Відео

Hello to you I would like to do the same thing with my sds802x hd oscilloscope if possible. THANKS

Any reason why I have no plugins folder?

This was useful, thanks. I hope you get a few more views.

is it possible to continuously monitor/stream/see live the LHT00SU1's analog and digital signals?

I have been looking at these units, wondering if they would pick up engine pulses from an ignition coil on a motorcycle and give a clean square wave. They are cheap and small. Do you know whats inside them and how they work?

Good Job As always, I didnt want to read the manual Subscribed

You are great, thank you so much for making this video, I was too scared to do this and got lost on the eevblog didnt know how to start. But after seeing your video with great and simple instructions, I will follow this tutorial :) One question, instead of the SD card do you think we can use 64 gb USB?

Thanks a lot, sir. Great and easy fix which helped me. 😊

Many thanks for posting the video, it's been about 9 months since I've used my AP200 to reset my oil and service intervals, but I seem to remember I used the prompt ignition 2 has engine running also for live data . Once again thanks for the video

At 20:55, after you press "Date/Time", you got the "NTP" selection. However, I don't have this "NTP" option, and the screen just have "Date/Time" and "Display off" selection. The middle 2 selections, "NTP" and "Time Zone", are misssing. Do you know how to add them? I am using a SDS1104X-E, with Software Version=6.1.37R10, Uboot-OS Version=8.1, FPGA Version=2021-11-08, Hardware Version=01-05. Thx !

How

Informative video. I know a little more about my analyser than I did 30 minutes ago, but bro, you gotta work on that teeth sucking tick.

Thank you for the experiment. I have the same device. I use it with sigrok. I tried to download the usbee software, but it is not available anymore. Have you tried using a 10x oscilloscope probe to be able to test voltages higher than the 10 volt max this device can handle?

Very useful thx - I'm just starting to play with some CANbus home automation gear.

Is it possible too just make a single esp -32 rolling code module

Cheers, it worked perfect just as you laid it out. my SDS1204X-E is updated for MSO,WIFI, AWG.... 😀 thank you

How can i get a copy to test?

It will be a software emulated ev1527 or a Princeton Technology chip; viewing the waveform will tell you which one. Usually available between a receiver chip and decoder IC on the receiver pcb. Reminds me of my decoding sessions as a young teen, using a receiver (from a junked car alarm), tape recorder, and data slicer into an 8 bit home computer. Really bodgy, but it worked. For ASK now, I'd simply interface a bare receiver to the input of a sound card and record the result in Audacity for analysis. I'd be using a bare 433MHz transmitter module connected to an arduino to generate the signal rather than the sledgehammer esp and cc1101 combination. Soundcard is fine on the demodulated signal from a receiver for these things as the data rate is so low.

This is how i'd try, just from your description (not looked at the code). Capture 1, then send random guess to move along, send captured and repeat. If the random guess is right, door opens otherwise you'll only need to send as many attempts as you have in the numbers list. Trying to roll your own rolling code without knowledge of cryptography is usually a disaster. You should see how complex the original keeloq was, but it still was broken after the method used was leaked.

Thank you so much for this video i bought the V4 myself and its been difficult to find videos for the new version of this dongle

I was playing with this.. (I set a wide bandwidth) of 200,000 to grab a wack of devices.. (BaseBand Noise Blanker) not used.. RF Gain 32.8 (But.. I say This Plugin Needs work also 😊) Fidle Fidle

This didn’t make sense the first time I viewed it. When I realized you were working with an ARM Teensy, I started to understand. You’re not saying anything untrue, but it would be more accurate if you replaced most of the places you say “Arduino” with “Teensy 3”. The original Arduinos and original Teensys were AVR MCUs. AVRs use DDRX, PINX and PORTX registers at a low level for port manipulation. Starting with v3, the Teensys became ARM MCUs. ARMs use a completely different register system to control IO bits in a completely different process than AVRs. When the Teensy 3s came out, Paul Stoffregen (the Teensy creator) extended the digitalWrite function to work for his ARM setup. He also extended the Arduino direct port calls (DDRA = 0x0F) to generate ARM register code when the board is set to Teensy 3 (and now 4). So when you write direct port register code in Arduino, for an ARM Teensy, it’s not really direct code anymore. This and the fact that ARM register bit manipulation works very differently, gives you the non-predicted results for your tests. Compile and run your test code on an AVR Arduino (UNO, Nano, Leonardo, etc), or a Teensy 2.0, and you should get very different results.

Should be possible to get same result by telling the compiler to unroll loops, however im not comfortable enough with compiler optimization to trust the compiler to actually unroll the loops i want to unroll, so either code it ugly or look at the dissasembly to make sure. :)

Hi again. I did finally get the code to compile, but the serial monitor did not show the text, only a bunch of questions marks.

Thanks for the great video. I tried your Code and I can’t get it to compile. What am I missing?

"dumps the flash and cackles* ez hack

You could add an RTC to the electronics and have the code be dependent on the time it receives the message. It solves the problem of desync.

"unrolling the loop" :)

The waveform of the last one looks extremely distorted, so it still seems like the bitwise is faster without sacrificing the waveform?

So you jam one of the signals and you store the rolling code which remains valid cuz it hasn't been used and then you're in....

If an incorrect code is repeated, Rx wont progress.. Hacker records 2 valid sequences and plays them back alternately. Rx progresses and looks ahead so it only takes once round the sequence and I'm in.

