i have tried 2 garage door remotes and a gate clicker along with 3 car fobs not a signal one was read by the frequency analyzer. any one else have this problem ?
2 Likes
Garage door opener is not being read (states 318mhz on the control itself). Car fob (at least mine) is IR thus the codes roll every time and is unusable with this hardware (for now).
I know the frequencies but its not being read so its eather software or hardware problem most Likely software
Gotcha. Yeah, sounds like we have the same problem.
Careful, I tried my fob (2017 Jetta) and it desynched (no wireless BUT can ignition and physical door interactions)
4 Likes
Haha, good to know. My regular FOB is still working luckily.
at what exact frequency do the key fobs work, exactly 318.000? Can you take a photo of the nameplate on the keychain?
Mine is not working either, i see 000.000 on everything i try. Hope there is a bugfix, or an update. other wise i need a replacement.
to use the frequency analyzer, the transmitter must be brought close to the flipper
I’ve found I actually need to go to read or read raw first and change the frequency range near where I wanna analyze, then back out and immediately go to frequency analyzer and then it works 
no, you are doing something wrong or you didn’t bring the flipper close enough to the transmitter. the frequency analyzer has its own set of frequencies
I’m having a similar issue. I’m on the RC firmware channel and found that the frequency analyzer will simply not change from 000.000 unless I try to read raw data first. After I do, it will pick up codes from the key fob I’m using to test (315.000MHz). It will also show 300.XXX MHz of what I’m guessing is just noise no matter where I put the device. Not sure if that is normal. After a while of being idle, frequency analyzer will go back to only showing 000.000 no matter how close it is to the keyfob when I activate it.
I’m gonna try going back to the release firmware channel and see if it makes a difference because I remember it working as expected when I was on it.
edit: Same issue on release firmware. I’m not getting the 300MHz noise now, probably because the release firmware isn’t enabled to go to 300MHz, but I still need to try and record 315HMz in read raw before frequency analyzer will will recognize keypresses from my fob.
I can confirm that I have not been able to get the frequency analyzer to work either using the released firmware.
As others have suggested, I tried the Read RAW set to 315MHz, then backed out and go to Frequency Analyzer. But no luck. The Flipper Zero screen just reads 000.00MHz, and the LED never comes on.
My transmitter is physically touching the Flipper Zero. The light on my transmitter turns on when I hit a button on it. But I never see a reading on the Flipper Zero screen or it’s LED.
Here’s most of my hardware info from the CLI just in case this helps.
hardware_otp_ver : 2
hardware_timestamp : 1641521783
hardware_ver : 12
hardware_target : 7
hardware_body : 9
hardware_connect : 6
hardware_display : 1
hardware_color : 2
hardware_region : 2
bootloader_commit : 3f164ef3
bootloader_branch : 0.50.0
bootloader_branch_num : 1103
bootloader_version : 0.50.0
bootloader_build_date : 03-03-2022
bootloader_target : 7
firmware_commit : 3f164ef3
firmware_branch : 0.50.0
firmware_branch_num : 1103
firmware_version : 0.50.0
firmware_build_date : 03-03-2022
firmware_target : 7
radio_alive : true
radio_fus_major : 1
radio_fus_minor : 2
radio_fus_sub : 0
radio_fus_sram2b : 16K
radio_fus_sram2a : 0K
radio_fus_flash : 24K
radio_stack_type : 3
radio_stack_major : 1
radio_stack_minor : 13
radio_stack_sub : 0
radio_stack_branch : 0
radio_stack_release : 5
radio_stack_sram2b : 19K
radio_stack_sram2a : 14K
radio_stack_sram1 : 0K
radio_stack_flash : 120KAre you sure your transmitter is sub-1ghz? Some of them work in 2.4ghz range, which flipper can’t detect
I verified today (using a borrowed frequency analyzer) that the remote I’ve been trying to analyze uses a frequency of 310MHz. I’m now assuming that’s why I can’t get the Flipper Zero’s Sub-GHz Frequency Analyzer to detect it.
It’s a generic version of the Stanley SHA24711 Secure Code 3 Button Remote.
This brings up the questions; What is the possible frequency range that the Flipper Zero’s Frequency Analyzer can scan?
So, I figured out the problem.
The CC1101 (our radio chip) can’t function as a frequency analyzer (as it can only listen to one frequency at a time), so it just hops around a predefined set of frequencies and tries to find the highest RSSI (signal strength), and 310mhz isn’t in this list. The frequencies in the list are: 315mhz, 318mhz, 390mhz, 433.92mhz, 868.35mhz.
If you’d like to use 310mhz, you can edit the source code (the list is called subghz_hopper_frequencies in applications/subghz/subghz.c) and add 310000000 there (don’t forget to build and flash), then the frequency analyzer should see the remote.
6 Likes
This is very good to know! I was initially thinking that something might be wrong with my Flipper Zero.
The CC1101 has four per-defined frequency ranges of 315, 433, 868, and 915 MHz, but says that it
can operate within 300-348 MHz, 387-464 MHz, and 779-928 MHz ranges.
It should be possible to create a scanning routine that would jump through the frequency ranges as outlined by the CC1101 datasheet. It would most likely need to jump to a frequency, sample, and then jump again, and only stop if it detects a single higher than expected background.
Thanks for letting me know where to look in the source code. I’ll take a look later today and see if I can create a scan for 310MHz.
2 Likes
I looked at the code pointed out by @Astra this evening to look at adding in the 310MHz range for the remote I have. I was able to find the table of set frequencies and where to add in new ones.
But looking at the bigger issue of why the Frequency Analyzer doesn’t work in the first place. I think I have a better understanding of what’s going on in the current 0.50.0 version.
It looks like the Frequency Analyzer code isn’t hooked up to trigger a notification when a signal is found.
But even before that could happen. The code doesn’t even initiate a scan of the possible frequencies in a way that will work with jumping through the full range provided by the CC1101 chip used in the Flipper Zero.
In specific, the code found in flipperzero-firmware/applications/subghz/scenes/subghz_scene_frequency_analyzer.c for subghz_scene_frequency_analyzer_on_event will only ever return false. On top of that nothing ever seems to call the on_event in the first place.
I also couldn’t find any code that scans the frequencies in discreet increments (like 1MHz or 5MHz jumps) looking for the highest RSSI (Received Signal Strength Indicator), and then providing that feedback once it’s run through all the possible ranges.
I might take a stab at the code this weekend when I have more time. But my C coding skills are rather rusty. As in 20ish years since I’ve written serious C code. I’m much more of a higher level language coder these days, with the odd dip into hex hacking. 
In any case, the Frequency Analyzer as coded currently will not work as people expect it to. As pointed out by @Astra the chip and library don’t just “listen” to the full range of frequencies. Code has to be written to jump through them systematically to find the highest RSSI, and then return that result to the user.
What this also points out to me is that the Read RAW function needs a way to read either preset well known frequencies (as it currently does), or provide a way to set the Flipper Zero to read any of the possible frequencies that are available with the CC1101.
I’ll add some issues over on the GitHub repo next.
Time to get hacking people. 
🧑‍💻 
As far as I know, hopping over all the frequencies in small increments will be too slow to detect a lot of stuff that sends short bursts of data, as the freq switching takes time and CC1101 can’t do it fast enough to catch them.