Hi I have a PandwaRF Rogue Pro and a flipper zero you thank that I can use it with the flipper zero nice work you doing love to see more thanks for being here for us all ❤👍💯

@MrDerekJamison

9 ай бұрын

I hadn’t heard of the PandwaRF Rogue Pro & Kaiju software. That looks really interesting. It looks like it can derive the keys? The mentioned Keqloq - do you know if it work with Genie (Intellicode) garage door?

Fucking sick app, dude. Looking forward to updates as well. Thanks for the solid explanation vids as well.

Excellent work Derek. I would like to use this application very much.

@EvilGPT

9 ай бұрын

I've attempted to download through Flipc but I cannot locate the application.

@MrDerekJamison

9 ай бұрын

@@EvilGPTSorry, I released the video before I did the build. You can install from flipc.org/jamisonderek/flipper-zero-tutorials?root=/subghz/apps/rolling-flaws

@MrDerekJamison

9 ай бұрын

I just updated with a new version. Be sure the second line in the "About" screen shows a version number that matches the latest (NOTE: version 1.0 didn't have any version information). Right now, that version should be "version 1.2". Thanks again for the support & don't forget to join my discord server to give feedback.

I'll be updating the application periodically, so be sure to keep grabbing the latest version & join my discord server for updates! I've added a "version" to the about screen, the flipc.org description and the flipc.org first screenshot. You can install from flipc.org/jamisonderek/flipper-zero-tutorials?root=/subghz/apps/rolling-flaws or looking in the "Sub-GHz" folder of flipc.org. On both Official & Unleashed for me, flipc does NOT launch the apps. It runs when I use my Flipper, press OK & choose "Apps/Sub-GHz/Subghz Rolling Flaws" in the menu. Important -- make sure to choose "Apps" and not "Sub-GHz" from the main menu.

@user-pr7ku2bb5t

4 ай бұрын

What should I do now that the website cannot be installed? Other methods are too difficult.

Do you know if this will work with my Genie Garage door opener that has rolling code? Ir is there other stuff involved with this? I saw someone made a genie recorder but you have to like hard wire the garage remote to the flipper zero and change and add a bunch of code to get this to work and it just seemed so confusing to me.

@MrDerekJamison

4 ай бұрын

I am that someone. Genie Recorder v3 is coming out next week & is a lot less confusing (but it still takes 3 days to create the initial .GNE file). 😀. Sadly, the Rolling Flaws app won’t help with Genie. Genie using rolling codes similar to KeeLoq but at twice the speed and with a MF key that nobody will share with us Flipper owners. Without the MF key, we can’t decode a remote signal and figure out the next count/key. I plan on doing some giveaways on my Discord server for .GNE files (it takes me 3 days to make a file and costs me around $5 - I buy a cheap remote to extract the codes). In v3 you can just sync your Genie receiver to a Flipper with a .GNE file & open the door with the Flipper! No more messing with firmware or anything. Hopefully the app will get added to the app hub in next couple of weeks & RogueMaster will probably update to v3 next week.

thanks you so much information

Full on, thanks

@MrDerekJamison

8 ай бұрын

Welcome 👍. I want to add a few more features to it next week, like sending an IR signal when you get a good code.

good shit

@MrDerekJamison

9 ай бұрын

Thanks. I just released version 1.5 of the app, which now supports pressing LEFT/RIGHT to change the count and OK to switch to "Closed" and flush the radio (so you can attempt a replay attack without needing custom firmware).

Congratulations Derek, great job. Hi, I've had the Flipper Zero for a few days and I managed to have the control unit in my garage recognize the Flipper Zero via your app, and it works perfectly. But when I exit your app it obviously loses all the values. I couldn't find where to save the data to be able to recall it and emulate the remote control. Is it me who can't find how to do it or is it not possible?

@MrDerekJamison

6 ай бұрын

I answered in Discord, but for people reading the comments and not on Discord (I recommend you join discord). discord.com/invite/NsjCvqwPAd The short answer is in non-official firmware you can use the Sub-GHz app to Read/Load a .SUB file for known protocols.

Ty/ Derek.

