Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-04-24 03:29:57 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'ul/dev' into mntm-dev --nobuild

Browse Source
This commit is contained in:
WillyJL
2025-07-19 16:58:37 +01:00
parent b423f90b5c ac6621cdcb
commit bd88e42622
21 changed files with 1214 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

283
lib/subghz/protocols/phoenix_v2.c
View File

@@ -6,9 +6,9 @@
#include "../blocks/generic.h"
#include "../blocks/math.h"
#define TAG "SubGhzProtocolPhoenixV2"
#include "../blocks/custom_btn_i.h"
//transmission only static mode
#define TAG "SubGhzProtocolPhoenixV2"
static const SubGhzBlockConst subghz_protocol_phoenix_v2_const = {
.te_short = 427,
@@ -64,7 +64,7 @@ const SubGhzProtocolEncoder subghz_protocol_phoenix_v2_encoder = {
const SubGhzProtocol subghz_protocol_phoenix_v2 = {
.name = SUBGHZ_PROTOCOL_PHOENIX_V2_NAME,
.type = SubGhzProtocolTypeStatic,
.type = SubGhzProtocolTypeDynamic,
.flag = SubGhzProtocolFlag_433 | SubGhzProtocolFlag_AM | SubGhzProtocolFlag_Decodable |
SubGhzProtocolFlag_Load | SubGhzProtocolFlag_Save | SubGhzProtocolFlag_Send,
@@ -93,6 +93,138 @@ void subghz_protocol_encoder_phoenix_v2_free(void* context) {
free(instance);
}
// Pre define functions
static uint16_t subghz_protocol_phoenix_v2_encrypt_counter(uint64_t full_key, uint16_t counter);
static void subghz_protocol_phoenix_v2_check_remote_controller(SubGhzBlockGeneric* instance);
bool subghz_protocol_phoenix_v2_create_data(
void* context,
FlipperFormat* flipper_format,
uint32_t serial,
uint16_t cnt,
SubGhzRadioPreset* preset) {
furi_assert(context);
SubGhzProtocolEncoderPhoenix_V2* instance = context;
instance->generic.btn = 0x1;
instance->generic.serial = serial;
instance->generic.cnt = cnt;
instance->generic.data_count_bit = 52;
uint64_t local_data_rev =
(uint64_t)(((uint64_t)instance->generic.cnt << 40) |
((uint64_t)instance->generic.btn << 32) | (uint64_t)instance->generic.serial);
uint16_t encrypted_counter = (uint16_t)subghz_protocol_phoenix_v2_encrypt_counter(
local_data_rev, instance->generic.cnt);
instance->generic.data = subghz_protocol_blocks_reverse_key(
(uint64_t)(((uint64_t)encrypted_counter << 40) | ((uint64_t)instance->generic.btn << 32) |
(uint64_t)instance->generic.serial),
instance->generic.data_count_bit + 4);
return SubGhzProtocolStatusOk ==
subghz_block_generic_serialize(&instance->generic, flipper_format, preset);
}
// Get custom button code
static uint8_t subghz_protocol_phoenix_v2_get_btn_code(void) {
uint8_t custom_btn_id = subghz_custom_btn_get();
uint8_t original_btn_code = subghz_custom_btn_get_original();
uint8_t btn = original_btn_code;
// Set custom button
if((custom_btn_id == SUBGHZ_CUSTOM_BTN_OK) && (original_btn_code != 0)) {
// Restore original button code
btn = original_btn_code;
} else if(custom_btn_id == SUBGHZ_CUSTOM_BTN_UP) {
switch(original_btn_code) {
case 0x1:
btn = 0x2;
break;
case 0x2:
btn = 0x1;
break;
case 0x4:
btn = 0x1;
break;
case 0x8:
btn = 0x1;
break;
case 0x3:
btn = 0x1;
break;
default:
break;
}
} else if(custom_btn_id == SUBGHZ_CUSTOM_BTN_DOWN) {
switch(original_btn_code) {
case 0x1:
btn = 0x4;
break;
case 0x2:
btn = 0x4;
break;
case 0x4:
btn = 0x2;
break;
case 0x8:
btn = 0x4;
break;
case 0x3:
btn = 0x4;
break;
default:
break;
}
} else if(custom_btn_id == SUBGHZ_CUSTOM_BTN_LEFT) {
switch(original_btn_code) {
case 0x1:
btn = 0x8;
break;
case 0x2:
btn = 0x8;
break;
case 0x4:
btn = 0x8;
break;
case 0x8:
btn = 0x2;
break;
case 0x3:
btn = 0x8;
break;
default:
break;
}
} else if(custom_btn_id == SUBGHZ_CUSTOM_BTN_RIGHT) {
switch(original_btn_code) {
case 0x1:
btn = 0x3;
break;
case 0x2:
btn = 0x3;
break;
case 0x4:
btn = 0x3;
break;
case 0x8:
btn = 0x3;
break;
case 0x3:
btn = 0x2;
break;
default:
break;
}
}
return btn;
}
/**
* Generating an upload from data.
