Skip to content

Commit

Permalink
feat: Update Sub-GHz BruteForcer version to 3.C
Browse files Browse the repository at this point in the history
  • Loading branch information
derskythe committed May 10, 2024
1 parent 6c5f37e commit 7c5b548
Show file tree
Hide file tree
Showing 14 changed files with 63 additions and 73 deletions.
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
MIT License

Copyright (c) 2023 DerSkythe
Copyright (c) 2024 DerSkythe

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
17 changes: 9 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,13 @@ We do not condone illegal activity and strongly encourage keeping transmissions

## Installation

The application is included in the standard firmware package of [Unleashed Firmware](https://github.com/DarkFlippers/unleashed-firmware).
The application is included in the standard firmware package of [Unleashed Firmware](https://github.com/DarkFlippers/unleashed-firmware).
You just need to install the [latest firmware](https://github.com/DarkFlippers/unleashed-firmware/releases/latest).
<br />
You can also download the [release](https://github.com/derskythe/flipperzero-subbrute/releases/latest) and unzip/untar it to the `SD Card/apps/Sub-GHz` directory.
<br />
> [!WARNING]
>
>
> The application is not compatible with the official firmware version.
> Also, it has not been tested on other firmware versions other than [Unleashed Firmware](https://github.com/DarkFlippers/unleashed-firmware) and [OFW](https://github.com/flipperdevices/flipperzero-firmware).
Expand All @@ -30,11 +30,11 @@ You can also download the [release](https://github.com/derskythe/flipperzero-sub

![image](https://github.com/DarkFlippers/flipperzero-subbrute/assets/31771569/9f428d6e-59fd-4517-895d-fb185f8d884f)

Here you can select the protocol and frequency that will be used for bruteforce.
Here you can select the protocol and frequency that will be used for bruteforce.
According to our observations, `CAME 12bit 433MHz` is the most common protocol, so it is selected by default.
To identify other devices and protocols, you should inspect the device.
According to the protocol, when probe a key, each value is sent 3 times.
Most of the devices this works but there are devices that don't work and more repetitions are needed.
According to the protocol, when probe a key, each value is sent 3 times.
Most of the devices this works but there are devices that don't work and more repetitions are needed.
The number of repetitions can be increased with the right button, the left button decreases the value.
The negative side of increasing the number of repetitions will be a longer key find time.

Expand Down Expand Up @@ -88,6 +88,7 @@ The negative side of increasing the number of repetitions will be a longer key f

- Chamberlain 9bit 300MHz
- Chamberlain 9bit 315MHz
- Chamberlain 9bit 318MHz
- Chamberlain 9bit 390MHz
- Chamberlain 9bit 433MHz
- Chamberlain 8bit 300MHz
Expand All @@ -106,7 +107,7 @@ The negative side of increasing the number of repetitions will be a longer key f
### UNILARM

> [!NOTE]
>
>
> Only dip switch combinations, not full 25bit bruteforce
- UNILARM 25bit 330MHz (TE: 209μs)
Expand All @@ -115,7 +116,7 @@ The negative side of increasing the number of repetitions will be a longer key f
### SMC5326

> [!NOTE]
>
>
> Only dip switch combinations, not full 25bit bruteforce
- SMC5326 25bit 330MHz (TE: 320μs)
Expand All @@ -124,7 +125,7 @@ The negative side of increasing the number of repetitions will be a longer key f
### PT2260

> [!NOTE]
>
>
> Only for 8 dip switch remote, not full 24bit bruteforce
- PT2260 24bit 315MHz (TE: 286μs)
Expand Down
1 change: 1 addition & 0 deletions helpers/subbrute_radio_device_loader.c
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ bool subbrute_radio_device_loader_is_connect_external(const char* name) {
if(!is_otg_enabled) {
subbrute_radio_device_loader_power_off();
}

return is_connect;
}

Expand Down
36 changes: 6 additions & 30 deletions helpers/subbrute_worker.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ bool subbrute_worker_set_step(SubBruteWorker* instance, uint64_t step) {
furi_assert(instance);
if(!subbrute_worker_can_manual_transmit(instance)) {
FURI_LOG_W(TAG, "Cannot set step during running mode");

return false;
}

Expand Down Expand Up @@ -205,6 +206,7 @@ void subbrute_worker_stop(SubBruteWorker* instance) {
furi_assert(instance);

if(!instance->worker_running) {

return;
}

Expand Down Expand Up @@ -264,21 +266,14 @@ bool subbrute_worker_transmit_current_key(SubBruteWorker* instance, uint64_t ste
stream, instance->file, step, instance->bits, instance->te, instance->repeat);
}