@MrDerekJamison

9 ай бұрын

Any features you were hoping I would add? I think I want to make it send an IR signal when it does Opened! so that it can turn on my TV or something.

I understand not very good , can i open my car with rolling flaws and i don’t know but my application is the highest 433,92 then goes 868,35 but my car key is 434,17 and its rolling code on car

@MrDerekJamison

4 ай бұрын

No. Flipper cannot open cars. It can do some gates/doors, but not all.

@lolik1312

4 ай бұрын

@@MrDerekJamison :(

@godjhaka7376

3 ай бұрын

@@lolik1312 instead of be sad, why not gain knowledge and create a method yourself? Knowledge is power.

could you test on FAAC SHL 868mhz?

So you'll be able to use the program automaticly when you try to send signals to the rolling code and then it automaticly find the next code to send or what?

@LivelyBenjamin

9 ай бұрын

And should you have 2 flippers to make it work?

@MrDerekJamison

9 ай бұрын

@@LivelyBenjaminCurrently it requires two Flippers, in the future I'll probably make it work with an ESP32+CC1101 and not need a Flipper. People want to try hacking rolling codes, but they don't have anything to practice against. I'm in a rental house, so I don't even own the garage door! The goal of the application is to simulate different receivers, so you can practice hacking rolling codes (choosing the security flaws) without risking a remote or receiver desync. Most of the unofficial firmware will do things like find the next code, so that is a good choice for running on the other Flipper Zero when you are just starting out.

@LivelyBenjamin

9 ай бұрын

Maybe there'll be a more easier way to do it in the future? And of course not risking losing the remote.@@MrDerekJamison

I think Im experiencing a bug, or some type of misconfiguration. When I transmit a signal with this application it sends a really long signal broken into three parts. I have tested on two Flippers running Rogue Master. I will flash them both with Unleashed and report my results.

@MrDerekJamison

9 ай бұрын

Hopefully that was fixed in version 1.3? The issue was some firmware try to send the signal 100 times.

Hi Derek I know that you said you can’t open cars with a flipper but I’ve seen videos and post. I was wondering if you could explain how that would be possible

@MrDerekJamison

3 ай бұрын

There is frequency we transmit on, the carrier frequency. Then there is modulation (AM650, FM95, etc.) for how we determine when there is signal. Then there is encoding (like Manchester, ConstOn/VariableOff, etc.) that is how we interpret signal to make up a bit. Then there is the raw data (bunch of 0s and 1s bits). Then there is the parsed data (like preamble, fix [constant data], hop [changing data]). If you capture a "RAW" signal, when you play it back it will be similar to the original (but the modulation may lose some data, like you can't reproduce variable amplitudes with the CC1101). Assuming the vehicle was using 2FSK or OOK then there isn't really amplitude data, so that would be fine. Next there is the concept of a "Count" in many protocols. You don't just send "Open" to vehicle 123, you actually send "Veh123,Open,44" and next time you send "Veh123,Open,45" and then "Veh123,Open,46". If you just keep sending "Veh123,Open,44" it should only work one time [but there are flaws in some receivers that allow same code to work]. If the code doesn't work, the receiver can decide what to do... the most secure thing to do would be to disable that remote and never allow "Veh123" remotes again -- so take to the dealership and reprogram the vehicle to a new key fob (of course, this isn't most secure if you are coming from perspective of "denial of service" attacks, where someone records your signal and keeps playing it back so that your fob no longer works). The least secure thing to do is to open the door every time the command was for "Veh123" and "Open" regardless of the counter. It really just depends on the receiver. I generally only test on devices I own, so I have very limited experience with vehicle receivers -- I mostly just tried looking at the signal from various fobs (which only tells part of the story).

Every time you do a raw record you set the rssi threshold to - 75 or below. Why is that?

@MrDerekJamison

9 ай бұрын

I have neighbors with devices in same frequencies that seem to be sending signals often. If I don’t set RSSI, the Flipper Zero receives their devices & just continuously receives signals (which I’ll end up rebroadcasting - sometimes messes up my signal & also makes .SUB file bigger and harder to understand later if I visualize the file).

