moar!

Clone this wiki locally