2FSK 使用 Yardstick One 嗅探 RFCat
[英]2FSK Sniffing RFCat with a Yardstick One
问题描述
I have been banging my head against a wall working on an SDR project with RFCat.
我一直在用 RFCat 进行 SDR 项目的工作。 In short, I am reverse engineering a sub GHz radio protocol.简而言之,我正在对 sub GHz 无线电协议进行逆向工程。 I have figured out the protocol, and am able to spoof the receiver transmitting from my Yardstick One with RFCat, using packets sniffed on another SDR (I know the YS1 isn't technically an SDR) and decoded using Inspectrum.我已经弄清楚了协议,并且能够使用在另一个 SDR 上嗅探的数据包(我知道 YS1 在技术上不是 SDR)并使用 Inspectrum 解码来欺骗从我的 Yardstick One 传输的带有 RFCat 的接收器。 However when I send the same packets with the real remote, or another SDR transmitter, I am unable to sniff them with my YS1 in RFCat, with the same settings I used to successfully transmit.但是,当我使用真正的遥控器或另一个 SDR 发射器发送相同的数据包时,我无法使用 RFCat 中的 YS1 嗅探它们,使用与我成功传输相同的设置。 Is it possible that receiving requires different settings?接收是否可能需要不同的设置? (Besides putting it into RX Mode) Here is the printout of d.printRadioConfig(): (除了将其置于 RX 模式之外)这是 d.printRadioConfig() 的打印输出:
== Hardware ==
Dongle: YARDSTICKONE
Firmware rev: 0616
Compiler: SDCCv350
Bootloader: CC-Bootloader
== Software ==
rflib rev: 616
== Frequency Configuration ==
Frequency: 916999877.929688 hz (0x263555)
Channel: 0
Intermediate freq: 281250 hz
Frequency Offset: 0 +/-
Est. Freq Offset: 0
== Modem Configuration ==
Modulation: 2FSK
DRate: 151977.539062 hz
ChanBW: 93750.000000 hz
DEVIATION: 234375.000000 hz
Sync Mode: 16 of 16 bits must match
Min TX Preamble: 3 bytes
Chan Spacing: 199951.171875 hz
BSLimit: No data rate offset compensation performed
DC Filter: enabled
Manchester Encoding: disabled
Fwd Err Correct: disabled
== Packet Configuration ==
Sync Word: 0x8585
Packet Length: 11
Length Config: Fixed Packet Mode
Configured Address: 0x0
Preamble Quality Threshold: 4 * 2
Append Status: No
Rcvd Packet Check: No address check
Data Whitening: off
Packet Format: Normal mode
CRC: disabled
== AES Crypto Configuration ==
AES Mode: CBC - Cipher Block Chaining
Crypt RF Input: off
Crypt RF Output: off
== Radio Test Signal Configuration ==
TEST2: 0x88
TEST1: 0x31
TEST0: 0x9
VCO_SEL_CAL_EN: 0x0
== Radio State ==
MARCSTATE: MARC_STATE_IDLE (1)
DONGLE RESPONDING: mode :d, last error# 0
== Client State ==
========================================================================================================================
client thread cycles: 105/55
client errored cycles: 0
recv_queue: (0 bytes) ''
trash: (3 blobs) "[128, 142, (1619706506.761202, '')]"
recv_mbox (2 keys) "['0x42', '0xff']"
app 0x42 (2 records)
[0x2] (0 frames) "[]"
[0x7] (0 frames) "[]"
app 0xff (6 records)
[0x80] (0 frames) "[]"
[0x81] (0 frames) "[]"
[0x82] (0 frames) "[]"
[0x86] (0 frames) "[]"
[0x88] (0 frames) "[]"
[0x89] (0 frames) "[]"
(PS Forgive me if there is something improper about this question, long time visitor, first time post) (PS如果这个问题有什么不妥之处,长期访客,第一次发帖,请见谅)
1 个解决方案
解决方案1
0 2021-09-03 19:22:07
Try widening the receiver channel filter bandwidth.尝试加宽接收器通道滤波器带宽。 Your FSK deviation is set to 234.375KHz but your the channel filter is set to 93.750kHz, assuming the deviation is correct then your filter setting is preventing the signal from reaching the receiver.您的 FSK 偏差设置为 234.375KHz,但您的通道滤波器设置为 93.750kHz,假设偏差是正确的,那么您的滤波器设置会阻止信号到达接收器。 You can increase it to its maximum with d.setMdmChanBW(750000) .您可以使用d.setMdmChanBW(750000)将其增加到最大值。 There are more details on how to set this correctly on page 191 of the C1111Fx datasheet https://www.ti.com/lit/ds/swrs033h/swrs033h.pdf .在 C1111Fx 数据表https://www.ti.com/lit/ds/swrs033h/swrs033h.pdf的第 191 页上有更多关于如何正确设置的详细信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.