Skip to content

Latest commit

 

History

History
431 lines (340 loc) · 14 KB

README.md

File metadata and controls

431 lines (340 loc) · 14 KB

EvilCrowRF_Custom_Firmware

Idea, development and implementation of this firmware: h-RAT (https://github.com/h-RAT/).

ko-fi


Idea, development and implementation of the original firmware: Joel Serna (@JoelSernaMoreno - https://github.com/joelsernamoreno/).

Main collaborator: Little Satan (https://github.com/LSatan/)

PCB design: Ignacio Díaz Álvarez (@Nacon_96), Forensic Security (@ForensicSec) and April Brother (@aprbrother).

Manufacturer and distributor: April Brother (@aprbrother).

Distributor from United Kingdom: KSEC Worldwide (@KSEC_KC).

For sale with April Brother (shipping from China):


For sale with KSEC Worldwide (shipping from United Kingdom):


Discord Group: https://discord.gg/evilcrowrf

Preview

IMAGE ALT TEXT


Summary

  • Introduction
  • Installation
  • Features
  • Disclaimer
  • Introduction

    This firmware is an alternative to the EvilCrowRF default firmware.

    This firmware allows the following attacks:

    • Record Signal RAW Data
    • Record Signal Binary
    • Transmit .SUB File
    • Transmit RAW
    • Transmit Binary
    • Transmit Decimal**
    • Kaiju Analyze
    • Kaiju Rolling Codes
    • Signal Scanner
    • Bruteforce**
    • Rolljam
    • Rollback
    • Jammer
    • ...

    **Supported protocol: Princeton (24bits) , Holtek HT12X (12bits) , CAME (12bits) , CAME (18bits) , CAME (24bits) , CAME (25bits) , SMC5326 (25bits) , Nice FLO (12bits) , Nice FLO (24bits) , GateTX (24bits)

    Installation

    1) SD Files

    • Download and place the 'CONFIG' folder on a MicroSD card.
    • Download and place the 'HTML' folder on a MicroSD card.
    • Download and pPlace the 'SUBGHZ' folder on a MicroSD card.

    .SUB File

    • Place your file** (.sub) in the 'SUBGHZ' folder.

    **Supported protocol: RAW, Princeton , Holtek HT12X , CAME , SMC5326 , Nice FLO , GateTX

    2) Firmware

    • Download and upload EvilCrowRF firmware.

    How to upload .bin file from esptool ?
    How to upload .bin file from the web ?

    3) Webpanel

    • Connect your mobile/laptop/computer to this Wi-Fi:

    SSID: ECRF
    Password: 123456789

    • Open a browser and navigate to the web panel. (Default IP: 192.168.4.1)

    • Enjoy

    4) Rolljam Firmware

    IMAGE ALT TEXT
    • Download and upload Rolljam firmware on your second device.

    How to upload .bin file from esptool ?
    How to upload .bin file from the web ?

    The first device must be powered ON and connected to the default ECRF network. (SSID: ECRF | Password: 123456789)

    • Plug your second device into your computer and get the IP address from the serial monitor. (Baudrate: 38400)

    • Go to the EvilCrowRF web panel and set the IP address of the second device. (ECRF Settings -> Jammer Device -> Local IP Address)

    • Now you can start a rolljam attack.

    Features

    1) Record

  • You have the choice to use the existing presets:
    • Custom ( Custom CC1101 Settings )
    • AM270 ( Modulation: ASK/OOK | Bandwidth: 270.83 kHz )
    • AM650 ( Modulation: ASK/OOK | Bandwidth: 650.00 kHz )
    • FM238 ( Modulation: 2FSK | Bandwidth: 270.83 kHz | Deviation: 2.38 kHz)
    • FM4768 ( Modulation: 2FSK | Bandwidth: 270.83 kHz | Deviation: 47.61 kHz)

    IMAGE ALT TEXT

  • Received signal format:
    • RAW Data with sample count:
    • -1004 370 -424 404 -389 405 -389 403 -421 374 -420 373 -388 406 -421 408 -389 409 -386 409 | Sample: 20
    • IMAGE ALT TEXT
    • Binary with symbol count:
    • 1001001001001001001101101101101101001101101001001001001001101101001101101101101101101001101101001 | Symbol: 398

    IMAGE ALT TEXT

  • Possibility to save the signal in flipper zero .sub file format.
    • Filetype: Flipper SubGhz RAW File
    • Version: 1
    • Frequency: 433920000
    • Preset: FuriHalSubGhzPresetOok650Async
    • Protocol: RAW
    • RAW_Data: -1004 370 -424 404 -389 405 -389 403 -421 374 -420 373 -388 406 -421 408 -389 409 -386 409

    IMAGE ALT TEXT

    2) Transmit

  • You can send a decimal signal with a known protocol:
    • Princeton
    • Holtek HT12X
    • CAME
    • SMC5326
    • Nice FLO
    • GateTX

    IMAGE ALT TEXT

  • You can send a RAW signal.
  • IMAGE ALT TEXT

  • You can send a binary signal with symbol count.
  • IMAGE ALT TEXT

    3) Saved

  • You can upload a signal (.sub) to the MicroSD card from the webpanel.
  • IMAGE ALT TEXT

  • You can send a signal (.sub) from the MicroSD card.
    • Max. Lenght: 4096
  • You can download a signal (.sub) from the MicroSD card.

