dandri/Flipper-ARF
1
0
Fork 0
mirror of https://github.com/D4C1-Labs/Flipper-ARF.git synced 2026-03-30 12:05:49 +00:00
Code Issues Actions Packages Projects Releases 39 Wiki Activity

Compare commits

base: dandri:dev-8bf12df
Branches Tags
dandri:main dandri:experiments
dandri:dev-dc0f30d dandri:dev-38f261e dandri:dev-cb1daaa dandri:dev-b318b3e dandri:dev-117381e dandri:dev-702cf5a dandri:dev-1701118 dandri:dev-d85657b dandri:dev-d23a892 dandri:dev-16d06d7 dandri:dev-937a220 dandri:dev-ab66580 dandri:dev-56c5670 dandri:dev-a5cf675 dandri:dev-c6bec5e dandri:dev-4e05a0e dandri:dev-17d497e dandri:dev-d5b46ff dandri:dev-9d22981 dandri:dev-c6265ea dandri:dev-8e0a81b dandri:dev-6f39fd4 dandri:dev-41d10f9 dandri:dev-5b90381 dandri:dev-fde0a57 dandri:dev-4974201 dandri:dev-8ff5e3c dandri:dev-57226fc dandri:dev-cb9aee6 dandri:dev-22daa7c dandri:dev-1c9fddf dandri:dev-a4da50c dandri:dev-e881d69 dandri:dev-b041177 dandri:dev-f347d5a dandri:dev-3a6da87 dandri:dev-5d94639 dandri:dev-20a95b2 dandri:dev-3605669 dandri:dev-fb1c28a dandri:dev-12db96a dandri:dev-4b50b8b dandri:dev-0f24f8c dandri:dev-238f39d dandri:dev-4c35817 dandri:dev-689df52 dandri:dev-0aef017 dandri:dev-cea3bc3 dandri:dev-8bf12df dandri:dev-f3d0857 dandri:dev-9e52a6e dandri:dev-faf669b dandri:dev-e445b28 dandri:dev-2571ad7 dandri:dev-1c9d1f4 dandri:dev-fabb1cc dandri:dev-6a432a9 dandri:dev-4dc688c dandri:ARF-1.0.0 dandri:dev-585ce97 dandri:dev-592bf5f dandri:dev-3365fc4 dandri:dev-a37ba6b dandri:dev-730bb31 dandri:dev-ce085b6 dandri:dev-f4c753b dandri:dev-41191df dandri:dev-d5eb983 dandri:dev-a900aef dandri:dev-9f89d93 dandri:dev-03897a4 dandri:dev-76fbf79 dandri:dev-bafe135 dandri:dev-77b58fe dandri:dev-57dafbc dandri:dev-e116aba dandri:dev-fd9564e dandri:dev-de133eb dandri:dev-bfdf609 dandri:dev-72d3992 dandri:dev-c1d145c dandri:dev-6507bed dandri:dev-2d8f356 dandri:dev-aa03d59 dandri:dev-c1d1b65 dandri:dev-beb3c94 dandri:dev-d72836c dandri:dev-fbae977 dandri:dev-7c7a0a6 dandri:dev-8cc385b
..
compare: dandri:dev-3a6da87
Branches Tags
dandri:main dandri:experiments
dandri:dev-dc0f30d dandri:dev-38f261e dandri:dev-cb1daaa dandri:dev-b318b3e dandri:dev-117381e dandri:dev-702cf5a dandri:dev-1701118 dandri:dev-d85657b dandri:dev-d23a892 dandri:dev-16d06d7 dandri:dev-937a220 dandri:dev-ab66580 dandri:dev-56c5670 dandri:dev-a5cf675 dandri:dev-c6bec5e dandri:dev-4e05a0e dandri:dev-17d497e dandri:dev-d5b46ff dandri:dev-9d22981 dandri:dev-c6265ea dandri:dev-8e0a81b dandri:dev-6f39fd4 dandri:dev-41d10f9 dandri:dev-5b90381 dandri:dev-fde0a57 dandri:dev-4974201 dandri:dev-8ff5e3c dandri:dev-57226fc dandri:dev-cb9aee6 dandri:dev-22daa7c dandri:dev-1c9fddf dandri:dev-a4da50c dandri:dev-e881d69 dandri:dev-b041177 dandri:dev-f347d5a dandri:dev-3a6da87 dandri:dev-5d94639 dandri:dev-20a95b2 dandri:dev-3605669 dandri:dev-fb1c28a dandri:dev-12db96a dandri:dev-4b50b8b dandri:dev-0f24f8c dandri:dev-238f39d dandri:dev-4c35817 dandri:dev-689df52 dandri:dev-0aef017 dandri:dev-cea3bc3 dandri:dev-8bf12df dandri:dev-f3d0857 dandri:dev-9e52a6e dandri:dev-faf669b dandri:dev-e445b28 dandri:dev-2571ad7 dandri:dev-1c9d1f4 dandri:dev-fabb1cc dandri:dev-6a432a9 dandri:dev-4dc688c dandri:ARF-1.0.0 dandri:dev-585ce97 dandri:dev-592bf5f dandri:dev-3365fc4 dandri:dev-a37ba6b dandri:dev-730bb31 dandri:dev-ce085b6 dandri:dev-f4c753b dandri:dev-41191df dandri:dev-d5eb983 dandri:dev-a900aef dandri:dev-9f89d93 dandri:dev-03897a4 dandri:dev-76fbf79 dandri:dev-bafe135 dandri:dev-77b58fe dandri:dev-57dafbc dandri:dev-e116aba dandri:dev-fd9564e dandri:dev-de133eb dandri:dev-bfdf609 dandri:dev-72d3992 dandri:dev-c1d145c dandri:dev-6507bed dandri:dev-2d8f356 dandri:dev-aa03d59 dandri:dev-c1d1b65 dandri:dev-beb3c94 dandri:dev-d72836c dandri:dev-fbae977 dandri:dev-7c7a0a6 dandri:dev-8cc385b

16 Commits
dev-8bf12d ... dev-3a6da8

Author SHA1 Message Date
grugnoymeme
3a6da87288 hide Emulate choice in subghz saved menu for psa encrypted sub files bc useless, and moved PSA decrypt first
All checks were successful
Build Dev Firmware / build (push) Successful in 6m41s
Details
2026-03-17 20:17:21 +01:00
grugnoymeme
5d94639d81 Merge remote-tracking branch 'refs/remotes/origin/main' 2026-03-17 20:12:54 +01:00
grugnoymeme
5dcfc48e10 restored holtekS protocols bc super commons, fixed fiat spa, scheduled tea iterations for faster bf1 in psa, fixed progress bar's issue on 1 percent in psa decrypt, fmt protocol items 2026-03-17 20:07:07 +01:00
Andrea Santaniello
20a95b2fec Apprently using the bt thread to save the keys causes a crash due to the low memory
All checks were successful
Build Dev Firmware / build (push) Successful in 6m40s
Details
2026-03-17 17:24:03 +01:00
Andrea Santaniello
3605669cc5 Fixing crash on finding first good candidate
All checks were successful
Build Dev Firmware / build (push) Successful in 6m38s
Details
2026-03-17 15:28:16 +01:00
Andrea Santaniello
fb1c28a0dd Update subghz_scene_kl_bf_cleanup.c
All checks were successful
Build Dev Firmware / build (push) Successful in 6m42s
Details
2026-03-17 14:23:56 +01:00
Andrea Santaniello
64a971e806 Keeloq Bruteforcer updates
Some checks failed
Build Dev Firmware / build (push) Failing after 2m37s
Details
2026-03-17 14:01:27 +01:00
d4rks1d33
12db96a8ab Fix counter brute force, open window to 500ms per transmission making more stable
All checks were successful
Build Dev Firmware / build (push) Successful in 6m34s
Details
2026-03-16 21:41:33 -03:00
d4rks1d33
4b50b8b70c Fix warning UI
All checks were successful
Build Dev Firmware / build (push) Successful in 6m35s
Details
2026-03-16 20:09:04 -03:00
d4rks1d33
0f24f8c105 Added warning on counter bruteforce 2026-03-16 19:45:54 -03:00
Andrea Santaniello
238f39d0d8 Fixes 2026-03-16 23:39:22 +01:00
Andrea Santaniello
4c3581735b Better handling of the keeloq bf
All checks were successful
Build Dev Firmware / build (push) Successful in 6m23s
Details
2026-03-16 22:31:16 +01:00
Andrea Santaniello
689df5262d Compiler bitch fix
All checks were successful
Build Dev Firmware / build (push) Successful in 6m28s
Details
2026-03-16 17:57:09 +01:00
Andrea Santaniello
86c740d923 Preliminary stuff for phone accellerate Keeloq bruteforce
Some checks failed
Build Dev Firmware / build (push) Failing after 2m35s
Details
2026-03-16 16:55:25 +01:00
Andrea Santaniello
0aef017c15 New assets by GONZOsint (https://github.com/GONZOsint)
All checks were successful
Build Dev Firmware / build (push) Successful in 6m46s
Details
2026-03-16 13:57:23 +01:00
grugnoymeme
cea3bc3b6a fmt fiat marelli displayed datas and removed duplicates variant declaration in feed
All checks were successful
Build Dev Firmware / build (push) Successful in 6m25s
Details
2026-03-16 05:58:05 +01:00
39 changed files with 1799 additions and 2616 deletions
Expand all files Collapse all files

1
applications/main/subghz/helpers/subghz_types.h
View File

@@ -93,6 +93,7 @@ typedef enum {
SubGhzViewIdFrequencyAnalyzer,
SubGhzViewIdReadRAW,
SubGhzViewIdPsaDecrypt,
SubGhzViewIdKeeloqDecrypt,
} SubGhzViewId;

3
applications/main/subghz/scenes/subghz_scene_config.h
View File

@@ -30,4 +30,7 @@ ADD_SCENE(subghz, protocol_list, ProtocolList)
ADD_SCENE(subghz, keeloq_keys, KeeloqKeys)
ADD_SCENE(subghz, keeloq_key_edit, KeeloqKeyEdit)
ADD_SCENE(subghz, psa_decrypt, PsaDecrypt)
ADD_SCENE(subghz, keeloq_decrypt, KeeloqDecrypt)
ADD_SCENE(subghz, keeloq_bf2, KeeloqBf2)
ADD_SCENE(subghz, kl_bf_cleanup, KlBfCleanup)
ADD_SCENE(subghz, counter_bf, CounterBf)

131
applications/main/subghz/scenes/subghz_scene_counter_bf.c
View File

@@ -5,9 +5,10 @@
#define TAG "SubGhzCounterBf"
// How many ticks to wait between transmissions (1 tick ~100ms)
#define COUNTER_BF_TX_INTERVAL_TICKS 3
#define COUNTER_BF_TX_INTERVAL_TICKS 5
typedef enum {
CounterBfStateWarning,
CounterBfStateIdle,
CounterBfStateRunning,
CounterBfStateStopped,
@@ -22,8 +23,16 @@ typedef struct {
uint32_t tick_wait;
} CounterBfContext;
#define CounterBfEventStart (0xC0)
#define CounterBfEventStop (0xC1)
#define CounterBfEventStart (0xC0)
#define CounterBfEventStop (0xC1)
#define CounterBfEventWarningOk (0xC2)
static void counter_bf_warning_callback(GuiButtonType result, InputType type, void* context) {
SubGhz* subghz = context;
if(result == GuiButtonTypeCenter && type == InputTypeShort) {
view_dispatcher_send_custom_event(subghz->view_dispatcher, CounterBfEventWarningOk);
}
}
static void counter_bf_widget_callback(GuiButtonType result, InputType type, void* context) {
SubGhz* subghz = context;
@@ -32,18 +41,36 @@ static void counter_bf_widget_callback(GuiButtonType result, InputType type, voi
}
}
static void counter_bf_draw_warning(SubGhz* subghz) {
widget_reset(subghz->widget);
widget_add_string_multiline_element(
subghz->widget,
64,
20,
AlignCenter,
AlignCenter,
FontSecondary,
"WARNING:\nThis may desync\nyour fob!");
widget_add_button_element(
subghz->widget,
GuiButtonTypeCenter,
"OK",
counter_bf_warning_callback,
subghz);
}
static void counter_bf_draw(SubGhz* subghz, CounterBfContext* ctx) {
widget_reset(subghz->widget);
FuriString* str = furi_string_alloc();
furi_string_printf(
str,
"Counter BruteForce\n"
"Cnt: 0x%08lX\n"
"Sent: %lu pkts\n"
"Start: 0x%08lX",
ctx->current_cnt,
ctx->packets_sent,
ctx->start_cnt);
"Cnt: 0x%06lX\n"
"Start: 0x%06lX\n"
"Sent: %lu",
ctx->current_cnt & 0xFFFFFF,
ctx->start_cnt & 0xFFFFFF,
ctx->packets_sent);
widget_add_string_multiline_element(
subghz->widget, 0, 0, AlignLeft, AlignTop, FontSecondary, furi_string_get_cstr(str));
furi_string_free(str);
@@ -57,14 +84,12 @@ static void counter_bf_draw(SubGhz* subghz, CounterBfContext* ctx) {
}
static void counter_bf_save(SubGhz* subghz, CounterBfContext* ctx) {
// Escribir el Cnt final directamente en el archivo .sub en disco.
// No usar subghz_save_protocol_to_file() porque ese serializa el estado
// actual del encoder (que puede tener el Cnt ya incrementado internamente).
Storage* storage = furi_record_open(RECORD_STORAGE);
FlipperFormat* file_fff = flipper_format_buffered_file_alloc(storage);
if(flipper_format_buffered_file_open_existing(
file_fff, furi_string_get_cstr(subghz->file_path))) {
if(!flipper_format_update_uint32(file_fff, "Cnt", &ctx->current_cnt, 1)) {
uint32_t cnt = ctx->current_cnt & 0xFFFFFF;
if(!flipper_format_update_uint32(file_fff, "Cnt", &cnt, 1)) {
FURI_LOG_E(TAG, "Failed to update Cnt in .sub file");
}
} else {
@@ -77,16 +102,15 @@ static void counter_bf_save(SubGhz* subghz, CounterBfContext* ctx) {
static void counter_bf_send(SubGhz* subghz, CounterBfContext* ctx) {
subghz_txrx_stop(subghz->txrx);
FlipperFormat* fff = subghz_txrx_get_fff_data(subghz->txrx);
uint32_t delta = (ctx->current_cnt - ctx->start_cnt) & 0xFFFFFF;
furi_hal_subghz_set_rolling_counter_mult((int32_t)delta);
subghz_block_generic_global_counter_override_set(ctx->current_cnt & 0xFFFFFF);
FlipperFormat* fff = subghz_txrx_get_fff_data(subghz->txrx);
uint32_t repeat = 20;
flipper_format_rewind(fff);
flipper_format_update_uint32(fff, "Repeat", &repeat, 1);
// Actualizar Cnt DESPUES de Repeat (update es secuencial en el buffer)
flipper_format_rewind(fff);
flipper_format_update_uint32(fff, "Cnt", &ctx->current_cnt, 1);
subghz_tx_start(subghz, fff);
ctx->packets_sent++;
@@ -98,42 +122,38 @@ void subghz_scene_counter_bf_on_enter(void* context) {
CounterBfContext* ctx = malloc(sizeof(CounterBfContext));
memset(ctx, 0, sizeof(CounterBfContext));
ctx->state = CounterBfStateIdle;
ctx->state = CounterBfStateWarning;
ctx->step = 1;
furi_hal_subghz_set_rolling_counter_mult(0);
subghz_key_load(subghz, furi_string_get_cstr(subghz->file_path), false);
// FIX: Leer el Cnt DIRECTAMENTE del archivo en disco con un FlipperFormat
// propio, completamente separado del fff en memoria (que puede tener el Cnt
// modificado por TXs previas y no refleja el estado real del .sub).
{
Storage* storage = furi_record_open(RECORD_STORAGE);
FlipperFormat* file_fff = flipper_format_buffered_file_alloc(storage);
if(flipper_format_buffered_file_open_existing(
file_fff, furi_string_get_cstr(subghz->file_path))) {
uint32_t cnt = 0;
if(flipper_format_read_uint32(file_fff, "Cnt", &cnt, 1)) {
ctx->current_cnt = cnt;
ctx->start_cnt = cnt;
} else {
FURI_LOG_W(TAG, "Cnt field not found in file");
}
FlipperFormat* fff = subghz_txrx_get_fff_data(subghz->txrx);
flipper_format_rewind(fff);
uint32_t cnt = 0;
if(flipper_format_read_uint32(fff, "Cnt", &cnt, 1)) {
ctx->current_cnt = cnt & 0xFFFFFF;
ctx->start_cnt = cnt & 0xFFFFFF;
} else {
FURI_LOG_E(TAG, "Failed to open .sub file for Cnt read");
FURI_LOG_W(TAG, "Cnt not in fff after key_load, reading from disk");
Storage* storage = furi_record_open(RECORD_STORAGE);
FlipperFormat* file_fff = flipper_format_buffered_file_alloc(storage);
if(flipper_format_buffered_file_open_existing(
file_fff, furi_string_get_cstr(subghz->file_path))) {
if(flipper_format_read_uint32(file_fff, "Cnt", &cnt, 1)) {
ctx->current_cnt = cnt & 0xFFFFFF;
ctx->start_cnt = cnt & 0xFFFFFF;
}
}
flipper_format_free(file_fff);
furi_record_close(RECORD_STORAGE);
}
flipper_format_free(file_fff);
furi_record_close(RECORD_STORAGE);
}
scene_manager_set_scene_state(
subghz->scene_manager, SubGhzSceneCounterBf, (uint32_t)(uintptr_t)ctx);
// Deshabilitar auto-increment del protocolo para controlar el Cnt manualmente
furi_hal_subghz_set_rolling_counter_mult(0);
// Recargar el protocolo DESPUES de haber leído el Cnt del disco,
// para preparar el fff para TX sin que pise nuestro valor leído.
subghz_key_load(subghz, furi_string_get_cstr(subghz->file_path), false);
counter_bf_draw(subghz, ctx);
counter_bf_draw_warning(subghz);
view_dispatcher_switch_to_view(subghz->view_dispatcher, SubGhzViewIdWidget);
}
@@ -144,15 +164,21 @@ bool subghz_scene_counter_bf_on_event(void* context, SceneManagerEvent event) {
if(!ctx) return false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == CounterBfEventWarningOk) {
ctx->state = CounterBfStateIdle;
counter_bf_draw(subghz, ctx);
return true;
}
if(event.event == CounterBfEventStart) {
if(ctx->state == CounterBfStateWarning) return true;
if(ctx->state != CounterBfStateRunning) {
ctx->state = CounterBfStateRunning;
ctx->tick_wait = 0;
subghz->state_notifications = SubGhzNotificationStateTx;
counter_bf_send(subghz, ctx);
} else {
// FIX 2: Al detener, guardar el contador actual en el .sub
// para que al volver a emular manualmente continúe desde acá.
ctx->state = CounterBfStateStopped;
subghz_txrx_stop(subghz->txrx);
subghz->state_notifications = SubGhzNotificationStateIDLE;
@@ -167,19 +193,24 @@ bool subghz_scene_counter_bf_on_event(void* context, SceneManagerEvent event) {
if(ctx->tick_wait > 0) {
ctx->tick_wait--;
} else {
ctx->current_cnt += ctx->step;
ctx->current_cnt = (ctx->current_cnt + ctx->step) & 0xFFFFFF;
counter_bf_send(subghz, ctx);
counter_bf_save(subghz, ctx);
counter_bf_draw(subghz, ctx);
}
}
return true;
} else if(event.type == SceneManagerEventTypeBack) {
if(ctx->state == CounterBfStateWarning) {
furi_hal_subghz_set_rolling_counter_mult(1);
free(ctx);
scene_manager_previous_scene(subghz->scene_manager);
return true;
}
subghz_txrx_stop(subghz->txrx);
subghz->state_notifications = SubGhzNotificationStateIDLE;
// FIX 2 (también en Back): guardar siempre al salir
counter_bf_save(subghz, ctx);
furi_hal_subghz_set_rolling_counter_mult(1);
free(ctx);
scene_manager_previous_scene(subghz->scene_manager);

253
applications/main/subghz/scenes/subghz_scene_keeloq_bf2.c Normal file
View File

