-
Notifications
You must be signed in to change notification settings - Fork 53
Android Fragment RX TX
This tab is used to:
- capture data from your PandwaRF
- transmit data to your PandwaRF
- Frequency in Hz: the range is [300000000, 928000000] Hz
- RX Filter BW in KHz: Receiver Channel Filter Bandwidth: For best performance, the channel filter bandwidth should be selected so that the signal bandwidth occupies at most 80% of the channel filter bandwidth. If RX capture with Auto value gives incorrect results (lot of 0), it probably means that the Frequency value is not centered onto the signal you are trying to capture. Solution can be to adjust the Frequency or to increase the RX Filter BW (but doing so may capture also some side signals). The range is [54-750 KHz].
- Modulation: 2-FSK, GFSK, MSK, ASK, and OOK modulation formats are supported
- Data rate: do not go higher than 10000 Bits/s if you are doing data capture. Remember: it is always better to know the target device data rate. See Data Rate Measurement for more information.
- Repeat: 0 (no repetition)
-
Desired Payload: Indicate how many bytes you want to capture. This is only valid for RX. The capture duration will be : Desired Payload x Data rate seconds.
- If value is too low, captured sequence may not be complete.
- If value is too high, PandwaRF app will not stop the capture by itself and you will have to stop it manually.
The Desired Payload is only used to indicate to PandwaRF how many bytes to capture. When PandwaRF transmits data, it sends all data currently present in the Data section.
- Captured Payload: indicates the number of bytes already captured
-
Frame Length:
- In RX mode: you can specifiy the size of the packet that the CC1111 transceiver needs to capture before sending it to Android Application.
- In TX mode: This indicates how data present in the Data section will be split into smaller chunks and sent to CC1111 for RF transmission. Be aware that there will be some blank data between 2 split chunks.
- Link to button: pressing a button will copy a previously captured data into the PandwaRF internal memory associated to a button (1 to 4 slots). You can then use this data by pressing the physical button on the PandwaRF board (not convenient since you have to open the enclosure, or navigate to Bus Service Extended page (not very easy too since you have to enable GodMode). Todo: make this button usage easier.
- Post to API: you can send the captured data to your own server for processing. Cf. RX Data Post Rest API
- Save: save captured RX data to Android data storage
- Load: load RX data from Android data storage
- Delete all: erases previously saved RX data from internal storage. Be careful if you want to keep some data...
- Sniff: send capture data order to the PandwaRF dongle, using setup parameters
- Xmit: transmit whatever data is shown below this button, using setup parameters
- Clear: erase RX/TX data buffer (Android side)
- Display: uncheck if you are not interested in viewing the captured data. The most useless parameter of this app.
It is important to remember that every RF data you request PandwaRF to capture will then travel to the phone using a Bluetooth Smart (BLE) connection. This connection is relatively slow and depends on what smartphone you have (see Measuring the throughput of the BLE link between your Android phone and PandwaRF).
So it is important to capture data at a correct rate. A correct rate means:
- not too high as it would be a waste of bandwitdh and might overload the BLE link
- not too low as it could cause the captured data to be wrong (missing bits due to under-sampling)
To measure the data rate of the RF device you want to sniff, check Rx Data Rate Measurement.
- Always try to know the center frequency onto which the keyfob is transmitting (!).
- Setting the correct frequency has an impact on RX data (of course). The less you know the exact frequency, the more you need to increase the RX channel filter bandwidth to get a chance to capture the keyfob signal. But you also get more RF noise...
- For example 433 MHz is not enough information, you need to know if it is 433.42 MHz, 433.92 MHz, etc...
- If you don't know exactly the frequency, you will need to fine tune the RX channel filter bandwidth and increase it step by step until you receive correct data. Data is assumed correct when it is not all zeros.
- As a general rule, 80% of the signal to capture shall be within Frequency +/- RX channel filter bandwidth. Quoting the CC1111 specification: "For best performance, the channel filter bandwidth should be selected so that the signal bandwidth occupies at most 80% of the channel filter bandwidth."
If you think it is around 433.x, but don't know really, I suggest try 433.92 with a RX filter bandwidth set to 150KHz.
Note: You can measure the exact frequency by using the PandwaRF Spectrum analyzer. But it is as precise as a RTL-SDR, but it should do the trick.
You also need to know what is the modulation. Keyfobs are mostly OOK, but we have also seen PSK or 2-FSK.
- Measure the keyfob data rate by pressing the data rate "Measure" button. Press keyfob button to force transmission until data rate stops changing.
- Increase desired payload to 250 bytes to be sure to receive enough data. You can always reduce it later if you see your keyfob transmits less than 250 bytes.
Press Sniff button and wait until PandwaRF is ready (status is "Receiving") Force transmission by pressing the keyfob button
The data captured should look like some random data.
- If there is no data captured, it means that the frequency is not correct at all.
- If you get all zero, it means that frequency is almost correct, or RX filter bandwidth is too small. In both cases, try again with another frequency/RX filter bandwidth as described previously.
Note: You need to be out of range of the keyfob receiver (aka car), as you don't want the code to be sent by the keyfob to be captured and used/invalidated by the car. Otherwise it will no more be valid when replayed by the PandwaRF.
Questions or need help? Get in touch or open an Issue!
Project Information
- PandwaRF Home
- General Overview
- Technical Overview
- Possible Applications
- Development Status
- Requirements
PandwaRF Android Application (Normal Mode)
- Quick Start
- Navigation
- Navigation on Tablet
- Android Permissions
- Activity states
- Kaiju account connection
- Kaiju delete account
- Scan
- Bus Service
- Rx/Tx
- Kaiju Analysis
- Rolling code analysis & generation
- Rx Data Rate Measurement
- Spectrum Analyzer
- RF Power Amplifiers
- RF Brute Force
- RF Brute Force Tutorial
- RF Brute Force Session Import Tutorial
- RF Brute Force De Bruijn
- Protocols
- Jamming
- JavaScript
- FW Update
- Dev Mode
- USB Connection
- Pairing/Bonding
- Keeloq Secure Decrypt
- Get PandwaRF Gov App
PandwaRF Android Application (Dev Mode)
- BLE Perf measurement
- CC1111 RF registers direct access
- BLE Errors
- Bus Service Extended
- BLE Parameters
Marauder Android Application
iOS Application
Linux
Hardware
- Architecture
- Power Management
- Buttons
- LEDs Indication States
- Schematics
- Programming
- Battery
- Antennas
- PandwaRF Bare Settings
- FW releases Nordic
- FW releases CC1111
For developers
- Scripting with JavaScript
- JavaScript Functions Mapping
- Scripting with Python
- BLE Services & Characteristics
- CC1111 RfCat Commands
- PandwaRF Android SDK
- PandwaRF Android API
- RX Data Post Rest API
- Software and available applications
Support
- User Guides
- FAQ
- Tested Devices
- Known Issues
- BLE connection issues
- How to clear secure pairing
- How to report an issue
- PandwaRF test procedure
- Recovery mode
- PandwaRF Device Bounty
- Product return information
- Discord Server
- Forum (legacy)
- Chat (legacy)
- Privacy Policy
- Terms & Conditions
Gimme moar!