* @param instance Pointer to a SubGhzProtocolEncoderPhoenix_V2 instance
@@ -109,6 +241,40 @@ static bool
} else {
instance->encoder.size_upload = size_upload;
}
uint8_t btn = instance->generic.btn;
// Save original button for later use
if(subghz_custom_btn_get_original() == 0) {
subghz_custom_btn_set_original(btn);
}
// Get custom button code
// This will override the btn variable if a custom button is set
btn = subghz_protocol_phoenix_v2_get_btn_code();
// Reconstruction of the data
if(instance->generic.cnt < 0xFFFF) {
if((instance->generic.cnt + furi_hal_subghz_get_rolling_counter_mult()) > 0xFFFF) {
instance->generic.cnt = 0;
} else {
instance->generic.cnt += furi_hal_subghz_get_rolling_counter_mult();
}
} else if((instance->generic.cnt >= 0xFFFF) && (furi_hal_subghz_get_rolling_counter_mult() != 0)) {
instance->generic.cnt = 0;
}
uint64_t local_data_rev = subghz_protocol_blocks_reverse_key(
instance->generic.data, instance->generic.data_count_bit + 4);
uint16_t encrypted_counter = (uint16_t)subghz_protocol_phoenix_v2_encrypt_counter(
local_data_rev, instance->generic.cnt);
instance->generic.data = subghz_protocol_blocks_reverse_key(
(uint64_t)(((uint64_t)encrypted_counter << 40) | ((uint64_t)btn << 32) |
(uint64_t)instance->generic.serial),
instance->generic.data_count_bit + 4);
//Send header
instance->encoder.upload[index++] =
level_duration_make(false, (uint32_t)subghz_protocol_phoenix_v2_const.te_short * 60);
@@ -151,10 +317,22 @@ SubGhzProtocolStatus
flipper_format_read_uint32(
flipper_format, "Repeat", (uint32_t*)&instance->encoder.repeat, 1);
subghz_protocol_phoenix_v2_check_remote_controller(&instance->generic);
if(!subghz_protocol_encoder_phoenix_v2_get_upload(instance)) {
ret = SubGhzProtocolStatusErrorEncoderGetUpload;
break;
}
uint8_t key_data[sizeof(uint64_t)] = {0};
for(size_t i = 0; i < sizeof(uint64_t); i++) {
key_data[sizeof(uint64_t) - i - 1] = (instance->generic.data >> i * 8) & 0xFF;
}
if(!flipper_format_update_hex(flipper_format, "Key", key_data, sizeof(uint64_t))) {
FURI_LOG_E(TAG, "Unable to add Key");
break;
}
instance->encoder.is_running = true;
} while(false);
@@ -276,16 +454,103 @@ void subghz_protocol_decoder_phoenix_v2_feed(void* context, bool level, uint32_t
}
}
static uint16_t subghz_protocol_phoenix_v2_encrypt_counter(uint64_t full_key, uint16_t counter) {
uint8_t xor_key1 = (uint8_t)(full_key >> 24); // First byte of serial
uint8_t xor_key2 = (uint8_t)((full_key >> 16) & 0xFF); // Second byte of serial
uint8_t byte2 = (uint8_t)(counter >> 8); // First counter byte
uint8_t byte1 = (uint8_t)(counter & 0xFF); // Second counter byte
// See decrypt function before reading these comments
for(int i = 0; i < 16; i++) {
// The key to reversing the process is that the MSB of the *current* byte2
// tells us what the MSB of the *previous* byte1 was. This allows us to
// determine if the conditional XOR was applied before?.
uint8_t msb_of_prev_byte1 = byte2 & 0x80;
if(msb_of_prev_byte1 == 0) {
// reverse the XOR.