@@ -0,0 +1,253 @@
#include "../subghz_i.h"
#include <lib/subghz/protocols/keeloq.h>
#include <dialogs/dialogs.h>
enum {
KlBf2IndexLoadSig1,
KlBf2IndexLoadSig2,
KlBf2IndexType,
KlBf2IndexStartBf,
};
static const char* kl_bf2_type_labels[] = {
"Type: Auto (6>7>8)",
"Type: 6 (Serial 1)",
"Type: 7 (Serial 2)",
"Type: 8 (Serial 3)",
};
static const uint8_t kl_bf2_type_values[] = {0, 6, 7, 8};
static bool kl_bf2_extract_key(SubGhz* subghz, uint32_t* out_fix, uint32_t* out_hop) {
FlipperFormat* fff = subghz_txrx_get_fff_data(subghz->txrx);
flipper_format_rewind(fff);
uint8_t key_data[8] = {0};
if(!flipper_format_read_hex(fff, "Key", key_data, 8)) return false;
*out_fix = ((uint32_t)key_data[0] << 24) | ((uint32_t)key_data[1] << 16) |
((uint32_t)key_data[2] << 8) | key_data[3];
*out_hop = ((uint32_t)key_data[4] << 24) | ((uint32_t)key_data[5] << 16) |
((uint32_t)key_data[6] << 8) | key_data[7];
return true;
}
static bool kl_bf2_is_keeloq(SubGhz* subghz) {
FlipperFormat* fff = subghz_txrx_get_fff_data(subghz->txrx);
flipper_format_rewind(fff);
FuriString* proto = furi_string_alloc();
bool ok = flipper_format_read_string(fff, "Protocol", proto) &&
furi_string_equal_str(proto, "KeeLoq");
furi_string_free(proto);
return ok;
}
static void kl_bf2_submenu_callback(void* context, uint32_t index) {
SubGhz* subghz = context;
view_dispatcher_send_custom_event(subghz->view_dispatcher, index);
}
static bool kl_bf2_load_signal(SubGhz* subghz, FuriString* out_path) {
DialogsFileBrowserOptions browser_options;
dialog_file_browser_set_basic_options(
&browser_options, SUBGHZ_APP_FILENAME_EXTENSION, &I_sub1_10px);
browser_options.base_path = SUBGHZ_APP_FOLDER;
FuriString* selected = furi_string_alloc();
furi_string_set(selected, SUBGHZ_APP_FOLDER);
bool res = dialog_file_browser_show(subghz->dialogs, selected, selected, &browser_options);
if(res) {
res = subghz_key_load(subghz, furi_string_get_cstr(selected), true);
if(res) {
furi_string_set(out_path, selected);
}
}
furi_string_free(selected);
return res;
}
static void kl_bf2_rebuild_menu(SubGhz* subghz) {
submenu_reset(subghz->submenu);
char label1[64];
char label2[64];
if(subghz->keeloq_bf2.sig1_loaded) {
FuriString* name = furi_string_alloc();
path_extract_filename(subghz->keeloq_bf2.sig1_path, name, true);
snprintf(label1, sizeof(label1), "Sig 1: %s", furi_string_get_cstr(name));
furi_string_free(name);
} else {
snprintf(label1, sizeof(label1), "Load Signal 1");
}
if(subghz->keeloq_bf2.sig2_loaded) {
FuriString* name = furi_string_alloc();
path_extract_filename(subghz->keeloq_bf2.sig2_path, name, true);
snprintf(label2, sizeof(label2), "Sig 2: %s", furi_string_get_cstr(name));
furi_string_free(name);
} else {
snprintf(label2, sizeof(label2), "Load Signal 2");
}
submenu_add_item(
subghz->submenu, label1, KlBf2IndexLoadSig1,
kl_bf2_submenu_callback, subghz);
submenu_add_item(
subghz->submenu, label2, KlBf2IndexLoadSig2,
kl_bf2_submenu_callback, subghz);
int type_idx = 0;
for(int i = 0; i < 4; i++) {
if(kl_bf2_type_values[i] == subghz->keeloq_bf2.learn_type) {
type_idx = i;
break;
}
}
submenu_add_item(
subghz->submenu, kl_bf2_type_labels[type_idx], KlBf2IndexType,
kl_bf2_submenu_callback, subghz);
if(subghz->keeloq_bf2.sig1_loaded && subghz->keeloq_bf2.sig2_loaded) {
submenu_add_item(
subghz->submenu, "Start BF", KlBf2IndexStartBf,
kl_bf2_submenu_callback, subghz);
}
view_dispatcher_switch_to_view(subghz->view_dispatcher, SubGhzViewIdMenu);
}
void subghz_scene_keeloq_bf2_on_enter(void* context) {
SubGhz* subghz = context;
subghz->keeloq_bf2.sig1_loaded = false;
subghz->keeloq_bf2.sig2_loaded = false;
subghz->keeloq_bf2.learn_type = 0;
kl_bf2_rebuild_menu(subghz);
}
bool subghz_scene_keeloq_bf2_on_event(void* context, SceneManagerEvent event) {
SubGhz* subghz = context;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == KlBf2IndexLoadSig1) {
FuriString* path = furi_string_alloc();
if(kl_bf2_load_signal(subghz, path)) {
if(!kl_bf2_is_keeloq(subghz)) {
dialog_message_show_storage_error(
subghz->dialogs, "Not a KeeLoq\nprotocol file");
furi_string_free(path);
kl_bf2_rebuild_menu(subghz);
return true;
}
uint32_t fix, hop;
if(!kl_bf2_extract_key(subghz, &fix, &hop)) {
dialog_message_show_storage_error(
subghz->dialogs, "Cannot read Key\nfrom file");
furi_string_free(path);
kl_bf2_rebuild_menu(subghz);
return true;
}
subghz->keeloq_bf2.fix = fix;
subghz->keeloq_bf2.hop1 = hop;
subghz->keeloq_bf2.serial = fix & 0x0FFFFFFF;
subghz->keeloq_bf2.sig1_loaded = true;
furi_string_set(subghz->keeloq_bf2.sig1_path, path);
subghz->keeloq_bf2.sig2_loaded = false;
}
furi_string_free(path);
kl_bf2_rebuild_menu(subghz);
return true;
} else if(event.event == KlBf2IndexLoadSig2) {
if(!subghz->keeloq_bf2.sig1_loaded) {
dialog_message_show_storage_error(
subghz->dialogs, "Load Signal 1 first");
kl_bf2_rebuild_menu(subghz);
return true;
}
FuriString* path = furi_string_alloc();
if(kl_bf2_load_signal(subghz, path)) {
if(!kl_bf2_is_keeloq(subghz)) {
dialog_message_show_storage_error(
subghz->dialogs, "Not a KeeLoq\nprotocol file");
furi_string_free(path);
kl_bf2_rebuild_menu(subghz);
return true;
}
uint32_t fix2, hop2;
if(!kl_bf2_extract_key(subghz, &fix2, &hop2)) {
dialog_message_show_storage_error(
subghz->dialogs, "Cannot read Key\nfrom file");
furi_string_free(path);
kl_bf2_rebuild_menu(subghz);
return true;
}
uint32_t serial2 = fix2 & 0x0FFFFFFF;
if(serial2 != subghz->keeloq_bf2.serial) {
dialog_message_show_storage_error(
subghz->dialogs, "Serial mismatch!\nMust be same remote");
furi_string_free(path);
kl_bf2_rebuild_menu(subghz);
return true;
}
if(hop2 == subghz->keeloq_bf2.hop1) {
dialog_message_show_storage_error(
subghz->dialogs, "Same hop code!\nUse a different\ncapture");
furi_string_free(path);
kl_bf2_rebuild_menu(subghz);
return true;
}
subghz->keeloq_bf2.hop2 = hop2;
subghz->keeloq_bf2.sig2_loaded = true;
furi_string_set(subghz->keeloq_bf2.sig2_path, path);
}
furi_string_free(path);
kl_bf2_rebuild_menu(subghz);
return true;
} else if(event.event == KlBf2IndexType) {
uint8_t cur = subghz->keeloq_bf2.learn_type;
if(cur == 0) cur = 6;
else if(cur == 6) cur = 7;
else if(cur == 7) cur = 8;
else cur = 0;
subghz->keeloq_bf2.learn_type = cur;
kl_bf2_rebuild_menu(subghz);
return true;
} else if(event.event == KlBf2IndexStartBf) {
if(!subghz->keeloq_bf2.sig1_loaded || !subghz->keeloq_bf2.sig2_loaded) {
return true;
}
if(!subghz_key_load(
subghz,
furi_string_get_cstr(subghz->keeloq_bf2.sig1_path),
true)) {
dialog_message_show_storage_error(
subghz->dialogs, "Cannot reload\nSignal 1");
kl_bf2_rebuild_menu(subghz);
return true;
}
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneKeeloqDecrypt);
return true;
}
}
return false;
}
void subghz_scene_keeloq_bf2_on_exit(void* context) {
SubGhz* subghz = context;
submenu_reset(subghz->submenu);
}

284
applications/main/subghz/scenes/subghz_scene_keeloq_decrypt.c Normal file
View File

@@ -0,0 +1,284 @@
#include "../subghz_i.h"
#include "../helpers/subghz_txrx_i.h"
#include <lib/subghz/protocols/keeloq.h>
#include <lib/subghz/protocols/keeloq_common.h>
#include <lib/subghz/environment.h>
#include <lib/subghz/subghz_keystore.h>
#include <furi.h>
#include <bt/bt_service/bt.h>
#define KL_DECRYPT_EVENT_DONE (0xD2)
#define KL_DECRYPT_EVENT_CANDIDATE (0xD3)
#define KL_TOTAL_KEYS 0x100000000ULL
#define KL_MSG_BF_REQUEST 0x10
#define KL_MSG_BF_PROGRESS 0x11
#define KL_MSG_BF_RESULT 0x12
#define KL_MSG_BF_CANCEL 0x13
typedef struct {
SubGhz* subghz;
volatile bool cancel;
uint32_t start_tick;
bool success;
FuriString* result;
uint32_t fix;
uint32_t hop;
uint32_t serial;
uint8_t btn;
uint16_t disc;
uint32_t hop2;
uint32_t candidate_count;
uint64_t recovered_mfkey;
uint16_t recovered_type;
uint32_t recovered_cnt;
bool ble_offload;
} KlDecryptCtx;
static void kl_ble_data_received(uint8_t* data, uint16_t size, void* context) {
KlDecryptCtx* ctx = context;
if(size < 1 || ctx->cancel) return;
if(data[0] == KL_MSG_BF_PROGRESS && size >= 10) {
uint32_t keys_tested, keys_per_sec;
memcpy(&keys_tested, data + 2, 4);
memcpy(&keys_per_sec, data + 6, 4);
uint32_t elapsed_sec = (furi_get_tick() - ctx->start_tick) / 1000;
uint32_t remaining = (keys_tested > 0) ? (0xFFFFFFFFU - keys_tested) : 0xFFFFFFFFU;
uint32_t eta_sec = (keys_per_sec > 0) ? (remaining / keys_per_sec) : 0;
uint8_t pct = (uint8_t)((uint64_t)keys_tested * 100 / 0xFFFFFFFFULL);
subghz_view_keeloq_decrypt_update_stats(
ctx->subghz->subghz_keeloq_decrypt, pct, keys_tested, keys_per_sec, elapsed_sec, eta_sec);
} else if(data[0] == KL_MSG_BF_RESULT && size >= 26) {
uint8_t found = data[1];
if(found == 1) {
uint64_t mfkey = 0;
uint32_t cnt = 0;
memcpy(&mfkey, data + 2, 8);
memcpy(&cnt, data + 18, 4);
uint16_t learn_type = (size >= 27) ? data[26] : 6;
ctx->candidate_count++;
ctx->recovered_mfkey = mfkey;
ctx->recovered_type = learn_type;
ctx->recovered_cnt = cnt;
subghz_view_keeloq_decrypt_update_candidates(
ctx->subghz->subghz_keeloq_decrypt, ctx->candidate_count);
view_dispatcher_send_custom_event(
ctx->subghz->view_dispatcher, KL_DECRYPT_EVENT_CANDIDATE);
} else if(found == 2) {
ctx->success = (ctx->candidate_count > 0);
view_dispatcher_send_custom_event(
ctx->subghz->view_dispatcher, KL_DECRYPT_EVENT_DONE);
}
}
}
static void kl_ble_cleanup(KlDecryptCtx* ctx) {
if(!ctx->ble_offload) return;
Bt* bt = furi_record_open(RECORD_BT);
bt_set_custom_data_callback(bt, NULL, NULL);
furi_record_close(RECORD_BT);
ctx->ble_offload = false;
}
static bool kl_ble_start_offload(KlDecryptCtx* ctx) {
Bt* bt = furi_record_open(RECORD_BT);
if(!bt_is_connected(bt)) {
furi_record_close(RECORD_BT);
return false;
}
bt_set_custom_data_callback(bt, kl_ble_data_received, ctx);
uint8_t req[18];
req[0] = KL_MSG_BF_REQUEST;
req[1] = ctx->subghz->keeloq_bf2.learn_type;
memcpy(req + 2, &ctx->fix, 4);
memcpy(req + 6, &ctx->hop, 4);
memcpy(req + 10, &ctx->hop2, 4);
memcpy(req + 14, &ctx->serial, 4);
bt_custom_data_tx(bt, req, sizeof(req));
furi_record_close(RECORD_BT);
ctx->ble_offload = true;
subghz_view_keeloq_decrypt_set_status(
ctx->subghz->subghz_keeloq_decrypt, "[BT] Offloading...");
return true;
}
static void kl_decrypt_view_callback(SubGhzCustomEvent event, void* context) {
SubGhz* subghz = context;
view_dispatcher_send_custom_event(subghz->view_dispatcher, event);
}
void subghz_scene_keeloq_decrypt_on_enter(void* context) {
SubGhz* subghz = context;
KlDecryptCtx* ctx = malloc(sizeof(KlDecryptCtx));
memset(ctx, 0, sizeof(KlDecryptCtx));
ctx->subghz = subghz;
ctx->result = furi_string_alloc_set("No result");
FlipperFormat* fff = subghz_txrx_get_fff_data(subghz->txrx);
flipper_format_rewind(fff);
uint8_t key_data[8] = {0};
if(flipper_format_read_hex(fff, "Key", key_data, 8)) {
ctx->fix = ((uint32_t)key_data[0] << 24) | ((uint32_t)key_data[1] << 16) |
((uint32_t)key_data[2] << 8) | key_data[3];
ctx->hop = ((uint32_t)key_data[4] << 24) | ((uint32_t)key_data[5] << 16) |
((uint32_t)key_data[6] << 8) | key_data[7];
}
ctx->serial = ctx->fix & 0x0FFFFFFF;
ctx->btn = ctx->fix >> 28;
ctx->disc = ctx->serial & 0x3FF;
ctx->hop2 = subghz->keeloq_bf2.sig2_loaded ? subghz->keeloq_bf2.hop2 : 0;
scene_manager_set_scene_state(
subghz->scene_manager, SubGhzSceneKeeloqDecrypt, (uint32_t)(uintptr_t)ctx);
subghz_view_keeloq_decrypt_reset(subghz->subghz_keeloq_decrypt);
subghz_view_keeloq_decrypt_set_callback(
subghz->subghz_keeloq_decrypt, kl_decrypt_view_callback, subghz);
view_dispatcher_switch_to_view(subghz->view_dispatcher, SubGhzViewIdKeeloqDecrypt);
ctx->start_tick = furi_get_tick();
if(!kl_ble_start_offload(ctx)) {
char msg[128];
snprintf(msg, sizeof(msg),
"No BLE connection!\n"
"Connect companion app\n"
"and try again.\n\n"
"Fix:0x%08lX\nHop:0x%08lX",
ctx->fix, ctx->hop);
subghz_view_keeloq_decrypt_set_result(
subghz->subghz_keeloq_decrypt, false, msg);
}
}
bool subghz_scene_keeloq_decrypt_on_event(void* context, SceneManagerEvent event) {
SubGhz* subghz = context;
KlDecryptCtx* ctx = (KlDecryptCtx*)(uintptr_t)scene_manager_get_scene_state(
subghz->scene_manager, SubGhzSceneKeeloqDecrypt);
if(!ctx) return false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == KL_DECRYPT_EVENT_CANDIDATE) {
if(!subghz->keeloq_keys_manager) {
subghz->keeloq_keys_manager = subghz_keeloq_keys_alloc();
}
char key_name[24];
snprintf(key_name, sizeof(key_name), "BF_%07lX", ctx->serial);
subghz_keeloq_keys_add(
subghz->keeloq_keys_manager,
ctx->recovered_mfkey,
ctx->recovered_type,
key_name);
subghz_keeloq_keys_save(subghz->keeloq_keys_manager);
SubGhzKeystore* env_ks = subghz_environment_get_keystore(
subghz->txrx->environment);
SubGhzKeyArray_t* env_arr = subghz_keystore_get_data(env_ks);
SubGhzKey* entry = SubGhzKeyArray_push_raw(*env_arr);
entry->name = furi_string_alloc_set(key_name);
entry->key = ctx->recovered_mfkey;
entry->type = ctx->recovered_type;
return true;
} else if(event.event == KL_DECRYPT_EVENT_DONE) {
kl_ble_cleanup(ctx);
subghz->keeloq_bf2.sig1_loaded = false;
subghz->keeloq_bf2.sig2_loaded = false;
if(ctx->success) {
furi_string_printf(
ctx->result,
"Found %lu candidate(s)\n"
"Last: %08lX%08lX\n"
"Type:%u Cnt:%04lX\n"
"Saved to user keys",
ctx->candidate_count,
(uint32_t)(ctx->recovered_mfkey >> 32),
(uint32_t)(ctx->recovered_mfkey & 0xFFFFFFFF),
ctx->recovered_type,
ctx->recovered_cnt);
FlipperFormat* fff = subghz_txrx_get_fff_data(subghz->txrx);
flipper_format_rewind(fff);
char mf_str[20];
snprintf(mf_str, sizeof(mf_str), "BF_%07lX", ctx->serial);
flipper_format_insert_or_update_string_cstr(fff, "Manufacture", mf_str);
uint32_t cnt_val = ctx->recovered_cnt;
flipper_format_rewind(fff);
flipper_format_insert_or_update_uint32(fff, "Cnt", &cnt_val, 1);
if(ctx->hop2 != 0) {
flipper_format_rewind(fff);
flipper_format_insert_or_update_uint32(fff, "Hop2", &ctx->hop2, 1);
}
if(subghz_path_is_file(subghz->file_path)) {
subghz_save_protocol_to_file(
subghz,
subghz_txrx_get_fff_data(subghz->txrx),
furi_string_get_cstr(subghz->file_path));
}
subghz_view_keeloq_decrypt_set_result(
subghz->subghz_keeloq_decrypt, true, furi_string_get_cstr(ctx->result));
} else if(!ctx->cancel) {
subghz_view_keeloq_decrypt_set_result(
subghz->subghz_keeloq_decrypt, false,
"Key NOT found.\nNo matching key in\n2^32 search space.");
} else {
subghz_view_keeloq_decrypt_set_result(
subghz->subghz_keeloq_decrypt, false, "Cancelled.");
}
return true;
} else if(event.event == SubGhzCustomEventViewTransmitterBack) {
if(ctx->ble_offload) {
Bt* bt = furi_record_open(RECORD_BT);
uint8_t cancel_msg = KL_MSG_BF_CANCEL;
bt_custom_data_tx(bt, &cancel_msg, 1);
furi_record_close(RECORD_BT);
}
ctx->cancel = true;
scene_manager_previous_scene(subghz->scene_manager);
return true;
}
}
return false;
}
void subghz_scene_keeloq_decrypt_on_exit(void* context) {
SubGhz* subghz = context;
KlDecryptCtx* ctx = (KlDecryptCtx*)(uintptr_t)scene_manager_get_scene_state(
subghz->scene_manager, SubGhzSceneKeeloqDecrypt);
if(ctx) {
kl_ble_cleanup(ctx);
ctx->cancel = true;
furi_string_free(ctx->result);
free(ctx);
scene_manager_set_scene_state(subghz->scene_manager, SubGhzSceneKeeloqDecrypt, 0);
}
}

141
applications/main/subghz/scenes/subghz_scene_kl_bf_cleanup.c Normal file
View File

@@ -0,0 +1,141 @@
#include "../subghz_i.h"
#include <lib/subghz/protocols/keeloq_common.h>
typedef struct {
uint32_t serial;
uint32_t fix;
uint32_t hop;
uint32_t hop2;
uint8_t btn;
uint16_t disc;
size_t bf_indices[32];
size_t bf_count;
size_t valid_indices[32];
size_t valid_count;
} KlCleanupCtx;
static bool kl_cleanup_validate_hop(uint64_t key, uint32_t hop, uint8_t btn, uint16_t disc) {
uint32_t dec = subghz_protocol_keeloq_common_decrypt(hop, key);
if((dec >> 28) != btn) return false;
uint16_t dec_disc = (dec >> 16) & 0x3FF;
if(dec_disc == disc) return true;
if((dec_disc & 0xFF) == (disc & 0xFF)) return true;
return false;
}
static bool kl_cleanup_validate_key(uint64_t key, uint32_t hop1, uint32_t hop2, uint8_t btn, uint16_t disc) {
if(!kl_cleanup_validate_hop(key, hop1, btn, disc)) return false;
if(hop2 == 0) return true;
if(!kl_cleanup_validate_hop(key, hop2, btn, disc)) return false;
uint32_t dec1 = subghz_protocol_keeloq_common_decrypt(hop1, key);
uint32_t dec2 = subghz_protocol_keeloq_common_decrypt(hop2, key);
uint16_t cnt1 = dec1 & 0xFFFF;
uint16_t cnt2 = dec2 & 0xFFFF;
int diff = (int)cnt2 - (int)cnt1;
return (diff >= 1 && diff <= 256);
}
void subghz_scene_kl_bf_cleanup_on_enter(void* context) {
SubGhz* subghz = context;
KlCleanupCtx* ctx = malloc(sizeof(KlCleanupCtx));
memset(ctx, 0, sizeof(KlCleanupCtx));
FlipperFormat* fff = subghz_txrx_get_fff_data(subghz->txrx);
flipper_format_rewind(fff);
uint8_t key_data[8] = {0};
if(flipper_format_read_hex(fff, "Key", key_data, 8)) {
ctx->fix = ((uint32_t)key_data[0] << 24) | ((uint32_t)key_data[1] << 16) |
((uint32_t)key_data[2] << 8) | key_data[3];
ctx->hop = ((uint32_t)key_data[4] << 24) | ((uint32_t)key_data[5] << 16) |
((uint32_t)key_data[6] << 8) | key_data[7];
ctx->serial = ctx->fix & 0x0FFFFFFF;
ctx->btn = ctx->fix >> 28;
ctx->disc = ctx->serial & 0x3FF;
}
ctx->hop2 = 0;
flipper_format_rewind(fff);
flipper_format_read_uint32(fff, "Hop2", &ctx->hop2, 1);
scene_manager_set_scene_state(
subghz->scene_manager, SubGhzSceneKlBfCleanup, (uint32_t)(uintptr_t)ctx);
if(!subghz->keeloq_keys_manager) {
subghz->keeloq_keys_manager = subghz_keeloq_keys_alloc();
}
char bf_name[24];
snprintf(bf_name, sizeof(bf_name), "BF_%07lX", ctx->serial);
size_t user_count = subghz_keeloq_keys_user_count(subghz->keeloq_keys_manager);
ctx->bf_count = 0;
ctx->valid_count = 0;
for(size_t i = 0; i < user_count && ctx->bf_count < 32; i++) {
SubGhzKey* k = subghz_keeloq_keys_get(subghz->keeloq_keys_manager, i);
if(!k || !k->name) continue;
const char* name = furi_string_get_cstr(k->name);
if(strcmp(name, bf_name) == 0) {
ctx->bf_indices[ctx->bf_count] = i;
if(kl_cleanup_validate_key(k->key, ctx->hop, ctx->hop2, ctx->btn, ctx->disc)) {
ctx->valid_indices[ctx->valid_count++] = i;
}
ctx->bf_count++;
}
}
FuriString* msg = furi_string_alloc();
if(ctx->bf_count == 0) {
furi_string_set_str(msg, "No BF candidate keys\nfound for this serial.");
} else if(ctx->bf_count == 1) {
furi_string_set_str(msg, "Only 1 BF key exists.\nNothing to clean up.");
} else if(ctx->valid_count == 1) {
size_t deleted = 0;
for(int i = (int)ctx->bf_count - 1; i >= 0; i--) {
if(ctx->bf_indices[i] != ctx->valid_indices[0]) {
subghz_keeloq_keys_delete(subghz->keeloq_keys_manager, ctx->bf_indices[i]);
deleted++;
}
}
subghz_keeloq_keys_save(subghz->keeloq_keys_manager);
furi_string_printf(msg,
"Cleaned %u keys.\nKept valid key:\n%s",
deleted, bf_name);
} else if(ctx->valid_count == 0) {
furi_string_printf(msg,
"%u BF keys found\nbut none validates\nhop. Kept all.",
ctx->bf_count);
} else {
furi_string_printf(msg,
"%u BF keys, %u valid.\nCannot auto-select.\nKept all.",
ctx->bf_count, ctx->valid_count);
}
widget_add_text_scroll_element(subghz->widget, 0, 0, 128, 64, furi_string_get_cstr(msg));
furi_string_free(msg);
view_dispatcher_switch_to_view(subghz->view_dispatcher, SubGhzViewIdWidget);
}
bool subghz_scene_kl_bf_cleanup_on_event(void* context, SceneManagerEvent event) {
UNUSED(context);
UNUSED(event);
return false;
}
void subghz_scene_kl_bf_cleanup_on_exit(void* context) {
SubGhz* subghz = context;
KlCleanupCtx* ctx = (KlCleanupCtx*)(uintptr_t)scene_manager_get_scene_state(
subghz->scene_manager, SubGhzSceneKlBfCleanup);
if(ctx) {
free(ctx);
scene_manager_set_scene_state(subghz->scene_manager, SubGhzSceneKlBfCleanup, 0);
}
widget_reset(subghz->widget);
}

