Flipper Zero Chat App - RF Signal Analysis via SDR
Рет қаралды 6,935
7 күн бұрынLearning some RF reverse engineering. Trying things out on the Flipper Zero subghz chat application.
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nmatt0/
#hacking #iot #cybersecurity
@Penthertz 5 күн бұрын
Glad you enjoyed the training and you are continuing hacking around RF! ❤😊
@shaneomacmcgee 5 күн бұрын
Hope you'll make some more videos on SDR as you explore further, this was excellent as always!
@BLiNKx86 5 күн бұрын
You should get Jeff Geerling's dad on here to explain all this crazy RF stuff
@MrTalon63 5 күн бұрын
I'm not 100% sure what chip is used in flipper zero (CC1101 I think?), but it's very possible that it has built-in hardware CRC check and it maybe that URH doesn't send that checksum. I did have similar problem back in 2018 when I started playing with CC1101 and URH but I ended giving up on it back then.
@xrafter 5 күн бұрын
Sub-1 GHz module Transceiver: CC1101 TX power: -20 dBm max Frequency bands (depends on your region): 315 MHz 433 MHz 868 MHz
@christophb8752 5 күн бұрын
Yes, the cc1101 uses checksum. URH has a built in calculator for the cc1101 crc function.
@a97807 3 күн бұрын
Nice video! I wish there were more videos where people have problems (and asked for viewers' help).
@bertblankenstein3738 5 күн бұрын
I played around with esp32 microcontrollers and 433 mhz rx and TX modules and was able to detect and replay the doorbell at the office. Good for some pranks. I'm going to have to look up those tools you are using.
@rahulkushwaha9500 5 күн бұрын
i dont know about rf modulation, but can there be any crc in the data being transmitted? incorrect crc will lead to false data but there should be something received on the other side. weird
@chipsareyum9074 6 күн бұрын
Love the videos, Matt!
@feff6754 5 күн бұрын
Thanks for the video, love the range of content!
@DirtyPlumbus 5 күн бұрын
Interesting stuff. I've personally never actually seen the Flipper chat actually work. I've picked up transmissions from it for other things, at least as far as verifying frequency.
@BrAiNeeBug 5 күн бұрын
The Generated Signal looks very overpowerd maybe reduce the Gain and then it works ?
@Effonefiddygarage 5 күн бұрын
Agreed. Reduce that gain. It's a garbled distortion mess if it's too close and too "loud".
@edwinking4407 4 күн бұрын
@13:39, Y axis for amplitude, X axis for Frequency, since you are checking the FFT plot.
@je4780 3 күн бұрын
Ah my linked comment made my original comment disappear. Looking online, Matt is correct about the axis' for the spectrogram. "A spectrogram is usually drawn in two dimensions, with time along the horizontal axis and frequency on the vertical axis. Amplitude is also included, using color or grayscale. If you think of FFTs as snapshots, a spectrogram is a movie- a series of FFTs displayed in the order they occurred."
@XYZ56771 4 күн бұрын
This was really interesting!
@anonymousking9797 6 күн бұрын
Awesome video 👏🏻😊
@DrKnow65 5 күн бұрын
In the generator set your carrier to 433Mhz, the information is encoded in shifting frequency an amount from the carrier. The shift amount is visible in your spectrum analyzer graph. Hope that helps.
@lloydweekes3539 5 күн бұрын
Make sure that you didnt throw anything away like the "1" at the start of the synchronization, 101010..., it could represent a start bit or stop bit. However, I believe there's a checksum to be placed somewhere at the tailend of the data. Need to figure out how the checksum is calculated and where it should be placed. I believe URH can help with that.
@qsmfoui 5 күн бұрын
awesome video!
@the3rdninja724 5 күн бұрын
great video. i love sdr hacking and reverse engineering. maybe combine them to reverse a car key or something? would be cool
@xrafter 5 күн бұрын
The FCC won't let him be.
@edwinking4407 4 күн бұрын
For the problem at the end of the video, first thing comes up in my mind is check the datalink layer integrity protections, like polarity, CRC, there might be some of these checks that make the flipperzero abandoned your message. Just my guess.
