19 SUBGHZ

SubGHz Mode

Sub-GHz refers to radio frequencies below 1 GHz—common bands including 315 MHz, 433 MHz, 868 MHz (EU) and 902–928 MHz (US). This mode works with the CC1101 sub‑GHz radio module.

---

🧩 Commands

Command	Description
scan	Scan supported bands and report RSSI peaks to find and pick the most active frequency
sweep	Sweep over a band; estimates activity + confidence per frequency
sniff	Raw frame sniffer at the current selected frequency (GDO0 async data)
trace	On‑device real‑time logic trace of GDO0 (oscilloscope‑style view on the screen)
decode	Analyze captured frames and guess encoding (pulse‑length / Manchester / PWM), bitrate, and possible protocol
replay	Record up to 64 raw frames and play them back
bruteforce	Transmit bruteforce sequences for 12 bit keys protocols (Nice/Came/Ansonic/Holtek/Linear/Chamberlain)
jam	Transmit random bursts at band or specific frequency, prompts for frequence hold time and burst gap
setfrequency	Set the operating frequency (choose a band list or enter a Custom MHz value)
config	Interactive setup of SPI pins and GDO0, then initializes CC1101

---

⚠️ Important Warning (Jamming / Transmission)

• Emitting RF energy may be regulated or illegal in your jurisdiction without a license or outside ISM limits.
• Jamming can interfere with legitimate devices (alarms, remotes, sensors). Use only in controlled lab environments and ensure compliance with local laws.
• Keep output power and duty cycle minimal when testing. You are responsible for how you use these features.

---

📝 Notes

• TI CC1101 modules are inexpensive and widely available.
• scan and sweep help discover active carriers; sweep gives a more nuanced confidence estimation by combining peak level and activity ratio.
• A few kHz offset can degrade reception; fine‑tune around the discovered peak.
• To discover a device’s frequency: run scan, repeatedly press the remote or listen the signal for a few seconds, then stop and pick the highest peak frequency.
• bruteforce is an adapted version from the Bruce firmware (https://github.com/pr3y/Bruce).
• For better reliability, prefer USB Serial logging over Wi‑Fi (lower latency).

---

⚙️ config

Configure the CC1101 pins/params:

• CS (CSN, Chip Select)
• SCK / MISO / MOSI
• GDO0 (data pin)
• CC1101 Pinout
• 

---

📌 Example Usage

config               # Configure SPI pins and GDO0, initialize CC1101
setfrequency         # Choose a band or enter a custom MHz value
scan                 # Scan band and print RSSI peaks (press ENTER to stop)
sweep                # Slow sweep with activity/confidence per frequency
sniff                # Raw pulse capture at current freq (press ENTER to stop)
trace                # Live logic trace of GDO0 on device screen
decode               # Guess encoding/bitrate/protocol from a captured frame
replay               # Record frames then replay them
bruteforce           # Try fixed-code space for selected protocol (lab only)
jam                  # Choose a frequency/band and start jamming (lab only)

---

🔧 Hardware