// size_t written = stream_write_string(stream, payload);
// if(written <= 0) {
// FURI_LOG_W(TAG, "Error creating packet! EXIT");
// result = false;
// } else {
subbrute_worker_subghz_transmit(instance, flipper_format);

result = true;
#if FURI_DEBUG
FURI_LOG_D(TAG, "Manual transmit done");
#endif
// }

flipper_format_free(flipper_format);
// furi_string_free(payload);

return result;
}
Expand Down Expand Up @@ -366,11 +361,13 @@ int32_t subbrute_worker_thread(void* context) {

if(!instance->worker_running) {
FURI_LOG_W(TAG, "Worker is not set to running state!");

return -1;
}
if(instance->state != SubBruteWorkerStateReady &&
instance->state != SubBruteWorkerStateFinished) {
FURI_LOG_W(TAG, "Invalid state for running worker! State: %d", instance->state);

return -2;
}
#ifdef FURI_DEBUG
Expand Down Expand Up @@ -411,28 +408,18 @@ int32_t subbrute_worker_thread(void* context) {
//furi_delay_ms(SUBBRUTE_MANUAL_TRANSMIT_INTERVAL / 4);
#endif

// size_t written = stream_write_stream_write_string(stream, payload);
// if(written <= 0) {
// FURI_LOG_W(TAG, "Error creating packet! BREAK");
// instance->worker_running = false;
// local_state = SubBruteWorkerStateIDLE;
// furi_string_free(payload);
// break;
// }

subbrute_worker_subghz_transmit(instance, flipper_format);

if(instance->step + 1 > instance->max_value) {
#ifdef FURI_DEBUG
FURI_LOG_I(TAG, "Worker finished to end");
#endif
local_state = SubBruteWorkerStateFinished;
// furi_string_free(payload);

break;
}
instance->step++;

// furi_string_free(payload);
furi_delay_ms(instance->tx_timeout_ms);
}

Expand All @@ -446,6 +433,7 @@ int32_t subbrute_worker_thread(void* context) {
#ifdef FURI_DEBUG
FURI_LOG_I(TAG, "Worker stop");
#endif

return 0;
}

Expand Down Expand Up @@ -473,18 +461,6 @@ void subbrute_worker_set_te(SubBruteWorker* instance, uint32_t te) {
instance->te = te;
}

// void subbrute_worker_timeout_inc(SubBruteWorker* instance) {
// if(instance->tx_timeout_ms < 255) {
// instance->tx_timeout_ms++;
// }
// }

// void subbrute_worker_timeout_dec(SubBruteWorker* instance) {
// if(instance->tx_timeout_ms > 0) {
// instance->tx_timeout_ms--;
// }
// }

bool subbrute_worker_is_tx_allowed(SubBruteWorker* instance, uint32_t value) {
furi_assert(instance);
bool res = false;
Expand Down
1 change: 1 addition & 0 deletions scenes/subbrute_scene_load_file.c
Original file line number Diff line number Diff line change
Expand Up @@ -91,5 +91,6 @@ void subbrute_scene_load_file_on_exit(void* context) {
bool subbrute_scene_load_file_on_event(void* context, SceneManagerEvent event) {
UNUSED(context);
UNUSED(event);

return false;
}
1 change: 1 addition & 0 deletions scenes/subbrute_scene_save_name.c
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ bool subbrute_scene_save_name_on_event(void* context, SceneManagerEvent event) {
instance->scene_manager, SubBruteSceneSetupAttack);
}
}

return consumed;
}

Expand Down
1 change: 1 addition & 0 deletions scenes/subbrute_scene_save_success.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ bool subbrute_scene_save_success_on_event(void* context, SceneManagerEvent event
return true;
}
}

return false;
}

Expand Down
14 changes: 7 additions & 7 deletions scenes/subbrute_scene_setup_extra.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ static void setup_extra_td_callback(VariableItem* item) {
furi_assert(item);
SubBruteState* instance = variable_item_get_context(item);
furi_assert(instance);
char buf[6];
char buf[6] = {0};