@andrewborntrager7909 5 күн бұрын
Another shot in the dark about your problem, if the carrier frequency is too similar to the signal you are trying to copy, then maybe you could mess with carrier frequency settings or dynamic range. Also, if the preamble is off by 1 bit, it won't work. Just throwing a couple ideas out, don't really know what I'm talking about very well.😂😂
@mattbrwn 5 күн бұрын
got it. I'll definitely try all this out.
@edoardomacri3049 5 күн бұрын
@@mattbrwn I believe that the la character is a sort of checksum, there are tool online that give you various checksum with an inputted string so you cold match the result from the string which starts with “FL” and usually ends with “\0”, “ ” or ”…
@RickDkkrd 5 күн бұрын
it looks like you really need a second sdr device, probably a cheap one, just to check what your main one is sending out
@ianeberly 5 күн бұрын
Keep up the good work. Thanks for another interesting video. I used Arduino w/ an ESP8266 to be able to remotely control a projector w/ IR as well as a remote controlled (315MHz) outlet. It would be interesting to dissect some remotes and get the actual data.
@amritsharmapoudel959 5 күн бұрын
Hi Matt, thank you for your videos. Have you thought about making videos about firmware repacking? Thank you for your motivations!
@mattbrwn 5 күн бұрын
have one in the "Root Shell via Firmware Modification" vid. will try to do some more
@amritsharmapoudel959 5 күн бұрын
Something like adding files / executables to the firmware and repacking it with firmware-mod-kit - for example.
@sarojnareshdalwani7830 4 күн бұрын
WHAT BUTTON DID U CLICK AT 15:42 A COUPLE OF TIMES TO CLEAR SOME NOISE?
@theme997 4 күн бұрын
Please do More video on radio stuff ......................
@seanfichera 5 күн бұрын
Have you tried to change the name of the spoofed flipper? Could your flipper be ignoring the transmission because it thinks it is from itself. Just throwing that out there. I use meshtastic devices for some private communications and it is a mesh network that retransmits messages as a broadcast but the sending device doesn't see the message it originally sent out. Just a hunch but you might enjoy ham radio.
@_trbr 5 күн бұрын
In the original replay that he did, the Flipper did display the messages even though they had the same device identifier.
@St0ner1995 5 күн бұрын
Have you got your udev rules setup? Linux does not know what to do with SDR hardware by default. Also the 1/4 at the end is probably actually a checksum
@Kurainu 4 күн бұрын
Great Video. You have tried to send some message like aaaaaa,bbbbb,cccc and look if you can find a checksum/CRC. Or maybe the message is prefixed with a length oder something like that. just Throwing out some ideas that have right know. But sadly i cannot test them because i dont have a sdr
@ergonomiczero2228 5 күн бұрын
Not trying to be a smarty pants but what is this exercise good for aside from a thought experiment? Is there any practical application?
@mattbrwn 5 күн бұрын
Learning how to reverse engineer RF signals.
@inothome 5 күн бұрын
That looks more like PSK than pure FM and as others said, look for the CRC.
@Cjsbowtie 4 күн бұрын
Verify your baud rate on both ends.
@JerryThings 4 күн бұрын
If you manage to fix it, you could even chat with gps data lolol
@cognisent_ 5 күн бұрын
Intentional or coincidence that your volume is set to 69% 🤔...
@horstszibulski19 5 күн бұрын
Creepy device, that Flipper zero...no wonder that it get banned more and more... Stay on it, seems that it will bring out some interesting things, even to me, where my raw knowledge of RF ends on 27Mhz CB radio things some 25yrs ago, that was quite interesting! 😮👍👍
@tubeDude48 5 күн бұрын
Your waffling all over the place!
@cognisent_ 5 күн бұрын
The brain thinks what the brain thinks 😁.
@remcool1258 6 күн бұрын
First
@gryzman 5 күн бұрын
lots of good stuff, but I frankly have to cringe a lot watching your videos. You need someone to ping these things realtime against. The playback is slow, you can see progress of it - hence why the it replays every so often. Nothing to do with the antennae polarity !
@micahrunyon2743 5 күн бұрын
I feel like that adds to the authenticity of the video. Has more of the bro showing you something cool instead of a college class feel. What do you think?
@cognisent_ 5 күн бұрын
For sure I appreciate seeing the mistakes in real time, as well.
Клуб DNS
Рет қаралды 477 М.
JOON Italian
Рет қаралды 1,4 МЛН
LED Screen Factory-EagerLED
Рет қаралды 24 МЛН