2FSK Sniffing RFCat with a Yardstick One

Question

I have been banging my head against a wall working on an SDR project with RFCat. In short, I am reverse engineering a sub GHz radio protocol. I have figured out the protocol, and am able to spoof the receiver transmitting from my Yardstick One with RFCat, using packets sniffed on another SDR (I know the YS1 isn't technically an SDR) and decoded using Inspectrum. However when I send the same packets with the real remote, or another SDR transmitter, I am unable to sniff them with my YS1 in RFCat, with the same settings I used to successfully transmit. Is it possible that receiving requires different settings? (Besides putting it into RX Mode) Here is the printout of d.printRadioConfig():

== Hardware ==
Dongle:              YARDSTICKONE
Firmware rev:        0616
Compiler:            SDCCv350
Bootloader:          CC-Bootloader

== Software ==
rflib rev:           616

== Frequency Configuration ==
Frequency:           916999877.929688 hz (0x263555)
Channel:             0
Intermediate freq:   281250 hz
Frequency Offset:    0 +/-
Est. Freq Offset:    0

== Modem Configuration ==
Modulation:          2FSK
DRate:               151977.539062 hz
ChanBW:              93750.000000 hz
DEVIATION:           234375.000000 hz
Sync Mode:           16 of 16 bits must match
Min TX Preamble:     3 bytes
Chan Spacing:        199951.171875 hz
BSLimit:             No data rate offset compensation performed
DC Filter:           enabled
Manchester Encoding: disabled
Fwd Err Correct:     disabled

== Packet Configuration ==
Sync Word:           0x8585
Packet Length:       11
Length Config:       Fixed Packet Mode
Configured Address:  0x0
Preamble Quality Threshold: 4 * 2
Append Status:       No
Rcvd Packet Check:   No address check
Data Whitening:      off
Packet Format:       Normal mode
CRC:                 disabled

== AES Crypto Configuration ==
AES Mode:            CBC - Cipher Block Chaining
Crypt RF Input:      off
Crypt RF Output:     off

== Radio Test Signal Configuration ==
TEST2:               0x88
TEST1:               0x31
TEST0:               0x9
VCO_SEL_CAL_EN:      0x0

== Radio State ==
     MARCSTATE:      MARC_STATE_IDLE (1)
     DONGLE RESPONDING:  mode :d, last error# 0

== Client State ==
========================================================================================================================
     client thread cycles:      105/55
     client errored cycles:     0
     recv_queue:                (0 bytes) ''
     trash:                     (3 blobs) "[128, 142, (1619706506.761202, '')]"
     recv_mbox                  (2 keys)  "['0x42', '0xff']"
       app 0x42 (2 records)
             [0x2]    (0 frames)  "[]"
             [0x7]    (0 frames)  "[]"

       app 0xff (6 records)
             [0x80]    (0 frames)  "[]"
             [0x81]    (0 frames)  "[]"
             [0x82]    (0 frames)  "[]"
             [0x86]    (0 frames)  "[]"
             [0x88]    (0 frames)  "[]"
             [0x89]    (0 frames)  "[]"

(PS Forgive me if there is something improper about this question, long time visitor, first time post)

Answer 1

Try widening the receiver channel filter bandwidth. Your FSK deviation is set to 234.375KHz but your the channel filter is set to 93.750kHz, assuming the deviation is correct then your filter setting is preventing the signal from reaching the receiver. You can increase it to its maximum with d.setMdmChanBW(750000) . There are more details on how to set this correctly on page 191 of the C1111Fx datasheet https://www.ti.com/lit/ds/swrs033h/swrs033h.pdf .