adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/documentation/modules/post/hardware/rftransceiver/rfpwnon.md
T
h00die a9bf72ac8c ## Options ## remove trailing ##
2020-01-16 11:55:13 -05:00

89 lines
2.0 KiB
Markdown
Raw Blame History

Port of a brute force utility by Corey Harding of LegacySecurityGroup.com, the original can be found
[here](https://github.com/exploitagency/github-rfpwnon/blob/master/rfpwnon.py).
It's a generic AM/OOK brute forcer with PWM translations. It has been
demonstrated to work against static key garage door openers.
## Options
**FREQ**
Frequency to brute force.
**BAUD**
Baud rate. Default: 2000
**BINLENGTH**
Binary bit-length for bruteforcing. Default: 8
**REPEAT**
How many times to repeat the sending of the packet. Default: 5
**PPAD**
Binary data to append to packet. (Example: "0101") Default: None
**TPAD**
Binary data to add to end of packet. (Example: "0101") Default: None
**RAW**
Do not do PWM encoding on packet. Default: False
**TRI**
Use trinary signals. Default: False
**EXTRAVERBOSE**
Adds some extra status messages.
**INDEX**
USB Index number. Default: 0
**DELAY**
How many milliseconds to delay before transmission. Too fast tends to lock up the device. Default: 500 (0.5 seconds)
## Scenarios
Run a brute force of 6 characters long with 2 repeats:
```
hwbridge > run post/hardware/rftransceiver/rfpwnon FREQ=915000000 BINLEGTH=6 REPEAT=2
[*] Generating de bruijn sequence...
[*] Brute forcing frequency: 915000000
[*] Transmitting...
[*] Binary before PWM encoding:
[*] 00000000
[*] Binary after PWM encoding:
[*] 11101110111011101110111011101110
[*] Transmitting...
[*] Binary before PWM encoding:
[*] 00000000
[*] Binary after PWM encoding:
[*] 11101110111011101110111011101110
[*] Transmitting...
[*] Binary before PWM encoding:
[*] 00000001
[*] Binary after PWM encoding:
[*] 11101110111011101110111011101000
[*] Transmitting...
[*] Binary before PWM encoding:
[*] 00000001
[*] Binary after PWM encoding:
[*] 11101110111011101110111011101000
[*] Transmitting...
[*] Binary before PWM encoding:
[*] 00000010
[*] Binary after PWM encoding:
[*] 11101110111011101110111010001110
[*] Transmitting...
...
```
Reference in New Issue View Git Blame Copy Permalink