47
applications/main/subghz/scenes/subghz_scene_saved_menu.c
View File

@@ -2,10 +2,10 @@
enum SubmenuIndex {
SubmenuIndexEmulate,
SubmenuIndexPsaDecrypt,
SubmenuIndexEdit,
SubmenuIndexDelete,
SubmenuIndexSignalSettings,
SubmenuIndexPsaDecrypt,
SubmenuIndexCounterBf
};
@@ -17,7 +17,6 @@ void subghz_scene_saved_menu_submenu_callback(void* context, uint32_t index) {
void subghz_scene_saved_menu_on_enter(void* context) {
SubGhz* subghz = context;
// Check protocol type for conditional menu items
FlipperFormat* fff = subghz_txrx_get_fff_data(subghz->txrx);
bool is_psa_encrypted = false;
bool has_counter = false;
@@ -26,7 +25,6 @@ void subghz_scene_saved_menu_on_enter(void* context) {
flipper_format_rewind(fff);
if(flipper_format_read_string(fff, "Protocol", proto)) {
if(furi_string_equal_str(proto, "PSA GROUP")) {
// Check if Type field is missing or zero (not yet decrypted)
FuriString* type_str = furi_string_alloc();
flipper_format_rewind(fff);
if(!flipper_format_read_string(fff, "Type", type_str) ||
@@ -39,7 +37,6 @@ void subghz_scene_saved_menu_on_enter(void* context) {
furi_string_free(proto);
}
// Check if protocol has a Cnt field (supports counter bruteforce)
if(fff) {
uint32_t cnt_tmp = 0;
flipper_format_rewind(fff);
@@ -48,12 +45,23 @@ void subghz_scene_saved_menu_on_enter(void* context) {
}
}
submenu_add_item(
subghz->submenu,
"Emulate",
SubmenuIndexEmulate,
subghz_scene_saved_menu_submenu_callback,
subghz);
if(!is_psa_encrypted) {
submenu_add_item(
subghz->submenu,
"Emulate",
SubmenuIndexEmulate,
subghz_scene_saved_menu_submenu_callback,
subghz);
}
if(is_psa_encrypted) {
submenu_add_item(
subghz->submenu,
"PSA Decrypt",
SubmenuIndexPsaDecrypt,
subghz_scene_saved_menu_submenu_callback,
subghz);
}
submenu_add_item(
subghz->submenu,
@@ -76,15 +84,8 @@ void subghz_scene_saved_menu_on_enter(void* context) {
SubmenuIndexSignalSettings,
subghz_scene_saved_menu_submenu_callback,
subghz);
};
if(is_psa_encrypted) {
submenu_add_item(
subghz->submenu,
"PSA Decrypt",
SubmenuIndexPsaDecrypt,
subghz_scene_saved_menu_submenu_callback,
subghz);
}
if(has_counter) {
submenu_add_item(
subghz->submenu,
@@ -110,6 +111,11 @@ bool subghz_scene_saved_menu_on_event(void* context, SceneManagerEvent event) {
subghz->scene_manager, SubGhzSceneSavedMenu, SubmenuIndexEmulate);
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneTransmitter);
return true;
} else if(event.event == SubmenuIndexPsaDecrypt) {
scene_manager_set_scene_state(
subghz->scene_manager, SubGhzSceneSavedMenu, SubmenuIndexPsaDecrypt);
scene_manager_next_scene(subghz->scene_manager, SubGhzScenePsaDecrypt);
return true;
} else if(event.event == SubmenuIndexDelete) {
scene_manager_set_scene_state(
subghz->scene_manager, SubGhzSceneSavedMenu, SubmenuIndexDelete);
@@ -125,11 +131,6 @@ bool subghz_scene_saved_menu_on_event(void* context, SceneManagerEvent event) {
subghz->scene_manager, SubGhzSceneSavedMenu, SubmenuIndexSignalSettings);
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneSignalSettings);
return true;
} else if(event.event == SubmenuIndexPsaDecrypt) {
scene_manager_set_scene_state(
subghz->scene_manager, SubGhzSceneSavedMenu, SubmenuIndexPsaDecrypt);
scene_manager_next_scene(subghz->scene_manager, SubGhzScenePsaDecrypt);
return true;
} else if(event.event == SubmenuIndexCounterBf) {
scene_manager_set_scene_state(
subghz->scene_manager, SubGhzSceneSavedMenu, SubmenuIndexCounterBf);

11
applications/main/subghz/scenes/subghz_scene_start.c
View File

@@ -55,6 +55,12 @@ void subghz_scene_start_on_enter(void* context) {
SubmenuIndexKeeloqKeys,
subghz_scene_start_submenu_callback,
subghz);
submenu_add_item(
subghz->submenu,
"KeeLoq BF (2 Signals)",
SubmenuIndexKeeloqBf2,
subghz_scene_start_submenu_callback,
subghz);
submenu_set_selected_item(
subghz->submenu, scene_manager_get_scene_state(subghz->scene_manager, SubGhzSceneStart));
@@ -112,6 +118,11 @@ bool subghz_scene_start_on_event(void* context, SceneManagerEvent event) {
subghz->scene_manager, SubGhzSceneStart, SubmenuIndexKeeloqKeys);
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneKeeloqKeys);
return true;
} else if(event.event == SubmenuIndexKeeloqBf2) {
scene_manager_set_scene_state(
subghz->scene_manager, SubGhzSceneStart, SubmenuIndexKeeloqBf2);
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneKeeloqBf2);
return true;
}
}
return false;

1
applications/main/subghz/scenes/subghz_scene_start.h
View File

@@ -10,4 +10,5 @@ enum SubmenuIndex {
SubmenuIndexProtocolList,
SubmenuIndexRadioSetting,
SubmenuIndexKeeloqKeys,
SubmenuIndexKeeloqBf2,
};

19
applications/main/subghz/subghz.c
View File

@@ -95,6 +95,11 @@ SubGhz* subghz_alloc(bool alloc_for_tx_only) {
subghz->keeloq_keys_manager = NULL;
subghz->keeloq_bf2.sig1_loaded = false;
subghz->keeloq_bf2.sig2_loaded = false;
subghz->keeloq_bf2.sig1_path = furi_string_alloc();
subghz->keeloq_bf2.sig2_path = furi_string_alloc();
subghz->file_path = furi_string_alloc();
subghz->file_path_tmp = furi_string_alloc();
@@ -195,6 +200,12 @@ SubGhz* subghz_alloc(bool alloc_for_tx_only) {
SubGhzViewIdPsaDecrypt,
subghz_view_psa_decrypt_get_view(subghz->subghz_psa_decrypt));
subghz->subghz_keeloq_decrypt = subghz_view_keeloq_decrypt_alloc();
view_dispatcher_add_view(
subghz->view_dispatcher,
SubGhzViewIdKeeloqDecrypt,
subghz_view_keeloq_decrypt_get_view(subghz->subghz_keeloq_decrypt));
//init threshold rssi
subghz->threshold_rssi = subghz_threshold_rssi_alloc();
@@ -306,6 +317,10 @@ void subghz_free(SubGhz* subghz, bool alloc_for_tx_only) {
view_dispatcher_remove_view(subghz->view_dispatcher, SubGhzViewIdPsaDecrypt);
subghz_view_psa_decrypt_free(subghz->subghz_psa_decrypt);
// KeeLoq Decrypt
view_dispatcher_remove_view(subghz->view_dispatcher, SubGhzViewIdKeeloqDecrypt);
subghz_view_keeloq_decrypt_free(subghz->subghz_keeloq_decrypt);
// Read RAW
view_dispatcher_remove_view(subghz->view_dispatcher, SubGhzViewIdReadRAW);
subghz_read_raw_free(subghz->subghz_read_raw);
@@ -353,7 +368,9 @@ void subghz_free(SubGhz* subghz, bool alloc_for_tx_only) {
furi_string_free(subghz->file_path);
furi_string_free(subghz->file_path_tmp);
// KeeLoq key manager (may still be live if app exited from within the edit scene)
furi_string_free(subghz->keeloq_bf2.sig1_path);
furi_string_free(subghz->keeloq_bf2.sig2_path);
if(subghz->keeloq_keys_manager) {
subghz_keeloq_keys_free(subghz->keeloq_keys_manager);
subghz->keeloq_keys_manager = NULL;

26
applications/main/subghz/subghz_i.h
View File

@@ -9,6 +9,7 @@
#include "views/subghz_frequency_analyzer.h"
#include "views/subghz_read_raw.h"
#include "views/subghz_psa_decrypt.h"
#include "views/subghz_keeloq_decrypt.h"
#include <gui/gui.h>
#include <assets_icons.h>
@@ -74,6 +75,7 @@ struct SubGhz {
SubGhzFrequencyAnalyzer* subghz_frequency_analyzer;
SubGhzReadRAW* subghz_read_raw;
SubGhzViewPsaDecrypt* subghz_psa_decrypt;
SubGhzViewKeeloqDecrypt* subghz_keeloq_decrypt;
bool raw_send_only;
bool save_datetime_set;
@@ -102,13 +104,25 @@ struct SubGhz {
// KeeLoq key management
SubGhzKeeloqKeysManager* keeloq_keys_manager;
struct {
uint8_t key_bytes[8]; // ByteInput result
char name[65]; // TextInput result
uint16_t type; // selected learning type 1..8
bool is_new; // true = add, false = edit
size_t edit_index; // valid when is_new == false
uint8_t edit_step; // 0 = key, 1 = name, 2 = type
uint8_t key_bytes[8];
char name[65];
uint16_t type;
bool is_new;
size_t edit_index;
uint8_t edit_step;
} keeloq_edit;
struct {
uint32_t fix;
uint32_t hop1;
uint32_t hop2;
uint32_t serial;
bool sig1_loaded;
bool sig2_loaded;
FuriString* sig1_path;
FuriString* sig2_path;
uint8_t learn_type;
} keeloq_bf2;
};
void subghz_blink_start(SubGhz* subghz);

246
applications/main/subghz/views/subghz_keeloq_decrypt.c Normal file
View File

@@ -0,0 +1,246 @@
#include "subghz_keeloq_decrypt.h"
#include <gui/elements.h>
#include <furi.h>
#define KL_TOTAL_KEYS 0x100000000ULL
struct SubGhzViewKeeloqDecrypt {
View* view;
SubGhzViewKeeloqDecryptCallback callback;
void* context;
};
typedef struct {
uint8_t progress;
uint32_t keys_tested;
uint32_t keys_per_sec;
uint32_t elapsed_sec;
uint32_t eta_sec;
bool done;
bool success;
uint32_t candidates;
FuriString* result_str;
char status_line[40];
} SubGhzKeeloqDecryptModel;
static void subghz_view_keeloq_decrypt_format_count(char* buf, size_t len, uint32_t count) {
if(count >= 1000000) {
snprintf(buf, len, "%lu.%luM", count / 1000000, (count % 1000000) / 100000);
} else if(count >= 1000) {
snprintf(buf, len, "%luK", count / 1000);
} else {
snprintf(buf, len, "%lu", count);
}
}
static void subghz_view_keeloq_decrypt_draw(Canvas* canvas, void* _model) {
SubGhzKeeloqDecryptModel* model = (SubGhzKeeloqDecryptModel*)_model;
canvas_clear(canvas);
if(!model->done) {
canvas_set_font(canvas, FontPrimary);
if(model->status_line[0]) {
canvas_draw_str_aligned(canvas, 64, 2, AlignCenter, AlignTop, model->status_line);
} else {
canvas_draw_str_aligned(canvas, 64, 2, AlignCenter, AlignTop, "KeeLoq BF");
}
canvas_draw_rframe(canvas, 3, 15, 122, 12, 2);
uint8_t fill = (uint8_t)((uint16_t)model->progress * 116 / 100);
if(fill > 0) {
canvas_draw_rbox(canvas, 5, 17, fill, 8, 1);
}
canvas_set_font(canvas, FontSecondary);
char keys_str[32];
char tested_buf[12];
subghz_view_keeloq_decrypt_format_count(tested_buf, sizeof(tested_buf), model->keys_tested);
snprintf(keys_str, sizeof(keys_str), "%d%% - %s / 4G keys", model->progress, tested_buf);
canvas_draw_str(canvas, 2, 38, keys_str);
char speed_str[40];
char speed_buf[12];
subghz_view_keeloq_decrypt_format_count(speed_buf, sizeof(speed_buf), model->keys_per_sec);
uint32_t eta_m = model->eta_sec / 60;
uint32_t eta_s = model->eta_sec % 60;
if(eta_m > 0) {
snprintf(speed_str, sizeof(speed_str), "%s keys/sec ETA %lum %lus", speed_buf, eta_m, eta_s);
} else {
snprintf(speed_str, sizeof(speed_str), "%s keys/sec ETA %lus", speed_buf, eta_s);
}
canvas_draw_str(canvas, 2, 48, speed_str);
if(model->candidates > 0) {
char cand_str[32];
snprintf(cand_str, sizeof(cand_str), "Candidates: %lu", model->candidates);
canvas_draw_str(canvas, 2, 58, cand_str);
} else {
char elapsed_str[24];
uint32_t el_m = model->elapsed_sec / 60;
uint32_t el_s = model->elapsed_sec % 60;
if(el_m > 0) {
snprintf(elapsed_str, sizeof(elapsed_str), "Elapsed: %lum %lus", el_m, el_s);
} else {
snprintf(elapsed_str, sizeof(elapsed_str), "Elapsed: %lus", el_s);
}
canvas_draw_str(canvas, 2, 58, elapsed_str);
}
canvas_draw_str_aligned(canvas, 126, 64, AlignRight, AlignBottom, "Hold BACK");
} else {
canvas_set_font(canvas, FontSecondary);
if(model->result_str) {
elements_multiline_text_aligned(
canvas, 0, 0, AlignLeft, AlignTop, furi_string_get_cstr(model->result_str));
}
}
}
static bool subghz_view_keeloq_decrypt_input(InputEvent* event, void* context) {
SubGhzViewKeeloqDecrypt* instance = (SubGhzViewKeeloqDecrypt*)context;
if(event->key == InputKeyBack) {
if(instance->callback) {
instance->callback(SubGhzCustomEventViewTransmitterBack, instance->context);
}
return true;
}
return false;
}
SubGhzViewKeeloqDecrypt* subghz_view_keeloq_decrypt_alloc(void) {
SubGhzViewKeeloqDecrypt* instance = malloc(sizeof(SubGhzViewKeeloqDecrypt));
instance->view = view_alloc();
view_allocate_model(instance->view, ViewModelTypeLocking, sizeof(SubGhzKeeloqDecryptModel));
view_set_context(instance->view, instance);
view_set_draw_callback(instance->view, subghz_view_keeloq_decrypt_draw);
view_set_input_callback(instance->view, subghz_view_keeloq_decrypt_input);
with_view_model(
instance->view,
SubGhzKeeloqDecryptModel * model,
{
model->result_str = furi_string_alloc();
model->progress = 0;
model->keys_tested = 0;
model->keys_per_sec = 0;
model->elapsed_sec = 0;
model->eta_sec = 0;
model->done = false;
model->success = false;
model->candidates = 0;
},
false);
return instance;
}
void subghz_view_keeloq_decrypt_free(SubGhzViewKeeloqDecrypt* instance) {
furi_check(instance);
with_view_model(
instance->view,
SubGhzKeeloqDecryptModel * model,
{ furi_string_free(model->result_str); },
false);
view_free(instance->view);
free(instance);
}
View* subghz_view_keeloq_decrypt_get_view(SubGhzViewKeeloqDecrypt* instance) {
furi_check(instance);
return instance->view;
}
void subghz_view_keeloq_decrypt_set_callback(
SubGhzViewKeeloqDecrypt* instance,
SubGhzViewKeeloqDecryptCallback callback,
void* context) {
furi_check(instance);
instance->callback = callback;
instance->context = context;
}
void subghz_view_keeloq_decrypt_update_stats(
SubGhzViewKeeloqDecrypt* instance,
uint8_t progress,
uint32_t keys_tested,
uint32_t keys_per_sec,
uint32_t elapsed_sec,
uint32_t eta_sec) {
furi_check(instance);
with_view_model(
instance->view,
SubGhzKeeloqDecryptModel * model,
{
model->progress = progress;
model->keys_tested = keys_tested;
model->keys_per_sec = keys_per_sec;
model->elapsed_sec = elapsed_sec;
model->eta_sec = eta_sec;
},
true);
}
void subghz_view_keeloq_decrypt_set_result(
SubGhzViewKeeloqDecrypt* instance,
bool success,
const char* result) {
furi_check(instance);
with_view_model(
instance->view,
SubGhzKeeloqDecryptModel * model,
{
model->done = true;
model->success = success;
furi_string_set_str(model->result_str, result);
},
true);
}
void subghz_view_keeloq_decrypt_reset(SubGhzViewKeeloqDecrypt* instance) {
furi_check(instance);
with_view_model(
instance->view,
SubGhzKeeloqDecryptModel * model,
{
model->progress = 0;
model->keys_tested = 0;
model->keys_per_sec = 0;
model->elapsed_sec = 0;
model->eta_sec = 0;
model->done = false;
model->success = false;
model->candidates = 0;
furi_string_reset(model->result_str);
model->status_line[0] = '\0';
},
false);
}
void subghz_view_keeloq_decrypt_set_status(SubGhzViewKeeloqDecrypt* instance, const char* status) {
furi_check(instance);
with_view_model(
instance->view,
SubGhzKeeloqDecryptModel * model,
{
if(status) {
strlcpy(model->status_line, status, sizeof(model->status_line));
} else {
model->status_line[0] = '\0';
}
},
true);
}
void subghz_view_keeloq_decrypt_update_candidates(
SubGhzViewKeeloqDecrypt* instance, uint32_t count) {
furi_check(instance);
with_view_model(
instance->view,
SubGhzKeeloqDecryptModel * model,
{ model->candidates = count; },
true);
}

37
applications/main/subghz/views/subghz_keeloq_decrypt.h Normal file
View File

@@ -0,0 +1,37 @@
#pragma once
#include <gui/view.h>
#include "../helpers/subghz_custom_event.h"
typedef struct SubGhzViewKeeloqDecrypt SubGhzViewKeeloqDecrypt;
typedef void (*SubGhzViewKeeloqDecryptCallback)(SubGhzCustomEvent event, void* context);
SubGhzViewKeeloqDecrypt* subghz_view_keeloq_decrypt_alloc(void);
void subghz_view_keeloq_decrypt_free(SubGhzViewKeeloqDecrypt* instance);
View* subghz_view_keeloq_decrypt_get_view(SubGhzViewKeeloqDecrypt* instance);
void subghz_view_keeloq_decrypt_set_callback(
SubGhzViewKeeloqDecrypt* instance,
SubGhzViewKeeloqDecryptCallback callback,
void* context);
void subghz_view_keeloq_decrypt_update_stats(
SubGhzViewKeeloqDecrypt* instance,
uint8_t progress,
uint32_t keys_tested,
uint32_t keys_per_sec,
uint32_t elapsed_sec,
uint32_t eta_sec);
void subghz_view_keeloq_decrypt_set_result(
SubGhzViewKeeloqDecrypt* instance,
bool success,
const char* result);
void subghz_view_keeloq_decrypt_reset(SubGhzViewKeeloqDecrypt* instance);
void subghz_view_keeloq_decrypt_set_status(SubGhzViewKeeloqDecrypt* instance, const char* status);
void subghz_view_keeloq_decrypt_update_candidates(
SubGhzViewKeeloqDecrypt* instance, uint32_t count);

4
applications/main/subghz/views/subghz_psa_decrypt.c
View File

@@ -50,8 +50,10 @@ static void subghz_view_psa_decrypt_draw(Canvas* canvas, void* _model) {
// Progress bar outline + fill
canvas_draw_rframe(canvas, 3, 15, 122, 12, 2);
uint8_t fill = (uint8_t)((uint16_t)model->progress * 116 / 100);
if(fill > 0) {
if(fill > 2) {
canvas_draw_rbox(canvas, 5, 17, fill, 8, 1);
} else if(fill > 0) {
canvas_draw_box(canvas, 5, 17, fill, 8);
}
canvas_set_font(canvas, FontSecondary);

BIN
assets/dolphin/external/L1_Inspiration_128x64/frame_0.png vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 6.6 KiB

After

Width:  |  Height:  |  Size: 1.0 KiB

BIN
assets/dolphin/internal/L1_Tv_128x64/frame_0.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 6.6 KiB

After

Width:  |  Height:  |  Size: 1.0 KiB

BIN
assets/slideshow/update_default/frame_00.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 6.3 KiB

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
assets/slideshow/update_default/frame_01.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 511 B

After

Width:  |  Height:  |  Size: 1.4 KiB

BIN
assets/slideshow/update_default/frame_02.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 518 B

After

Width:  |  Height:  |  Size: 968 B

BIN
assets/slideshow/update_default/frame_03.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 483 B