I dont find It, is at the sub_ghz menu? I installed unleashed version with 062e

@MrDerekJamison

9 ай бұрын

Thanks! It looks like my latest commit with all my bug fixes didn't get pushed. I just pushed it now.

@ic3_2k

9 ай бұрын

Thanks Derek great work!!! Installed v36, I must try with v35? Is there any kind of install log we can check?

@MrDerekJamison

9 ай бұрын

@@ic3_2kI just added a version to the about screen, so you can quickly tell what version you have. I haven't been doing a changelog (list of bug fixes/features), but I'll try to add that going forward. Right now, the only bug I know about is that if you mod your firmware to send repeat signals (following steps in the readme), then try a rollback, the second RAW send will Open but then it immediately closes because it thinks it's a replay attack [because you send the signal more than 1 time in a RAW capture]. I should have that bug fixed later today, but I want to make sure I'm doing the proper level of testing before I release fixes.

@ic3_2k

9 ай бұрын

@@MrDerekJamison I mean that I've installed two versions of "Subghz Rolling Flaws" the v36.0 and the v35.0, both behave equal for me, on hit install in flipc the flipper buzz two times, and nothing happens when I hit 'run on flipper' and if i reload the page the button change to install... Also I just flashed OFW and installed 'SubGhz Rolloing Flaws v35.1" with same result as with unleashed v0.62e

@MrDerekJamison

9 ай бұрын

On both Official & Unleashed for me, flipc does NOT launch the apps. It runs when I use my Flipper, press OK & choose "Apps/Sub-GHz/Subghz Rolling Flaws" in the menu. (Make sure to choose "Apps" and not "Sub-GHz" from the main menu) Are you able to join my discord server to troubleshoot? Invite in my about page.

Wait do you must have 2 flippers for these to work?

@MrDerekJamison

2 ай бұрын

Yeah. The core "Rolling Flaws" application was intended to become a device that you could practice hacking (with your second Flipper). I had wanted to port it to ESP32+CC1101, since many people have those extra components already, but I never spent the time doing that. For people that want to use the app to clone/play a rolling code, you are better off using unofficial firmware and the built-in sub-ghz app.

The installed website cannot be opened now. I hope it can be repaired. I really want to use this

@MrDerekJamison

4 ай бұрын

Just install CFW (custom firmware) and use the built-in Sub-GHz app, it does everything the app can do -- unless you are actually trying to "simulate a receiver" with a flaw (like replay attack) for testing your security skills. In that case, recursively clone your firmware repo, and then copy the rolling flaws application to the applications_user folder and use FBT to deploy the app to your Flipper Zero. Then use qFlipper to install the TGZ file from the dist folder.

Is there any interest from people for me to try to port this to ESP32 or Arduino? If we port the application, then instead of a Flipper to run this application, you will need an extra ESP32-S2+CC1101? My assumption is lots of Flipper owners probably have those devices (ESP32-S2 for WIFI + CC1101 for 433MHz distance) but don't have access to a second Flipper Zero. They would just need to rewire them together and flash with the ported app -- I've never ported a Flipper app, so no idea how much effort is involved, but my guess is it's a lot. I only want to do if it lots of people say they want it. Otherwise, I'll continue spending time on my WIKI (github.com/jamisonderek/flipper-zero-tutorials/wiki)

@EvilGPT

9 ай бұрын

add it as an option. Again, great work. This is one of my new favorite apps!

@jean-jeromecsernak1102

8 ай бұрын

Hi Derek, do you think that if you port the app on esp32-s2 it will work on esp32-s3 ? Because I haven't s2 module and hope S3 will replace it in the futur.😊

Can this be used to unlock rolling code cars?

@MrDerekJamison

8 ай бұрын

A car typically uses a MF code that isn't known, so it won't work. If your car happens to use KeeLoq protocol (there are a bunch of protocols and Keeloq is only one of them) and you knew the MF code; then you could use your Flipper to transmit the signal. The "Rolling Flaws" application is intended to teach you about rolling codes; and not the best tool for send codes. A better solution for sending codes would be an unofficial firmware, like RogueMaster, and their Sub-GHz tools. Again though, without the MF code & proper frequency, it likely won't work. github.com/RogueMaster/flipperzero-firmware-wPlugins When using rolling codes on vehicles, realize that some vehicle may become out-of-sync with the remote, and require a complex process to get back in sync.

