I think it’s entirely reasonable and makes sense in the scope of this device to have two radios (could be another CC1101) so that one can be used as a jammer for rolljam type attacks… I imagine other uses could be found for the extra radio too, basically making the device full duplex, you could be communicating, or recording a signal with the one radio while performing an attack with the other. Is there really not enough room for this?
1 Like
one transceiver is enough. receiver cant receive anything then it jamming.
Isn’t that literally the entire concept of the rolljam attack? Obviously they are operating at slightly deviated frequencies.
4 Likes
The rolljam attack indeed needs to operate a receiver and a transmitter at the same time so a single transceiver can’t be used.
I don’t think they will be adding another CC1101, however you could plug one into the gpio.
2 Likes
for this attack (from the image) the receiver need a very thin receive window. this window can be achieved either with help of SDR receiver and huge math or with band-pass filter with high Q.
for all of this paths it needs to have special RF part. Now it will not work.
Usually with one rf transceiver signal receives up to CRC or some known part and then transmitter jams this part.
so one transceiver is enough. for attack from image it will need to build very complex device and it will work unstable because of huge difference between remote’s schematics.
I’d have to find it, but I posted to the forum something about using a GPIO pin like RPiTX does to send a 433 band jamming signal. Squarewaves work great, so if you could set up some sort of timing to jam-listen-jam-listen quickly enough, it may just work.
Yeah, that RPiTX thing looks really neat. I had no idea you could… transmit radio without a radio transmitter (if I’m reading this right). 
The problem with jamming with square waves is that you will jam much more frequency’s than the one you are trying to jam/transmit on. So there is a good chance you will transmit on reserved/illegal frequency.
It’s also worth noting that you can’t transmit radio with all gpio enabled devises, however I don’t know the details of this.
Heya, as someone who has implemented RollJam in very simple terms with the same Radio I’d say that this is possible but the extra CC110x is probably overkill, a simple RTLSDR should be good enough for this:
This is very basic, but what you could do is Jam on the F1 while listening on the RTLSDR, a user interface is likely needed since those freq’ have a lot of things going on so you can pick what you are looking for. You also probably need to figure out how to narrow the jamming wave to not interfere with the signal as well as isolate the RTLSDR so its not overwhelmed with the noise from the CC
you could probably do a rolljam with 1 xcvr if you can switch modes fast enough - The code has to be received in its entirety to be valid. So - you could, if you had, say,a 10 bit code - receive 5 bits, then transmit noise for 5 bits, then more noise for say 2-3 bits then back to receive, and so on, for as long as you are receiving the signal. You end up then with overlapping segments of code, which you could correlate to obtain the full code(that might be a bit processor intensive), and the target receiver has not received any valid code.
Alternately - and this requires real fast switching - if you have ASK or OOK with a known bit width - you can do the same sort of thing with a single bit at a time. - if there were 2 pulse widths for 0 or 1 - once you have received the pulse for the length of the short bit (say zero), switch to transmit for an equal length - then back to receive for the next pulse. If you havent detected the falling edge in the receive time you have a 1 bit, if you do receive the falling edge, it would be a zero bit. The target receiver gets a whole lot of jumbled up hash. Ill have to take a look through the CC datasheet, Im not sure how fast you can actually switch modes on this… might be somewhat slow having to issue commands etc