After

Width:  |  Height:  |  Size: 1.2 KiB

296
lib/subghz/protocols/bmw.c
View File

@@ -1,296 +0,0 @@
#include "bmw.h"
#define TAG "SubGhzProtocolBMW_868"
static const SubGhzBlockConst subghz_protocol_bmw_const = {
.te_short = 350, // BMW 868 MHz
.te_long = 700, // ~2 × te_short
.te_delta = 120,
.min_count_bit_for_found = 61,
};
typedef struct SubGhzProtocolDecoderBMW {
SubGhzProtocolDecoderBase base;
SubGhzBlockDecoder decoder;
SubGhzBlockGeneric generic;
uint16_t header_count;
uint8_t crc_type; // 0 = unknown, 8 = CRC8, 16 = CRC16
} SubGhzProtocolDecoderBMW;
typedef struct SubGhzProtocolEncoderBMW {
SubGhzProtocolEncoderBase base;
SubGhzProtocolBlockEncoder encoder;
SubGhzBlockGeneric generic;
} SubGhzProtocolEncoderBMW;
typedef enum {
BMWDecoderStepReset = 0,
BMWDecoderStepCheckPreambula,
BMWDecoderStepSaveDuration,
BMWDecoderStepCheckDuration,
} BMWDecoderStep;
static void subghz_protocol_decoder_bmw_reset_internal(SubGhzProtocolDecoderBMW* instance) {
memset(&instance->decoder, 0, sizeof(instance->decoder));
memset(&instance->generic, 0, sizeof(instance->generic));
instance->decoder.parser_step = BMWDecoderStepReset;
instance->header_count = 0;
instance->crc_type = 0;
}
const SubGhzProtocolDecoder subghz_protocol_bmw_decoder = {
.alloc = subghz_protocol_decoder_bmw_alloc,
.free = subghz_protocol_decoder_bmw_free,
.feed = subghz_protocol_decoder_bmw_feed,
.reset = subghz_protocol_decoder_bmw_reset,
.get_hash_data = subghz_protocol_decoder_bmw_get_hash_data,
.serialize = subghz_protocol_decoder_bmw_serialize,
.deserialize = subghz_protocol_decoder_bmw_deserialize,
.get_string = subghz_protocol_decoder_bmw_get_string,
};
const SubGhzProtocolEncoder subghz_protocol_bmw_encoder = {
.alloc = NULL,
.free = NULL,
.deserialize = NULL,
.stop = NULL,
.yield = NULL,
};
const SubGhzProtocol subghz_protocol_bmw = {
.name = BMW_PROTOCOL_NAME,
.type = SubGhzProtocolTypeDynamic,
.flag = SubGhzProtocolFlag_868 | SubGhzProtocolFlag_FM | SubGhzProtocolFlag_Decodable,
.decoder = &subghz_protocol_bmw_decoder,
.encoder = &subghz_protocol_bmw_encoder,
};
// ----------------- Allocation / Reset / Free -------------------
void* subghz_protocol_decoder_bmw_alloc(SubGhzEnvironment* environment) {
UNUSED(environment);
SubGhzProtocolDecoderBMW* instance = calloc(1, sizeof(SubGhzProtocolDecoderBMW));
instance->base.protocol = &subghz_protocol_bmw;
instance->generic.protocol_name = instance->base.protocol->name;
subghz_protocol_decoder_bmw_reset(instance);
return instance;
}
void subghz_protocol_decoder_bmw_free(void* context) {
furi_assert(context);
free(context);
}
void subghz_protocol_decoder_bmw_reset(void* context) {
furi_assert(context);
SubGhzProtocolDecoderBMW* instance = context;
subghz_protocol_decoder_bmw_reset_internal(instance);
}
// ----------------- CRC -------------------
// BMW utilise CRC-8 (poly 0x31, init 0x00)
uint8_t subghz_protocol_bmw_crc8(uint8_t* data, size_t len) {
uint8_t crc = 0x00;
for(size_t i = 0; i < len; i++) {
crc ^= data[i];
for(uint8_t j = 0; j < 8; j++) {
if(crc & 0x80)
crc = (uint8_t)((crc << 1) ^ 0x31);
else
crc <<= 1;
}
}
return crc;
}
// BMW utilise aussi CRC-16 (poly 0x1021, init 0xFFFF)
uint16_t subghz_protocol_bmw_crc16(uint8_t* data, size_t len) {
uint16_t crc = 0xFFFF;
for(size_t i = 0; i < len; i++) {
crc ^= ((uint16_t)data[i] << 8);
for(uint8_t j = 0; j < 8; j++) {
if(crc & 0x8000)
crc = (crc << 1) ^ 0x1021;
else
crc <<= 1;
}
}
return crc;
}
// ----------------- Decoder Feed -------------------
void subghz_protocol_decoder_bmw_feed(void* context, bool level, uint32_t duration) {
furi_assert(context);
SubGhzProtocolDecoderBMW* instance = context;
switch(instance->decoder.parser_step) {
case BMWDecoderStepReset:
if(level && (DURATION_DIFF(duration, subghz_protocol_bmw_const.te_short) <
subghz_protocol_bmw_const.te_delta)) {
instance->decoder.parser_step = BMWDecoderStepCheckPreambula;
instance->decoder.te_last = duration;
instance->header_count = 0;
instance->decoder.decode_data = 0;
instance->decoder.decode_count_bit = 0;
}
break;
case BMWDecoderStepCheckPreambula:
if(level) {
if((DURATION_DIFF(duration, subghz_protocol_bmw_const.te_short) <
subghz_protocol_bmw_const.te_delta) ||
(DURATION_DIFF(duration, subghz_protocol_bmw_const.te_long) <
subghz_protocol_bmw_const.te_delta)) {
instance->decoder.te_last = duration;
} else {
instance->decoder.parser_step = BMWDecoderStepReset;
}
} else if(
(DURATION_DIFF(duration, subghz_protocol_bmw_const.te_short) <
subghz_protocol_bmw_const.te_delta) &&
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_bmw_const.te_short) <
subghz_protocol_bmw_const.te_delta)) {
instance->header_count++;
} else if(
(DURATION_DIFF(duration, subghz_protocol_bmw_const.te_long) <
subghz_protocol_bmw_const.te_delta) &&
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_bmw_const.te_long) <
subghz_protocol_bmw_const.te_delta)) {
if(instance->header_count > 15) {
instance->decoder.parser_step = BMWDecoderStepSaveDuration;
instance->decoder.decode_data = 0ULL;
instance->decoder.decode_count_bit = 0;
} else {
instance->decoder.parser_step = BMWDecoderStepReset;
}
} else {
instance->decoder.parser_step = BMWDecoderStepReset;
}
break;
case BMWDecoderStepSaveDuration:
if(level) {
if(duration >=
(subghz_protocol_bmw_const.te_long + subghz_protocol_bmw_const.te_delta * 2UL)) {
if(instance->decoder.decode_count_bit >=
subghz_protocol_bmw_const.min_count_bit_for_found) {
instance->generic.data = instance->decoder.decode_data;
instance->generic.data_count_bit = instance->decoder.decode_count_bit;
// Perform CRC check with both CRC8 and CRC16
uint8_t* raw_bytes = (uint8_t*)&instance->generic.data;
size_t raw_len = (instance->generic.data_count_bit + 7) / 8;
uint8_t crc8 = subghz_protocol_bmw_crc8(raw_bytes, raw_len - 1);
if(crc8 == raw_bytes[raw_len - 1]) {
instance->crc_type = 8;
} else {
uint16_t crc16 = subghz_protocol_bmw_crc16(raw_bytes, raw_len - 2);
uint16_t rx_crc16 = (raw_bytes[raw_len - 2] << 8) | raw_bytes[raw_len - 1];
if(crc16 == rx_crc16) {
instance->crc_type = 16;
} else {
instance->crc_type = 0; // invalid
}
}
if(instance->crc_type != 0 && instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
}
subghz_protocol_decoder_bmw_reset_internal(instance);
} else {
instance->decoder.te_last = duration;
instance->decoder.parser_step = BMWDecoderStepCheckDuration;
}
} else {
instance->decoder.parser_step = BMWDecoderStepReset;
}
break;
case BMWDecoderStepCheckDuration:
if(!level) {
if((DURATION_DIFF(instance->decoder.te_last, subghz_protocol_bmw_const.te_short) <
subghz_protocol_bmw_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_bmw_const.te_short) <
subghz_protocol_bmw_const.te_delta)) {
subghz_protocol_blocks_add_bit(&instance->decoder, 0);
instance->decoder.parser_step = BMWDecoderStepSaveDuration;
} else if(
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_bmw_const.te_long) <
subghz_protocol_bmw_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_bmw_const.te_long) <
subghz_protocol_bmw_const.te_delta)) {
subghz_protocol_blocks_add_bit(&instance->decoder, 1);
instance->decoder.parser_step = BMWDecoderStepSaveDuration;
} else {
instance->decoder.parser_step = BMWDecoderStepReset;
}
} else {
instance->decoder.parser_step = BMWDecoderStepReset;
}
break;
}
}
// ----------------- Utils -------------------
static void subghz_protocol_bmw_check_remote_controller(SubGhzBlockGeneric* instance) {
instance->serial = (uint32_t)((instance->data >> 12) & 0x0FFFFFFF);
instance->btn = (instance->data >> 8) & 0x0F;
instance->cnt = (instance->data >> 40) & 0xFFFF;
}
// ----------------- API -------------------
uint8_t subghz_protocol_decoder_bmw_get_hash_data(void* context) {
furi_assert(context);
SubGhzProtocolDecoderBMW* instance = context;
return subghz_protocol_blocks_get_hash_data(
&instance->decoder, (instance->decoder.decode_count_bit / 8) + 1);
}
SubGhzProtocolStatus subghz_protocol_decoder_bmw_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset) {
furi_assert(context);
SubGhzProtocolDecoderBMW* instance = context;
return subghz_block_generic_serialize(&instance->generic, flipper_format, preset);
}
SubGhzProtocolStatus
subghz_protocol_decoder_bmw_deserialize(void* context, FlipperFormat* flipper_format) {
furi_assert(context);
SubGhzProtocolDecoderBMW* instance = context;
return subghz_block_generic_deserialize_check_count_bit(
&instance->generic, flipper_format, subghz_protocol_bmw_const.min_count_bit_for_found);
}
void subghz_protocol_decoder_bmw_get_string(void* context, FuriString* output) {
furi_assert(context);
SubGhzProtocolDecoderBMW* instance = context;
subghz_protocol_bmw_check_remote_controller(&instance->generic);
uint32_t hi = instance->generic.data >> 32;
uint32_t lo = instance->generic.data & 0xFFFFFFFF;
furi_string_cat_printf(
output,
"%s %dbit (CRC:%d)\r\n"
"Key:%08lX%08lX\r\n"
"Sn:%07lX Btn:%X Cnt:%04lX\r\n",
instance->generic.protocol_name,
instance->generic.data_count_bit,
instance->crc_type,
hi,
lo,
instance->generic.serial,
instance->generic.btn,
instance->generic.cnt);
}

29
lib/subghz/protocols/bmw.h
View File

@@ -1,29 +0,0 @@
#pragma once
#include <furi.h>
#include <lib/subghz/protocols/base.h>
#include <lib/subghz/types.h>
#include <lib/subghz/blocks/const.h>
#include <lib/subghz/blocks/decoder.h>
#include <lib/subghz/blocks/encoder.h>
#include <lib/subghz/blocks/generic.h>
#include <lib/subghz/blocks/math.h>
#include <flipper_format/flipper_format.h>
#include <lib/toolbox/manchester_decoder.h>
#define BMW_PROTOCOL_NAME "BMW"
extern const SubGhzProtocol subghz_protocol_bmw;
void* subghz_protocol_decoder_bmw_alloc(SubGhzEnvironment* environment);
void subghz_protocol_decoder_bmw_free(void* context);
void subghz_protocol_decoder_bmw_reset(void* context);
void subghz_protocol_decoder_bmw_feed(void* context, bool level, uint32_t duration);
uint8_t subghz_protocol_decoder_bmw_get_hash_data(void* context);
SubGhzProtocolStatus subghz_protocol_decoder_bmw_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset);
SubGhzProtocolStatus
subghz_protocol_decoder_bmw_deserialize(void* context, FlipperFormat* flipper_format);
void subghz_protocol_decoder_bmw_get_string(void* context, FuriString* output);

281
lib/subghz/protocols/citroen.c
View File

@@ -1,281 +0,0 @@
#include "citroen.h"
#define TAG "SubGhzProtocolCitroen"
static const SubGhzBlockConst subghz_protocol_citroen_const = {
.te_short = 370, // Short pulse duration
.te_long = 772, // Long pulse duration
.te_delta = 152, // Tolerance
.min_count_bit_for_found = 66,
};
typedef struct SubGhzProtocolDecoderCitroen {
SubGhzProtocolDecoderBase base;
SubGhzBlockDecoder decoder;
SubGhzBlockGeneric generic;
uint16_t header_count;
uint8_t packet_count;
} SubGhzProtocolDecoderCitroen;
typedef struct SubGhzProtocolEncoderCitroen {
SubGhzProtocolEncoderBase base;
SubGhzProtocolBlockEncoder encoder;
SubGhzBlockGeneric generic;
} SubGhzProtocolEncoderCitroen;
typedef enum {
CitroenDecoderStepReset = 0,
CitroenDecoderStepCheckPreamble,
CitroenDecoderStepSaveDuration,
CitroenDecoderStepCheckDuration,
} CitroenDecoderStep;
static void subghz_protocol_decoder_citroen_reset_internal(SubGhzProtocolDecoderCitroen* instance) {
memset(&instance->decoder, 0, sizeof(instance->decoder));
memset(&instance->generic, 0, sizeof(instance->generic));
instance->decoder.parser_step = CitroenDecoderStepReset;
instance->header_count = 0;
instance->packet_count = 0;
}
const SubGhzProtocolDecoder subghz_protocol_citroen_decoder = {
.alloc = subghz_protocol_decoder_citroen_alloc,
.free = subghz_protocol_decoder_citroen_free,
.feed = subghz_protocol_decoder_citroen_feed,
.reset = subghz_protocol_decoder_citroen_reset,
.get_hash_data = subghz_protocol_decoder_citroen_get_hash_data,
.serialize = subghz_protocol_decoder_citroen_serialize,
.deserialize = subghz_protocol_decoder_citroen_deserialize,
.get_string = subghz_protocol_decoder_citroen_get_string,
};
const SubGhzProtocolEncoder subghz_protocol_citroen_encoder = {
.alloc = NULL,
.free = NULL,
.deserialize = NULL,
.stop = NULL,
.yield = NULL,
};
const SubGhzProtocol subghz_protocol_citroen = {
.name = CITROEN_PROTOCOL_NAME,
.type = SubGhzProtocolTypeDynamic,
.flag = SubGhzProtocolFlag_433 | SubGhzProtocolFlag_FM | SubGhzProtocolFlag_Decodable,
.decoder = &subghz_protocol_citroen_decoder,
.encoder = &subghz_protocol_citroen_encoder,
};
// ----------------- Allocation / Reset / Free -------------------
void* subghz_protocol_decoder_citroen_alloc(SubGhzEnvironment* environment) {
UNUSED(environment);
SubGhzProtocolDecoderCitroen* instance = calloc(1, sizeof(SubGhzProtocolDecoderCitroen));
instance->base.protocol = &subghz_protocol_citroen;
instance->generic.protocol_name = instance->base.protocol->name;
subghz_protocol_decoder_citroen_reset(instance);
return instance;
}
void subghz_protocol_decoder_citroen_free(void* context) {
furi_assert(context);
free(context);
}
void subghz_protocol_decoder_citroen_reset(void* context) {
furi_assert(context);
SubGhzProtocolDecoderCitroen* instance = context;
subghz_protocol_decoder_citroen_reset_internal(instance);
}
// ----------------- Helper Functions -------------------
static uint8_t reverse8(uint8_t byte) {
byte = (byte & 0xF0) >> 4 | (byte & 0x0F) << 4;
byte = (byte & 0xCC) >> 2 | (byte & 0x33) << 2;
byte = (byte & 0xAA) >> 1 | (byte & 0x55) << 1;
return byte;
}
// Parse Citroën/PSA data structure
static bool subghz_protocol_citroen_parse_data(SubGhzProtocolDecoderCitroen* instance) {
uint8_t* b = (uint8_t*)&instance->generic.data;
// PSA structure (similar to Peugeot Keeloq)
// Check preamble
if(b[0] != 0xFF || (b[1] & 0xF0) != 0xF0) {
return false;
}
// Extract encrypted part (32 bits) - reversed
uint32_t encrypted = ((uint32_t)reverse8(b[3]) << 24) |
(reverse8(b[2]) << 16) |
(reverse8(b[1] & 0x0F) << 8) |
reverse8(b[0]);
// Extract serial number (28 bits) - reversed
uint32_t serial = ((uint32_t)reverse8(b[7] & 0xF0) << 20) |
(reverse8(b[6]) << 12) |
(reverse8(b[5]) << 4) |
(reverse8(b[4]) >> 4);
// Extract button bits (4 bits)
uint8_t button_bits = (encrypted >> 28) & 0x0F;
// Store parsed data
instance->generic.serial = serial;
instance->generic.btn = button_bits;
instance->generic.cnt = (encrypted >> 16) & 0xFFFF; // Counter
return true;
}
// ----------------- Decoder Feed -------------------
void subghz_protocol_decoder_citroen_feed(void* context, bool level, uint32_t duration) {
furi_assert(context);
SubGhzProtocolDecoderCitroen* instance = context;
switch(instance->decoder.parser_step) {
case CitroenDecoderStepReset:
if(level && (DURATION_DIFF(duration, subghz_protocol_citroen_const.te_short) <
subghz_protocol_citroen_const.te_delta)) {
instance->decoder.parser_step = CitroenDecoderStepCheckPreamble;
instance->decoder.te_last = duration;
instance->header_count = 0;
instance->decoder.decode_data = 0;
instance->decoder.decode_count_bit = 0;
}
break;
case CitroenDecoderStepCheckPreamble:
if(level) {
if((DURATION_DIFF(duration, subghz_protocol_citroen_const.te_short) <
subghz_protocol_citroen_const.te_delta)) {
instance->decoder.te_last = duration;
} else {
instance->decoder.parser_step = CitroenDecoderStepReset;
}
} else {
if((DURATION_DIFF(duration, subghz_protocol_citroen_const.te_short) <
subghz_protocol_citroen_const.te_delta) &&
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_citroen_const.te_short) <
subghz_protocol_citroen_const.te_delta)) {
instance->header_count++;
} else if((DURATION_DIFF(duration, 4400) < 500) && instance->header_count >= 10) {
instance->decoder.parser_step = CitroenDecoderStepSaveDuration;
instance->decoder.decode_data = 0ULL;
instance->decoder.decode_count_bit = 0;
} else {
instance->decoder.parser_step = CitroenDecoderStepReset;
}
}
break;
case CitroenDecoderStepSaveDuration:
if(level) {
if(duration >= (subghz_protocol_citroen_const.te_long * 3)) {
if(instance->decoder.decode_count_bit >=
subghz_protocol_citroen_const.min_count_bit_for_found) {
instance->generic.data = instance->decoder.decode_data;
instance->generic.data_count_bit = instance->decoder.decode_count_bit;
if(subghz_protocol_citroen_parse_data(instance)) {
instance->packet_count++;
if(instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
}
}
subghz_protocol_decoder_citroen_reset_internal(instance);
} else {
instance->decoder.te_last = duration;
instance->decoder.parser_step = CitroenDecoderStepCheckDuration;
}
} else {
instance->decoder.parser_step = CitroenDecoderStepReset;
}
break;
case CitroenDecoderStepCheckDuration:
if(!level) {
// PWM decoding
if((DURATION_DIFF(instance->decoder.te_last, subghz_protocol_citroen_const.te_short) <
subghz_protocol_citroen_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_citroen_const.te_long) <
subghz_protocol_citroen_const.te_delta)) {
subghz_protocol_blocks_add_bit(&instance->decoder, 0);
instance->decoder.parser_step = CitroenDecoderStepSaveDuration;
} else if(
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_citroen_const.te_long) <
subghz_protocol_citroen_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_citroen_const.te_short) <
subghz_protocol_citroen_const.te_delta)) {
subghz_protocol_blocks_add_bit(&instance->decoder, 1);
instance->decoder.parser_step = CitroenDecoderStepSaveDuration;
} else {
instance->decoder.parser_step = CitroenDecoderStepReset;
}
} else {
instance->decoder.parser_step = CitroenDecoderStepReset;
}
break;
}
}
// ----------------- API -------------------
uint8_t subghz_protocol_decoder_citroen_get_hash_data(void* context) {
furi_assert(context);
SubGhzProtocolDecoderCitroen* instance = context;
return subghz_protocol_blocks_get_hash_data(
&instance->decoder, (instance->decoder.decode_count_bit / 8) + 1);
}
SubGhzProtocolStatus subghz_protocol_decoder_citroen_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset) {
furi_assert(context);
SubGhzProtocolDecoderCitroen* instance = context;
return subghz_block_generic_serialize(&instance->generic, flipper_format, preset);
}
SubGhzProtocolStatus subghz_protocol_decoder_citroen_deserialize(
void* context,
FlipperFormat* flipper_format) {
furi_assert(context);
SubGhzProtocolDecoderCitroen* instance = context;
return subghz_block_generic_deserialize_check_count_bit(
&instance->generic,
flipper_format,
subghz_protocol_citroen_const.min_count_bit_for_found);
}
void subghz_protocol_decoder_citroen_get_string(void* context, FuriString* output) {
furi_assert(context);
SubGhzProtocolDecoderCitroen* instance = context;
uint32_t hi = instance->generic.data >> 32;
uint32_t lo = instance->generic.data & 0xFFFFFFFF;
furi_string_cat_printf(
output,
"%s %dbit\r\n"
"Key:%08lX%08lX\r\n"
"Sn:%07lX Btn:%X Cnt:%04lX\r\n"
"Type:PSA/Keeloq\r\n"
"Models:2005-2018\r\n",
instance->generic.protocol_name,
instance->generic.data_count_bit,
hi,
lo,
instance->generic.serial,
instance->generic.btn,
instance->generic.cnt);
}

77
lib/subghz/protocols/citroen.h
View File

@@ -1,77 +0,0 @@
#pragma once
#include <lib/subghz/protocols/base.h>
#include <lib/subghz/blocks/const.h>
#include <lib/subghz/blocks/decoder.h>
#include <lib/subghz/blocks/encoder.h>
#include <lib/subghz/blocks/generic.h>
#include <lib/subghz/blocks/math.h>
#define CITROEN_PROTOCOL_NAME "Citroen"
extern const SubGhzProtocol subghz_protocol_citroen;
extern const SubGhzProtocolDecoder subghz_protocol_citroen_decoder;
extern const SubGhzProtocolEncoder subghz_protocol_citroen_encoder;
/**
* Allocates memory for the Citroën protocol decoder.
* @param environment Pointer to SubGhzEnvironment
* @return Pointer to the allocated decoder instance
*/
void* subghz_protocol_decoder_citroen_alloc(SubGhzEnvironment* environment);
/**
* Frees memory used by the Citroën protocol decoder.
* @param context Pointer to the decoder instance
*/
void subghz_protocol_decoder_citroen_free(void* context);
/**
* Resets the Citroën protocol decoder state.
* @param context Pointer to the decoder instance
*/
void subghz_protocol_decoder_citroen_reset(void* context);
/**
* Feeds a pulse/gap into the Citroën protocol decoder.
* @param context Pointer to the decoder instance
* @param level Signal level (true = high, false = low)
* @param duration Duration of the level in microseconds
*/
void subghz_protocol_decoder_citroen_feed(void* context, bool level, uint32_t duration);
/**
* Returns a hash of the decoded Citroën data.
* @param context Pointer to the decoder instance
* @return Hash byte
*/
uint8_t subghz_protocol_decoder_citroen_get_hash_data(void* context);
/**
* Serializes the decoded Citroën data into a FlipperFormat file.
* @param context Pointer to the decoder instance
* @param flipper_format Pointer to the FlipperFormat instance
* @param preset Pointer to the radio preset
* @return SubGhzProtocolStatus result
*/
SubGhzProtocolStatus subghz_protocol_decoder_citroen_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset);
/**
* Deserializes Citroën data from a FlipperFormat file.
* @param context Pointer to the decoder instance
* @param flipper_format Pointer to the FlipperFormat instance
* @return SubGhzProtocolStatus result
*/
SubGhzProtocolStatus subghz_protocol_decoder_citroen_deserialize(
void* context,
FlipperFormat* flipper_format);
/**
* Formats the decoded Citroën data into a human-readable string.
* @param context Pointer to the decoder instance
* @param output Pointer to the FuriString output buffer
*/
void subghz_protocol_decoder_citroen_get_string(void* context, FuriString* output);

69
lib/subghz/protocols/fiat_marelli.c
View File

@@ -1,6 +1,14 @@
#include "fiat_marelli.h"
#include <inttypes.h>
#include "../blocks/const.h"
#include "../blocks/decoder.h"
#include "../blocks/encoder.h"
#include "../blocks/generic.h"
#include "../blocks/math.h"
#include "../blocks/custom_btn_i.h"
#include <lib/toolbox/manchester_decoder.h>
#include <lib/toolbox/manchester_encoder.h>
#include <furi_hal_subghz.h>
#define TAG "FiatMarelli"
@@ -518,28 +526,6 @@ void subghz_protocol_decoder_fiat_marelli_feed(void* context, bool level, uint32
instance->generic.btn = (instance->raw_data[6] >> 4) & 0xF;
instance->generic.cnt = (instance->raw_data[7] >> 3) & 0x1F;
const char* variant = (instance->te_detected &&
instance->te_detected < FIAT_MARELLI_TE_TYPE_AB_BOUNDARY)
? "B"
: "A";
FURI_LOG_I(
TAG,
"Type%s TE:%lu %db Sn:%08lX Btn:0x%X Ep:%X Ctr:%lu Roll:%02X%02X%02X%02X%02X%02X",
variant,
instance->te_detected ? instance->te_detected : te_short,
instance->bit_count,
instance->generic.serial,
instance->generic.btn,
instance->raw_data[6] & 0xF,
instance->generic.cnt,
instance->raw_data[7],
instance->raw_data[8],
instance->raw_data[9],
instance->raw_data[10],
instance->raw_data[11],
instance->raw_data[12]);
if(instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
@@ -633,34 +619,35 @@ void subghz_protocol_decoder_fiat_marelli_get_string(void* context, FuriString*
furi_check(context);
SubGhzProtocolDecoderFiatMarelli* instance = context;
uint8_t total_bytes = (instance->bit_count + 7) / 8;
if(total_bytes > 13) total_bytes = 13;
uint8_t epoch = instance->raw_data[6] & 0xF;
uint8_t counter = (instance->raw_data[7] >> 3) & 0x1F;
const char* variant = (instance->te_detected &&
instance->te_detected < FIAT_MARELLI_TE_TYPE_AB_BOUNDARY)
? "B"
: "A";
uint8_t scramble = (instance->raw_data[7] >> 1) & 0x3;
uint8_t fixed = instance->raw_data[7] & 0x1;
furi_string_cat_printf(
output,
"%s %dbit\r\n"
"Sn:%08lX Btn:%s\r\n"
"Ep:%X Ctr:%02d Type%s\r\n"
"R:%02X%02X%02X%02X%02X%02X",
"Enc:%02X%02X%02X%02X%02X Scr:%02X\r\n"
"Raw:%02X%02X Fixed:%X\r\n"
"Sn:%08X Cnt:%02X\r\n"
"Btn:%02X:[%s] Ep:%02X\r\n"
"Tp:%s\r\n",
instance->generic.protocol_name,
instance->bit_count,
instance->generic.serial,
(int)instance->bit_count,
instance->raw_data[8], instance->raw_data[9],
instance->raw_data[10], instance->raw_data[11],
instance->raw_data[12],
(unsigned)scramble,
instance->raw_data[6], instance->raw_data[7],
(unsigned)fixed,
(unsigned int)instance->generic.serial,
(unsigned)counter,
(unsigned)instance->generic.btn,
fiat_marelli_button_name(instance->generic.btn),
epoch,
counter,
variant,
instance->raw_data[7],
instance->raw_data[8],
instance->raw_data[9],
(total_bytes > 10) ? instance->raw_data[10] : 0,
(total_bytes > 11) ? instance->raw_data[11] : 0,
(total_bytes > 12) ? instance->raw_data[12] : 0);
(unsigned)epoch,
variant);
}