const uint8_t index = variable_item_get_current_value_index(item);
uint8_t val = subbrute_worker_get_timeout(instance->worker);
Expand Down Expand Up @@ -76,7 +76,7 @@ static void setup_extra_rep_callback(VariableItem* item) {
furi_assert(item);
SubBruteState* instance = variable_item_get_context(item);
furi_assert(instance);
char buf[6];
char buf[6] = {0};

const uint8_t index = variable_item_get_current_value_index(item);
uint8_t val = subbrute_worker_get_repeats(instance->worker);
Expand Down Expand Up @@ -130,7 +130,7 @@ static void setup_extra_te_callback(VariableItem* item) {
furi_assert(item);
SubBruteState* instance = variable_item_get_context(item);
furi_assert(instance);
char buf[6];
char buf[6] = {0};

const uint8_t index = variable_item_get_current_value_index(item);
uint32_t val = subbrute_worker_get_te(instance->worker);
Expand Down Expand Up @@ -182,7 +182,7 @@ static void setup_extra_te_callback(VariableItem* item) {

static void subbrute_scene_setup_extra_init_var_list(SubBruteState* instance, bool on_extra) {
furi_assert(instance);
char str[6];
char str[6] = {0};
VariableItem* item;
static bool extra = false;
if(on_extra) {
Expand Down Expand Up @@ -254,7 +254,7 @@ static void subbrute_scene_setup_extra_init_var_list(SubBruteState* instance, bo

static void setup_extra_enter_callback(void* context, uint32_t index) {
furi_assert(context);
SubBruteState* instance = context;
SubBruteState* instance = (SubBruteState*)context;

if(index == SubBruteVarListIndexRepeatOrOnExtra) {
subbrute_scene_setup_extra_init_var_list(instance, true);
Expand All @@ -263,14 +263,14 @@ static void setup_extra_enter_callback(void* context, uint32_t index) {

void subbrute_scene_setup_extra_on_enter(void* context) {
furi_assert(context);
SubBruteState* instance = context;
SubBruteState* instance = (SubBruteState*)context;

subbrute_scene_setup_extra_init_var_list(instance, false);
}

void subbrute_scene_setup_extra_on_exit(void* context) {
furi_assert(context);
SubBruteState* instance = context;
SubBruteState* instance = (SubBruteState*)context;

variable_item_list_reset(instance->var_list);
}
Expand Down
5 changes: 1 addition & 4 deletions subbrute_device.c
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,8 @@ SubBruteDevice* subbrute_device_alloc(const SubGhzDevice* radio_device) {

instance->radio_device = radio_device;

//#ifdef FURI_DEBUG
// subbrute_device_attack_set_default_values(instance, SubBruteAttackLoadFile);
//#else
subbrute_device_attack_set_default_values(instance, SubBruteAttackCAME12bit433);
//#endif

return instance;
}

Expand Down
2 changes: 1 addition & 1 deletion subbrute_i.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
#include "views/subbrute_attack_view.h"
#include "views/subbrute_main_view.h"

#define SUBBRUTEFORCER_VER "Sub-GHz BruteForcer 3.B"
#define SUBBRUTEFORCER_VER "Sub-GHz BruteForcer 3.C"

#ifdef FURI_DEBUG
//#define SUBBRUTE_FAST_TRACK false
Expand Down
15 changes: 13 additions & 2 deletions subbrute_protocols.c
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,17 @@ const SubBruteProtocol subbrute_protocol_chamberlain_9bit_315 = {
.preset = FuriHalSubGhzPresetOok650Async,
.file = ChamberlainFileProtocol};

/**
* Chamberlain 9bit 318MHz
*/
const SubBruteProtocol subbrute_protocol_chamberlain_9bit_318 = {
.frequency = 318000000,
.bits = 9,
.te = 0,
.repeat = 3,
.preset = FuriHalSubGhzPresetOok650Async,
.file = ChamberlainFileProtocol};

