sc4nn33r - wireless warfare tool
- usb-driven 315Mhz, 433Mhz, 868Mhz receivers and transmitters
- sniffer displays received bitstreams as binary on console, so you can cut'n'paste data to transform / retransmit data
- transmitter sends user-defined bitstreams (including tristate) of any length given any timebase
- fiddles with garage door openers, remote controlled outlets, wireless weather stations, wireless dimmers, doorbells, basically anything thats using AM modulation.
- interactive console, various built-in transforms like manchester, nrz, ami, ascii, hex
- various transmission shorthands for bruteforce, pt2622, etc
I had a lot of fun with this device. I can control the lights of two neighbours,
open the gate of the customs authority next door, open our garage door, crash
my weatherstation and so on. I don't know how many neighbours i've accidently driven
mad while debugging this thing. Need your wireless garage door opened? Just phone me ;)
Well, it's basically an arduino, a shielded dc-dc converter with lots of filtering, 3 pairs of receivers/transmitters and a lot of software
(firmware binary weighs in at 29..30KB). The first revision was 433-only, thus the name.
You can rip the transmitter and receiver out of remote controlled outlets or buy them at your favourite electronics store.
Look for the output-pin in the datasheet of the ic they are using (eg. DOUT for PT2262) inside the remote control,
cut the connection to the IC and hook the arduino up instead.
Most receivers used inside the outlets even have the pinout printed on them:
I learned about the bit-combinations from the RCSwitch
which offers sending and receiving of some
control codes via an Arduino
library. Just dump the bitstream you
are getting, try some permutations, and you will see it's easy to crack which bit does what.
No schematics needed, because it's just A0-A2 for input of the three receivers, and D3-D5 for the transmitters.
The size of my code is mostly because of i do a lot of string parsing.
⌂ Back to Overview
Comments[ Donar | 07.12.11 16:12 ]
Sounds like phun. Do you have any building plans. I like to readout my weather station on my computer without buying a new weather station.[ elektronika | 07.12.11 16:22 ]
Great and fun project. Any schematics, firmware available somewhere?[ BadWolf | 07.12.11 16:34 ]
For me it looks like a blue box that does nothing....any videos? schematics or diagram?
You know what they say.....youtube or it ain't real ;p[ Drake | 07.12.11 23:06 ]
Need one yesterday.[ mouse | 08.12.11 02:19 ]
Bada$$! I agree with badwolf, youtube or ur BS, lol. makes me wonder what freq wireless keychains work on, lol.[ mouse | 08.12.11 02:26 ]
Oh, they encrypted, duh ... maybe rainbow tables? "remote keyless systems operate by broadcasting radio waves on a particular frequency. most rkes work at 315 mhz for some north america made cars and at 433.92 mhz for european, japanese and asian cars. modern systems implement encryption to prevent car thieves from intercepting and spoofing the signal." quoted from http://en.wikipedia.org/wiki/remote_keyless_system[ devid | 20.05.12 22:36 ]
can you write me on my mail? datodatto
I am interested in this device, will you sell it?[ boris | 07.08.13 14:23 ]
please price your device / sc4nn33r - wireless warfare tool / if there is some software / thank you in advance for your quick response / e-mail: boris.0708
hotmail.com[ Jonatan | 03.09.13 17:00 ]
I wonder if there is any more details around your scanner that i could get. IÂ´m putting together one hell of a hack/pen device and to implement 315,433,868,915 mhz would be the final goal. Plz share what you can to me and i will reply to you about my results. You can write me at info
All the best to you and thanks in advance.
"H4L"[ Alf | 29.10.13 21:48 ]
congratulations for your work.
no schematics? or price...?
gmail.com[ BinaryBill | 08.08.14 04:51 ]
I have the same interest as everyone else. I'd love to know the process. Any help with other websites with info will help. Willing to get viruses. Email me. Hunglikeken