Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
Total 1 files
■ ■ ■ ■ ■ ■
README.md
skipped 25 lines
26
26
sub_files/
27
27
└── PROTOCOL_NAME
28
28
├── SPLIT_FACTOR
29
-
│ ├── 000.sub
30
-
│ ├── 001.sub
29
+
│ ├── <parent_file>_000.sub
30
+
│ ├── <parent_file>_001.sub
31
31
│ ├── ...
32
-
│ └── NNN.sub
32
+
│ └── <parent_file>_NNN.sub
33
33
└── debruijn.sub
34
34
```
35
35
36
-
For each protocol there are 6 sub folders, containing 1, 2, 4, 8, 16 and 32 files, `SPLIT_FACTOR` indicates the number of keys per `.sub` file. This is useful when trying to get a close guess to the key.
36
+
For each protocol there are 6 sub folders, containing 1, 2, 4, 8, 16 and 32 files, `SPLIT_FACTOR` (thedirectory'sname)indicates the number of keys per `.sub` file.`<parent_file>`simplyindicatestheparentfileofthecurrent`.sub`file,forexample,insidefolder`64`wehave`003_006.sub`,itsparentfileis`128/<parent_file>_003`anditschildrenwillbe`32/006_<file_id>`. This is useful when trying to get a close guess to the key.
37
37
38
38
For example, let's say you are trying to bruteforce a gate using CAME 12 bit protocol:
39
39
40
40
1. Play the single file (`4096/` folder) to make sure the attack works
41
-
2. Play the two files inside `2048/` folder, to see which half contains the correct key (suppose the second one works, containing keys from 2048 4095)
42
-
3. Play thesecondtwofiles (`002.sub`, `003.sub`) inside the `1024/` folder to narrow the search
41
+
2. Play the two files inside `2048/` folder, to see which half contains the correct key (suppose the second one works, `000_001.sub`containing keys from 2048 4095)
42
+
3. Play itschildren (`001_002.sub`, `001_003.sub`) inside the `1024/` folder to narrow the search
43
43
4. Keep doing this until you reach the last files inside the `128/` folder, these files take less than 10 seconds to send, almost the same as having the actual remote.
44
44
45
45
If you wanted to narrow the search even more you could modify the script to generate your own files containing less keys.
46
+
47
+
The `debruijn.sub` files are there just for reference I have not really been able to use them succesfully, they try to simulate a debruijn sequence for the protocol, although this is quite unfeasible because most protocols have some sort of stop bit or pilot bit appended or prepended to the actual key that differs from a normal bit. Also I have not yet found a gate using a bitshift register.