/**
* Chamberlain 9bit 390MHz
*/
Expand Down Expand Up @@ -435,6 +446,7 @@ static const char* subbrute_protocol_names[] = {
[SubBruteAttackHoltek12bitAM915] = "Holtek AM 12bit 915MHz",
[SubBruteAttackChamberlain9bit300] = "Chamberlain 9bit 300MHz",
[SubBruteAttackChamberlain9bit315] = "Chamberlain 9bit 315MHz",
[SubBruteAttackChamberlain9bit318] = "Chamberlain 9bit 318MHz",
[SubBruteAttackChamberlain9bit390] = "Chamberlain 9bit 390MHz",
[SubBruteAttackChamberlain9bit433] = "Chamberlain 9bit 433MHz",
[SubBruteAttackChamberlain8bit300] = "Chamberlain 8bit 300MHz",
Expand Down Expand Up @@ -487,6 +499,7 @@ const SubBruteProtocol* subbrute_protocol_registry[] = {
[SubBruteAttackHoltek12bitAM915] = &subbrute_protocol_holtek_12bit_am_915,
[SubBruteAttackChamberlain9bit300] = &subbrute_protocol_chamberlain_9bit_300,
[SubBruteAttackChamberlain9bit315] = &subbrute_protocol_chamberlain_9bit_315,
[SubBruteAttackChamberlain9bit318] = &subbrute_protocol_chamberlain_9bit_318,
[SubBruteAttackChamberlain9bit390] = &subbrute_protocol_chamberlain_9bit_390,
[SubBruteAttackChamberlain9bit433] = &subbrute_protocol_chamberlain_9bit_433,
[SubBruteAttackChamberlain8bit300] = &subbrute_protocol_chamberlain_8bit_300,
Expand Down Expand Up @@ -828,8 +841,6 @@ void subbrute_protocol_file_generate_file(
uint64_t file_key,
bool two_bytes) {
FuriString* candidate = furi_string_alloc();
// char subbrute_payload_byte[8];
//furi_string_set_str(candidate, file_key);
subbrute_protocol_create_candidate_for_existing_file(
candidate, step, bit_index, file_key, two_bytes);

Expand Down
2 changes: 2 additions & 0 deletions subbrute_protocols.h
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ typedef enum {
* - `SubBruteAttackHoltek12bitAM915`: Holtek 12-bit AM 915 MHz sub-brute attack.
* - `SubBruteAttackChamberlain9bit300`: Chamberlain 9-bit 300 MHz sub-brute attack.
* - `SubBruteAttackChamberlain9bit315`: Chamberlain 9-bit 315 MHz sub-brute attack.
* - `SubBruteAttackChamberlain9bit318`: Chamberlain 9-bit 318 MHz sub-brute attack.
* - `SubBruteAttackChamberlain9bit390`: Chamberlain 9-bit 390 MHz sub-brute attack.
* - `SubBruteAttackChamberlain9bit433`: Chamberlain 9-bit 433 MHz sub-brute attack.
* - `SubBruteAttackChamberlain8bit300`: Chamberlain 8-bit 300 MHz sub-brute attack.
Expand Down Expand Up @@ -131,6 +132,7 @@ typedef enum {
SubBruteAttackHoltek12bitAM915,
SubBruteAttackChamberlain9bit300,
SubBruteAttackChamberlain9bit315,
SubBruteAttackChamberlain9bit318,
SubBruteAttackChamberlain9bit390,
SubBruteAttackChamberlain9bit433,
SubBruteAttackChamberlain8bit300,
Expand Down
7 changes: 2 additions & 5 deletions views/subbrute_attack_view.c
Original file line number Diff line number Diff line change
Expand Up @@ -193,9 +193,7 @@ View* subbrute_attack_view_get_view(SubBruteAttackView* instance) {

void subbrute_attack_view_set_current_step(SubBruteAttackView* instance, uint64_t current_step) {
furi_assert(instance);
#ifdef FURI_DEBUG
//FURI_LOG_D(TAG, "Set step: %d", current_step);
#endif

instance->current_step = current_step;
with_view_model(
instance->view,
Expand Down Expand Up @@ -226,7 +224,6 @@ void subbrute_attack_view_init_values(
instance->max_value = max_value;
instance->current_step = current_step;
instance->is_attacking = is_attacking;
// instance->extra_repeats = extra_repeats;

with_view_model(
instance->view,
Expand Down Expand Up @@ -262,7 +259,7 @@ void subbrute_attack_view_exit(void* context) {
void subbrute_attack_view_draw(Canvas* canvas, void* context) {
furi_assert(context);
SubBruteAttackViewModel* model = (SubBruteAttackViewModel*)context;
char buffer[64];
char buffer[64] = {0};

const char* attack_name = NULL;
attack_name = subbrute_protocol_name(model->attack_type);
Expand Down
Loading

0 comments on commit 7c5b548

Please sign in to comment.