24 bit support possible?

Question

24 bit support possible?

Closed this issue 2 years ago · 9 comments

Is it possible to support Princeton 24 with this proof of concept?
https://phreakerclub.com/447
https://phreakerclub-com.translate.goog/447?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

https://github.com/flipperdevices/flipperzero-firmware/blob/dev/lib/subghz/protocols/princeton.c

Answer 1 · 2022-08-05T04:33:40.000Z

Brute force a 24 bit gate is not practical at all, you would need weeks, theoretically the code can be modified to work with any protocol

Answer 2 · 2022-08-05T14:09:12.000Z

Actually it's just 20bit for the address and 4 bit for the buttons, following the specs. Depending on the distribution of generated address numbers, it can be doable in a much smaller time.

Answer 3 · 2022-08-05T14:48:47.000Z

Even if it was "weeks" that would be ok with this specific application of attacking a robot dog. Sometimes they sit deployed at the same location for an extended amount of time. There will be one for example patrolling a local airport from now until the foreseeable future. Every day it will be there for years to come. Absolutely not ideal if the thing is running at you, but a usable situation none the less.

https://twitter.com/d0tslash/status/1555326302462394370

Answer 4 · 2022-08-05T16:33:57.000Z

This repo has support for it (just commented out due to size in the python code): https://github.com/tobiabocchi/flipperzero-bruteforce

Answer 5 · 2022-08-06T05:44:19.000Z

This repo has support for it (just commented out due to size in the python code): https://github.com/tobiabocchi/flipperzero-bruteforce

I have the missing files here: https://github.com/UberGuidoZ/Flipper/tree/main/Sub-GHz/OOK_bruteforce

Answer 6 · 2022-08-06T05:47:25.000Z

@UberGuidoZ I'm still a bit ignorant to this, do the subs brute both the SN & key press? Button 4 is what triggers this specific device I'm working with. It would be nice to narrow the search to eliminate other buttons.

Answer 7 · 2022-08-06T05:54:10.000Z

I actually left a comment on your repo about exactly that. How did you generate the SUB in the video, to begin with?

I was curious if the Go1 robots varied the required signal (serial/button) or if they were all the same.

We can chat in the Flipper discord if you'd rather do this a little more live: https://discord.gg/rUKdeJXM (tag me!)

Answer 8 · 2022-08-06T05:55:09.000Z

Reply of an actual button press on the included "emergency stop" remote that is paired with my dog. The place stickers on both the remote & dog with the serial number to the remote also.

Answer 9 · 2022-08-09T09:06:54.000Z

This repo has support for it (just commented out due to size in the python code): https://github.com/tobiabocchi/flipperzero-bruteforce

I have the missing files here: https://github.com/UberGuidoZ/Flipper/tree/main/Sub-GHz/OOK_bruteforce