Introduction
After the success of the PandwaRF, Lab401 worked with the ComThings engineers to build a version of the device optimised for Penetration Testing and the Security Industry.
The result is the PandwaRF Rogue Pro. Built with the same quality as the PandwaRF - the similarities stop with the case.
Engineered to work as an autonomous, RF brute-forcing device - the Rogue Pro has vastly improved functionality.
The PandwaRF is pocket-sized, portable RF analysis tool operating the sub-1 GHz range.
It allows for the capture, analysis and re-transmission of RF via an Android device or linux PC.
Practically, it removes the 'standard SDR Grind' of capturing, demodulating, analysing, modifying and replaying by hand - replacing it with a simple but powerful interface.
The PandwaRF Rogue Pro brings significant improvement in automated brute-forcing, aimed at security professionals and penetration testers to perform highly-targeted, rapid auditing and owning.
System Overview
The PandwaRF System consists of two elements: The hardware device, and the software controller, either Android device or PC.
Beyond the functionality provided by the Android interface, the PandwaRF can be easily controlled and customised. No need to risk bricking your device or writing in C, the PandwaRF can be controlled by Javascript, either on the phone, or remotely via your browser.
Rogue Pro Advantages
The Rogue Pro has significant advantages over the standard version - we have highlighted the most relevant below:
30x Faster Brute Forcing
Reworked Brute Force engine + De Bruijn attack.
Preloaded Example Database
Function masks preloaded for common wireless targets.
Pause / Resume Functionality
Pause and resume attacks if disturbed or out of time.
32-bit codeword support
Extended codeword length up to 4-billion combinations.
Set & Forget
Supports untethered cracking - will run autonomously.
Extended Protocols
Most generic remote control protocols are natively supported.
PandwaRF Model Comparison
Model | PandwaRF | Rogue Pro |
---|---|---|
Audience | Public / Hobbyist | Pentesters / Security Companies |
Brute Force | ||
Frame repetition | X | X |
Max Base | 4 | 4 |
De Bruijn attack (OpenSesame) * | X | |
Function mask | X | X |
Function mask bit skipping (time optimization) | X | |
Zero Delay between attempts | X | |
Logic symbols on multiple bytes | X | |
More brute force patterns | X | |
Split BF in several steps (saving last status) | X | |
Codeword support | 16 bits | 32 bits |
Synchro / tail support (bytes) | 8/8 | 40/40 |
Autonomous Brute Force * | X | |
Protocols | X | |
Session save/session load | X |
Technical Specs
Hardware- Bluetooth Smart Module ISP130301, based on nRF51
- CC1111 Low-Power SoC with Sub-1 GHz RF Transceiver
- 16 Mbit Flash Memory to save custom RF protocols
- Rechargeable battery powered for stand-alone operation
- Real-time battery status
- SMA connector (compatible with a HackRF Antenna, or our antenna)
- 4x programmable buttons
- Debug Connectors & GPIO
- Spectrum Analyser
- Automatically scan, capture, demodulate, replay data
- Capture & decode RF devices (IoT, Remote Controls..)
- RF Jamming
- Remote Control Brute-Force (RollJam)
RF
- Supports ASK/OOK/MSK/2-FSK/GFSK modulation
- 300-928 MHz band
- 10000 Bits/s data rate
- Transmit power: +10dBm (w/ inbuilt amps)
- Custom functionality Javascript API
- GPIO & Debug pads
- Auto-stream captured data to a remote server
- Modify/share captured data in-app
What's included
- 1x PandwaRF Rogue Pro
- 1x Battery
- 3x Antennas (300-400MHZ, 400-500MHZ, 800-1000MHZ range)
Shipping & Packaging
- Each PandwaRF Rogue Pro is dispatched from Europe - no need to worry about slow shipping times, import duties or damaged goods.
- Packed in a sturdy compact 85x130x45mm box.
- We provide world-wide shipping with express options.
Compatible Sysems
- Android 4.0.1 Minimum, 4.3 Preferred
- Linux: Debian, Ubunto, CentOS, etc (All Versions)
PandwaRF Rogue Pro Resources
Technical Documents Community / Usage / Tutorial ResourcesPandawaRF: Unboxing and Assembly
Hands on: PandwaRF