[PIN_SETTINGS]
RecievePinCC01=6
RecievePinCC01Name=CC1101
CC1101InitFreqConfig=1
TrsnmitPinCC01=2
TrsnmitFreqRangeLo=432000000
TrsnmitFreqRangeHi=900000000

The configuration: CC1101InitFreqConfig=1 uses a predefined frequency setting for the CC1101 at startup.

0 = 433 MHz optimized for Keeloq receiving
1 = 433 MHz FM optimized for Cardin FM Keeloq receiving
2 = 868.35 MHz with 500 Hz Bandwidth
3 = 868.35 MHz with 125 Hz Bandwidth
4 = 433.42 MHz for Somfy receiving
5 = 433 MHz optimized for sensitivity
6 = 310 MHz
7 = 315 MHz

Testing if the CC1101 module is working properly:

Start the Pi module, and you will immediately see that the CC1101 module gets tuned to the given frequency, and its registers get read and printed:

With the Android App, you can switch to a different configuration at any time:

The Android App also offers Menu-Entries to set a free chosen frequency, and to play around with the CC1101 registers:

Attention! There is no check if the chosen frequency is valid within the valid range of the CC1101 module!
Make sure you are choosing correct operating frequencies!

 

New feature added in version 1.5:

Using the CC1101 module for sending can now be enabled/disabled at any time:
(If disabled, RPITX is used for sending)

 

---

Connecting a 433 MHz Module and Raspberry Pi:

Transmitter	Receiver	Raspberry Pi	Pi Pin Nr	Wiring Pi
VCC	VCC	3V3	1
GND	GND	GND	6
DATA		GPIO17	11	0
	DATA	GPIO18	12	1

You can connect up to 3 different modules using different frquencies for receiving.
In the config file: /home/pi/rf/rfcomm-server-cfg.ini you can enable the usage of these modules, by setting the receive pin to which you have connected DATA of each module:

Android App RF Remote:

Due to a lot of abuse, the Android App is no longer free.
It can be purchased in different bundles, and includes all further updates.
You can use paypal or Bitcoin:

You will receive a download link for the Android App by email.
Because this process is not fully automated yet, it might take a while to receive this email.
Also please check your bulk/spam folder if the email went there!

If you purchased the basic version, you will have one Brand/Vendor included for free.
Each further Brand/Vendor can be purchased for 5.- US$ here.

This App is programmed to work with Android versions 4.2 (Jelly Bean) and up, and is confirmed to work until version 11.
If you can confirm upcoming newer versions of Android, please let us know.

Refund policy for the App:
Once the App has been delivered, no refund will be issued at any time.

Refund policy for single remote vendors:
If the purchased vendor-system will not work for your garage/gate/car, you can ask for a refund.

The App is using permissions for Bluetooth, GPS location, write to external storage and phone accounts.

The permission for phone accounts is needed to retrieve the main email address of  your phone,
which will be used to authenticate to our servers, so you don't need to create a login and password.
Your other phone-contacts are never accessed by this app at any time!

GPS is used for many features which are provided by this app.
Bluetooth is needed to connect with your Pi.
Write to external storage is needed to backup and restore the database of your created garages/gates/cars.

You can also qualify for free vendors or full access in providing missing manufacturer keys or entire rolling code systems.

Getting started:

Installing the Android App:

Download the given zip file. Unzip the APK file inside, and transfer it somehow to your phone, either by using Bluetooth or USB file transfer.

In your Phone settings you will need to enable the option: Install unknown Apps in Security settings.
or check out this web-site for more info: https://www.lifewire.com/install-apk-on-android-4177185

Now locate the APK file with a file manager on your Android-Phone, and click on it to have it installed.

---

 

Setting up Raspberry Pi:

Setting up the Raspberry Pi is explained on a separate page here.

Cloning/Copying/Grabbing a Remote Control into the database:

To copy your own remote, connect a RTL-SDR device or HackRF One to your Pi, and start my module on the Pi.
Then start the Android App, and connect with your Pi.
In the up right Menu, choose to set the listening frequency for the RTL-SDR device, and set it to the frequency of your remote.

