SubGhz Bruteforcer from Unleashed Firmware
This software is for experimental purposes only and is not meant for any illegal activity/purposes. We do not condone illegal activity and strongly encourage keeping transmissions to legal/valid uses allowed by law.
The application is included in the standard firmware package of Unleashed Firmware.
You just need to install the latest firmware.
You can also download the release and unzip/untar it to the SD Card/apps/Sub-GHz directory.
Warning
The application is not compatible with the official firmware version. Also, it has not been tested on other firmware versions other than Unleashed Firmware and OFW.
Here you can select the protocol and frequency that will be used for bruteforce.
According to our observations, `CAME 12bit 433MHz` is the most common protocol, so it is selected by default. To identify other devices and protocols, you should inspect the device.
According to the protocol, when probe a key, each value is sent 3 times.
Most of the devices this works but there are devices that don't work and more repetitions are needed.
The number of repetitions can be increased with the right button, the left button decreases the value.
The negative side of increasing the number of repetitions will be a longer key find time.
| Button | Action |
|---|---|
| Decrease repeat value | |
| 🔼 | Move up |
| Increase repeat value | |
| 🔽 | Move down |
| ⏺️ | Select protocol |
| ↩️ | Close application |
- CAME 12bit 303MHz
- CAME 12bit 307MHz
- CAME 12bit 315MHz
- CAME 12bit 330MHz
- CAME 12bit 433MHz
- CAME 12bit 868MHz
- NICE 12bit 433MHz
- NICE 12bit 868MHz
- Ansonic 12bit 433.075MHz
- Ansonic 12bit 433.920MHz
- Ansonic 12bit 434.075MHz
- Holtek HT12X 12bit FM 433.920MHz (TE: 204μs)
- Holtek HT12X 12bit AM 433.920MHz (TE: 433μs)
- Holtek HT12X 12bit AM 315MHz (TE: 433μs)
- Holtek HT12X 12bit AM 868MHz (TE: 433μs)
- Holtek HT12X 12bit AM 915MHz (TE: 433μs)
- Chamberlain 9bit 300MHz
- Chamberlain 9bit 315MHz
- Chamberlain 9bit 318MHz
- Chamberlain 9bit 390MHz
- Chamberlain 9bit 433MHz
- Chamberlain 8bit 300MHz
- Chamberlain 8bit 315MHz
- Chamberlain 8bit 390MHz
- Chamberlain 7bit 300MHz
- Chamberlain 7bit 315MHz
- Chamberlain 7bit 390MHz
- Linear 10bit 300MHz
- Linear 10bit 310MHz
- Linear Delta 3 8bit 310MHz
Note
Only dip switch combinations, not full 25bit bruteforce
- UNILARM 25bit 330MHz (TE: 209μs)
- UNILARM 25bit 433MHz (TE: 209μs)
Note
Only dip switch combinations, not full 25bit bruteforce
- SMC5326 25bit 330MHz (TE: 320μs)
- SMC5326 25bit 433MHz (TE: 320μs)
Note
Only for 8 dip switch remote, not full 24bit bruteforce
- PT2260 24bit 315MHz (TE: 286μs)
- PT2260 24bit 330MHz (TE: 286μs)
- PT2260 24bit 390MHz (TE: 286μs)
- PT2260 24bit 433MHz (TE: 286μs)
- BF Existing dump works for most other static protocols supported by Flipper Zero
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
