3. Flipper Add‐On: SubGHz
It's a wireless technology that operates in a frequency band lower than 1 GHz. Usually from 300-928 MHz. This is where the name of the technology comes from. This technology typically has a longer range than other higher frequency transmissions like Bluetooth or Wi-Fi.
LoRa (short for long range) is a spread spectrum modulation technique derived from chirp spread spectrum (CSS) technology. This is a proprietary technology from Semtech.
LoRa signals can reach much farther than other wireless technologies like Bluetooth. In ideal conditions, they can travel over 6 miles (ca. 10 km). One of LoRa's big advantages is that it uses very little power. This makes it perfect for battery-powered devices that need to last for a long time.
This Add-On allows you to analyze and view IoT traffic in the Sub-GHz band. In addition to adding an extra CC1101 to our beloved Flipper adds a LoRa SX1262 chip. Both chips are used as transceivers. You will be able to analyze the traffic of the signals and even replicate it to the final device meant to execute a task. This Add-On specifically works with SX1262 firmware.
The low-cost CC1101 sub-1 GHz transceiver is developed for very low-power wireless applications.
A highly customizable baseband modem is included inside the RF transceiver. With a programmable data rate of up to 600 Kbps, the modem supports a number of modulation types.
This device offers exceptional RF performance with high sensitivity (-116 dBm at 433 MHz and 0.6 kBaud, -112 dBm at 868 MHz and 1.2 kBaud) and low current consumption (14.7 mA at 868 MHz and 1.2 kBaud).
Frequency bands covered are 300-348 MHz, 387-464 MHz, and 779-928 MHz, and it allows programmable output power up to +12 dBm for all supported frequencies.
Read more of its characteristics in the datasheet.
This Semtech device is a Long Range, Low Power, sub-GHz half-duplex RF Transceiver. Designed for long battery life with just 4.2 mA of active receive current consumption. It is able to transmit up to +22 dBm thanks to its integrated power amplifiers. The continuous frequency coverage from 150 MHz to 960 MHz allows the support of all major sub-GHz ISM bands around the world.
This device is designed to comply with the physical layer requirements of the LoRaWAN specification released by the LoRa Alliance.
You can read more about all its features on its datasheet.
Find the schematics here →FLIPPER_Subg
This Add-On allows you to analyze and view IoT traffic in the Sub-GHz band. In addition to adding an extra CC1101 to our beloved Flipper adds a LoRa SX1262 chip. Both chips are used as transceivers. You will be able to analyze the traffic of the signals and even replicate it to the final device meant to execute a task. This Add-On specifically works with SX1262 firmware.
Use the pin headers to plug your Add-On to your Flipper.
The first step for testing the applications included in the flashed firmware is configuring your flipper to work with the Add-On.
In the main menu, go to the Sub-GHz option and change the setting to use the “External Module”:
Now you are all set to test your Sub-GHz Add-On. Let's start with the Spectrum Analyzer. You need to navigate through Apps > Sub-GHz > Spectrum Analyzer. You will see the following screen:
You can use the arrow buttons on the panel to move through the different frequencies. In this example case, we are analyzing a known 315 GHz signal, so we moved to this value on the graph. Once the device triggers the signal, it is shown in the Spectrum Analyzer graph:
Now we confirm that the device is sending signals near 315 MHz frequency. Let's try with another app then. Let's suppose we want to confirm that a TPMS sensor is sending messages properly over the same frequency we just read before. We can test the TPMS reader: Apps > Sub-GHz > TPMS Reader. The following screen will show up:
A 433.92 MHz frequency is set by default, but it can be changed by going to Config (press the left arrow on the panel):
In the menu above, we set the frequency to the known one. Then, going back to the scanning screen, the signal is triggered:
Note
You must first install the LoRa Relay Flipper app.
Watch data traveling through the specific LoRa settings. Use the right key in the D-pad to start sniffing.
- The first 8 bytes of the LoRa messages received will be displayed according to the established parameters and their ASCII representation if available. Use the central key in the D-pad to start/stop recording LoRa messages to log file.
Important
A successful communication between flipper and another LoRa device will depend on LoRa parameters configured, you must know how are they configured in the target LoRa network, wrong configurations will result in data loss.
Send a file containing LoRa messages to any peripheral listening on the network. Use the central key in the D-pad to start the Browser.
- Browse in your files, look for a log file and send it.
Thank you for reading our Wiki!
- How do Magnetic Stripes work?
- MagSpoof Flipper Add-On
- Understanding MagSpoof Flipper Add-On
- First steps with the Flipper Add-On MagSpoof
- Example
- Marauder - Marauder Spoof's technologies
- Flipper Add‐On: Marauder
- Flipper Add‐On: Marauder Spoof
- Understanding Flipper Add-On: Marauder and Flipper Add-On: Marauder Spoof
- First steps with Marauder
- Examples
- How does Flipper Add-On SubGHz' technologies work?
- Flipper Add‐On: SubGHz
- Understanding Flipper Add‐On: SubGHz
- First steps with Flipper Add‐On: SubGHz
- What is RS485?
- What is the Modbus Protocol & How Does It Work?
- Requirements
- Menus description
- How to build a packet manually and send it
- How does Flipper CAN Bus work?
- Flipper Add‐On: CAN Bus
- Understanding Flipper Add‐On: CAN Bus
- First steps with Flipper Add‐On: CAN Bus