Mirror/FlipperZeroNRFJammer
1
0
Fork 0
mirror of https://github.com/huuck/FlipperZeroNRFJammer.git synced 2026-06-12 06:33:30 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16 from W0rthlessS0ul/main

Browse Source 
The jamming principle has been improved
This commit is contained in:
Gabriel Cirlig
2025-06-14 22:27:47 +01:00
committed by GitHub
parent c0aa6ea427 373d6a4323
commit 9472f46a3c
5 changed files with 69 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -11,7 +11,7 @@ Demo:
https://bsky.app/profile/hookgab.bsky.social/post/3lcgnsx7wfk2x
Example of the spectrum at 2.440 Ghz:
![image](https://github.com/user-attachments/assets/57828280-70d6-4a57-aa5f-9b58bfec59b0)
![spectrum](img/spectrum.png)
# FAQ
It's crashing, what do I do?
img/spectrum.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 666 KiB

jammer.c
+12 -63
View File
@@ -158,77 +158,26 @@ static void jammer_state_init(PluginState* const plugin_state) {
static int32_t mj_worker_thread(void* ctx) {
PluginState* plugin_state = ctx;
plugin_state->is_thread_running = true;
FURI_LOG_D(TAG, "starting to jam");
char tmp[128];
// make sure the NRF24 is powered down so we can do all the initial setup
nrf24_set_idle(nrf24_HANDLE);
uint8_t mac[] = { 0xDE, 0xAD}; // DEAD BEEF FEED
uint8_t ping_packet[] = {0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF}; // 32 bytes, in case we ever need to experiment with bigger packets
uint8_t conf = 0;
nrf24_configure(nrf24_HANDLE, 2, mac, mac, 2, 1, true, true);
// set PA level to maximum
uint8_t setup;
nrf24_read_reg(nrf24_HANDLE, REG_RF_SETUP, &setup,1);
FURI_LOG_D(TAG, "Starting optimized carrier jamming");
setup &= 0xF8;
setup |= 7;
snprintf(tmp, 128, "NRF24 SETUP REGISTER: %d", setup);
FURI_LOG_D(TAG, tmp);
nrf24_read_reg(nrf24_HANDLE, REG_CONFIG, &conf,1);
snprintf(tmp, 128, "NRF24 CONFIG REGISTER: %d", conf);
FURI_LOG_D(TAG, tmp);
nrf24_write_reg(nrf24_HANDLE, REG_RF_SETUP, setup);
#define size 32
uint8_t status = 0;
uint8_t tx[size + 1];
uint8_t rx[size + 1];
memset(tx, 0, size + 1);
memset(rx, 0, size + 1);
tx[0] = W_TX_PAYLOAD_NOACK;
memcpy(&tx[1], ping_packet, size);
#define nrf24_TIMEOUT 500
// push data to the TX register
nrf24_spi_trx(nrf24_HANDLE, tx, 0, size + 1, nrf24_TIMEOUT);
// put the module in TX mode
nrf24_set_tx_mode(nrf24_HANDLE);
// send one test packet (for debug reasons)
while(!(status & (TX_DS | MAX_RT)))
{
status = nrf24_status(nrf24_HANDLE);
snprintf(tmp, 128, "NRF24 STATUS REGISTER: %d", status);
FURI_LOG_D(TAG, tmp);
}
NotificationApp* notification = furi_record_open(RECORD_NOTIFICATION);
uint8_t chan = 0;
uint8_t limit = 0;
notification_message(notification, &sequence_blink_red_100);
do {
limit = hopping_channels_len[plugin_state->jam_type];
for(int ch = 0;ch < limit; ch++) {
chan = hopping_channels[ch];
// change channel
nrf24_write_reg(nrf24_HANDLE, REG_RF_CH, chan);
