mirror of
https://github.com/UberGuidoZ/Flipper.git
synced 2025-01-20 12:40:16 +00:00
90 lines
3.4 KiB
Markdown
90 lines
3.4 KiB
Markdown
<h1 align="center">
|
|
Brute Force OOK using <a href="https://flipperzero.one">Flipper Zero</a>
|
|
</h1>
|
|
|
|
Brute force subghz fixed codes using flipper zero, initially inspired by [CAMEbruteforcer](https://github.com/BitcoinRaven/CAMEbruteforcer)
|
|
|
|
|
|
This repo aims to collect as many brute force files as possible, so if you can or want to contribute you are more than welcome to do so!
|
|
|
|
## How it works
|
|
|
|
This repo contains a python script to generate bruteforce `.sub` files for subghz protocols that use fixed OOK codes. Inside the script it is also possible to specify your own protocol in case it's not present.
|
|
|
|
To generate all the files simply run:
|
|
|
|
```bash
|
|
python3 flipperzero-bruteforce.py
|
|
```
|
|
|
|
It will generate bruteforce files for all the specified protocols organized in many folders with the following structure:
|
|
|
|
```
|
|
sub_files/
|
|
└── PROTOCOL_NAME
|
|
├── SPLIT_FACTOR
|
|
│ ├── 000.sub
|
|
│ ├── ...
|
|
│ └── NNN.sub
|
|
└── debruijn.sub
|
|
```
|
|
|
|
For each protocol there are 6 sub folders, containing 1, 2, 4, 8, 16 and 32 files, `SPLIT_FACTOR` indicates the number of keys per `.sub` file. This is useful when trying to get a close guess to the key.
|
|
|
|
## Currently supported protocols
|
|
|
|
Right now the protocols supported are:
|
|
|
|
- CAME
|
|
- NICE
|
|
- PT-2240
|
|
- PT-2262
|
|
|
|
More info about them can be found [here](https://phreakerclub.com/447)
|
|
|
|
### Adding a protocol
|
|
|
|
Adding a protocol is very straight forward, inside the script protocols are defined at the bottom, inside the protocol list:
|
|
|
|
```python
|
|
protocols = [
|
|
Protocol("CAME", 12, {"0": "-320 640 ", "1": "-640 320 "}, "-11520 320 "),
|
|
Protocol("NICE", 12, {"0": "-700 1400 ", "1": "-1400 700 "}, "-25200 700 "),
|
|
Protocol("8bit", 8, {"0": "200 -400 ", "1": "400 -200 "}), # generic 8 bit protocol
|
|
...
|
|
]
|
|
```
|
|
|
|
A protocol is defined by a few parameters passed to the constructor in the following order:
|
|
|
|
- name: the name of the protocol
|
|
- n_bits: the number of bits for a single key
|
|
- transposition_table: how 0s and 1s are translated into flipper subghz `.sub` language
|
|
- pilot_period: aka preamble, a recurring pattern at the beginning of each key, defaults to `None`
|
|
- frequency: working frequency, defaults to 433.92
|
|
|
|
# Timing
|
|
|
|
To compute the time it takes to perform a bruteforce attack, we need to sum the time it takes to send each code:
|
|
|
|
```
|
|
(pilot_period + n_bits * bit_period) * repetition * 2^n_bits
|
|
```
|
|
|
|
For example, computing this for CAME turns out to be:
|
|
|
|
```
|
|
[(11520 + 320) + 12 * (320 + 640)] * 3 * 2^12 = 287.047.680 microseconds ~ 287 seconds
|
|
```
|
|
I've had so many asking for me to add this.<br>
|
|
![Flipper_Blush](https://user-images.githubusercontent.com/57457139/183561666-4424a3cc-679b-4016-a368-24f7e7ad0a88.jpg) ![Flipper_Love](https://user-images.githubusercontent.com/57457139/183561692-381d37bd-264f-4c88-8877-e58d60d9be6e.jpg)
|
|
|
|
**BTC**: `3AWgaL3FxquakP15ZVDxr8q8xVTc5Q75dS`<br>
|
|
**ETH**: `0x0f0003fCB0bD9355Ad7B124c30b9F3D860D5E191`
|
|
|
|
So, here it is. All donations of *any* size are humbly appreciated.<br>
|
|
![Flipper_Clap](https://user-images.githubusercontent.com/57457139/183561789-2e853ede-8ef7-41e8-a67c-716225177e5d.jpg) ![Flipper_OMG](https://user-images.githubusercontent.com/57457139/183561787-e21bdc1e-b316-4e67-b327-5129503d0313.jpg)
|
|
|
|
Donations will be used for hardware (and maybe caffine) to further testing!<br>
|
|
![UberGuidoZ](https://cdn.discordapp.com/emojis/1000632669622767686.gif)
|