From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

PandwaRF.png [1]


PandwaRF is a family of pocket-sized, portable RF analysis tools operating the sub-1 GHz range produced by the Comthings, a French startup focused on the PandwaRF analysis tool and custom RF penetration testing tools for professionals and law enforcement agencies. [2] analysis and re-transmission of RF via an Android device or a Linux PC.

It can be connected to an Android smartphone using BLE or USB, and to Linux using USB. It is based on the well-known RfCat and Yard Stick One tools with the Texas Instruments CC1111 RF transceiver [3], but with a lot of new features, making PandwaRF the perfect portable RF analysis tool. Practically, it removes the ‘standard SDR Grind’ of capturing, demodulating, analyzing, modifying and replaying by hand – replacing it with a simple but powerful interface.

The PandwaRF system consists of two elements: the hardware device and the software controller, either an Android device or a PC. The hardware is a very capable device, tailored for beginners and advanced users alike. Beyond the functionality provided by the Android interface, the PandwaRF can be easily controlled and customized. No need to risk bricking your device or writing in C, the PandwaRF can be controlled by JavaScript, directly on the smartphone. The Rogue Pro was designed for advanced users like pentesters or security professionals and it is specialized on brute forcing wireless devices in order to test their security.

General Overview

PandwaRF is a Radio Frequency hacking tool used to:[4]


  • Capture any data in ASK/OOK/MSK/2-FSK/GFSK modulation from the frequency range: 300-348 MHz, 391-464 MHz and 782-928 MHz
  • Transfer the captured data to your smartphone & save/share it
  • Send the captured data in JSON to your own server for post-processing
  • Write your own scripts or use a provided one


  • Transmit previously captured data or write your own
  • Transmit data from a smartphone or directly from PandwaRF
  • Brute force with a predefined transmission pattern (encoders or devices)
  • Transmit power: +10dBm


  • Visualize the frequency used by any device using the PandwaRF built-in Spectrum Analyzer
  • Directly show the maximum and average RSSI for a specific frequency band

    Technical Overview

    PandwaRF is composed of 2 elements:

  • PandwaRF HW dongle
  • PandwaRF Android application

    PandwaRF HW dongle

    The PandwaRF dongle contains[5]:

  • Bluetooth Smart Module ISP130301, based on nRF51
  • CC1111 Low-Power SoC with Sub-1 GHz RF Transceiver
  • 16 Mbit Flash Memory to save custom RF protocols
  • Rechargeable battery powered for stand-alone operation
  • Battery fuel gauge
  • SMA connector
  • 4 buttons
  • 4 Status LEDs
  • Debug connectors & GPIOs

    Possible applications

  • Receive keyfobs transmission (car, alarm, gate opener, …)
  • Replay captured transmission from keyfobs
  • Replay a modified captured transmission
  • Transmit your own custom payload
  • Capture RF data and transmit it on another frequency
  • Brute force wireless devices (alarms, gate openers etc)[6]
  • Spectrum Analyzer
  • Find the frequency used by a RF device
  • Reverse engineer unknown protocols
  • Measure the data rate of a transmission
  • Check the RF jam-resistance of your own devices
  • Send captured data to a server for post-processing
  • Write custom Javascript scenarios
  • Develop your own Android application

    Hardware Antennas

    In its antenna pack version, PandwaRF is shipped with 3 miniature SMA antennas (315/433/868-915 MHz).

    Using the proper antenna is critical to have good RF performance. Antennas are labelled with the first digit of their frequency band:

  • 3 for 315 MHz,
  • 4 for 433 MHz,
  • 8/9 for 868/915 MHz


    PandwaRF is a test equipment for RF systems. It has not been tested for compliance with the regulations governing the transmission of radio signals. You are responsible for using your PandwaRF legally. The intentional jamming of RF signals is ILLEGAL. PandwaRF should only be used for testing the robustness of your own devices.