// push new data to the TX register
nrf24_spi_trx(nrf24_HANDLE, tx, 0, 3, nrf24_TIMEOUT);
nrf24_startConstCarrier(nrf24_HANDLE, 3, hopping_channels[0]);
uint8_t current_channel = 0;
uint8_t limit = hopping_channels_len[plugin_state->jam_type];
while(!plugin_state->close_thread_please) {
for(int ch = 0; ch < limit && !plugin_state->close_thread_please; ch++) {
current_channel = hopping_channels[ch];
nrf24_write_reg(nrf24_HANDLE, REG_RF_CH, current_channel);
}
} while(!plugin_state->close_thread_please);
}
nrf24_stopConstCarrier(nrf24_HANDLE);
furi_record_close(RECORD_NOTIFICATION);
plugin_state->is_thread_running = false;
nrf24_set_idle(nrf24_HANDLE);
return 0;
}
lib/nrf24/nrf24.c
+45
View File
@@ -133,6 +133,51 @@ uint8_t nrf24_set_rate(FuriHalSpiBusHandle* handle, uint32_t rate) {
return status;
}
void nrf24_startConstCarrier(FuriHalSpiBusHandle* handle, uint8_t level, uint8_t channel) {
nrf24_set_idle(handle);
nrf24_write_reg(handle, REG_RF_CH, channel);
uint8_t setup;
nrf24_read_reg(handle, REG_RF_SETUP, &setup, 1);
setup = (setup & 0xF8) | ((level & 0x3) << 1);
nrf24_write_reg(handle, REG_RF_SETUP, setup);
setup |= NRF24_CONT_WAVE | NRF24_PLL_LOCK;
nrf24_write_reg(handle, REG_RF_SETUP, setup);
nrf24_write_reg(handle, REG_EN_AA, 0x00);
uint8_t config;
nrf24_read_reg(handle, REG_CONFIG, &config, 1);
config &= ~NRF24_EN_CRC;
nrf24_write_reg(handle, REG_CONFIG, config);
uint8_t dummy_payload[32];
memset(dummy_payload, 0xFF, sizeof(dummy_payload));
uint8_t tx[33];
tx[0] = W_TX_PAYLOAD;
memcpy(&tx[1], dummy_payload, 32);
nrf24_spi_trx(handle, tx, NULL, 33, nrf24_TIMEOUT);
nrf24_set_tx_mode(handle);
}
void nrf24_stopConstCarrier(FuriHalSpiBusHandle* handle) {
nrf24_set_idle(handle);
uint8_t setup;
nrf24_read_reg(handle, REG_RF_SETUP, &setup, 1);
setup &= ~(NRF24_CONT_WAVE | NRF24_PLL_LOCK);
nrf24_write_reg(handle, REG_RF_SETUP, setup);
uint8_t config;
nrf24_read_reg(handle, REG_CONFIG, &config, 1);
config |= NRF24_EN_CRC;
nrf24_write_reg(handle, REG_CONFIG, config);
}
uint8_t nrf24_get_chan(FuriHalSpiBusHandle* handle) {
uint8_t channel = 0;
nrf24_read_reg(handle, REG_RF_CH, &channel, 1);
lib/nrf24/nrf24.h
+11
View File
@@ -50,6 +50,10 @@ extern "C" {
#define TX_DS 0x20
#define MAX_RT 0x10
#define NRF24_CONT_WAVE (1 << 7)
#define NRF24_PLL_LOCK (1 << 4)
#define NRF24_EN_CRC (1 << 3)
#define nrf24_TIMEOUT 500
#define nrf24_CE_PIN &gpio_ext_pb2
// FuriHalSpiBusHandle* nrf24_HANDLE = (FuriHalSpiBusHandle*) &furi_hal_spi_bus_handle_external;
@@ -120,6 +124,13 @@ uint8_t nrf24_set_idle(FuriHalSpiBusHandle* handle);
*/
uint8_t nrf24_set_rx_mode(FuriHalSpiBusHandle* handle);
void nrf24_startConstCarrier(FuriHalSpiBusHandle* handle, uint8_t level, uint8_t channel);
void nrf24_stopConstCarrier(FuriHalSpiBusHandle* handle);
/** Sets the radio to TX mode
*
* @param handle - pointer to FuriHalSpiHandle