The App will now be listening for recognized signals, so press the button of your remote control.
In my case, I am pressing button 1 of my Nice Flor 433.92 Mhz:

The App will detect the signal, and send it to the server to decode the encrypted values of the remote, and ask you if you want to store it to your database.

In the Database-View you can see all your stored remotes:
If you have chosen to auto-store new signals, the word "Auto" will be put in front:

If you press short on a database entry, the app will send the signal of the stored remote to open the garage if your Pi is connected.

To edit/delete the database entry, press and hold the desired entry, and an action menu will appear and allow you to edit or delete an entry,
and depending on the vendor, more options may appear.

Creating a remote manually:

Creating a Keeloq-Remote manually:

As example we will be creating a "Beninca" remote manually, which is using Keeloq-Rolling-Code:

To create a Keeloq remote manually, go to the Database-View and choose the Menu-Entry: "Add Garage":

In the Address-Field you can name the remote to anything you like. Lets name it "test"

As System choose "Keeloq" :

As Vendor choose "Beninca"

Leave the fields "Retries", "Channel" and "Frequence" as they are.
The Pi-Module will use the stored default frequency for this remote automatically.
If you would like to use a different frequency like 868.5 MHz, you would enter: 868500000 in the "Frequence" field.

The important values are now "Serial", "Sync", and "Key Code".

Give your "Beninca"-Remote a new serial like 12345:

The Sync value will stay at 0 for a new remote.
This value will increase in future with each button press of the remote!

You can leave the "Key-Code" at 2, which is the default for Button 1 of a Beninca remote.
(Different Vendors are using different Key-Codes. Ask if you require further help)

Save this new entry, and you will see it in your database:

If you are connected with your Pi, and press this new entry, a new rolling code will be generated by the server, and sent by the Pi:
New in version 1.4: For rolling code vendors, five signals will be generated and stored in the app for offline usage!

To open your door, first you have to "learn" this new remote to your receiver.
Press the learning button on your receiver, and then press the new entry in the database to send the new signal.
(For the "learning" process, it could be useful to increase the "Retries" value of how often the signal sending should be repeated. Set it to 20, and restore it to 10 once the learning is completed.)
This new remote will be stored in your receiver, and open your garage/gate/car from now on.

Brute Forcing a Garage Code:

In case you have lost all of your remotes, and can't enter your garage, you can use brute forcing to find the correct code and open your garage again.

First go the main Page "Home / Grab Signal", and connect with your Pi:

Change to the Brute page, and select the System you would like to Brute.
Came is very common and widely used:

Press the "Play Button" to start the Brute process.

The bruting will start and display the current progress and estimated time:

When the door/gate/barrier is opening hit the Pause/Stop Button:

If it's a door that's closing after a certain amount of time automatically, wait until the door has closed.
At this time you still don't have the correct code to open the door, but you are close.
Now either hit the Back button manually a few times, until the door opens again,

or use the reverse button which will brute backwards but not so fast,

and wait until the door opens again.
Wait until the door has closed, and use this button to send the same code again.
If the door does not open, adjust by using the Next and Previous Buttons until the door opens.

Due to an Android Bug, it can happen that the Bluetooth connection gets lost at this point.
For this case a Reconnect Button will show up:

Use it to finished the job.
 

Once you have the right code, you can save it to your database with the menu entry "Add Code to DB":
 

My App will automatically select the current address using GPS and street data from Google and recommend its name for the database entry.

In the database Page you can edit this new garage entry as you like:

This Button will update the GPS coordinates at any time.

With the menu "Edit DIP", you can see what DIP settings have been or need to be used by an original remote:

In the Map View, you will be able to see a Marker for your new added address.

If you are connected to your Pi and click on this Marker, my App will send the signal to open the garage door.

Automatically open approaching Garage in close range:

New feature added in version 1.1:

If the Map View is open, and position tracking and AutoOpenCloseGarage is enabled, Garages that you approach within a distance of 50 Meters will be opened automatically,
 without the need to press any button.
The App must be connected to the Pi using Bluetooth, and must have an internet connection.