@jokolaksono9582

8 ай бұрын

@@MrDerekJamison I use flipper zero with rough master software. Cars with after market remotes that capture results can be used repeatedly and successfully. different from the original remote in the car. Capture results can only be used once. Can you share how to make sure that the OEM remote that you copied on the Flipper Zero can continue to be used like the default remote?

@MrDerekJamison

8 ай бұрын

I believe *most* vehicles use either and unsupported protocol or a MF key that is unknown to the Flipper; so you likely can’t clone an existing remote from a new car. And if you do clone it, you will likely make the existing remote out of sync. I was unable to clone a remote I owned for a previous car, as the protocol was unknown. Capturing with Bin_RAW, I can see the static and dynamic bits, but have no way to encode a counter to create the next dynamic code. I was also unable to clone a Genie remote, since I don’t know the MF code (64-bit number) but I was able to capture all 65536 codes from my remote so I am able to use a Flipper Zero to replace the original Genie remote (but I’m not anyone else’s Genie door unless they first pair it to my Flipper).

@jokolaksono9582

8 ай бұрын

@@MrDerekJamison I can only use the read & raw menu for the default car remote once, even though read & raw is for the rolling code remote

@jokolaksono9582

8 ай бұрын

@@MrDerekJamison there is a WhatsApp or telegram number bro

hey, on the flipc site ther is build error

@MrDerekJamison

9 ай бұрын

Which firmware? For xtreme firmware you need to be on dev branch. (Their official doesn’t support the same APIs and flipc doesn’t seem to provide a way to conditionally compile based on fireware&channel.)

@mateuszspawiec2247

9 ай бұрын

oh, i didnt saw that haha, sorry @@MrDerekJamison

Roguemaster?????

@MrDerekJamison

8 ай бұрын

No, this is a receiver app to practice rolling code flaws, instead of trying it on the actual device and getting your remote out of sync (or if you don’t own the device). RogueMaster is a firmware that can execute some of those flaws, if the MF is known.

@martinospapantoniou4491

8 ай бұрын

@MrDerekJamison for roquemaster I mean is available?

@MrDerekJamison

8 ай бұрын

@@martinospapantoniou4491 Sorry, yes it is in "Apps/Subghz/Sug-GHz Rolling Flaws". NOTE: The "SN00/cfw" & "SN Bits" settings doesn't work but everything else does! It will always treat a 00 in the decrypted data as matching ANY serial number & it will only compare 8 bits. If you need to enable those features, reach out to me in Discord (discord.com/invite/NsjCvqwPAd) and I'll help you edit the RogueMaster firmware to support those features.

@martinospapantoniou4491

8 ай бұрын

@MrDerekJamison Mr Derek , really thnQ for ur help. From all these nerds outside there, u r the best 😀. In discord everytime when we ask something, one smartasshole answers like he is a king. Once again, thank you for the suppor, SIR.

@MrDerekJamison

8 ай бұрын

Thank you. A year ago, I was afraid to upgrade my firmware, knew nothing about this RF stuff & I still no nothing about the NFC/RFID/BLE features on the Flipper Zero. I'm always trying to learn and teach. I hope that I've built a community where more knowledgeable people choose to correct me instead of saying just saying I don't know stuff. At least in my Discord server, it seems everyone will try to help (unless you are trying to do something illegal). There is still so much for me to learn, but I guess that's good because it means plenty of future videos for my KZread channel. 🤣 I'm thankful for this amazing community and the various sub communities I'm a part of for the Flipper Zero.

pls u can add a Italian subtitle

@MrDerekJamison

2 ай бұрын

I think I have enabled auto-subtitles for all supported KZread languages. For English, I typically use AI to transcribe and then edit the text. "Rolling Flaws" is for people that want to practice attacks. You can use your Flipper as a receiver. If you want to do the attack, you should use custom firmware and the Sub-GHz application instead.