DIY CC1101 tool - RF jammer, replay attack, sniffer - cheap & easy tool for radio pen testing
43,255
Published 2023-06-04
The project page is here : github.com/mcore1976/cc1101-tool and... I am giving this design for free to everyone... Well, it is not Flipper Zero, it is even BETTER ! and still simpler to use than Yard Stick One
The parts you need : (Sparkfun) Arduino Pro Micro 3.3Volts / 8 MHz version, some cheap CC1101 module for Arduino (try to buy version most accurate for the frequency you want to play 433MHz/315MHz/868MHz ). I have included ESP32 and ESP8266 versions as well as Arduino Nano/Mega/Uno version (this one requires TXS0108E TTL logic converter to interwork with CC1101 module)
It can do :
- scanning radio bands for most accurate frequency of the signal : scan minfreq maxfreq
- record & replay of radio frames ( rec & play commands),
- you can compose your own set of frames/signal chunks to be sent (add /show/ addraw/ showraw/ flush commands) ,
- has built-in jammer functions (command jam)
- can sniff packets ( command rx / rxraw )
- can send single frame (command tx)
- can capture/record and replay any RF signal via RAW format (like Flipper Zero can - commands recraw/playraw/showraw)
- can store & restore recorded/composed packets and RAW RF into non-volatile EEPROM memory (commands save/load)
- it has CHAT option so you can connect many of such devices over radio to support simple radio communicator
It also has a possibility to set every single parameter of CC1101 chip with simple human readable commands thanks to use of SmartRC library by Little_S@tan ( github.com/LSatan/SmartRC-CC1101-Driver-Lib )
If you combine it with Universal Radio Hacker tool ( github.com/jopohl/urh ) you can do a lot of things over radio... Even without URH you can do record & replay attacks. The tool can be easily used to perform most of RF attacks to cars and other devices like wireless door openers, door bells and so on. I do not encourage you to do such things but sometimes it is worth to check if the wireless devices that you are using are truly safe, don't you think ?
DISCLAIMER - you use this device at your own risk. I can not be held responsible of your own actions and damages you could do with this device. My video has only educational value and the device should be used responsibly following local law regulations.
I am not showing how to hack in this video, you have to figure it out on your own.
If you like this project please press LIKE button and SUBSCRIBE the channel !
Thank You for your support !
#ALCHNL #ARDUINO #SDR
All Comments (21)
-
i like that you still update the project to this day, i really appreciate you for making everything public for everyone to learn👍
-
You’re a legend dude, I was always wondering how to apply these cc1101 boards but I’m not a microcontroller guy and this gives me a reason to get into it and a blueprint to follow.
-
Can't wait to see this. I found your videos after making a little NRF24 WiFi Jammer, your mic jamming project is awesome. VERY eager to see what you do with the CC1101, that was next on my list of fun transceivers to play with :)
-
Amazing content man! I have been trying to do this for months and this really helped me out!
-
Very very good! I like CC1101 very much, just have your tutorial, thank you very much!😀
-
Your content is best
-
It worked with esp32!! so useful video!Hope you make more!
-
Fantastic video! Would be nice to add a WIFI Access Point mode to the ESP32 board in your github repo.
-
very use full info an innovating tech keep videos like this
-
You are an absolute legend my friend ... very humble username but again far from just any engineer ... youve helped me enormously ... do u have a patreon or paypal for ppl to support ur work an vids etx??
-
Continue to pay attention to you and harvest continuous surprises! Love you<3
-
Congratulations on the channel!! Could I use the Pro Mini?
-
hi really a great tool well done...if I understand correctly for jamming you have to use the corresponding modulation set
for example if I have the right to jam a 2fsk frequency I must select it before launching the Jamm command? -
A note: It is not the same as a YS1, the YS1 has rx/tx amps and it has filters and is already setup to use python. This will require a bit more effort to use python with it ( but should still be doable)
That all said I have ordered a Pi Pico board to use with the numerous cc1101 boards I have as this would be a nice cheap (almost disposable) alternative to my 2 Yardstick Ones so it certainly has its place.
I am hoping it works well, after my issues with RFQuack (TX worked fine, RX did not work at all). -
Awesome ❤😉👏👏👏
-
Loved the video
is it possible to do the same with an ESP32 board or it has to be the Arduino Pro Micro? -
Hi I have a question here. How does Flipper Zero manage to support 315mhz, 433mhz and 868mhz using c1101 while the modules available usually only support one of the three frequencies?
-
loving this, is there a way that it can be dynamically configured to jam frequency within 50 meters
-
Pretty freakin awesome! Amazing! Question is it possible to use XBEE module or with a regular nano arduino too. Plus with esp2866
-
Does the particular CC1101 module that you are using work at 868Mhz ? I don't get why 433 is written on it if is works for almost the whole subGHZ range
I think mine is actually faulty, that made my job harder all along
I managed to get my garage door code using univerval radio hacker at least, but I can't unlock it with my digispark like you did in an earlier project since it works at 868Mhz