View Edit Remote DIP Settings:

New feature added in version 1.1:

Now you can edit / view the DIP Settings of your original Remote:

You can reach this option in the Database View, by selecting an entry and choosing the action menu item: Show/Edit DIPs:

Remote learning new remotes to receiver with 1 click:

New feature added in version 1.4:

Now you can add / learn new "remotes" remotely to a receiver with 1 click:
(This is working only if a remote learning feature is supported and enabled by the receiver!)

In the database view, select two Entries with the same brand/vendor.
The first selected entry will be the "Master"-remote, and the second will be your new "Slave"-remote, which you want to add.
(The Master-remote must be already working with the receiver!)

In this example, the brand Beninca will be used:
Make sure "master" and "slave" do have different serial numbers in your database!

From the action menu, select: "Remote-learn":

You will get a reminder-dialog, which will also show the two selected entries:

Another dialog will show the standard procedure to learn a new remote for this brand / vendor:
(This is just for your information)

After clicking on "START LEARN", the learning process will do everything automatically:

Here the hidden button of the "Master"-remote will be pressed for 3 seconds:

Now the button which should be used will be pressed on the "Master"-remote:

Finally the same button on the "Slave"-remote will be pressed:

Depending on the brand, wait 5 seconds up to one minute, until the receiver ends the programming procedure, and your new remote should open the door.

Requesting a Seed Brute-Force using the Android App

New feature added in version 1.4:

Now you can submit a brute force request to the server, to recover the Seed-Code of your remote.

At first, please follow the guide to get a remote signal into the database:
Cloning/Copying/Grabbing a Remote Control into the database

Copy between 2 or 4 signals into the database like below:

Select the new entries, and choose on the top right action menu: "Brute Seed":

A Dialog will appear and ask if it is a BFT or Erreka remote:

After selecting BFT or Erreka, a short message will tell you if the request was successfully transmitted:

At this point, give the server some time, and later you can check at any time if the bruting was successfull:
Select any of your copied signals, which was already changed to the selected brand/vendor (BFT in this example),
and choose from the action menu: "Check bruted Seed":

If your request is still pending, you will see this:

Sometimes it can happen that multiple possible seed-codes matched at bruting-time.
In such cases, please repeat all steps above with new copied signals, and repeat the bruting request:

If the seed was successfully recovered, you can store it to your database entry with a click on "STORE":

If the seed is correct, the copied signal will be decoded and updated in the database:

If you check your database entry, you can see the recovered seed:

This new entry should now open your door/gate/barrier :)

Copying/Cloning a BFT Remote

New feature added in version 1.4:

Copying a BFT remote is special, because it is using a SEED code, which needs to be transmitted prior the actual copying process.

Start the App and connect with your Pi:

If your Remote has a hidden button, press the hidden button, otherwise keep pressing button 1 and 2 until the Seed-Code has been received:

At this point, the Seed-Code will be stored for all future receptions, until another Seed-Code reception is detected, or a Seed-Brute-Force gets requested.

Now press the button of the Remote, you would like to copy:

Your remote will be detected, and the signal decoded using the last stored SEED.

Now you can store it to the database:

Clicking this entry will open your door/gate/barrier.

To copy this remote to a remote-cloner device, or to learn it into a receiver, you will need to transmit the Seed-Code first.
You can do this by selecting the database entry, like you would like to edit it:

From the action menu choose: "Send Seed Code":

The Seed-Code will be transmitted for 3 seconds:

After this, press the database entry to send the button signal of this remote, and it is learned to the receiver or copied to a cloner.

Copying/Cloning a FAAC / Genius Amigo Remote

New feature added in version 1.4:

Start the App and connect with your Pi:

For FAAC / Genius Amigo, you will have to repeat these steps for each button:

Press button 1 and 2 until the LED of the remote starts flashing.
Now press the button, which you would like to copy, to transmit the Seed-Code of this button:

At this point, the Seed-Code will be stored for all future receptions, until another Seed-Code reception is detected, or a Seed-Brute-Force gets requested.

Now press the same button of the Remote again to transmit the signal:

Your remote will be detected, and the signal decoded.

Now you can store it to the database:

Clicking this entry will open your door/gate/barrier.

