CC1101 vs CC1111

I’m not familiar enough in the subject, so please help.

CC1111 has internal MCU and CC1101 does not.
Since we use MCU for Always on mode, do we need a second one for CC1111?

Rfcat supports only CC1111 and does not support CC1101. As I understand, it depends on own firmware that installed in CC1111. Also, Yard Stick one has USB interface connected directly to CC1111 USB. If we decide to use CC1111, can we use SPI interface to connect it to raspberry pi?

Original Rfcat (for cc1111emk) was using USB-Serial to interact with fw on the device. I think Yard Stick one is using the same scheme. CC1101 could be controlled over SPI protocol, but believe me (I’ve analyzed several devices that using headless CC* rf modules), it’s a lot of pain in implementiing it in that way. Also I’m not sure that linux / rpi will be able to handle the strict timings that you will need to follow for such implementation. If you don’t want to use USB, you could adapt CC1111 rfcat firmware to work with UART instead of USB and use rpi UART to control the rfcat device. However then you will not be able to use RPi0 uart port (which is a shame).

TBH, rpi is not the board for such task, you will face hw limitations pretty fast. Several years ago I was thinking on a same problem (but don’t have enough time/courage to start such project). That times, I was thinking on something based on A13 System-On-Module (e.g. https://www.olimex.com/Products/SOM/A13/) or alternatives.

Anyway, you WILL need UART multiplexer and/or USB hub ICs to fit all your wishlist :slight_smile: And than it’s just the matter of power…

I see additional low power MCU as UART/SPI multiplexer that can “proxy” interfaces to rpi. Maybe we can use silly mechanical relay to connect USB peripherals to single USB port in rpi SOC?

Yeah, I understand that, but rpi has very large community and ready to use software. If we choose another SOM, we need to do all this work from scratch. Also, your board haven’t built-in WiFi/bluetooth and with A13-SOM-WIFI shield it becomes quite big and expensive >20EUR

I never tested it myselft, but here is the CC1101/CC1111 library for raspberry pi https://github.com/SpaceTeddy/CC1101 and it successfully used in few projects of Salvador Mendoza https://salmg.net/tag/cc1101/
In this projects CC1101 connected to rpi via SPI, so probably it can work.

CC1101 + Atmega32u USB dongle http://morethanuser.blogspot.com/2016/08/cc1101-atmega32u-usb-dongle-python.html

Why don’t you add one CC* rf module and a sub-1 Ghz RTLSDR module (quite low cost)?
Your device will be able to make rolljam attack ( Car’s Key Fob for example) and it would be very cool…


SDR devices consume lots of power and CPU (remember how fast RTL-SDR becomes hot while working?) Also SDR is overkill for our task, because we only need one or two frequency ranges, and CC11xx can do almost everything we need wit low power power consumption.

Well, add a second CC* rf module in this case to allow rolljam attack :innocent:

3 Likes

It says the antenna will be tuned to 380 is for bottom freq. BAD CALL. Most North American keyfobs use 315MHZ. I did the exploit for ford at this years Wireless Village. There are other freqs for keyfobs but tpms and keyfobs are typically 315 in this region.

1 Like

You can manualy set whole cc1101 freq. ranges supported by chip itself in firmware, but I dont sure about radiopath in hardware and factory antenna efficiency universal recieve/transmit.

That makes sense. I just got mine hoping the antenna will do well at 315Mhz also but I can always add an sma connection.

you should use a esp with a cc1101 to do rolljam and make a plugin for the flipper that sends the key ( minuse jam ) via bluetooth to the esp while the flipper is jamming. or maybe telling the esp what the jam is so it can remove and store/replay minuse jame or something like that.