Frequency analyzer not working

So, I figured out the problem.

The CC1101 (our radio chip) can’t function as a frequency analyzer (as it can only listen to one frequency at a time), so it just hops around a predefined set of frequencies and tries to find the highest RSSI (signal strength), and 310mhz isn’t in this list. The frequencies in the list are: 315mhz, 318mhz, 390mhz, 433.92mhz, 868.35mhz.

If you’d like to use 310mhz, you can edit the source code (the list is called subghz_hopper_frequencies in applications/subghz/subghz.c) and add 310000000 there (don’t forget to build and flash), then the frequency analyzer should see the remote.

This is very good to know! I was initially thinking that something might be wrong with my Flipper Zero.

The CC1101 has four per-defined frequency ranges of 315, 433, 868, and 915 MHz, but says that it
can operate within 300-348 MHz, 387-464 MHz, and 779-928 MHz ranges.

It should be possible to create a scanning routine that would jump through the frequency ranges as outlined by the CC1101 datasheet. It would most likely need to jump to a frequency, sample, and then jump again, and only stop if it detects a single higher than expected background.

Thanks for letting me know where to look in the source code. I’ll take a look later today and see if I can create a scan for 310MHz.

I looked at the code pointed out by @Astra this evening to look at adding in the 310MHz range for the remote I have. I was able to find the table of set frequencies and where to add in new ones.

But looking at the bigger issue of why the Frequency Analyzer doesn’t work in the first place. I think I have a better understanding of what’s going on in the current 0.50.0 version.

It looks like the Frequency Analyzer code isn’t hooked up to trigger a notification when a signal is found.
But even before that could happen. The code doesn’t even initiate a scan of the possible frequencies in a way that will work with jumping through the full range provided by the CC1101 chip used in the Flipper Zero.

In specific, the code found in flipperzero-firmware/applications/subghz/scenes/subghz_scene_frequency_analyzer.c for subghz_scene_frequency_analyzer_on_event will only ever return false. On top of that nothing ever seems to call the on_event in the first place.
I also couldn’t find any code that scans the frequencies in discreet increments (like 1MHz or 5MHz jumps) looking for the highest RSSI (Received Signal Strength Indicator), and then providing that feedback once it’s run through all the possible ranges.

I might take a stab at the code this weekend when I have more time. But my C coding skills are rather rusty. As in 20ish years since I’ve written serious C code. I’m much more of a higher level language coder these days, with the odd dip into hex hacking.

In any case, the Frequency Analyzer as coded currently will not work as people expect it to. As pointed out by @Astra the chip and library don’t just “listen” to the full range of frequencies. Code has to be written to jump through them systematically to find the highest RSSI, and then return that result to the user.

What this also points out to me is that the Read RAW function needs a way to read either preset well known frequencies (as it currently does), or provide a way to set the Flipper Zero to read any of the possible frequencies that are available with the CC1101.

I’ll add some issues over on the GitHub repo next.

Time to get hacking people. 🧑‍💻

@SkorP, any thoughts on this?

As far as I know, hopping over all the frequencies in small increments will be too slow to detect a lot of stuff that sends short bursts of data, as the freq switching takes time and CC1101 can’t do it fast enough to catch them.

@Astra I agree that it won’t be fast enough to catch quick burst transmissions that are just “floating in the air”, or that one might be trying to sniff at random.

But in other cases, like the remote I have, you can just hold down the button and the signal keeps sending. In cases like what I’m trying (where it’s a generic remote with no codes printed on it) and I can keep the button depressed. A somewhat slow scan should still pick up the frequency eventually.

In the case of @zerozen original question where he knows the frequencies. Changing the Read RAW to be more configurable (allowing fine grain tuning of possible frequencies in say 1MHz or 5MHz increments) would provide a better way to capture the specific signals.

this approach was chosen for the frequency analyzer is not a good life. understand cc1101 is first of all just a receiver and not an SDR, it cannot scan and capture a signal in a wide range, but only receive it at a set frequency. at the same time, the switching speed from frequency to a new one with all calibrations and RSSI reading takes at least 3ms + to accurately determine the carrier, it switches to a narrow channel of the receiving filter and scans the found frequency again to determine the exact one. this is about 50 frequency scans. i.e. 150ms. car key fobs and all kinds of weather stations, switches, etc. do not transmit a signal for a long time, but only 4-8 parcels. 1 Keelog packet lasts about 80ms + - that is, 4 about 320-500ms. and if you scan the entire allowed range in 1 MHz steps (5 you will definitely miss the signal), you simply will not get to the moment when there is a transmission. and again there will be talk that the analyzer does not work. now you just need to add to the list all the frequencies that are used by various systems and everyone will be happy.

@SkorP that all makes sense!

That’s why I’m suggesting a more configurable Read RAW with 1MHz tuning across all the possible CC1101 frequencies will serve most peoples needs.

Just got my Flipper today. Updated firmware. Frequency analyzer won’t pick up a signal of any kind. Tried all kinds of remotes. Rebooted flipper… still nothing.

I’m running into the same issue. I am testing with a known working Linear Megacode transmitter (Model MCT-3 318Mhz). I tried at various distances, touching the Flipper and pulling it progressively back. At one point the screen flashed 317Mhz then disappeared. Additionally, doing a Read with it set to 318Mhz and following the settings described in the Megacode discussion linked from the recent newsletter have not yielded any successfully detected codes. Performing a Raw Read it is getting something when I press the buttons.

Hi! Did you update the firmware? Are you holding the remote button pressed for long enough?

Adding my experience here. Using a Liftmaster 971lm remote, which the manufacturer states is 390 MHz. Nothing detected using frequency analyzer at any distance (even when right next to the flipper). Read also doesn’t show anything, but raw read does show a signal. Rebooted twice. Using the latest firmware right now.

Can you show what the RAW signal graph looks like?

redesigned frequency analyzer. the remote control must also be held close to the flipper on the left side, the remote control button should be held if the transmission is constant, or press for a second several times

Yes, firmware latest firmware is installed, and I confirmed that the megacode feature was part of that release via GH Releases. The remote button was held for minimum 5 seconds, pushing 10 seconds for each test. It takes around 1 second of pressing for the remote to operate the garage so I figured that should be plenty.

Edit:

Screenshot1584×640 49.1 KB

@SkorP I am experiencing the same problem. Frequency analyzer does not work completely.

However, I want to add some details, maybe they will help.

When I just got the flipper, with factory firmware - the frequency analyzer worked! It even has shown me unsupported frequencies. I started transmission from FRS walkie talkie and it has shown me Mhz.

Also when I turned on hop mode for Read feature and keep it running for some time it captured 2 signals, probably from neighbors.

However, after I updated to the latest 0.58.1 version, everything is broken right now. Read feature in hope mode captures nothing, and I have few remotes from garage doors. Same with frequency analyzer. It can’t catch anything.

I also googled one of the garage remote’s and it uses 310 mhz frequency, but I can’t even choose it from the available list. I don’t know what changes you guys are making, but original factory firmware at least was showing something.

Unfortunately I didn’t write down the original firmware version, I have a black flipper, received it recently in USA region and I think it was 0.48.1 version on board… But I am not sure… I can also try to rollback the firmware back… I looked at the list of firmwares, I think mine was from the end of 2021, but then it is 0.44.1… If you know what firmware was used on factory for F7 HW version for black flipper from the recent USA batch… I can try to rollback.

@SkorP any thoughts, ideas?

@SkorP I decided to try 0.44.1 (but really not sure what “factory’ version was installed originally”). And Frequency Analyzer works again! Even for officially unsupported frequencies. It shows the walkie talkie and garage button again. So for some how in future versions the feature became broken.

IMG_30213000×2747 594 KB

The factory version was 0.43

Thank you, @Astra . I didn’t review the history of changes between versions, but obviously with 0.44.1 and 0.43.1 the frequency analyzer worked. I am not sure, maybe you drastically reduced frequency ranges to be complaint with some regulations or introduced a bug… If it’s a compliance regulation, I would still expect the frequency analyzer to be as in older versions, but show some error message if you try to transmit on those frequencies.

Another try on 0.44.1 and frequency analyzer works:

IMG_30223024×2235 172 KB

And it was showing just zeros for any device on the latest firmware.

Can you try the latest dev build? The frequency analyzer has been updated