To copy this remote to a remote-cloner device, or to learn it into a receiver, you will need to transmit the Seed-Code first.
You can do this by selecting the database entry, like you would like to edit it:

From the action menu choose: "Send Seed Code":

The Seed-Code will be transmitted for 3 seconds:

After this, press the database entry to send the button signal of this remote, and it is learned to the receiver or copied to a cloner.

Recovering FAAC Seed using Flipper and the Android App

If you have a FAAC slave remote, you are in trouble getting the Seed-Code, for using it in Flipper zero.

But with the Android App, you are able to recover it using brute force attack.

Start your Flipper in Sub_GHz mode, and make 4 captures of one button of your FAAC remote:

Select each of the 4 captures, and write down the deatils.
Take care to start with the first capture and select each next capture in the correct direction (not backwards!):

Write down the Fix and Hop parts:
(For FAAC make sure to use the entire FIX part and not the Sn part!)

Fix part is the serial number of this remote and for all captures identical: A0AC0001

           The Hops are changing of course:
5D0CA586
E8FA5182
B8468B12
390FF243

Now use any Hex to Binary converter, to convert these HEX-values to binary digits.
A good one is here: https://www.rapidtables.com/convert/number/hex-to-binary.html

Windows integrated calculator will do this job too:

1011101000011001010010110000110
11101000111110100101000110000010
10111000010001101000101100010010
111001000011111111001001000011

Make sure the result has 32 digits. Put in front leading zeros if it's not 32 digits long:

01011101000011001010010110000110
11101000111110100101000110000010
10111000010001101000101100010010
00111001000011111111001001000011

Also convert the serial nr from HEX to Binary and put leading 0 to make it 32 digits:

10100000101011000000000000000001

Concatenate the serial with all 4 hop codes to four new strings like this:

1010000010101100000000000000000101011101000011001010010110000110
1010000010101100000000000000000111101000111110100101000110000010
1010000010101100000000000000000110111000010001101000101100010010
1010000010101100000000000000000100111001000011111111001001000011

The serial goes on the left, the hop part on the right.
These numbers can be copied to the Android App easily if you use a remote software like Teamviewer or Anydesk on your PC and Phone.

Now start the Android App and use the Menu to change to the Database, and choose there from the Action-Menu "Add Garage":

In the Address field, you can put anything to describe this entry. Lets put FAAC1 in there:
And as System, choose FAAC XT/Genius Amigo:

In the Code field, put the first digit-string which you created before:
And leave the Vendor at RAW:

Save this entry, and for the next three entries you can simply copy this new created entry:

Give the new copied entries new names, and copy the 64 digit string into the Code field, and save.

Now select all 4 entries, and choose from the Action-menu: Brute Seed:

Hit the Submit Button to send this brute request to the server.
Give the server a few minutes to brute the seed code.
Later select the first entry, and choose from the Action-Menu: Check bruted Seed:

If the bruting was successfull, you will see the Seed-Code:

Take this decimal number and convert it to HEX with any hex-converter.
This will be now your SEED which you have to put into your Flipper .sub file:

8B55820B

Example FAAC_SLH.sub file:

--------------------------------------------------------------------------------------------------------------------------------------------------

Filetype: Flipper SubGhz Key File
Version: 1
Frequency: 433920000
Preset: FuriHalSubGhzPresetOok650Async
Protocol: Faac SLH
Bit: 64
Key: A0 AC 00 01 39 0F F2 43
Seed: 8B 55 82 0B

--------------------------------------------------------------------------------------------------------------------------------------------------

 

Example BFT.sub file:

--------------------------------------------------------------------------------------------------------------------------------------------------

Filetype: Flipper SubGhz Key File
Version: 1
Frequency: 433920000
Preset: FuriHalSubGhzPresetOok650Async
Protocol: KeeLoq
Bit: 64
Key: A0 AC 00 01 39 0F F2 43
Seed: 8B 55 82 0B
Manufacture: BFT

--------------------------------------------------------------------------------------------------------------------------------------------------

Once the direct interface between Android App and Flipper zero is completed, this SEED recovery will be automated.