  • You can delete a signal (.sub) from the MicroSD card.

  • You can apply a signal to a button to send it later.
    • Button 1
    • Button 2

    IMAGE ALT TEXT

    4) Jammer

  • You can select many jamming power:
    • 12 (Max.)
    • 11
    • 10
    • 7
    • 5
    • 0 (Min.)

    IMAGE ALT TEXT

    5) Scanner

  • You can scan with min. RSSI many frequencies:
    • 300.00 mHz
    • 303.87 mHz
    • 304.25 mHz
    • 315.00 mHz
    • 318.00 mHz
    • 390.00 mHz
    • 418.00 mHz
    • 433.07 mHz
    • 433.92 mHz
    • 434.42 mHz
    • 434.77 mHz
    • 438.90 mHz
    • 868.30 mHz
    • 868.35 mHz
    • 868.86 mHz
    • 868.95 mHz
    • 915.00 mHz
    • 925.00 mHz

  • You can apply the frequency found.
  • IMAGE ALT TEXT

    6) Bruteforcer

  • You can bruteforce a decimal signal with a known protocol:
    • Princeton (24bits)
    • Holtek HT12X (12bits)
    • CAME (12bits)
    • CAME (18bits)
    • CAME (24bits)
    • CAME (25bits)
    • SMC5326 (25bits)
    • Nice FLO (12bits)
    • Nice FLO (24bits)
    • GateTX(24bits)

    • Max. Decimal: 2147483647

    IMAGE ALT TEXT

    7) CC1101 Settings

  • You have the choice to use the existing presets:
    • Custom ( Custom CC1101 Settings )
    • AM270 ( Modulation: ASK/OOK | Bandwidth: 270.83 kHz )
    • AM650 ( Modulation: ASK/OOK | Bandwidth: 650.00 kHz )
    • FM238 ( Modulation: 2FSK | Bandwidth: 270.83 kHz | Deviation: 2.38 kHz)
    • FM4768 ( Modulation: 2FSK | Bandwidth: 270.83 kHz | Deviation: 47.61 kHz)

    IMAGE ALT TEXT

  • You can assign a module for RX:
    • Module 1
    • Module 2

  • You can assign a module for TX:
    • Module 1
    • Module 2

    IMAGE ALT TEXT

  • You can assign a frequency:
    • Range: 300.00 mHz to 348.00 mHz
    • Range: 387.00 mHz to 464.00 mHz
    • Range: 779.00 mHz to 928.00 mHz
  • You can assign a modulation:
    • ASK/OOK
    • 2FSK
  • You can assign a bandwidth:
    • Range: 58.03 mHz to 812.50 kHz
  • You can assign a deviation:
    • Range: 1.58 mHz to 385.85.00 kHz
  • You can assign a datarate:
    • Range: 0.02 mHz to 1621.83 kBaud
  • You can assign a packet format:
    • Synchronous
    • Radnom
    • Asynchronous

    IMAGE ALT TEXT

    8) Kaiju Analyze

  • You can analyze the signals received with Kaiju.
  • IMAGE ALT TEXT

    9) Kaiju Rolling Codes

  • You can generate rolling codes with Kaiju.
  • IMAGE ALT TEXT

    10) Rolljam Attack

    IMAGE ALT TEXT
  • You can perform a rolljam attack with different parameters:
    • Record Frequency
    • Record Modulation
    • Jammer Frequency (Usually: Record Frequency - 0.10 mHz)
    • Jammer Power
  • You can send the second signal.
  • You can save the second signal to send it later.
  • IMAGE ALT TEXT

    11) Rollback Attack

  • You can perform a rollback attack with different parameters:
    • Record Frquency
    • Record Modulation
    • Time Frame
    • Signal Required
  • You can send the rollback sequence.
  • You can save the rollback sequence to send it later.
  • IMAGE ALT TEXT

    12) ECRF Logs

  • You can view the device logs.
  • You can download the device logs.
  • You can delete the device logs.
  • IMAGE ALT TEXT

    13) ECRF Settings

  • You can view the device uptime.
  • You can view the device free ram.
  • IMAGE ALT TEXT

  • You can assign your kaiju token.
  • IMAGE ALT TEXT

  • You can assign an action to the button:
    • Send Tesla (US) Signal
    • Send Tesla (EU) Signal
    • Start Record Signal
    • Send Last Recorded Signal
    • Send SD Selected Signal
    • Start Jammer (315.00 mHz)
    • Start Jammer (433.92 mHz)
    • Start Jammer (868.35 mHz)
    • Stop Jammer

    IMAGE ALT TEXT

  • You can adjust wifi settings.
  • IMAGE ALT TEXT

    14) Firmware Update

  • You can update the firmware from the web panel.
  • Disclaimer

    Evil Crow RF is a basic device for professionals and cybersecurity enthusiasts.

    We are not responsible for the incorrect use of Evil Crow RF.

    Be careful with this device and the transmission of signals. Make sure to follow the laws that apply to your country.