Evil Crow RF: An Open Source CC1101 Based Device for Pentesting

evilcrowrf x

The CC1101 is a popular RF silicon chip as it can handle many common digital modulation modes such as OOK/ASK, FSK, GFSK, and MSK within it’s hardware. It is not a software defined radio, but rather a hardware radio that can be easily software controlled. Over the years we’ve seen the CC1101 and it’s cousin the CC1111 with embedded microcontroller used in several pentesting/RF reverse engineering tools such as the Flipper Zero, Yard Stick One and PandwaRF.

There is now a new open source CC1101 implementation called the “Evil Crow RF“. This hardware marries two CC1101 modules with an ESP32 WiFi and Bluetooth microcontroller. It is capable of operating in the 300 MHz – 348 MHz, 387 MHz – 464 MHz and 779 MHz – 928 MHz bands. As it has two CC1101 modules it can receive or transmit on two different frequencies at the same time. 

The firmware running on the ESP32 allows you to control the device via a simple web interface. Currently built in are interfaces for receiving, transmitting and brute forcing.

The device hardware is completely is open source so anyone can build it, however the creators are selling a ready to use version on Aliexpress, however at the time of this post it appears to be out of stock.

Over on Twitter creator @JoelSernaMoreno has uploaded a short video of it working.

The Evil Crow RF Open Source CC1101 Based Radio