Flipper zero Keeloq devicekey usage

Using Flipper zero with some Keeloq remotes, which are using "Normal decrypt" or "Secure decrypt",
 is already possible by getting a device key for your remote, which you can request by Email.

(Check out the Keeloq-Remotes-List on top to figure out what decrypt method your vendor is using)

Remotes which are using "Normal decrypt" or "Secure decrypt", are creating a device key, on which a "Simple decrypt" is used to encrypt the signal.
Because Flipper zero is able to handle Keeloq simple decrypt, there is no problem in passing you the device key for your remote.
By using the device key in Flipper zero, you can open your Garage, and still feel save about using rolling code.

But please keep in mind about this fact here: How Rolling Codes are working.

If you rather would like to use your Flipper zero as a second remote, you would need to use a different serial number, and "learn" that into the receiver first.
Just send an email if you have further questions.

Automatic Flipper rolling code .sub file creation

As a quick support shot, there is now an option to create .sub files ready to use for Flipper zero,
for rolling code remotes,
using the Raspberry Pi and Android App solution.

Currently only working for Keeloq remotes, but can quickly be made available for other rolling code remotes too, on request.

The Android App has a new option to enable the creation of Flipper .sub files:

Whenever you open a garage using the App either through Database view or MAP view,
.sub files will be created on the Raspberry Pi in folder: /home/pi/rf/
starting with the name "Keeloq", followed by internal Keeloq-ID and sync value, like this

Keeloq0_6.sub
Keeloq0_7.sub
Keeloq0_8.sub

These .sub files will contain RAW signals which are ready to send over the air and open the garage.

Using this solution you can for example create at home ten .sub files with the next 10 sync values of a remote.
Then transferring this .sub files to your flipper,
you will be able to open your rolling code garage the next 10 times with your flipper :)

Once you have used up all 10 sync values, you can create another 10 .sub files an so on...

For transferring files from/to Raspberry Pi, use WinSCP.
It's free and easy to use.

(Please do not abuse this functionality by creating thousands of .sub files at once for multiple remotes, by using scripts, or your account will be suspended!)

Once the direct interface between Android App and Flipper zero is completed, this method will be automated or removed if no longer needed.

Automatic analyzing of Flipper RAW .sub files using Raspberry Pi

You have recorded a signal, and don't know what vendor and rolling code is used?

A new feature is analyzing Flipper .sub files which contain RAW data recordings.

Instructions:

Transfer your recorded .sub file to the Raspberry Pi into the folder: /home/pi/rf/
and rename the file to: FlipperRaw.sub
(You can use WinSCP for easy file transfer between a PC and a Pi)

Now start or re-start the module on the pi with:

sudo /home/pi/rf/rfcomm-server -vvv

Wait until Bluetooth is initialized and these green lines show up:

After those 10 seconds, you can connect with your Android App to the Pi.

If the file FlipperRaw.sub exits, it will be read,  and the raw signals will be analyzed:

If a signal gets detected, it will be decoded, and the details will be printed, like in this example were a Keeloq transmission has been detected:

Please don't get confused by the word "decoded" !
Decoding in this matter means, that the transmitted packet will be decoded into bits, which is needed for further decryption.
A decryption of a rolling code signal will not be happening on the Pi!

If you are connected with the Android App to the Pi, the detected signal will be sent to the Android App, which sends the signal to the server for decryption.
If the signal gets successfully decrypted, you will see it in the Android App like this:

Done!

Do not forget to remove or rename FlipperRaw.sub on the Pi!
Otherwise the same analyze will happen on each restart of the Pi module.

Flipper zero support facts:

As there is a high demand on having all above systems working with Flipper zero, there will be a possibility to use the Android App with Flipper zero soon.

In any case, you will need a custom firmware for flipper zero to unleash its full potential!
This one is recommended:  https://github.com/DerrowBond/ultimate-flipper-firmware/

Warning about official Flipper zero forum deleting good posts:

Official Flipper zero forum administrators are deleting informative posts without real reason!

Below is a screenshot of my former forum post without further comment!
Decide for yourself:

Version History:

For further questions and informations joing the Telegram group : https://t.me/rfremote or Discord support server