I am using the Flipper zero for some time, now.
The Most important learning: The Flipper Zero is not a magic want to open doors, gates or cars.
But the it is a great tool to learn how to open doors, gares and even cars.
At first I need to identify, how the system works. The better I am learning the undelying tech and protocol, the easier it is to understand how I can use the multitool. Or even understand why I can't use it for this particular system.
And lets be honest: If I could not easily open my own garage door with a 200USD gadget, nobody else can. It is secure. And thats a important thing to keep in mind.
If I want to use the Flippers IR feature, I can clone any remote which operates between 36 and 40 MHz carrier and speaks CIR. 433 MHz remotes (for example Bang&Olufson) won't work. IRDB remotes won't work.
If you don't have the remote or just want a shortcut, a database for remotes can be found at GitHub. There are three main repositories:
All three sources get in sync. But the uploads happens in either of them. So you don't know what source is he newest, but after about one or two weeks they should be the same.
This database is very powerful. You read occasional 'I've lost the remote for yxz'. I wonder how many people are losing remotes for a 10 euro light stripe. Or even for a 3000 euro projector ...
Most times you can find a similar model or different brand in the Flipper-IRDB, which works fine. Again, no magic here.
At one time, someone asked for a .ir file for a "Dualtron Victor" light stripe.
Go to one of the sources above and use the 'Go to file' field. Enter: "dualtron" (without ") and get the file "Dualtron_Victor_Handlebar_Lights.ir".
This file only provides 'Power'. but you can't change the light color. Let us take a look:
Now we know the protocol (NEC) and the address (00).
NEC is a simple protocol, build of a 16 bit address and 16 bit command. Both is 8 bit and 8 bit inversed as errror correction. That's why we only see 07 at the command. The Flipper knows the rest of the code is inversed.
Hex to Bin: 07 -> 0000 0111 (8Bit). But it will send 0000 0111 1111 1000 -> 07 F8 (16 bit) as command.
I already know 07 is valid command. I could create a ir file with the the lower address space and send buton per button.
But as it is 8 bit, there are only 255 possible variations from 00 to FF. So I will use the cli and create a iteraring loop:
This only works for protocol with 2x8 bit commands.
If the command is 16 bit, the values are from 0000 to FFFF (65535). And 65535 times 5 seconds are 91 hours. The protocol is unidirectional, and without feedback I can't automate the process. Who wants to watch 91h at a light stripe, if something happens?
With 255 variations, I've had a maximum time of 21 minutes. If I change the sleep to 3 seconds, there are 12 minutes left. If I use 3 seconds delay for FFFF, there are still 51 hours per loop.
I want to come back to one of my first sentences in this text. The better I understand a protocoll, the faster I understand, when I need to give up against the possible variations.
Or find another way. But this a a topic for another blogpost.
