Home

CC1101 ESP32 RF Gadget

https://img.shields.io/badge/License-MIT-yellow.svg
https://img.shields.io/badge/platform-ESP32-blue
https://img.shields.io/badge/radio-CC1101-orange

A Swiss Army knife for sub‑1 GHz RF – Sniff, record, replay, and brute‑force signals with an ESP32 and a CC1101 transceiver.

---

Table of Contents

• Overview

• Hardware Setup

• Installation & Flashing

• Command Reference

  • Basic Configuration

  • Packet & FIFO Settings

  • Advanced RF Controls

  • Sniffing & Monitoring

  • Recording & Replaying

  • Utility Commands

• Usage Examples

• Recording & Replay Workflow

• Brute‑Force Garage Door Attack

• Troubleshooting

• Release Notes

• Legal Disclaimer

---

Overview

This project turns a cheap ESP32 + CC1101 combo into a fully programmable RF tool. It exposes every CC1101 register via a simple serial CLI, letting you:

• Transmit and receive on 300‑348 MHz, 387‑464 MHz, and 779‑928 MHz

• Choose between 2‑FSK, GFSK, ASK/OOK, 4‑FSK, and MSK

• Tweak all RF parameters (frequency, deviation, data rate, RX bandwidth, channel spacing, etc.)

• Sniff live packets and print them in hex

• Record frames or raw on‑off keying samples into a buffer

• Replay captured signals (perfect for remote control cloning)

• Brute‑force simple fixed‑code remotes (e.g., old garage doors)

• Jam selected frequencies (for testing/education only!)

The firmware exposes a simple CLI over USB‑UART at 115200 baud. All commands are plain text – no GUI, no dependencies.

---

Hardware Setup

Required Components

• ESP32 development board (DevKit, NodeMCU‑32S, etc.)

• CC1101 transceiver module (with SPI pins)

• Jumper wires

• Antenna (spring or SMA)

Wiring (SPI)

ESP32 Pin | CC1101 Pin | Function -- | -- | -- GPIO5 | CSn | Chip Select GPIO18 | SCK | SPI Clock GPIO19 | MISO | Master In Slave Out GPIO23 | MOSI | Master Out Slave In GPIO4 | GDO0 | Digital I/O (interrupt) GPIO2 | GDO2 | Optional extra I/O 3.3V | VCC | Power (3.3V) GND | GND | Ground