11
lib/subghz/protocols/fiat_marelli.h
View File

@@ -1,14 +1,6 @@
#pragma once
#include <furi.h>
#include <lib/subghz/protocols/base.h>
#include <lib/subghz/types.h>
#include <lib/subghz/blocks/const.h>
#include <lib/subghz/blocks/decoder.h>
#include <lib/subghz/blocks/encoder.h>
#include <lib/subghz/blocks/generic.h>
#include <lib/subghz/blocks/math.h>
#include <lib/toolbox/manchester_decoder.h>
#include "base.h"
#include <flipper_format/flipper_format.h>
#define FIAT_MARELLI_PROTOCOL_NAME "Fiat Marelli"
@@ -31,7 +23,6 @@ SubGhzProtocolStatus
subghz_protocol_decoder_fiat_marelli_deserialize(void* context, FlipperFormat* flipper_format);
void subghz_protocol_decoder_fiat_marelli_get_string(void* context, FuriString* output);
// Encoder (replay of captured frames)
void* subghz_protocol_encoder_fiat_marelli_alloc(SubGhzEnvironment* environment);
void subghz_protocol_encoder_fiat_marelli_free(void* context);
SubGhzProtocolStatus

517
lib/subghz/protocols/fiat_spa.c Normal file
View File

@@ -0,0 +1,517 @@
#include "fiat_spa.h"
#include "../blocks/const.h"
#include "../blocks/decoder.h"
#include "../blocks/encoder.h"
#include "../blocks/generic.h"
#include "../blocks/math.h"
#include <lib/toolbox/manchester_decoder.h>
#define TAG "SubGhzProtocolFiatSpa"
static const SubGhzBlockConst subghz_protocol_fiat_spa_const = {
.te_short = 200,
.te_long = 400,
.te_delta = 100,
.min_count_bit_for_found = 64,
};
#define FIAT_SPA_PREAMBLE_PAIRS 150
#define FIAT_SPA_GAP_US 800
#define FIAT_SPA_TOTAL_BURSTS 3
#define FIAT_SPA_INTER_BURST_GAP 25000
#define FIAT_SPA_UPLOAD_MAX 1328
struct SubGhzProtocolDecoderFiatSpa {
SubGhzProtocolDecoderBase base;
SubGhzBlockGeneric generic;
SubGhzBlockDecoder decoder;
ManchesterState manchester_state;
uint16_t preamble_count;
uint32_t data_low;
uint32_t data_high;
uint8_t bit_count;
uint32_t hop;
uint32_t fix;
uint8_t endbyte;
};
struct SubGhzProtocolEncoderFiatSpa {
SubGhzProtocolEncoderBase base;
void* decoder_callback;
void* decoder_context;
SubGhzBlockGeneric generic;
SubGhzProtocolBlockEncoder encoder;
uint32_t hop;
uint32_t fix;
uint8_t endbyte;
};
typedef struct {
SubGhzProtocolDecoderBase base;
SubGhzBlockGeneric generic;
} SubGhzProtocolCommonFiatSpa;
typedef enum {
FiatSpaDecoderStepReset = 0,
FiatSpaDecoderStepPreamble,
FiatSpaDecoderStepData,
} FiatSpaDecoderStep;
const SubGhzProtocolDecoder subghz_protocol_fiat_spa_decoder = {
.alloc = subghz_protocol_decoder_fiat_spa_alloc,
.free = subghz_protocol_decoder_fiat_spa_free,
.feed = subghz_protocol_decoder_fiat_spa_feed,
.reset = subghz_protocol_decoder_fiat_spa_reset,
.get_hash_data = subghz_protocol_decoder_fiat_spa_get_hash_data,
.serialize = subghz_protocol_decoder_fiat_spa_serialize,
.deserialize = subghz_protocol_decoder_fiat_spa_deserialize,
.get_string = subghz_protocol_decoder_fiat_spa_get_string,
};
const SubGhzProtocolEncoder subghz_protocol_fiat_spa_encoder = {
.alloc = subghz_protocol_encoder_fiat_spa_alloc,
.free = subghz_protocol_encoder_fiat_spa_free,
.deserialize = subghz_protocol_encoder_fiat_spa_deserialize,
.stop = subghz_protocol_encoder_fiat_spa_stop,
.yield = subghz_protocol_encoder_fiat_spa_yield,
};
const SubGhzProtocol subghz_protocol_fiat_spa = {
.name = SUBGHZ_PROTOCOL_FIAT_SPA_NAME,
.type = SubGhzProtocolTypeStatic,
.flag = SubGhzProtocolFlag_433 | SubGhzProtocolFlag_AM |
SubGhzProtocolFlag_Decodable | SubGhzProtocolFlag_Load | SubGhzProtocolFlag_Save |
SubGhzProtocolFlag_Send,
.decoder = &subghz_protocol_fiat_spa_decoder,
.encoder = &subghz_protocol_fiat_spa_encoder,
};
void* subghz_protocol_decoder_fiat_spa_alloc(SubGhzEnvironment* environment) {
UNUSED(environment);
SubGhzProtocolDecoderFiatSpa* instance = malloc(sizeof(SubGhzProtocolDecoderFiatSpa));
instance->base.protocol = &subghz_protocol_fiat_spa;
instance->generic.protocol_name = instance->base.protocol->name;
return instance;
}
void subghz_protocol_decoder_fiat_spa_free(void* context) {
furi_assert(context);
SubGhzProtocolDecoderFiatSpa* instance = context;
free(instance);
}
void subghz_protocol_decoder_fiat_spa_reset(void* context) {
furi_assert(context);
SubGhzProtocolDecoderFiatSpa* instance = context;
instance->decoder.parser_step = FiatSpaDecoderStepReset;
instance->decoder.decode_data = 0;
instance->decoder.decode_count_bit = 0;
instance->preamble_count = 0;
instance->data_low = 0;
instance->data_high = 0;
instance->bit_count = 0;
instance->hop = 0;
instance->fix = 0;
instance->endbyte = 0;
instance->manchester_state = ManchesterStateMid1;
}
void subghz_protocol_decoder_fiat_spa_feed(void* context, bool level, uint32_t duration) {
furi_assert(context);
SubGhzProtocolDecoderFiatSpa* instance = context;
uint32_t te_short = (uint32_t)subghz_protocol_fiat_spa_const.te_short;
uint32_t te_long = (uint32_t)subghz_protocol_fiat_spa_const.te_long;
uint32_t te_delta = (uint32_t)subghz_protocol_fiat_spa_const.te_delta;
uint32_t gap_threshold = FIAT_SPA_GAP_US;
uint32_t diff;
switch(instance->decoder.parser_step) {
case FiatSpaDecoderStepReset:
if(!level) return;
if(duration < te_short) {
diff = te_short - duration;
} else {
diff = duration - te_short;
}
if(diff < te_delta) {
instance->data_low = 0;
instance->data_high = 0;
instance->decoder.parser_step = FiatSpaDecoderStepPreamble;
instance->preamble_count = 0;
instance->bit_count = 0;
instance->decoder.decode_data = 0;
instance->decoder.decode_count_bit = 0;
manchester_advance(
instance->manchester_state,
ManchesterEventReset,
&instance->manchester_state,
NULL);
}
break;
case FiatSpaDecoderStepPreamble:
if(level) {
if(duration < te_short) {
diff = te_short - duration;
} else {
diff = duration - te_short;
}
if(diff < te_delta) {
instance->preamble_count++;
} else {
instance->decoder.parser_step = FiatSpaDecoderStepReset;
}
return;
}
if(duration < te_short) {
diff = te_short - duration;
} else {
diff = duration - te_short;
}
if(diff < te_delta) {
instance->preamble_count++;
} else {
if(instance->preamble_count >= FIAT_SPA_PREAMBLE_PAIRS) {
if(duration < gap_threshold) {
diff = gap_threshold - duration;
} else {
diff = duration - gap_threshold;
}
if(diff < te_delta) {
instance->decoder.parser_step = FiatSpaDecoderStepData;
instance->preamble_count = 0;
instance->data_low = 0;
instance->data_high = 0;
instance->bit_count = 0;
manchester_advance(instance->manchester_state, ManchesterEventReset, &instance->manchester_state, NULL);
return;
}
}
instance->decoder.parser_step = FiatSpaDecoderStepReset;
}
if(instance->preamble_count >= FIAT_SPA_PREAMBLE_PAIRS &&
instance->decoder.parser_step == FiatSpaDecoderStepPreamble) {
if(duration < gap_threshold) {
diff = gap_threshold - duration;
} else {
diff = duration - gap_threshold;
}
if(diff < te_delta) {
instance->decoder.parser_step = FiatSpaDecoderStepData;
instance->preamble_count = 0;
instance->data_low = 0;
instance->data_high = 0;
instance->bit_count = 0;
manchester_advance(instance->manchester_state, ManchesterEventReset, &instance->manchester_state, NULL);
return;
}
}
break;
case FiatSpaDecoderStepData: {
ManchesterEvent event = ManchesterEventReset;
if(duration < te_short) {
diff = te_short - duration;
if(diff < te_delta) {
event = level ? ManchesterEventShortLow : ManchesterEventShortHigh;
}
} else {
diff = duration - te_short;
if(diff < te_delta) {
event = level ? ManchesterEventShortLow : ManchesterEventShortHigh;
} else {
if(duration < te_long) {
diff = te_long - duration;
} else {
diff = duration - te_long;
}
if(diff < te_delta) {
event = level ? ManchesterEventLongLow : ManchesterEventLongHigh;
}
}
}
if(event != ManchesterEventReset) {
bool data_bit_bool;
if(manchester_advance(
instance->manchester_state,
event,
&instance->manchester_state,
&data_bit_bool)) {
uint32_t new_bit = data_bit_bool ? 1 : 0;
uint32_t carry = (instance->data_low >> 31) & 1;
instance->data_low = (instance->data_low << 1) | new_bit;
instance->data_high = (instance->data_high << 1) | carry;
instance->bit_count++;
if(instance->bit_count == 64) {
instance->fix = instance->data_low;
instance->hop = instance->data_high;
instance->data_low = 0;
instance->data_high = 0;
}
if(instance->bit_count == 0x47) {
instance->endbyte = (uint8_t)(instance->data_low & 0x3F);
instance->generic.data = ((uint64_t)instance->hop << 32) | instance->fix;
instance->generic.data_count_bit = 71;
instance->generic.serial = instance->fix;
instance->generic.btn = instance->endbyte;
instance->generic.cnt = instance->hop;
instance->decoder.decode_data = instance->generic.data;
instance->decoder.decode_count_bit = instance->generic.data_count_bit;
if(instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
instance->data_low = 0;
instance->data_high = 0;
instance->bit_count = 0;
instance->decoder.parser_step = FiatSpaDecoderStepReset;
}
}
} else {
if(instance->bit_count == 0x47) {
instance->endbyte = (uint8_t)(instance->data_low & 0x3F);
instance->generic.data = ((uint64_t)instance->hop << 32) | instance->fix;
instance->generic.data_count_bit = 71;
instance->generic.serial = instance->fix;
instance->generic.btn = instance->endbyte;
instance->generic.cnt = instance->hop;
instance->decoder.decode_data = instance->generic.data;
instance->decoder.decode_count_bit = instance->generic.data_count_bit;
if(instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
instance->data_low = 0;
instance->data_high = 0;
instance->bit_count = 0;
instance->decoder.parser_step = FiatSpaDecoderStepReset;
} else if(instance->bit_count < 64) {
instance->decoder.parser_step = FiatSpaDecoderStepReset;
}
}
break;
}
}
}
uint8_t subghz_protocol_decoder_fiat_spa_get_hash_data(void* context) {
furi_assert(context);
SubGhzProtocolDecoderFiatSpa* instance = context;
return subghz_protocol_blocks_get_hash_data(
&instance->decoder, (instance->decoder.decode_count_bit / 8) + 1);
}
SubGhzProtocolStatus subghz_protocol_decoder_fiat_spa_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset) {
furi_assert(context);
SubGhzProtocolDecoderFiatSpa* instance = context;
SubGhzProtocolStatus ret = SubGhzProtocolStatusError;
do {
if(subghz_block_generic_serialize(&instance->generic, flipper_format, preset) !=
SubGhzProtocolStatusOk) {
break;
}
if(!flipper_format_write_uint32(
flipper_format, "EndByte", (uint32_t*)&instance->endbyte, 1)) {
break;
}
ret = SubGhzProtocolStatusOk;
} while(false);
return ret;
}
SubGhzProtocolStatus subghz_protocol_decoder_fiat_spa_deserialize(
void* context,
FlipperFormat* flipper_format) {
furi_assert(context);
SubGhzProtocolDecoderFiatSpa* instance = context;
SubGhzProtocolStatus ret = SubGhzProtocolStatusError;
do {
ret = subghz_block_generic_deserialize(&instance->generic, flipper_format);
if(ret != SubGhzProtocolStatusOk) break;
uint32_t endbyte_temp = 0;
if(!flipper_format_read_uint32(flipper_format, "EndByte", &endbyte_temp, 1)) {
instance->endbyte = 0;
} else {
instance->endbyte = (uint8_t)endbyte_temp;
}
instance->hop = (uint32_t)(instance->generic.data >> 32);
instance->fix = (uint32_t)(instance->generic.data & 0xFFFFFFFF);
instance->generic.cnt = instance->hop;
instance->generic.serial = instance->fix;
instance->generic.btn = instance->endbyte;
ret = SubGhzProtocolStatusOk;
} while(false);
return ret;
}
void subghz_protocol_decoder_fiat_spa_get_string(void* context, FuriString* output) {
furi_assert(context);
SubGhzProtocolCommonFiatSpa* instance = context;
furi_string_cat_printf(
output,
"%s %dbit\r\n"
"Key:%08lX%08lX\r\n"
"Fix:%08lX\r\n"
"Hop:%08lX\r\n"
"EndByte:%02X",
instance->generic.protocol_name,
instance->generic.data_count_bit,
(uint32_t)(instance->generic.data >> 32),
(uint32_t)(instance->generic.data & 0xFFFFFFFF),
instance->generic.serial,
instance->generic.cnt,
instance->generic.btn);
}
void* subghz_protocol_encoder_fiat_spa_alloc(SubGhzEnvironment* environment) {
UNUSED(environment);
SubGhzProtocolEncoderFiatSpa* instance = malloc(sizeof(SubGhzProtocolEncoderFiatSpa));
instance->base.protocol = &subghz_protocol_fiat_spa;
instance->generic.protocol_name = instance->base.protocol->name;
instance->encoder.repeat = 3;
instance->encoder.size_upload = FIAT_SPA_UPLOAD_MAX;
instance->encoder.upload = malloc(instance->encoder.size_upload * sizeof(LevelDuration));
instance->encoder.is_running = false;
instance->encoder.front = 0;
instance->hop = 0;
instance->fix = 0;
instance->endbyte = 0;
return instance;
}
void subghz_protocol_encoder_fiat_spa_free(void* context) {
furi_assert(context);
SubGhzProtocolEncoderFiatSpa* instance = context;
if(instance->encoder.upload) {
free(instance->encoder.upload);
}
free(instance);
}
void subghz_protocol_encoder_fiat_spa_stop(void* context) {
furi_assert(context);
SubGhzProtocolEncoderFiatSpa* instance = context;
instance->encoder.is_running = false;
}
LevelDuration subghz_protocol_encoder_fiat_spa_yield(void* context) {
furi_assert(context);
SubGhzProtocolEncoderFiatSpa* instance = context;
if(!instance->encoder.is_running || instance->encoder.repeat == 0) {
instance->encoder.is_running = false;
return level_duration_reset();
}
LevelDuration ret = instance->encoder.upload[instance->encoder.front];
if(++instance->encoder.front == instance->encoder.size_upload) {
instance->encoder.repeat--;
instance->encoder.front = 0;
}
return ret;
}
static void subghz_protocol_encoder_fiat_spa_get_upload(SubGhzProtocolEncoderFiatSpa* instance) {
furi_assert(instance);
size_t index = 0;
uint32_t te_short = subghz_protocol_fiat_spa_const.te_short;
uint32_t te_long = subghz_protocol_fiat_spa_const.te_long;
uint64_t data = ((uint64_t)instance->hop << 32) | instance->fix;
uint8_t endbyte_to_send = instance->endbyte >> 1;
for(uint8_t burst = 0; burst < FIAT_SPA_TOTAL_BURSTS; burst++) {
if(burst > 0) {
instance->encoder.upload[index++] =
level_duration_make(false, FIAT_SPA_INTER_BURST_GAP);
}
for(int i = 0; i < FIAT_SPA_PREAMBLE_PAIRS; i++) {
instance->encoder.upload[index++] = level_duration_make(true, te_short);
instance->encoder.upload[index++] = level_duration_make(false, te_short);
}
instance->encoder.upload[index - 1] = level_duration_make(false, FIAT_SPA_GAP_US);
bool first_bit = (data >> 63) & 1;
if(first_bit) {
instance->encoder.upload[index++] = level_duration_make(true, te_long);
} else {
instance->encoder.upload[index++] = level_duration_make(true, te_short);
instance->encoder.upload[index++] = level_duration_make(false, te_long);
}
bool prev_bit = first_bit;
for(int bit = 62; bit >= 0; bit--) {
bool curr_bit = (data >> bit) & 1;
if(!prev_bit && !curr_bit) {
instance->encoder.upload[index++] = level_duration_make(true, te_short);
instance->encoder.upload[index++] = level_duration_make(false, te_short);
} else if(!prev_bit && curr_bit) {
instance->encoder.upload[index++] = level_duration_make(true, te_long);
} else if(prev_bit && !curr_bit) {
instance->encoder.upload[index++] = level_duration_make(false, te_long);
} else {
instance->encoder.upload[index++] = level_duration_make(false, te_short);
instance->encoder.upload[index++] = level_duration_make(true, te_short);
}
prev_bit = curr_bit;
}
for(int bit = 5; bit >= 0; bit--) {
bool curr_bit = (endbyte_to_send >> bit) & 1;
if(!prev_bit && !curr_bit) {
instance->encoder.upload[index++] = level_duration_make(true, te_short);
instance->encoder.upload[index++] = level_duration_make(false, te_short);
} else if(!prev_bit && curr_bit) {
instance->encoder.upload[index++] = level_duration_make(true, te_long);
} else if(prev_bit && !curr_bit) {
instance->encoder.upload[index++] = level_duration_make(false, te_long);
} else {
instance->encoder.upload[index++] = level_duration_make(false, te_short);
instance->encoder.upload[index++] = level_duration_make(true, te_short);
}
prev_bit = curr_bit;
}
if(prev_bit) {
instance->encoder.upload[index++] = level_duration_make(false, te_short);
}
instance->encoder.upload[index++] = level_duration_make(false, te_short * 8);
}
instance->encoder.size_upload = index;
instance->encoder.front = 0;
}
SubGhzProtocolStatus subghz_protocol_encoder_fiat_spa_deserialize(
void* context,
FlipperFormat* flipper_format) {
furi_assert(context);
SubGhzProtocolEncoderFiatSpa* instance = context;
SubGhzProtocolStatus ret = SubGhzProtocolStatusError;
do {
ret = subghz_block_generic_deserialize(&instance->generic, flipper_format);
if(ret != SubGhzProtocolStatusOk) break;
instance->hop = (uint32_t)(instance->generic.data >> 32);
instance->fix = (uint32_t)(instance->generic.data & 0xFFFFFFFF);
uint32_t endbyte_temp = 0;
if(!flipper_format_read_uint32(flipper_format, "EndByte", &endbyte_temp, 1)) {
instance->endbyte = 0;
} else {
instance->endbyte = (uint8_t)endbyte_temp;
}
instance->generic.cnt = instance->hop;
instance->generic.serial = instance->fix;
instance->generic.btn = instance->endbyte;
subghz_protocol_encoder_fiat_spa_get_upload(instance);
instance->encoder.is_running = true;
ret = SubGhzProtocolStatusOk;
} while(false);
return ret;
}

32
lib/subghz/protocols/fiat_spa.h Normal file
View File

@@ -0,0 +1,32 @@
#pragma once
#include "base.h"
#define SUBGHZ_PROTOCOL_FIAT_SPA_NAME "FIAT SPA"
typedef struct SubGhzProtocolDecoderFiatSpa SubGhzProtocolDecoderFiatSpa;
typedef struct SubGhzProtocolEncoderFiatSpa SubGhzProtocolEncoderFiatSpa;
extern const SubGhzProtocol subghz_protocol_fiat_spa;
void* subghz_protocol_decoder_fiat_spa_alloc(SubGhzEnvironment* environment);
void subghz_protocol_decoder_fiat_spa_free(void* context);
void subghz_protocol_decoder_fiat_spa_reset(void* context);
void subghz_protocol_decoder_fiat_spa_feed(void* context, bool level, uint32_t duration);
uint8_t subghz_protocol_decoder_fiat_spa_get_hash_data(void* context);
SubGhzProtocolStatus subghz_protocol_decoder_fiat_spa_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset);
SubGhzProtocolStatus subghz_protocol_decoder_fiat_spa_deserialize(
void* context,
FlipperFormat* flipper_format);
void subghz_protocol_decoder_fiat_spa_get_string(void* context, FuriString* output);
void* subghz_protocol_encoder_fiat_spa_alloc(SubGhzEnvironment* environment);
void subghz_protocol_encoder_fiat_spa_free(void* context);
SubGhzProtocolStatus subghz_protocol_encoder_fiat_spa_deserialize(
void* context,
FlipperFormat* flipper_format);
void subghz_protocol_encoder_fiat_spa_stop(void* context);
LevelDuration subghz_protocol_encoder_fiat_spa_yield(void* context);

655
lib/subghz/protocols/fiat_v0.c
View File

@@ -1,655 +0,0 @@
#include "fiat_v0.h"
#include <inttypes.h>
#include <lib/toolbox/manchester_decoder.h>
#define TAG "FiatProtocolV0"
#define FIAT_V0_PREAMBLE_PAIRS 150
#define FIAT_V0_GAP_US 800
#define FIAT_V0_TOTAL_BURSTS 3
#define FIAT_V0_INTER_BURST_GAP 25000
static const SubGhzBlockConst subghz_protocol_fiat_v0_const = {
.te_short = 200,
.te_long = 400,
.te_delta = 100,
.min_count_bit_for_found = 71,
};
struct SubGhzProtocolDecoderFiatV0 {
SubGhzProtocolDecoderBase base;
SubGhzBlockDecoder decoder;
SubGhzBlockGeneric generic;
ManchesterState manchester_state;
uint8_t decoder_state;
uint16_t preamble_count;
uint32_t data_low;
uint32_t data_high;
uint8_t bit_count;
uint32_t hop;
uint32_t fix;
uint8_t endbyte;
uint8_t final_count;
uint32_t te_last;
};
struct SubGhzProtocolEncoderFiatV0 {
SubGhzProtocolEncoderBase base;
SubGhzProtocolBlockEncoder encoder;
SubGhzBlockGeneric generic;
uint32_t hop;
uint32_t fix;
uint8_t endbyte;
size_t upload_capacity;
};
typedef enum {
FiatV0DecoderStepReset = 0,
FiatV0DecoderStepPreamble = 1,
FiatV0DecoderStepData = 2,
} FiatV0DecoderStep;
// ============================================================================
// PROTOCOL INTERFACE DEFINITIONS
// ============================================================================
const SubGhzProtocolDecoder subghz_protocol_fiat_v0_decoder = {
.alloc = subghz_protocol_decoder_fiat_v0_alloc,
.free = subghz_protocol_decoder_fiat_v0_free,
.feed = subghz_protocol_decoder_fiat_v0_feed,
.reset = subghz_protocol_decoder_fiat_v0_reset,
.get_hash_data = subghz_protocol_decoder_fiat_v0_get_hash_data,
.serialize = subghz_protocol_decoder_fiat_v0_serialize,
.deserialize = subghz_protocol_decoder_fiat_v0_deserialize,
.get_string = subghz_protocol_decoder_fiat_v0_get_string,
};
const SubGhzProtocolEncoder subghz_protocol_fiat_v0_encoder = {
.alloc = subghz_protocol_encoder_fiat_v0_alloc,
.free = subghz_protocol_encoder_fiat_v0_free,
.deserialize = subghz_protocol_encoder_fiat_v0_deserialize,
.stop = subghz_protocol_encoder_fiat_v0_stop,
.yield = subghz_protocol_encoder_fiat_v0_yield,
};
const SubGhzProtocol subghz_protocol_fiat_v0 = {
.name = FIAT_PROTOCOL_V0_NAME,
.type = SubGhzProtocolTypeStatic,
.flag = SubGhzProtocolFlag_433 | SubGhzProtocolFlag_FM | SubGhzProtocolFlag_Decodable |
SubGhzProtocolFlag_Load | SubGhzProtocolFlag_Save | SubGhzProtocolFlag_Send,
.decoder = &subghz_protocol_fiat_v0_decoder,
.encoder = &subghz_protocol_fiat_v0_encoder,
};
// ============================================================================
// ENCODER IMPLEMENTATION
// ============================================================================
static size_t fiat_v0_encoder_calc_required_upload(void) {
// Per burst:
// preamble: FIAT_V0_PREAMBLE_PAIRS pairs => 2 elements each
// data: 64 bits Manchester => 2 elements per bit
// endbyte: 7 bits Manchester => 2 elements per bit
// trailer: 1 element (extended low)
const size_t per_burst = (FIAT_V0_PREAMBLE_PAIRS * 2) + (64 * 2) + (7 * 2) + 1;
// Inter-burst gap: 1 element between each pair of bursts
return (FIAT_V0_TOTAL_BURSTS * per_burst) +
(FIAT_V0_TOTAL_BURSTS > 0 ? (FIAT_V0_TOTAL_BURSTS - 1) : 0);
}
void* subghz_protocol_encoder_fiat_v0_alloc(SubGhzEnvironment* environment) {
UNUSED(environment);
SubGhzProtocolEncoderFiatV0* instance = calloc(1, sizeof(SubGhzProtocolEncoderFiatV0));
furi_check(instance);
instance->base.protocol = &subghz_protocol_fiat_v0;
instance->generic.protocol_name = instance->base.protocol->name;
instance->encoder.repeat = 10;
instance->encoder.size_upload = 0;
instance->upload_capacity = fiat_v0_encoder_calc_required_upload();
instance->encoder.upload = calloc(instance->upload_capacity, sizeof(LevelDuration));
furi_check(instance->encoder.upload);
instance->encoder.is_running = false;
return instance;
}
void subghz_protocol_encoder_fiat_v0_free(void* context) {
furi_check(context);
SubGhzProtocolEncoderFiatV0* instance = context;
if(instance->encoder.upload) {
free(instance->encoder.upload);
}
free(instance);
}
static void subghz_protocol_encoder_fiat_v0_get_upload(SubGhzProtocolEncoderFiatV0* instance) {
furi_check(instance);
const size_t required = fiat_v0_encoder_calc_required_upload();
// Capacity is pre-allocated at alloc time — assert it is sufficient
furi_check(required <= instance->upload_capacity);
size_t index = 0;
uint32_t te_short = subghz_protocol_fiat_v0_const.te_short;
FURI_LOG_I(
TAG,
"Building upload: hop=0x%08lX, fix=0x%08lX, endbyte=0x%02X",
instance->hop,
instance->fix,
instance->endbyte & 0x7F);
for(uint8_t burst = 0; burst < FIAT_V0_TOTAL_BURSTS; burst++) {
if(burst > 0) {
instance->encoder.upload[index++] =
level_duration_make(false, FIAT_V0_INTER_BURST_GAP);
}
// Preamble: alternating short pulses
for(int i = 0; i < FIAT_V0_PREAMBLE_PAIRS; i++) {
instance->encoder.upload[index++] = level_duration_make(true, te_short);
instance->encoder.upload[index++] = level_duration_make(false, te_short);
}
// Extend last LOW to create the sync gap
instance->encoder.upload[index - 1] = level_duration_make(false, FIAT_V0_GAP_US);
// Combine hop and fix into 64-bit data word
uint64_t data = ((uint64_t)instance->hop << 32) | instance->fix;
// Manchester encode 64 bits of data (MSB first)
for(int bit = 63; bit >= 0; bit--) {
bool curr_bit = (data >> bit) & 1;
if(curr_bit) {
instance->encoder.upload[index++] = level_duration_make(true, te_short);
instance->encoder.upload[index++] = level_duration_make(false, te_short);
} else {
instance->encoder.upload[index++] = level_duration_make(false, te_short);
instance->encoder.upload[index++] = level_duration_make(true, te_short);
}
}
// Manchester encode 7 bits of endbyte (bits 6:0, MSB first)
uint8_t endbyte = (uint8_t)(instance->endbyte & 0x7F);
for(int bit = 6; bit >= 0; bit--) {
bool curr_bit = (endbyte >> bit) & 1;
if(curr_bit) {
instance->encoder.upload[index++] = level_duration_make(true, te_short);
instance->encoder.upload[index++] = level_duration_make(false, te_short);
} else {
instance->encoder.upload[index++] = level_duration_make(false, te_short);
instance->encoder.upload[index++] = level_duration_make(true, te_short);
}
}
// Burst trailer: extended LOW
instance->encoder.upload[index++] = level_duration_make(false, te_short * 4);
}
furi_check(index <= instance->upload_capacity);
instance->encoder.size_upload = index;
instance->encoder.front = 0;
FURI_LOG_I(TAG, "Upload built: %zu elements", instance->encoder.size_upload);
}
SubGhzProtocolStatus
subghz_protocol_encoder_fiat_v0_deserialize(void* context, FlipperFormat* flipper_format) {
furi_check(context);
SubGhzProtocolEncoderFiatV0* instance = context;
SubGhzProtocolStatus ret = SubGhzProtocolStatusError;
instance->encoder.is_running = false;
instance->encoder.front = 0;
instance->encoder.repeat = 10;
flipper_format_rewind(flipper_format);
FuriString* temp_str = furi_string_alloc();
furi_check(temp_str);
do {
if(!flipper_format_read_string(flipper_format, "Protocol", temp_str)) {
FURI_LOG_E(TAG, "Missing Protocol");
break;
}
if(!furi_string_equal(temp_str, instance->base.protocol->name)) {
FURI_LOG_E(TAG, "Wrong protocol: %s", furi_string_get_cstr(temp_str));
break;
}
uint32_t bit_count_temp = 0;
if(flipper_format_read_uint32(flipper_format, "Bit", &bit_count_temp, 1)) {
// Protocol transmits 71 bits: 64-bit key + 7-bit endbyte
if(bit_count_temp == 64 || bit_count_temp == 71) {
instance->generic.data_count_bit = bit_count_temp;
} else {
FURI_LOG_E(
TAG,
"Unexpected Bit value %lu, defaulting to 71",
(unsigned long)bit_count_temp);
instance->generic.data_count_bit = 71;
}
} else {
FURI_LOG_E(TAG, "Missing Bit");
break;
}
if(!flipper_format_read_string(flipper_format, "Key", temp_str)) {
FURI_LOG_E(TAG, "Missing Key");
break;
}
const char* key_str = furi_string_get_cstr(temp_str);
uint64_t key = 0;
size_t str_len = strlen(key_str);
size_t hex_pos = 0;
for(size_t i = 0; i < str_len && hex_pos < 16; i++) {
char c = key_str[i];
if(c == ' ') continue;
uint8_t nibble;
if(c >= '0' && c <= '9') {
nibble = (uint8_t)(c - '0');
} else if(c >= 'A' && c <= 'F') {
nibble = (uint8_t)(c - 'A' + 10);
} else if(c >= 'a' && c <= 'f') {
nibble = (uint8_t)(c - 'a' + 10);
} else {
break;
}
key = (key << 4) | nibble;
hex_pos++;
}
if(hex_pos != 16) {
FURI_LOG_E(TAG, "Key parse error: expected 16 hex nibbles, got %u", (unsigned)hex_pos);
break;
}
instance->generic.data = key;
instance->hop = (uint32_t)(key >> 32);
instance->fix = (uint32_t)(key & 0xFFFFFFFF);
uint32_t btn_temp = 0;
if(flipper_format_read_uint32(flipper_format, "Btn", &btn_temp, 1)) {
instance->endbyte = (uint8_t)(btn_temp & 0x7F);
} else {
instance->endbyte = 0;
}
instance->generic.btn = instance->endbyte;
instance->generic.cnt = instance->hop;
instance->generic.serial = instance->fix;
uint32_t repeat_temp = 0;
if(flipper_format_read_uint32(flipper_format, "Repeat", &repeat_temp, 1)) {
instance->encoder.repeat = repeat_temp;
} else {
instance->encoder.repeat = 10;
}
subghz_protocol_encoder_fiat_v0_get_upload(instance);
instance->encoder.is_running = true;
FURI_LOG_I(
TAG,
"Encoder ready: hop=0x%08lX, fix=0x%08lX, endbyte=0x%02X",
instance->hop,
instance->fix,
instance->endbyte);
ret = SubGhzProtocolStatusOk;
} while(false);
furi_string_free(temp_str);
return ret;
}
void subghz_protocol_encoder_fiat_v0_stop(void* context) {
furi_check(context);
SubGhzProtocolEncoderFiatV0* instance = context;
instance->encoder.is_running = false;
}
LevelDuration subghz_protocol_encoder_fiat_v0_yield(void* context) {
furi_check(context);
SubGhzProtocolEncoderFiatV0* instance = context;
if(!instance->encoder.is_running || instance->encoder.repeat == 0) {
instance->encoder.is_running = false;
return level_duration_reset();
}
LevelDuration ret = instance->encoder.upload[instance->encoder.front];
if(++instance->encoder.front == instance->encoder.size_upload) {
instance->encoder.repeat--;
instance->encoder.front = 0;
}
return ret;
}
// ============================================================================
// DECODER IMPLEMENTATION
// ============================================================================
void* subghz_protocol_decoder_fiat_v0_alloc(SubGhzEnvironment* environment) {
UNUSED(environment);
SubGhzProtocolDecoderFiatV0* instance = calloc(1, sizeof(SubGhzProtocolDecoderFiatV0));
furi_check(instance);
instance->base.protocol = &subghz_protocol_fiat_v0;
instance->generic.protocol_name = instance->base.protocol->name;
return instance;
}
void subghz_protocol_decoder_fiat_v0_free(void* context) {
furi_check(context);
SubGhzProtocolDecoderFiatV0* instance = context;
free(instance);
}
void subghz_protocol_decoder_fiat_v0_reset(void* context) {
furi_check(context);
SubGhzProtocolDecoderFiatV0* instance = context;
instance->decoder.parser_step = FiatV0DecoderStepReset;
instance->decoder_state = 0;
instance->preamble_count = 0;
instance->data_low = 0;
instance->data_high = 0;
instance->bit_count = 0;
instance->hop = 0;
instance->fix = 0;
instance->endbyte = 0;
instance->final_count = 0;
instance->te_last = 0;
instance->manchester_state = ManchesterStateMid1;
}
// Helper: transition decoder into data-collection state
static void
fiat_v0_decoder_enter_data_state(SubGhzProtocolDecoderFiatV0* instance, uint32_t duration) {
instance->decoder_state = FiatV0DecoderStepData;
instance->preamble_count = 0;
instance->data_low = 0;
instance->data_high = 0;
instance->bit_count = 0;
instance->te_last = duration;
manchester_advance(
instance->manchester_state, ManchesterEventReset, &instance->manchester_state, NULL);
}
void subghz_protocol_decoder_fiat_v0_feed(void* context, bool level, uint32_t duration) {
furi_check(context);
SubGhzProtocolDecoderFiatV0* instance = context;
uint32_t te_short = (uint32_t)subghz_protocol_fiat_v0_const.te_short;
uint32_t te_long = (uint32_t)subghz_protocol_fiat_v0_const.te_long;
uint32_t te_delta = (uint32_t)subghz_protocol_fiat_v0_const.te_delta;
uint32_t gap_threshold = FIAT_V0_GAP_US;
uint32_t diff;
switch(instance->decoder_state) {
case FiatV0DecoderStepReset:
if(!level) {
return;
}
if(duration < te_short) {
diff = te_short - duration;
} else {
diff = duration - te_short;
}
if(diff < te_delta) {
instance->data_low = 0;
instance->data_high = 0;
instance->decoder_state = FiatV0DecoderStepPreamble;
instance->te_last = duration;
instance->preamble_count = 0;
instance->bit_count = 0;
manchester_advance(
instance->manchester_state,
ManchesterEventReset,
&instance->manchester_state,
NULL);
}
break;
case FiatV0DecoderStepPreamble:
if(level) {
if(duration < te_short) {
diff = te_short - duration;
} else {
diff = duration - te_short;
}
if(diff < te_delta) {
instance->preamble_count++;
instance->te_last = duration;
} else {
instance->decoder_state = FiatV0DecoderStepReset;
}
return;
}
if(duration < te_short) {
diff = te_short - duration;
} else {
diff = duration - te_short;
}
if(diff < te_delta) {
instance->preamble_count++;
instance->te_last = duration;
} else {
if(instance->preamble_count >= 0x96) {
if(duration < gap_threshold) {
diff = gap_threshold - duration;
} else {
diff = duration - gap_threshold;
}
if(diff < te_delta) {
fiat_v0_decoder_enter_data_state(instance, duration);
return;
}
}
instance->decoder_state = FiatV0DecoderStepReset;
}
if(instance->preamble_count >= 0x96 &&
instance->decoder_state == FiatV0DecoderStepPreamble) {
if(duration < gap_threshold) {
diff = gap_threshold - duration;
} else {
diff = duration - gap_threshold;
}
if(diff < te_delta) {
fiat_v0_decoder_enter_data_state(instance, duration);
return;
}
}
break;
case FiatV0DecoderStepData:
ManchesterEvent event = ManchesterEventReset;
if(duration < te_short) {
diff = te_short - duration;
if(diff < te_delta) {
event = level ? ManchesterEventShortLow : ManchesterEventShortHigh;
}
} else {
diff = duration - te_short;
if(diff < te_delta) {
event = level ? ManchesterEventShortLow : ManchesterEventShortHigh;
} else {
if(duration < te_long) {
diff = te_long - duration;
} else {
diff = duration - te_long;
}
if(diff < te_delta) {
event = level ? ManchesterEventLongLow : ManchesterEventLongHigh;
}
}
}
if(event != ManchesterEventReset) {
bool data_bit_bool;
if(manchester_advance(
instance->manchester_state,
event,
&instance->manchester_state,
&data_bit_bool)) {
uint32_t new_bit = data_bit_bool ? 1 : 0;
uint32_t carry = (instance->data_low >> 31) & 1;
instance->data_low = (instance->data_low << 1) | new_bit;
instance->data_high = (instance->data_high << 1) | carry;
instance->bit_count++;
if(instance->bit_count == 0x40) {
instance->fix = instance->data_low;
instance->hop = instance->data_high;
instance->data_low = 0;
instance->data_high = 0;
}
if(instance->bit_count == 0x47) {
instance->final_count = instance->bit_count;
instance->endbyte = (uint8_t)instance->data_low;
FURI_LOG_I(TAG, "Decoded: hop=0x%08lX fix=0x%08lX endbyte=0x%02X",
instance->hop, instance->fix, instance->endbyte & 0x7F);
instance->generic.data = ((uint64_t)instance->hop << 32) | instance->fix;
instance->generic.data_count_bit = 71;
instance->generic.serial = instance->fix;
instance->generic.btn = instance->endbyte;
instance->generic.cnt = instance->hop;
if(instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
instance->data_low = 0;
instance->data_high = 0;
instance->bit_count = 0;
instance->decoder_state = FiatV0DecoderStepReset;
}
}
} else {
if(instance->bit_count == 0x47) {
uint8_t data_low_byte = (uint8_t)instance->data_low;
instance->endbyte = data_low_byte;
FURI_LOG_I(TAG, "Decoded (gap): hop=0x%08lX fix=0x%08lX endbyte=0x%02X",
instance->hop, instance->fix, instance->endbyte & 0x7F);
instance->generic.data = ((uint64_t)instance->hop << 32) | instance->fix;
instance->generic.data_count_bit = 71;
instance->generic.serial = instance->fix;
instance->generic.btn = instance->endbyte;
instance->generic.cnt = instance->hop;
if(instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
instance->data_low = 0;
instance->data_high = 0;
instance->bit_count = 0;
instance->decoder_state = FiatV0DecoderStepReset;
} else if(instance->bit_count < 0x40) {
instance->decoder_state = FiatV0DecoderStepReset;
}
}
instance->te_last = duration;
break;
}
}
uint8_t subghz_protocol_decoder_fiat_v0_get_hash_data(void* context) {
furi_check(context);
SubGhzProtocolDecoderFiatV0* instance = context;
SubGhzBlockDecoder decoder = {
.decode_data = instance->generic.data,
.decode_count_bit = instance->generic.data_count_bit};
return subghz_protocol_blocks_get_hash_data(&decoder, (decoder.decode_count_bit / 8) + 1);
}
SubGhzProtocolStatus subghz_protocol_decoder_fiat_v0_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset) {
furi_check(context);
SubGhzProtocolDecoderFiatV0* instance = context;
SubGhzProtocolStatus ret = SubGhzProtocolStatusError;
// Use the standard generic serialize helper (handles Filetype, Version, Frequency, Preset, Protocol, Bit, Key)
ret = subghz_block_generic_serialize(&instance->generic, flipper_format, preset);
if(ret == SubGhzProtocolStatusOk) {
// Save CRC - calculate from key bytes (use uint32_t as required by flipper_format_write_uint32)
uint64_t key64 = instance->generic.data;
uint32_t crc = 0;
for(int i = 0; i < 8; i++) {
crc ^= (uint32_t)((key64 >> (i * 8)) & 0xFF);
}
flipper_format_write_uint32(flipper_format, "CRC", &crc, 1);
// Save decoded fields
flipper_format_write_uint32(flipper_format, "Serial", &instance->generic.serial, 1);
uint32_t temp = instance->generic.btn;
flipper_format_write_uint32(flipper_format, "Btn", &temp, 1);
flipper_format_write_uint32(flipper_format, "Cnt", &instance->generic.cnt, 1);
}
return ret;
}
SubGhzProtocolStatus subghz_protocol_decoder_fiat_v0_deserialize(void* context, FlipperFormat* flipper_format) {
furi_check(context);
SubGhzProtocolDecoderFiatV0* instance = context;
// Use the standard generic deserialize helper
SubGhzProtocolStatus ret = subghz_block_generic_deserialize(&instance->generic, flipper_format);
if(ret == SubGhzProtocolStatusOk) {
// Extract hop and fix from the loaded key
instance->hop = (uint32_t)(instance->generic.data >> 32);
instance->fix = (uint32_t)(instance->generic.data & 0xFFFFFFFF);
// The btn value is already loaded by generic_deserialize into instance->generic.btn
instance->endbyte = instance->generic.btn;
}
return ret;
}
void subghz_protocol_decoder_fiat_v0_get_string(void* context, FuriString* output) {
furi_check(context);
SubGhzProtocolDecoderFiatV0* instance = context;
furi_string_cat_printf(
output,
"%s %dbit\r\n"
"Key:%08lX%08lX\r\n"
"Hop:%08lX\r\n"
"Sn:%08lX\r\n"
"EndByte:%02X\r\n",
instance->generic.protocol_name,
instance->generic.data_count_bit,
instance->hop,
instance->fix,
instance->hop,
instance->fix,
instance->endbyte & 0x7F);
}

41
lib/subghz/protocols/fiat_v0.h
View File

@@ -1,41 +0,0 @@
#pragma once
#include <furi.h>
#include <lib/subghz/protocols/base.h>
#include <lib/subghz/types.h>
#include <lib/subghz/blocks/const.h>
#include <lib/subghz/blocks/decoder.h>
#include <lib/subghz/blocks/encoder.h>
#include <lib/subghz/blocks/generic.h>
#include <lib/subghz/blocks/math.h>
#include <lib/toolbox/manchester_decoder.h>
#include <flipper_format/flipper_format.h>
#define FIAT_PROTOCOL_V0_NAME "Fiat SpA"
typedef struct SubGhzProtocolDecoderFiatV0 SubGhzProtocolDecoderFiatV0;
typedef struct SubGhzProtocolEncoderFiatV0 SubGhzProtocolEncoderFiatV0;
extern const SubGhzProtocol subghz_protocol_fiat_v0;
// Decoder functions
void* subghz_protocol_decoder_fiat_v0_alloc(SubGhzEnvironment* environment);
void subghz_protocol_decoder_fiat_v0_free(void* context);
void subghz_protocol_decoder_fiat_v0_reset(void* context);
void subghz_protocol_decoder_fiat_v0_feed(void* context, bool level, uint32_t duration);
uint8_t subghz_protocol_decoder_fiat_v0_get_hash_data(void* context);
SubGhzProtocolStatus subghz_protocol_decoder_fiat_v0_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset);
SubGhzProtocolStatus
subghz_protocol_decoder_fiat_v0_deserialize(void* context, FlipperFormat* flipper_format);
void subghz_protocol_decoder_fiat_v0_get_string(void* context, FuriString* output);
// Encoder functions
void* subghz_protocol_encoder_fiat_v0_alloc(SubGhzEnvironment* environment);
void subghz_protocol_encoder_fiat_v0_free(void* context);
SubGhzProtocolStatus
subghz_protocol_encoder_fiat_v0_deserialize(void* context, FlipperFormat* flipper_format);
void subghz_protocol_encoder_fiat_v0_stop(void* context);
LevelDuration subghz_protocol_encoder_fiat_v0_yield(void* context);

274
lib/subghz/protocols/honda.c
View File

@@ -1,274 +0,0 @@
#include "honda.h"
#define TAG "SubGhzProtocolHonda"
static const SubGhzBlockConst subghz_protocol_honda_const = {
.te_short = 432, // Short pulse ~432µs
.te_long = 864, // Long pulse ~864µs (2x short)
.te_delta = 150, // Tolerance
.min_count_bit_for_found = 64,
};
typedef struct SubGhzProtocolDecoderHonda {
SubGhzProtocolDecoderBase base;
SubGhzBlockDecoder decoder;
SubGhzBlockGeneric generic;
uint16_t header_count;
} SubGhzProtocolDecoderHonda;
typedef struct SubGhzProtocolEncoderHonda {
SubGhzProtocolEncoderBase base;
SubGhzProtocolBlockEncoder encoder;
SubGhzBlockGeneric generic;
} SubGhzProtocolEncoderHonda;
typedef enum {
HondaDecoderStepReset = 0,
HondaDecoderStepCheckPreamble,
HondaDecoderStepSaveDuration,
HondaDecoderStepCheckDuration,
} HondaDecoderStep;
static void subghz_protocol_decoder_honda_reset_internal(SubGhzProtocolDecoderHonda* instance) {
memset(&instance->decoder, 0, sizeof(instance->decoder));
memset(&instance->generic, 0, sizeof(instance->generic));
instance->decoder.parser_step = HondaDecoderStepReset;
instance->header_count = 0;
}
const SubGhzProtocolDecoder subghz_protocol_honda_decoder = {
.alloc = subghz_protocol_decoder_honda_alloc,
.free = subghz_protocol_decoder_honda_free,
.feed = subghz_protocol_decoder_honda_feed,
.reset = subghz_protocol_decoder_honda_reset,
.get_hash_data = subghz_protocol_decoder_honda_get_hash_data,
.serialize = subghz_protocol_decoder_honda_serialize,
.deserialize = subghz_protocol_decoder_honda_deserialize,
.get_string = subghz_protocol_decoder_honda_get_string,
};
const SubGhzProtocolEncoder subghz_protocol_honda_encoder = {
.alloc = NULL,
.free = NULL,
.deserialize = NULL,
.stop = NULL,
.yield = NULL,
};
const SubGhzProtocol subghz_protocol_honda = {
.name = HONDA_PROTOCOL_NAME,
.type = SubGhzProtocolTypeDynamic, // Rolling code (vulnerable)
.flag = SubGhzProtocolFlag_433 | SubGhzProtocolFlag_AM | SubGhzProtocolFlag_Decodable,
.decoder = &subghz_protocol_honda_decoder,
.encoder = &subghz_protocol_honda_encoder,
};
// ----------------- Allocation / Reset / Free -------------------
void* subghz_protocol_decoder_honda_alloc(SubGhzEnvironment* environment) {
UNUSED(environment);
SubGhzProtocolDecoderHonda* instance = calloc(1, sizeof(SubGhzProtocolDecoderHonda));
instance->base.protocol = &subghz_protocol_honda;
instance->generic.protocol_name = instance->base.protocol->name;
subghz_protocol_decoder_honda_reset(instance);
return instance;
}
void subghz_protocol_decoder_honda_free(void* context) {
furi_assert(context);
free(context);
}
void subghz_protocol_decoder_honda_reset(void* context) {
furi_assert(context);
SubGhzProtocolDecoderHonda* instance = context;
subghz_protocol_decoder_honda_reset_internal(instance);
}
// ----------------- Honda Protocol Parsing -------------------
static bool subghz_protocol_honda_parse_data(SubGhzProtocolDecoderHonda* instance) {
uint8_t* b = (uint8_t*)&instance->generic.data;
// Honda protocol structure (from rtl_433):
// Bits 0-7: Preamble/sync
// Bits 8-39: Device ID (32 bits)
// Bits 40-55: Rolling counter (16 bits)
// Bits 56-63: Function code (8 bits) - which button was pressed
// Extract device ID (bytes 1-4)
uint32_t device_id = ((uint32_t)b[1] << 24) |
(b[2] << 16) |
(b[3] << 8) |
b[4];
// Extract rolling counter (bytes 5-6)
uint16_t rolling_counter = (b[5] << 8) | b[6];
// Extract function code (byte 7)
uint8_t function = b[7];
// Store parsed data
instance->generic.serial = device_id;
instance->generic.cnt = rolling_counter;
instance->generic.btn = function;
return true;
}
// ----------------- Decoder Feed -------------------
void subghz_protocol_decoder_honda_feed(void* context, bool level, uint32_t duration) {
furi_assert(context);
SubGhzProtocolDecoderHonda* instance = context;
switch(instance->decoder.parser_step) {
case HondaDecoderStepReset:
if(level && (DURATION_DIFF(duration, subghz_protocol_honda_const.te_short) <
subghz_protocol_honda_const.te_delta)) {
instance->decoder.parser_step = HondaDecoderStepCheckPreamble;
instance->decoder.te_last = duration;
instance->header_count = 0;
instance->decoder.decode_data = 0;
instance->decoder.decode_count_bit = 0;
}
break;
case HondaDecoderStepCheckPreamble:
if(level) {
if((DURATION_DIFF(duration, subghz_protocol_honda_const.te_short) <
subghz_protocol_honda_const.te_delta)) {
instance->decoder.te_last = duration;
} else {
instance->decoder.parser_step = HondaDecoderStepReset;
}
} else {
// Looking for preamble pattern
if((DURATION_DIFF(duration, subghz_protocol_honda_const.te_short) <
subghz_protocol_honda_const.te_delta) &&
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_honda_const.te_short) <
subghz_protocol_honda_const.te_delta)) {
instance->header_count++;
} else if((DURATION_DIFF(duration, subghz_protocol_honda_const.te_long) <
subghz_protocol_honda_const.te_delta * 2) &&
instance->header_count >= 10) {
// Long gap after preamble - start of data
instance->decoder.parser_step = HondaDecoderStepSaveDuration;
instance->decoder.decode_data = 0ULL;
instance->decoder.decode_count_bit = 0;
} else {
instance->decoder.parser_step = HondaDecoderStepReset;
}
}
break;
case HondaDecoderStepSaveDuration:
if(level) {
if(duration >= (subghz_protocol_honda_const.te_long * 3)) {
// End of transmission
if(instance->decoder.decode_count_bit >=
subghz_protocol_honda_const.min_count_bit_for_found) {
instance->generic.data = instance->decoder.decode_data;
instance->generic.data_count_bit = instance->decoder.decode_count_bit;
// Parse Honda protocol structure
if(subghz_protocol_honda_parse_data(instance)) {
if(instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
}
}
subghz_protocol_decoder_honda_reset_internal(instance);
} else {
instance->decoder.te_last = duration;
instance->decoder.parser_step = HondaDecoderStepCheckDuration;
}
} else {
instance->decoder.parser_step = HondaDecoderStepReset;
}
break;
case HondaDecoderStepCheckDuration:
if(!level) {
// Manchester decoding (differential)
if((DURATION_DIFF(instance->decoder.te_last, subghz_protocol_honda_const.te_short) <
subghz_protocol_honda_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_honda_const.te_long) <
subghz_protocol_honda_const.te_delta)) {
// Short-Long = 0
subghz_protocol_blocks_add_bit(&instance->decoder, 0);
instance->decoder.parser_step = HondaDecoderStepSaveDuration;
} else if(
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_honda_const.te_long) <
subghz_protocol_honda_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_honda_const.te_short) <
subghz_protocol_honda_const.te_delta)) {
// Long-Short = 1
subghz_protocol_blocks_add_bit(&instance->decoder, 1);
instance->decoder.parser_step = HondaDecoderStepSaveDuration;
} else {
instance->decoder.parser_step = HondaDecoderStepReset;
}
} else {
instance->decoder.parser_step = HondaDecoderStepReset;
}
break;
}
}
// ----------------- API -------------------
uint8_t subghz_protocol_decoder_honda_get_hash_data(void* context) {
furi_assert(context);
SubGhzProtocolDecoderHonda* instance = context;
return subghz_protocol_blocks_get_hash_data(
&instance->decoder, (instance->decoder.decode_count_bit / 8) + 1);
}
SubGhzProtocolStatus subghz_protocol_decoder_honda_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset) {
furi_assert(context);
SubGhzProtocolDecoderHonda* instance = context;
return subghz_block_generic_serialize(&instance->generic, flipper_format, preset);
}
SubGhzProtocolStatus subghz_protocol_decoder_honda_deserialize(
void* context,
FlipperFormat* flipper_format) {
furi_assert(context);
SubGhzProtocolDecoderHonda* instance = context;
return subghz_block_generic_deserialize_check_count_bit(
&instance->generic,
flipper_format,
subghz_protocol_honda_const.min_count_bit_for_found);
}
void subghz_protocol_decoder_honda_get_string(void* context, FuriString* output) {
furi_assert(context);
SubGhzProtocolDecoderHonda* instance = context;
uint32_t hi = instance->generic.data >> 32;
uint32_t lo = instance->generic.data & 0xFFFFFFFF;
furi_string_cat_printf(
output,
"%s %dbit\r\n"
"Key:%08lX%08lX\r\n"
"ID:%08lX Btn:%02X Cnt:%04X\r\n"
"CVE:CVE-2022-27254\r\n"
"Note:Rolling code vulnerable\r\n",
instance->generic.protocol_name,
instance->generic.data_count_bit,
hi,
lo,
instance->generic.serial,
instance->generic.btn,
(uint16_t)instance->generic.cnt);
}

77
lib/subghz/protocols/honda.h
View File

@@ -1,77 +0,0 @@
#pragma once
#include <lib/subghz/protocols/base.h>
#include <lib/subghz/blocks/const.h>
#include <lib/subghz/blocks/decoder.h>
#include <lib/subghz/blocks/encoder.h>
#include <lib/subghz/blocks/generic.h>
#include <lib/subghz/blocks/math.h>
#define HONDA_PROTOCOL_NAME "Honda"
extern const SubGhzProtocol subghz_protocol_honda;
extern const SubGhzProtocolDecoder subghz_protocol_honda_decoder;
extern const SubGhzProtocolEncoder subghz_protocol_honda_encoder;
/**
* Allocates memory for the Honda protocol decoder.
* @param environment Pointer to SubGhzEnvironment
* @return Pointer to the allocated decoder instance
*/
void* subghz_protocol_decoder_honda_alloc(SubGhzEnvironment* environment);
/**
* Frees memory used by the Honda protocol decoder.
* @param context Pointer to the decoder instance
*/
void subghz_protocol_decoder_honda_free(void* context);
/**
* Resets the Honda protocol decoder state.
* @param context Pointer to the decoder instance
*/
void subghz_protocol_decoder_honda_reset(void* context);
/**
* Feeds a pulse/gap into the Honda protocol decoder.
* @param context Pointer to the decoder instance
* @param level Signal level (true = high, false = low)
* @param duration Duration of the level in microseconds
*/
void subghz_protocol_decoder_honda_feed(void* context, bool level, uint32_t duration);
/**
* Returns a hash of the decoded Honda data.
* @param context Pointer to the decoder instance
* @return Hash byte
*/
uint8_t subghz_protocol_decoder_honda_get_hash_data(void* context);
/**
* Serializes the decoded Honda data into a FlipperFormat file.
* @param context Pointer to the decoder instance
* @param flipper_format Pointer to the FlipperFormat instance
* @param preset Pointer to the radio preset
* @return SubGhzProtocolStatus result
*/
SubGhzProtocolStatus subghz_protocol_decoder_honda_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset);
/**
* Deserializes Honda data from a FlipperFormat file.
* @param context Pointer to the decoder instance
* @param flipper_format Pointer to the FlipperFormat instance
* @return SubGhzProtocolStatus result
*/
SubGhzProtocolStatus subghz_protocol_decoder_honda_deserialize(
void* context,
FlipperFormat* flipper_format);
/**
* Formats the decoded Honda data into a human-readable string.
* @param context Pointer to the decoder instance
* @param output Pointer to the FuriString output buffer
*/
void subghz_protocol_decoder_honda_get_string(void* context, FuriString* output);

259
lib/subghz/protocols/mitsubishi_v1.c
View File

@@ -1,259 +0,0 @@
#include "mitsubishi_v1.h"
#define TAG "SubGhzProtocolMitsubishi"
static const SubGhzBlockConst subghz_protocol_mitsubishi_const = {
.te_short = 320, // Similar to KIA timing
.te_long = 640, // ~2× te_short
.te_delta = 100,
.min_count_bit_for_found = 64,
};
typedef struct SubGhzProtocolDecoderMitsubishi {
SubGhzProtocolDecoderBase base;
SubGhzBlockDecoder decoder;
SubGhzBlockGeneric generic;
uint16_t header_count;
} SubGhzProtocolDecoderMitsubishi;
typedef struct SubGhzProtocolEncoderMitsubishi {
SubGhzProtocolEncoderBase base;
SubGhzProtocolBlockEncoder encoder;
SubGhzBlockGeneric generic;
} SubGhzProtocolEncoderMitsubishi;
typedef enum {
MitsubishiDecoderStepReset = 0,
MitsubishiDecoderStepCheckPreamble,
MitsubishiDecoderStepSaveDuration,
MitsubishiDecoderStepCheckDuration,
} MitsubishiDecoderStep;
static void subghz_protocol_decoder_mitsubishi_reset_internal(SubGhzProtocolDecoderMitsubishi* instance) {
memset(&instance->decoder, 0, sizeof(instance->decoder));
memset(&instance->generic, 0, sizeof(instance->generic));
instance->decoder.parser_step = MitsubishiDecoderStepReset;
instance->header_count = 0;
}
const SubGhzProtocolDecoder subghz_protocol_mitsubishi_decoder = {
.alloc = subghz_protocol_decoder_mitsubishi_alloc,
.free = subghz_protocol_decoder_mitsubishi_free,
.feed = subghz_protocol_decoder_mitsubishi_feed,
.reset = subghz_protocol_decoder_mitsubishi_reset,
.get_hash_data = subghz_protocol_decoder_mitsubishi_get_hash_data,
.serialize = subghz_protocol_decoder_mitsubishi_serialize,
.deserialize = subghz_protocol_decoder_mitsubishi_deserialize,
.get_string = subghz_protocol_decoder_mitsubishi_get_string,
};
const SubGhzProtocolEncoder subghz_protocol_mitsubishi_encoder = {
.alloc = NULL,
.free = NULL,
.deserialize = NULL,
.stop = NULL,
.yield = NULL,
};
const SubGhzProtocol subghz_protocol_mitsubishi_v1 = {
.name = MITSUBISHI_PROTOCOL_NAME,
.type = SubGhzProtocolTypeDynamic,
.flag = SubGhzProtocolFlag_433 | SubGhzProtocolFlag_FM | SubGhzProtocolFlag_Decodable,
.decoder = &subghz_protocol_mitsubishi_decoder,
.encoder = &subghz_protocol_mitsubishi_encoder,
};
// ----------------- Allocation / Reset / Free -------------------
void* subghz_protocol_decoder_mitsubishi_alloc(SubGhzEnvironment* environment) {
UNUSED(environment);
SubGhzProtocolDecoderMitsubishi* instance = calloc(1, sizeof(SubGhzProtocolDecoderMitsubishi));
instance->base.protocol = &subghz_protocol_mitsubishi_v1;
instance->generic.protocol_name = instance->base.protocol->name;
subghz_protocol_decoder_mitsubishi_reset(instance);
return instance;
}
void subghz_protocol_decoder_mitsubishi_free(void* context) {
furi_assert(context);
free(context);
}
void subghz_protocol_decoder_mitsubishi_reset(void* context) {
furi_assert(context);
SubGhzProtocolDecoderMitsubishi* instance = context;
subghz_protocol_decoder_mitsubishi_reset_internal(instance);
}
// ----------------- Helper Functions -------------------
// Parse Mitsubishi/KIA-Hyundai data structure
static void subghz_protocol_mitsubishi_parse_data(SubGhzProtocolDecoderMitsubishi* instance) {
// Structure similar to KIA/Hyundai protocol
// Serial number in upper bits
// Button code in middle bits
// Counter in lower bits
instance->generic.serial = (uint32_t)((instance->generic.data >> 32) & 0xFFFFFFFF);
instance->generic.btn = (instance->generic.data >> 24) & 0xFF;
instance->generic.cnt = (instance->generic.data >> 8) & 0xFFFF;
}
// ----------------- Decoder Feed -------------------
void subghz_protocol_decoder_mitsubishi_feed(void* context, bool level, uint32_t duration) {
furi_assert(context);
SubGhzProtocolDecoderMitsubishi* instance = context;
switch(instance->decoder.parser_step) {
case MitsubishiDecoderStepReset:
if(level && (DURATION_DIFF(duration, subghz_protocol_mitsubishi_const.te_short) <
subghz_protocol_mitsubishi_const.te_delta)) {
instance->decoder.parser_step = MitsubishiDecoderStepCheckPreamble;
instance->decoder.te_last = duration;
instance->header_count = 0;
instance->decoder.decode_data = 0;
instance->decoder.decode_count_bit = 0;
}
break;
case MitsubishiDecoderStepCheckPreamble:
if(level) {
if((DURATION_DIFF(duration, subghz_protocol_mitsubishi_const.te_short) <
subghz_protocol_mitsubishi_const.te_delta) ||
(DURATION_DIFF(duration, subghz_protocol_mitsubishi_const.te_long) <
subghz_protocol_mitsubishi_const.te_delta)) {
instance->decoder.te_last = duration;
} else {
instance->decoder.parser_step = MitsubishiDecoderStepReset;
}
} else {
if((DURATION_DIFF(duration, subghz_protocol_mitsubishi_const.te_short) <
subghz_protocol_mitsubishi_const.te_delta) &&
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_mitsubishi_const.te_short) <
subghz_protocol_mitsubishi_const.te_delta)) {
instance->header_count++;
} else if(
(DURATION_DIFF(duration, subghz_protocol_mitsubishi_const.te_long) <
subghz_protocol_mitsubishi_const.te_delta) &&
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_mitsubishi_const.te_long) <
subghz_protocol_mitsubishi_const.te_delta)) {
if(instance->header_count > 10) {
instance->decoder.parser_step = MitsubishiDecoderStepSaveDuration;
instance->decoder.decode_data = 0ULL;
instance->decoder.decode_count_bit = 0;
} else {
instance->decoder.parser_step = MitsubishiDecoderStepReset;
}
} else {
instance->decoder.parser_step = MitsubishiDecoderStepReset;
}
}
break;
case MitsubishiDecoderStepSaveDuration:
if(level) {
if(duration >= (subghz_protocol_mitsubishi_const.te_long * 3)) {
if(instance->decoder.decode_count_bit >=
subghz_protocol_mitsubishi_const.min_count_bit_for_found) {
instance->generic.data = instance->decoder.decode_data;
instance->generic.data_count_bit = instance->decoder.decode_count_bit;
// Parse Mitsubishi data
subghz_protocol_mitsubishi_parse_data(instance);
if(instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
}
subghz_protocol_decoder_mitsubishi_reset_internal(instance);
} else {
instance->decoder.te_last = duration;
instance->decoder.parser_step = MitsubishiDecoderStepCheckDuration;
}
} else {
instance->decoder.parser_step = MitsubishiDecoderStepReset;
}
break;
case MitsubishiDecoderStepCheckDuration:
if(!level) {
// Manchester-like decoding (KIA/Hyundai style)
if((DURATION_DIFF(instance->decoder.te_last, subghz_protocol_mitsubishi_const.te_short) <
subghz_protocol_mitsubishi_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_mitsubishi_const.te_short) <
subghz_protocol_mitsubishi_const.te_delta)) {
subghz_protocol_blocks_add_bit(&instance->decoder, 0);
instance->decoder.parser_step = MitsubishiDecoderStepSaveDuration;
} else if(
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_mitsubishi_const.te_long) <
subghz_protocol_mitsubishi_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_mitsubishi_const.te_long) <
subghz_protocol_mitsubishi_const.te_delta)) {
subghz_protocol_blocks_add_bit(&instance->decoder, 1);
instance->decoder.parser_step = MitsubishiDecoderStepSaveDuration;
} else {
instance->decoder.parser_step = MitsubishiDecoderStepReset;
}
} else {
instance->decoder.parser_step = MitsubishiDecoderStepReset;
}
break;
}
}
// ----------------- API -------------------
uint8_t subghz_protocol_decoder_mitsubishi_get_hash_data(void* context) {
furi_assert(context);
SubGhzProtocolDecoderMitsubishi* instance = context;
return subghz_protocol_blocks_get_hash_data(
&instance->decoder, (instance->decoder.decode_count_bit / 8) + 1);
}
SubGhzProtocolStatus subghz_protocol_decoder_mitsubishi_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset) {
furi_assert(context);
SubGhzProtocolDecoderMitsubishi* instance = context;
return subghz_block_generic_serialize(&instance->generic, flipper_format, preset);
}
SubGhzProtocolStatus subghz_protocol_decoder_mitsubishi_deserialize(
void* context,
FlipperFormat* flipper_format) {
furi_assert(context);
SubGhzProtocolDecoderMitsubishi* instance = context;
return subghz_block_generic_deserialize_check_count_bit(
&instance->generic,
flipper_format,
subghz_protocol_mitsubishi_const.min_count_bit_for_found);
}
void subghz_protocol_decoder_mitsubishi_get_string(void* context, FuriString* output) {
furi_assert(context);
SubGhzProtocolDecoderMitsubishi* instance = context;
uint32_t hi = instance->generic.data >> 32;
uint32_t lo = instance->generic.data & 0xFFFFFFFF;
furi_string_cat_printf(
output,
"%s %dbit\r\n"
"Key:%08lX%08lX\r\n"
"Sn:%08lX Btn:%02X Cnt:%04lX\r\n"
"Type:KIA/Hyundai based\r\n"
"Models:L200,Pajero,ASX+\r\n",
instance->generic.protocol_name,
instance->generic.data_count_bit,
hi,
lo,
instance->generic.serial,
instance->generic.btn,
instance->generic.cnt);
}

77
lib/subghz/protocols/mitsubishi_v1.h
View File

@@ -1,77 +0,0 @@
#pragma once
#include <lib/subghz/protocols/base.h>
#include <lib/subghz/blocks/const.h>
#include <lib/subghz/blocks/decoder.h>
#include <lib/subghz/blocks/encoder.h>
#include <lib/subghz/blocks/generic.h>
#include <lib/subghz/blocks/math.h>
#define MITSUBISHI_PROTOCOL_NAME "Mitsubishi v1"
extern const SubGhzProtocol subghz_protocol_mitsubishi_v1;
extern const SubGhzProtocolDecoder subghz_protocol_mitsubishi_decoder;
extern const SubGhzProtocolEncoder subghz_protocol_mitsubishi_encoder;
/**
* Allocates memory for the Mitsubishi protocol decoder.
* @param environment Pointer to SubGhzEnvironment
* @return Pointer to the allocated decoder instance
*/
void* subghz_protocol_decoder_mitsubishi_alloc(SubGhzEnvironment* environment);
/**
* Frees memory used by the Mitsubishi protocol decoder.
* @param context Pointer to the decoder instance
*/
void subghz_protocol_decoder_mitsubishi_free(void* context);
/**
* Resets the Mitsubishi protocol decoder state.
* @param context Pointer to the decoder instance
*/
void subghz_protocol_decoder_mitsubishi_reset(void* context);
/**
* Feeds a pulse/gap into the Mitsubishi protocol decoder.
* @param context Pointer to the decoder instance
* @param level Signal level (true = high, false = low)
* @param duration Duration of the level in microseconds
*/
void subghz_protocol_decoder_mitsubishi_feed(void* context, bool level, uint32_t duration);
/**
* Returns a hash of the decoded Mitsubishi data.
* @param context Pointer to the decoder instance
* @return Hash byte
*/
uint8_t subghz_protocol_decoder_mitsubishi_get_hash_data(void* context);
/**
* Serializes the decoded Mitsubishi data into a FlipperFormat file.
* @param context Pointer to the decoder instance
* @param flipper_format Pointer to the FlipperFormat instance
* @param preset Pointer to the radio preset
* @return SubGhzProtocolStatus result
*/
SubGhzProtocolStatus subghz_protocol_decoder_mitsubishi_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset);
/**
* Deserializes Mitsubishi data from a FlipperFormat file.
* @param context Pointer to the decoder instance
* @param flipper_format Pointer to the FlipperFormat instance
* @return SubGhzProtocolStatus result
*/
SubGhzProtocolStatus subghz_protocol_decoder_mitsubishi_deserialize(
void* context,
FlipperFormat* flipper_format);
/**
* Formats the decoded Mitsubishi data into a human-readable string.
* @param context Pointer to the decoder instance
* @param output Pointer to the FuriString output buffer
*/
void subghz_protocol_decoder_mitsubishi_get_string(void* context, FuriString* output);

291
lib/subghz/protocols/peugeot.c
View File

@@ -1,291 +0,0 @@
#include "peugeot.h"
#define TAG "SubGhzProtocolPeugeot"
static const SubGhzBlockConst subghz_protocol_peugeot_const = {
.te_short = 370, // Short pulse duration
.te_long = 772, // Long pulse duration (~2x short)
.te_delta = 152, // Tolerance
.min_count_bit_for_found = 66,
};
typedef struct SubGhzProtocolDecoderPeugeot {
SubGhzProtocolDecoderBase base;
SubGhzBlockDecoder decoder;
SubGhzBlockGeneric generic;
uint16_t header_count;
uint8_t packet_count;
} SubGhzProtocolDecoderPeugeot;
typedef struct SubGhzProtocolEncoderPeugeot {
SubGhzProtocolEncoderBase base;
SubGhzProtocolBlockEncoder encoder;
SubGhzBlockGeneric generic;
} SubGhzProtocolEncoderPeugeot;
typedef enum {
PeugeotDecoderStepReset = 0,
PeugeotDecoderStepCheckPreamble,
PeugeotDecoderStepSaveDuration,
PeugeotDecoderStepCheckDuration,
} PeugeotDecoderStep;
static void subghz_protocol_decoder_peugeot_reset_internal(SubGhzProtocolDecoderPeugeot* instance) {
memset(&instance->decoder, 0, sizeof(instance->decoder));
memset(&instance->generic, 0, sizeof(instance->generic));
instance->decoder.parser_step = PeugeotDecoderStepReset;
instance->header_count = 0;
instance->packet_count = 0;
}
const SubGhzProtocolDecoder subghz_protocol_peugeot_decoder = {
.alloc = subghz_protocol_decoder_peugeot_alloc,
.free = subghz_protocol_decoder_peugeot_free,
.feed = subghz_protocol_decoder_peugeot_feed,
.reset = subghz_protocol_decoder_peugeot_reset,
.get_hash_data = subghz_protocol_decoder_peugeot_get_hash_data,
.serialize = subghz_protocol_decoder_peugeot_serialize,
.deserialize = subghz_protocol_decoder_peugeot_deserialize,
.get_string = subghz_protocol_decoder_peugeot_get_string,
};
const SubGhzProtocolEncoder subghz_protocol_peugeot_encoder = {
.alloc = NULL,
.free = NULL,
.deserialize = NULL,
.stop = NULL,
.yield = NULL,
};
const SubGhzProtocol subghz_protocol_peugeot = {
.name = PEUGEOT_PROTOCOL_NAME,
.type = SubGhzProtocolTypeDynamic,
.flag = SubGhzProtocolFlag_433 | SubGhzProtocolFlag_AM | SubGhzProtocolFlag_Decodable,
.decoder = &subghz_protocol_peugeot_decoder,
.encoder = &subghz_protocol_peugeot_encoder,
};
// ----------------- Allocation / Reset / Free -------------------
void* subghz_protocol_decoder_peugeot_alloc(SubGhzEnvironment* environment) {
UNUSED(environment);
SubGhzProtocolDecoderPeugeot* instance = calloc(1, sizeof(SubGhzProtocolDecoderPeugeot));
instance->base.protocol = &subghz_protocol_peugeot;
instance->generic.protocol_name = instance->base.protocol->name;
subghz_protocol_decoder_peugeot_reset(instance);
return instance;
}
void subghz_protocol_decoder_peugeot_free(void* context) {
furi_assert(context);
free(context);
}
void subghz_protocol_decoder_peugeot_reset(void* context) {
furi_assert(context);
SubGhzProtocolDecoderPeugeot* instance = context;
subghz_protocol_decoder_peugeot_reset_internal(instance);
}
// ----------------- Helper Functions -------------------
// Reverse 8 bits (LSB to MSB)
static uint8_t reverse8(uint8_t byte) {
byte = (byte & 0xF0) >> 4 | (byte & 0x0F) << 4;
byte = (byte & 0xCC) >> 2 | (byte & 0x33) << 2;
byte = (byte & 0xAA) >> 1 | (byte & 0x55) << 1;
return byte;
}
// Parse Keeloq data structure
static bool subghz_protocol_peugeot_parse_data(SubGhzProtocolDecoderPeugeot* instance) {
uint8_t* b = (uint8_t*)&instance->generic.data;
// Check preamble (first 12 bits should be 0xFFF)
if(b[0] != 0xFF || (b[1] & 0xF0) != 0xF0) {
return false;
}
// Extract encrypted part (32 bits) - reversed
uint32_t encrypted = ((uint32_t)reverse8(b[3]) << 24) |
(reverse8(b[2]) << 16) |
(reverse8(b[1] & 0x0F) << 8) |
reverse8(b[0]);
// Extract serial number (28 bits) - reversed
uint32_t serial = ((uint32_t)reverse8(b[7] & 0xF0) << 20) |
(reverse8(b[6]) << 12) |
(reverse8(b[5]) << 4) |
(reverse8(b[4]) >> 4);
// Extract button bits (4 bits from encrypted part)
// Note: Button bits are (MSB/first sent to LSB) S3, S0, S1, S2
uint8_t button_bits = (encrypted >> 28) & 0x0F;
// Store parsed data
instance->generic.serial = serial;
instance->generic.btn = button_bits;
instance->generic.cnt = (encrypted >> 16) & 0xFFFF; // Counter from encrypted part
return true;
}
// ----------------- Decoder Feed -------------------
void subghz_protocol_decoder_peugeot_feed(void* context, bool level, uint32_t duration) {
furi_assert(context);
SubGhzProtocolDecoderPeugeot* instance = context;
switch(instance->decoder.parser_step) {
case PeugeotDecoderStepReset:
if(level && (DURATION_DIFF(duration, subghz_protocol_peugeot_const.te_short) <
subghz_protocol_peugeot_const.te_delta)) {
instance->decoder.parser_step = PeugeotDecoderStepCheckPreamble;
instance->decoder.te_last = duration;
instance->header_count = 0;
instance->decoder.decode_data = 0;
instance->decoder.decode_count_bit = 0;
}
break;
case PeugeotDecoderStepCheckPreamble:
if(level) {
// High level - save duration
if((DURATION_DIFF(duration, subghz_protocol_peugeot_const.te_short) <
subghz_protocol_peugeot_const.te_delta)) {
instance->decoder.te_last = duration;
} else {
instance->decoder.parser_step = PeugeotDecoderStepReset;
}
} else {
// Low level - check for warm-up pulses
if((DURATION_DIFF(duration, subghz_protocol_peugeot_const.te_short) <
subghz_protocol_peugeot_const.te_delta) &&
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_peugeot_const.te_short) <
subghz_protocol_peugeot_const.te_delta)) {
// Short pulse pair - part of warm-up
instance->header_count++;
} else if((DURATION_DIFF(duration, 4400) < 500) && instance->header_count >= 10) {
// Long gap after warm-up pulses (~4400µs)
instance->decoder.parser_step = PeugeotDecoderStepSaveDuration;
instance->decoder.decode_data = 0ULL;
instance->decoder.decode_count_bit = 0;
} else {
instance->decoder.parser_step = PeugeotDecoderStepReset;
}
}
break;
case PeugeotDecoderStepSaveDuration:
if(level) {
// High level - save duration
if(duration >= (subghz_protocol_peugeot_const.te_long * 3)) {
// Very long pulse - end of packet
if(instance->decoder.decode_count_bit >=
subghz_protocol_peugeot_const.min_count_bit_for_found) {
instance->generic.data = instance->decoder.decode_data;
instance->generic.data_count_bit = instance->decoder.decode_count_bit;
// Parse the Keeloq structure
if(subghz_protocol_peugeot_parse_data(instance)) {
instance->packet_count++;
// Call callback after receiving at least one packet
if(instance->base.callback) {
instance->base.callback(&instance->base, instance->base.context);
}
}
}
subghz_protocol_decoder_peugeot_reset_internal(instance);
} else {
instance->decoder.te_last = duration;
instance->decoder.parser_step = PeugeotDecoderStepCheckDuration;
}
} else {
instance->decoder.parser_step = PeugeotDecoderStepReset;
}
break;
case PeugeotDecoderStepCheckDuration:
if(!level) {
// PWM decoding: short-long = 0, long-short = 1
if((DURATION_DIFF(instance->decoder.te_last, subghz_protocol_peugeot_const.te_short) <
subghz_protocol_peugeot_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_peugeot_const.te_long) <
subghz_protocol_peugeot_const.te_delta)) {
// Short high, long low = 0
subghz_protocol_blocks_add_bit(&instance->decoder, 0);
instance->decoder.parser_step = PeugeotDecoderStepSaveDuration;
} else if(
(DURATION_DIFF(instance->decoder.te_last, subghz_protocol_peugeot_const.te_long) <
subghz_protocol_peugeot_const.te_delta) &&
(DURATION_DIFF(duration, subghz_protocol_peugeot_const.te_short) <
subghz_protocol_peugeot_const.te_delta)) {
// Long high, short low = 1
subghz_protocol_blocks_add_bit(&instance->decoder, 1);
instance->decoder.parser_step = PeugeotDecoderStepSaveDuration;
} else {
instance->decoder.parser_step = PeugeotDecoderStepReset;
}
} else {
instance->decoder.parser_step = PeugeotDecoderStepReset;
}
break;
}
}
// ----------------- API -------------------
uint8_t subghz_protocol_decoder_peugeot_get_hash_data(void* context) {
furi_assert(context);
SubGhzProtocolDecoderPeugeot* instance = context;
return subghz_protocol_blocks_get_hash_data(
&instance->decoder, (instance->decoder.decode_count_bit / 8) + 1);
}
SubGhzProtocolStatus subghz_protocol_decoder_peugeot_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset) {
furi_assert(context);
SubGhzProtocolDecoderPeugeot* instance = context;
return subghz_block_generic_serialize(&instance->generic, flipper_format, preset);
}
SubGhzProtocolStatus subghz_protocol_decoder_peugeot_deserialize(
void* context,
FlipperFormat* flipper_format) {
furi_assert(context);
SubGhzProtocolDecoderPeugeot* instance = context;
return subghz_block_generic_deserialize_check_count_bit(
&instance->generic,
flipper_format,
subghz_protocol_peugeot_const.min_count_bit_for_found);
}
void subghz_protocol_decoder_peugeot_get_string(void* context, FuriString* output) {
furi_assert(context);
SubGhzProtocolDecoderPeugeot* instance = context;
uint32_t hi = instance->generic.data >> 32;
uint32_t lo = instance->generic.data & 0xFFFFFFFF;
furi_string_cat_printf(
output,
"%s %dbit\r\n"
"Key:%08lX%08lX\r\n"
"Sn:%07lX Btn:%X Cnt:%04lX\r\n"
"Type:Keeloq/HCS\r\n",
instance->generic.protocol_name,
instance->generic.data_count_bit,
hi,
lo,
instance->generic.serial,
instance->generic.btn,
instance->generic.cnt);
}

77
lib/subghz/protocols/peugeot.h
View File

@@ -1,77 +0,0 @@
#pragma once
#include <lib/subghz/protocols/base.h>
#include <lib/subghz/blocks/const.h>
#include <lib/subghz/blocks/decoder.h>
#include <lib/subghz/blocks/encoder.h>
#include <lib/subghz/blocks/generic.h>
#include <lib/subghz/blocks/math.h>
#define PEUGEOT_PROTOCOL_NAME "Peugeot"
extern const SubGhzProtocol subghz_protocol_peugeot;
extern const SubGhzProtocolDecoder subghz_protocol_peugeot_decoder;
extern const SubGhzProtocolEncoder subghz_protocol_peugeot_encoder;
/**
* Allocates memory for the Peugeot protocol decoder.
* @param environment Pointer to SubGhzEnvironment
* @return Pointer to the allocated decoder instance
*/
void* subghz_protocol_decoder_peugeot_alloc(SubGhzEnvironment* environment);
/**
* Frees memory used by the Peugeot protocol decoder.
* @param context Pointer to the decoder instance
*/
void subghz_protocol_decoder_peugeot_free(void* context);
/**
* Resets the Peugeot protocol decoder state.
* @param context Pointer to the decoder instance
*/
void subghz_protocol_decoder_peugeot_reset(void* context);
/**
* Feeds a pulse/gap into the Peugeot protocol decoder.
* @param context Pointer to the decoder instance
* @param level Signal level (true = high, false = low)
* @param duration Duration of the level in microseconds
*/
void subghz_protocol_decoder_peugeot_feed(void* context, bool level, uint32_t duration);
/**
* Returns a hash of the decoded Peugeot data.
* @param context Pointer to the decoder instance
* @return Hash byte
*/
uint8_t subghz_protocol_decoder_peugeot_get_hash_data(void* context);
/**
* Serializes the decoded Peugeot data into a FlipperFormat file.
* @param context Pointer to the decoder instance
* @param flipper_format Pointer to the FlipperFormat instance
* @param preset Pointer to the radio preset
* @return SubGhzProtocolStatus result
*/
SubGhzProtocolStatus subghz_protocol_decoder_peugeot_serialize(
void* context,
FlipperFormat* flipper_format,
SubGhzRadioPreset* preset);
/**
* Deserializes Peugeot data from a FlipperFormat file.
* @param context Pointer to the decoder instance
* @param flipper_format Pointer to the FlipperFormat instance
* @return SubGhzProtocolStatus result
*/
SubGhzProtocolStatus subghz_protocol_decoder_peugeot_deserialize(
void* context,
FlipperFormat* flipper_format);
/**
* Formats the decoded Peugeot data into a human-readable string.
* @param context Pointer to the decoder instance
* @param output Pointer to the FuriString output buffer
*/
void subghz_protocol_decoder_peugeot_get_string(void* context, FuriString* output);

86
lib/subghz/protocols/protocol_items.c
View File

@@ -1,50 +1,76 @@
#include "protocol_items.h" // IWYU pragma: keep
const SubGhzProtocol* const subghz_protocol_registry_items[] = {
&subghz_protocol_gate_tx, &subghz_protocol_keeloq,
&subghz_protocol_nice_flo, &subghz_protocol_came,
&subghz_protocol_faac_slh, &subghz_protocol_nice_flor_s,
&subghz_protocol_came_twee, &subghz_protocol_came_atomo,
//&subghz_protocol_nero_sketch, //&subghz_protocol_ido,
&subghz_protocol_hormann, //&subghz_protocol_nero_radio,
&subghz_protocol_somfy_telis, &subghz_protocol_somfy_keytis,
&subghz_protocol_princeton, &subghz_protocol_raw,
&subghz_protocol_linear, &subghz_protocol_secplus_v2,
&subghz_protocol_secplus_v1, &subghz_protocol_megacode,
//&subghz_protocol_holtek,
&subghz_protocol_gate_tx,
&subghz_protocol_keeloq,
&subghz_protocol_nice_flo,
&subghz_protocol_came,
&subghz_protocol_faac_slh,
&subghz_protocol_nice_flor_s,
&subghz_protocol_came_twee,
&subghz_protocol_came_atomo,
//&subghz_protocol_nero_sketch,
//&subghz_protocol_ido,
&subghz_protocol_hormann,
//&subghz_protocol_nero_radio,
&subghz_protocol_somfy_telis,
&subghz_protocol_somfy_keytis,
&subghz_protocol_princeton,
&subghz_protocol_raw,
&subghz_protocol_linear,
&subghz_protocol_secplus_v2,
&subghz_protocol_secplus_v1,
&subghz_protocol_megacode,
&subghz_protocol_holtek,
&subghz_protocol_chamb_code,
//&subghz_protocol_power_smart,
&subghz_protocol_marantec,
//&subghz_protocol_bett,
&subghz_protocol_doitrand,
&subghz_protocol_phoenix_v2, //&subghz_protocol_honeywell_wdb,
&subghz_protocol_phoenix_v2,
//&subghz_protocol_honeywell_wdb,
//&subghz_protocol_magellan,
//&subghz_protocol_intertechno_v3,
//&subghz_protocol_clemsa, //&subghz_protocol_ansonic,
&subghz_protocol_smc5326, //&subghz_protocol_holtek_th12x,
&subghz_protocol_linear_delta3, //&subghz_protocol_dooya,
&subghz_protocol_alutech_at_4n, &subghz_protocol_kinggates_stylo_4k,
&subghz_protocol_bin_raw, &subghz_protocol_mastercode,
//&subghz_protocol_clemsa,
//&subghz_protocol_ansonic,
&subghz_protocol_smc5326,
&subghz_protocol_holtek_th12x,
&subghz_protocol_linear_delta3,
//&subghz_protocol_dooya,
&subghz_protocol_alutech_at_4n,
&subghz_protocol_kinggates_stylo_4k,
&subghz_protocol_bin_raw,
&subghz_protocol_mastercode,
//&subghz_protocol_honeywell,
//&subghz_protocol_legrand,
&subghz_protocol_dickert_mahs, //&subghz_protocol_gangqi,
&subghz_protocol_marantec24, //&subghz_protocol_hollarm,
&subghz_protocol_hay21, &subghz_protocol_revers_rb2,
&subghz_protocol_dickert_mahs,
//&subghz_protocol_gangqi,
&subghz_protocol_marantec24,
//&subghz_protocol_hollarm,
&subghz_protocol_hay21,
&subghz_protocol_revers_rb2,
//&subghz_protocol_feron,
&subghz_protocol_roger,
//&subghz_protocol_elplast,
//&subghz_protocol_treadmill37,
&subghz_protocol_beninca_arc, //&subghz_protocol_jarolift,
&subghz_protocol_vag, &subghz_protocol_porsche_cayenne, &subghz_protocol_ford_v0,
&subghz_protocol_beninca_arc,
//&subghz_protocol_jarolift,
&subghz_protocol_vag,
&subghz_protocol_porsche_cayenne,
&subghz_protocol_ford_v0,
&subghz_protocol_psa,
&subghz_protocol_fiat_v0, &subghz_protocol_fiat_marelli,
&subghz_protocol_subaru, &subghz_protocol_mazda_siemens,
&subghz_protocol_kia_v0, &subghz_protocol_kia_v1,
&subghz_protocol_kia_v2, &subghz_protocol_kia_v3_v4,
&subghz_protocol_kia_v5, &subghz_protocol_kia_v6,
&subghz_protocol_suzuki, &subghz_protocol_mitsubishi_v0,
&subghz_protocol_bmw, &subghz_protocol_mitsubishi_v1, &subghz_protocol_honda,
&subghz_protocol_citroen, &subghz_protocol_peugeot,
&subghz_protocol_fiat_spa,
&subghz_protocol_fiat_marelli,
&subghz_protocol_subaru,
&subghz_protocol_mazda_siemens,
&subghz_protocol_kia_v0,
&subghz_protocol_kia_v1,
&subghz_protocol_kia_v2,
&subghz_protocol_kia_v3_v4,
&subghz_protocol_kia_v5,
&subghz_protocol_kia_v6,
&subghz_protocol_suzuki,
&subghz_protocol_mitsubishi_v0,
};
const SubGhzProtocolRegistry subghz_protocol_registry = {

20
lib/subghz/protocols/protocol_items.h
View File

@@ -23,16 +23,16 @@
#include "secplus_v2.h"
#include "secplus_v1.h"
#include "megacode.h"
//#include "holtek.h"
#include "holtek.h"
#include "chamberlain_code.h"
#include "power_smart.h"
#include "marantec.h"
#include "bett.h"
#include "doitrand.h"
#include "phoenix_v2.h"
//#include "honeywell_wdb.h"
//#include "magellan.h"
//#include "intertechno_v3.h"
#include "honeywell_wdb.h"
#include "magellan.h"
#include "intertechno_v3.h"
#include "clemsa.h"
#include "ansonic.h"
#include "smc5326.h"
@@ -42,8 +42,8 @@
#include "kinggates_stylo_4k.h"
#include "bin_raw.h"
#include "mastercode.h"
//#include "honeywell.h"
//#include "legrand.h"
#include "honeywell.h"
#include "legrand.h"
#include "dickert_mahs.h"
#include "gangqi.h"
#include "marantec24.h"
@@ -60,10 +60,9 @@
#include "porsche_cayenne.h"
#include "ford_v0.h"
#include "psa.h"
#include "fiat_v0.h"
#include "fiat_spa.h"
#include "fiat_marelli.h"
#include "subaru.h"
#include "bmw.h"
#include "kia_generic.h"
#include "kia_v0.h"
#include "kia_v1.h"
@@ -73,9 +72,4 @@
#include "kia_v6.h"
#include "suzuki.h"
#include "mitsubishi_v0.h"
#include "mitsubishi_v1.h"
#include "honda.h"
#include "citroen.h"
#include "peugeot.h"
#include "mazda_siemens.h"
#include "keys.h"

42
lib/subghz/protocols/psa.c
View File

@@ -290,6 +290,32 @@ __attribute__((optimize("O3"), always_inline)) static inline void
*v1 = b;
}
typedef struct {
uint32_t s0[TEA_ROUNDS];
uint32_t s1[TEA_ROUNDS];
} PsaTeaSchedule;
__attribute__((optimize("O3"), always_inline)) static inline void
psa_tea_build_schedule(const uint32_t* key, PsaTeaSchedule* out) {
for(int i = 0; i < TEA_ROUNDS; i++) {
uint32_t sum0 = (uint32_t)((uint64_t)i * TEA_DELTA);
uint32_t sum1 = (uint32_t)((uint64_t)(i + 1) * TEA_DELTA);
out->s0[i] = key[sum0 & 3] + sum0;
out->s1[i] = key[(sum1 >> 11) & 3] + sum1;
}
}
__attribute__((optimize("O3"), always_inline)) static inline void
psa_tea_encrypt_with_schedule(uint32_t* restrict v0, uint32_t* restrict v1, const PsaTeaSchedule* sched) {
uint32_t a = *v0, b = *v1;
for(int i = 0; i < TEA_ROUNDS; i++) {
a += (sched->s0[i] ^ (((b >> 5) ^ (b << 4)) + b));
b += (sched->s1[i] ^ (((a >> 5) ^ (a << 4)) + a));
}
*v0 = a;
*v1 = b;
}
static void psa_prepare_tea_data(uint8_t* buffer, uint32_t* w0, uint32_t* w1) {
*w0 = ((uint32_t)buffer[3] << 16) | ((uint32_t)buffer[2] << 24) |
((uint32_t)buffer[4] << 8) | (uint32_t)buffer[5];
@@ -380,6 +406,8 @@ static void psa_extract_fields_mode36(uint8_t* buffer, SubGhzProtocolDecoderPSA*
__attribute__((optimize("O3"))) static bool psa_brute_force_decrypt_bf1(SubGhzProtocolDecoderPSA* instance, uint8_t* buffer, uint32_t w0, uint32_t w1, PsaDecryptProgressCallback progress_cb, void* progress_ctx) {
uint32_t bf1_total = PSA_BF1_END - PSA_BF1_START;
PsaTeaSchedule bf1_sched;
psa_tea_build_schedule(PSA_BF1_KEY_SCHEDULE, &bf1_sched);
for(uint32_t counter = PSA_BF1_START; counter < PSA_BF1_END; counter++) {
if(progress_cb && ((counter - PSA_BF1_START) & 0xFFFF) == 0) {
uint8_t pct = (uint8_t)(((uint64_t)(counter - PSA_BF1_START) * 50) / bf1_total);
@@ -387,24 +415,24 @@ __attribute__((optimize("O3"))) static bool psa_brute_force_decrypt_bf1(SubGhzPr
}
uint32_t wk2 = PSA_BF1_CONST_U4;
uint32_t wk3 = counter;
psa_tea_encrypt(&wk2, &wk3, PSA_BF1_KEY_SCHEDULE);
psa_tea_encrypt_with_schedule(&wk2, &wk3, &bf1_sched);
uint32_t wk0 = (counter << 8) | 0x0E;
uint32_t wk1 = PSA_BF1_CONST_U5;
psa_tea_encrypt(&wk0, &wk1, PSA_BF1_KEY_SCHEDULE);
psa_tea_encrypt_with_schedule(&wk0, &wk1, &bf1_sched);
uint32_t working_key[4] = {wk0, wk1, wk2, wk3};
uint32_t dec_v0 = w0;
uint32_t dec_v1 = w1;
psa_tea_decrypt(&dec_v0, &dec_v1, working_key);
if((counter & 0xFFFFFF) == (dec_v0 >> 8)) {
uint8_t crc = psa_calculate_tea_crc(dec_v0, dec_v1);
if(crc == (dec_v1 & 0xFF)) {
psa_unpack_tea_result_to_buffer(buffer, dec_v0, dec_v1);
psa_extract_fields_mode36(buffer, instance);
instance->decrypted_seed = counter; // bf1 found key
instance->decrypted_seed = counter;
return true;
}
}