Skip to content
Brute force/de Bruijn script for triggering an ook rf device with a rfcat dongle.
Branch: master
Clone or download

Latest commit

exploitagency update script/readme
found a way to generate debruijn sequence 150% faster
Latest commit f6828dc Oct 24, 2016


Type Name Latest commit message Commit time
Failed to load latest commit information. update script/readme Oct 24, 2016 update script/readme Oct 24, 2016


Written by Corey Harding from

Video demo with instructions available at:

usage: [-h] [-v] [-f BASEFREQ] [-b BAUDRATE] [-l BINLENGTH]
                  [-r REPEATTIMES] [--keys] [-p PPAD] [-t TPAD] [--raw]
                  [--tri] [--show]

Application to use a rfcat compatible device to brute force a particular AM
OOK or raw binary signal.

optional arguments:
  -h, --help      show this help message and exit
  -v, --version   show program's version number and exit
  -f BASEFREQ     Specify the target frequency to transmit on, default is
  -b BAUDRATE     Specify the baudrate of the signal, default is 2000.
  -l BINLENGTH    Specify the binary length of the signal to brute force. By
                  default this is the binary length before pwm encoding. When
                  the flag --raw is set this is the binary length of the pwm
                  encoded signal.
  -r REPEATTIMES  Specify the number of times to repeat the signal. By default
                  this is set to 1 and uses the de bruijn sequence for speed.
                  When set greater than one the script sends each possible
                  permutation of the signal individually and takes much longer
                  to complete. For some applications the signal is required to
                  be sent multiple times.
  --keys          Displays the values being transmitted in binary, hex, and
                  decimal both before and after pwm encoding.
  -p PPAD         Specify your own binary padding to be attached before the
                  brute forced binary.
  -t TPAD         Specify your own binary padding to be attached after the
                  brute forced binary.
  --raw           This flag disables the script from performing the pwm
                  encoding of the binary signal. When set you must specify the
                  full pwm encoded binary length using -l.
  --tri           This flag sets up the script to brute force a trinary
  --show          Prints de Bruijn sequence before transmitting.
You can’t perform that action at this time.