I only need raw records, you can throw it here too
1 Like
In brief
| Item | Value |
|---|---|
| Product | Chamberlain LiftMaster 971LM remote |
| Frequency | 390 MHz |
| Modulation |
AM650 or AM270? |
| FCC ID | HBW1241 |
| Control IC | 125C0126, 9B1847, 0042 (might have misread) |
| Source | 971LM Remote Control | LiftMaster |
Details
I only have a 1 button model, but the circuit board has places for 4 buttons. I could try jumping/shorting those briefly to see if that functionality works on this remote. Thereās a good chance itās just treated as 4 unique rolling codes given the manual advertises using any button to control any Security+ device.
Recordings
LiftMaster 971LM 390 MHz remotes.zip (42.0 KB)
Archived as the Security+ 1.0 protocol has been implemented. If needed, feel free to message me.
I wasnāt sure if it was AM270 or AM650, so I recorded a bit with both modulations.
| Filename | Description |
|---|---|
LiftMaster_Remote1_AM650.sub |
10Ć pressing remote 1ās single button, recorded with AM650
|
LiftMaster_Remote2_AM270.sub |
10Ć pressing remote 2ās single button, recorded with AM270
|
LiftMaster_Remote3_AM650.sub |
10Ć pressing remote 3ās single button, recorded with AM650
|
Note: All three remotes are the same model. I merely wasnāt sure which modulation itās using or if itād be helpful to have multiple. Trying either FM[ā¦] modulation appeared to not contain any data based on the Flipperās signal graph.
Photos
Skipped as suggested. I can take photos if desired though!
Ok!
1 Like
dachshund security + 2.0 won today, you need to brush it a little. the author of the encoding, of course, did not smoke like a child. much more interesting than keelog but not so secret
1 Like
Awesome!
From reading https://github.com/argilo/secplus it sounds like Security+ 1.0 has zero overlap with 2.0 so thereās no concern, but if itād be useful, I could verify that my Security+ 1.0 remote isnāt incorrectly detected as the 2.0 protocol.
Hopefully @Fatvod can check with their Security+ 2.0 remotes soon.
Come on, check and write how it works. security + 1.0 will also add
1 Like
It works! I scanned with 315 and it picked it up right away. It doesnt allow me to replay the signal, is that expected?
Thanks!
1 Like
Based on the documentation, it looks like Flipper can only save signals with a static code.
From what Iāve read elsewhere, youāre encouraged to create a new remote with the correct protocol, then put your garage door in ālearningā mode to teach it this new remote. This helps avoid accidentally locking yourself out by de-syncing your normal remote with Flipper advancing the rolling code, similar to what happened to someone on Reddit (who tried to clone as if it was a static code).
There may also be legal requirements or concerns around disabling saving recordings of existing dynamic code signals. Iām not sure.
1 Like
Yes, there are legal restrictions, I donāt want the device to be banned for sale at all. about adding a remote control. not yet either. First you need to find out again the legal point of view on this. Or wait in a non-official firmware, if you manage to add
3 Likes
1 Like
I can verify that this recognizes my 315 MHz Security+ v1 remotes just fine.
Whatās the problem with allowing to manually add and emulate one of these? Given the rolling code nature itās not like this would make it possible to emulate an existing remote, and I would need physical access to my garage door opener to pair that emulated remote with the receiver, so I donāt see how thereās a legal problem here if flipper is already allowed to transmit on these frequencies.
1 Like
Updated to 1ca9817, and Iām able to read my 390 MHz door openerās Security+ 1.0 signal as well, thank you!
Adding on to this, it looks like the Security+ 1.0 patent has expired, and the Security+ 2.0 patent has been abandoned.
However, I wouldnāt be surprised if there are other concerns despite 315 MHz being allowed for transmit under U.S. FCC certification (i.e. this wouldnāt apply to my 390 MHz garage door opener). I am not a lawyer.
if the creation and transfer of code is allowed, who said that this will not allow emulating an existing keychain? this is a double-edged sword, so letās do it ourselves, I donāt break the law
2 Likes
At the moment I have no interest in cloning an existing transmitter. Iām merely interested in using the flipper to create a new unique transmitter that can then be paired. Iām having a tough time seeing how this would differ from just purchasing a new transmitter on Amazon.
3 Likes
I just got this door opener frequency to work by adding 310AM to the list for subghz scanning and frequencies.
It was working after I did a 10 capture sequence with the āRead RAWā setting configured to: AM650 - 310.00 frequency.
I tried to do a new capture and then the remote stopped working but it did open my garage a couple of times on video before it stopped working again!
itās a rolling protocol, it changes every time itās sent. make a record of 5+ button presses, you can stand next to the garage that the key fob did not get rid of, and try to play this recording
1 Like
That helps a ton! Thank you for the tip!!!