byte2 ^= xor_key2;
byte1 ^= xor_key1;
}
// Perform the bit shuffle in reverse
// Store the least significant bit (LSB) of the current byte1.
uint8_t lsb_of_current_byte1 = byte1 & 1;
byte2 = (byte2 << 1) | lsb_of_current_byte1;
byte1 = (byte1 >> 1) | msb_of_prev_byte1;
}
return (uint16_t)byte1 << 8 | byte2;
}
static uint16_t subghz_protocol_phoenix_v2_decrypt_counter(uint64_t full_key) {
uint16_t encrypted_value = (uint16_t)((full_key >> 40) & 0xFFFF);
uint8_t byte1 = (uint8_t)(encrypted_value >> 8); // First encrypted counter byte
uint8_t byte2 = (uint8_t)(encrypted_value & 0xFF); // Second encrypted counter byte
uint8_t xor_key1 = (uint8_t)(full_key >> 24); // First byte of serial
uint8_t xor_key2 = (uint8_t)((full_key >> 16) & 0xFF); // Second byte of serial
for(int i = 0; i < 16; i++) {
// Store the most significant bit (MSB) of byte1.
// The check `(msb_of_byte1 == 0)` will determine if we apply the XOR keys.
uint8_t msb_of_byte1 = byte1 & 0x80;
// Store the least significant bit (LSB) of byte2.
uint8_t lsb_of_byte2 = byte2 & 1;
// Perform a bit shuffle between the two bytes
byte2 = (byte2 >> 1) | msb_of_byte1;
byte1 = (byte1 << 1) | lsb_of_byte2;
// Conditionally apply the XOR keys based on the original MSB of byte1.
if(msb_of_byte1 == 0) {
byte1 ^= xor_key1;
// The mask `& 0x7F` clears the MSB of byte2 after the XOR.
byte2 = (byte2 ^ xor_key2) & 0x7F;
}
}
return (uint16_t)byte2 << 8 | byte1;
}
/**
* Analysis of received data
* @param instance Pointer to a SubGhzBlockGeneric* instance
*/
static void subghz_protocol_phoenix_v2_check_remote_controller(SubGhzBlockGeneric* instance) {
// 2022.08 - @Skorpionm
// 2025.07 - @xMasterX & @RocketGod-git
// Fully supported now, with button switch and add manually
//
// Key samples
// Full key example: 0xC63E01B9615720 - after subghz_protocol_blocks_reverse_key was applied
// Serial - B9615720
// Button - 01
// Encrypted -> Decrypted counters
// C63E - 025C
// BCC1 - 025D
// 3341 - 025E
// 49BE - 025F
// 99D3 - 0260
// E32C - 0261
uint64_t data_rev =
subghz_protocol_blocks_reverse_key(instance->data, instance->data_count_bit + 4);
instance->serial = data_rev & 0xFFFFFFFF;
instance->cnt = (data_rev >> 40) & 0xFFFF;
instance->cnt = subghz_protocol_phoenix_v2_decrypt_counter(data_rev);
instance->btn = (data_rev >> 32) & 0xF;
// encrypted cnt is (data_rev >> 40) & 0xFFFF
// Save original button for later use
if(subghz_custom_btn_get_original() == 0) {
subghz_custom_btn_set_original(instance->btn);
}
subghz_custom_btn_set_max(4);
}
uint32_t subghz_protocol_decoder_phoenix_v2_get_hash_data(void* context) {
@@ -320,15 +585,15 @@ void subghz_protocol_decoder_phoenix_v2_get_string(void* context, FuriString* ou
subghz_protocol_phoenix_v2_check_remote_controller(&instance->generic);
furi_string_cat_printf(
output,
"%s %dbit\r\n"
"V2 Phoenix %dbit\r\n"
"Key:%05lX%08lX\r\n"
"Sn:0x%07lX \r\n"
"Btn:%X Cnt: 0x%04lX\r\n",
instance->generic.protocol_name,
"Cnt: 0x%04lX\r\n"
"Btn: %X\r\n",
instance->generic.data_count_bit,
(uint32_t)(instance->generic.data >> 32) & 0xFFFFFFFF,
(uint32_t)(instance->generic.data & 0xFFFFFFFF),
instance->generic.serial,
instance->generic.btn,
instance->generic.cnt);
instance->generic.cnt,
instance->generic.btn);
}