Maybe I misunderstood, the entire project only offers one function for a fully 4 button sender. If this is the case, I would suggest that instead of binary, we use fibonacci number base, 1 2 3 6, if you use this base 1 = 0001, 2 = 0010, 3 = 0100, 4 = 0101, 5 = 0110, 6 = 1000, 7 = 1001, 8= 1010, 9 = 1100, 10 = 1101, 11 = 1110, 12 = 1111 and the last button could be encoded into the last code sent, so you have 12,13,14,15 based on binary coding. If any transmitter sends any numbers above 12 in a sequence, you can lock it up.

Another great experiment video with shared knowledge! 👍 But this gives me an idea - second remote with rolling code, but working in infrared range.. That will be unseenable by jammer and can be used when jammer activity in area is discovered.. 😂

really well done chef, what a technique!!!

nice plugin and video , thx and greetings from Germany :)

It's great to see project progress and updates! 👍

Nice video @TheBionicbone ! Couple of ideas of hacking this really quickly and to overcone the "repeating of the same code" protection, based only in video, i.e. without review of the actual code: 1. Capture more than one actual set of codes from the actual sender, then alternate those until they roll over. In addition, you can interleave those with few fake codes too. 2. If only one real set of codes can be captured, simply interleave those with at least one fake code and run the loop until code rolls over. Basically, any system, which have "limited" set of rolling codes, which are being eventually reused, will be vulnerable to replay attack without some additional protection steps being put in place, like: A. Increasing amount of the codes (duh!). B. Increasing the time between futher code match attempts with each unmatched code to prevent fast brute forcing or rolling over. C. Keeping log of let's say 10 to 100 last attempted codes to see if some are being sent repeatedly. D. In conjuction with C. above, consider "blacklisting" valdid codes used out of sequence too many times. E. Using (as an alternative or in conjunction with) the "endless" list of codes by either using a mathematical formula rather than fixed list, or by "recalculating" the list before each reuse by the simple formula. Basic idea is to make the total amount of brute force or replay attack attempts to take very long time to make it impractical to try / use / break the code.

Sorry about the audio sync, thanks to Andrew from Awell Digital channel this has been fixed for the next video.

Nice! 👍 For dealing with interference, just add at the packet end CRC. If received CRC doesn't match calculated value from received packet, receiver just ignores packet all together as faulty and don't even check compatibility with rolling code.. 😉 And waits for new packet.. For remote part - before CRC add in packet button press counter in coded manner (XOR, bit swap etc). Remote will update counter after every button press and send that data in packet. Receiver, after CRC check, first decodes received button press counter data in packet, then according to that data, goes looking in rolling code table. To prevent hacking, button press counter can't be smaller than stored last counter value in receiver, that's mean's - there is no way to reuse old or precisely captured rolling code data, because counting can only go forward until looping.. If button press counter data is smaller than expected, packet will be simply dropped.. For extra safety, button counter data can be added, even in middle of data packet between rolling code data. From theoretical point of view, even if hacker will decode button press data, it can't replicate next parcel, because he don't have rolling code data table, but this add will ensure good remote and receiver synchronization..

Thanks for the follow up. I think program memory is not the main issue with encryption, especially if you - in my opinion - wast memory for the pre-shared generated key tables. You have to spend CPU-cycles and energy for encryption/decryption. I used in an experimental AVR based 433MHz transmitter/receiver ChaCha20-Poly1305 for encryption and integrity. This worked pretty good for these bit-rates.

😅thanks for the awesome video!

idea 1: lets say you have a recorder at the door - that pciks up the signals whenever you leave and come back , it would always send open signal and then close signal meaning around 4 requests per day i think you could get the whole code relatively quickly (depending on sizeof rollingCode and sizeofSendingRollingCode ) 🤔 im not a security expert but i think there should be some public/private key involved and some encryption

Im just passing by. I havent studied this algorithm. But a it is a testcase perhaps, to consider 20 neighbours having the same locking mechanism - it should not leave the neighbour that happens to be on holiday for some weeks with a locket door.

very interesting stuff

I made implementation where i have aes encryption and decryption. I would send random IV unencrypted and send encrypted counter from remote to receiver (with also the command - button click/longpress/dual press etc.). AFAIK sending IV plaintext would not be bad practice. I would always allow higher counter number than the one already sent, so it would never go out of sync and would not allow lower number so it can't be replay attacked. On the remote and receiver side I save counters to eeprom and use rolling location for wear leveling and very high endurance (20+ years having multiple transmissions per day). Only problem I have is that it eats up majority of typical arduinos rom and ram. Your implementation seems far lighter and time will tell if it's secure if more people test and look into it. Thanks for great work.

couple years ago i used an RTL dongle from an DVB-T usb-stick (with a RTL2832U chip) for listening to ATC radio using SDR#. Now i am trying to set it up all again, but i cant receive ATC radio (now using the current AIRSPY SDR# software). However, i can receive radio broadcasting (FM). any hint what i am doing wrong? thanks

4:05, I hadn't noticed that setting before! Awesome!

Voici les informations dans le menu état système : SDS 1104X-E Ver soft 6.1.37R10 Ver Uboot os 8.3 Ver FPGA 2021-11-08 Ver Hard 01-05 Type prod SDS1204X-E Merci

Super, j'aimerai avec tout ce savoir faire !! Je suis débutant, j'ai installé la dernière version du software : SDS1xx4X-E Firmware (4-Channel Models) -V6.1.37R10 (Release Date 03.30.23 ) mais je n'arrive pas à installer le dernier software : SDS1xx4X-E Operating System -V3 (Only For 4-Channel models) (Release Date 01.04.23 ) est ce normal ? j'ai bien 4 fichiers sur ma clef mais aucun ne se termine par .ADS ou .CFG donc impossible de lancer la mise à jour Si quelqu'un peut m'expliquer doucement ?... Merci

JEU