MC145026 Bruteforce #81
Labels
feature
New feature request
Comments
|
Hello @zigad, I will analyze your files in the next two weeks and I'll come back with the result. |
|
Adding few more ReadRAW dumps. Flipper managed to read a signal only 1 time and recognized it as BET 18Bit (freq: 309,25 MHz) Flipper found this: RAW Dumps |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I discovered that a local manufacturer of parking ramp barriers uses these MC145026 chips in remotes to open parking barriers, and they are quite popular in Slovenia. As a result, I started studying the MC145026 protocol used in remote controllers. Since the system relies on a fixed "code," I believe it might be possible to brute-force it.
I'm eager to dive deeper into the protocol and would appreciate any help or guidance. So far, I’ve managed to decode little part of the data sent by the remote, but I haven't yet pinpointed where the code itself is transmitted. I will try to re-solder the address pins on my remote and try to see where is the difference in transmission. Based on my decoding, the remote seems to send the following sequence:
0, OPEN, OPEN, OPEN, OPEN, 1, 0, 1, 1
(one small part, there appears to be a lot of data sent)
I’m wondering if the last 4 digits could represent the address, though that’s just a guess for now. There’s a fair amount of data in the full reading, so I'm still working on figuring it all out.
SubGHz_2025-01-15_18,30,20.sub.zip
SubGHz_2025-01-15_19,33,46.sub.zip
SubGHz_2025-01-15_19,41,48.sub.zip
I saw that HackRF already has this encoder implemented in protocols so maybe this can help: https://github.com/portapack-mayhem/mayhem-firmware/blob/next/firmware/application/protocols/encoders.hpp
The text was updated successfully, but these errors were encountered: