Frequently Asked Questions

Can I use PandwaRF offline?2023-09-25T13:31:17+02:00

Yes and no.

Most of PandwaRF Rogue and Marauder features are available offline:

  • RX
  • TX
  • Spectrum Analyser
  • RF brute force

Online connection (with valid Kaiju account) allows:

  • rolling code analysis
  • rolling codes generation
Kaiju License/Token keys2023-06-09T10:39:20+02:00

When you purchase a Kaiju license or token on PandwaRF website, you receive a License key.

This License key shall be entered in your Kaiju profile.

What is “De Bruijn attack” (aka OpenSesame)?2023-03-22T17:13:42+01:00
De Bruijn attack is a mathematical operation used to brute force certains types of old gate openers. Google for OpenSesame & Samy Kamkar.
Is PandwaRF capable of opening gates without keys?2023-03-22T17:14:18+01:00

PandwaRF Rogue Pro can do that, assuming you have captured a RF frame previously, and submitted it to Kaiju for analysis (PandwaRF <-> Kaiju communication is handled by the app).

If analysis is succesful, Kaiju will generate new rolling codes that will open the gate.

Warning: You should only do this on your own gate opener in case you have lost the transmitter for example.

Is it capable of brute force?2023-03-22T17:14:28+01:00

Yes PandwaRF Rogue Pro can do brute force. But brute force is not magic. You need to know the parameters to use for brute forcing: frequency, modulation, data rate, symbol length, interframe duration, repetition, etc…

I want to capture key fobs, generate rolling codes and replay them, is that possible?2023-03-22T17:14:39+01:00
Yes, the PandwaRF Rogue Pro allows capture and transmit.
The Kaiju License will allow PandwaRF Rogue Pro to decrypt rolling codes and generate new ones.
What’s the difference between PandwaRF Rogue and PandwaRF Marauder?2023-03-22T17:15:02+01:00
  • PandwaRF Marauder is used for reconnaissance, to capture data in the long term, for several hours and analyse it later. 
  • PandwaRF Rogue Pro is more for “interactive” data manipulation, where user is actively analysing, capturing, modifying and retransmitting data.
Is PandwaRF user-friendly?2023-09-25T13:26:38+02:00

The goal of the PandwaRF family of product is to make RF as much fun and simple as possible. But some RF knowledge can indeed help understand the mechanics inside: modulation, bit rate, sampling rate, deviation, binary vs hexadecimal, RX bandwidth…, etc…

If you have no idea what the previous terms mean, don’t worry, PandwaRF comes with a lot of predefined settings.

What is the best version for a newbie?2023-03-22T16:56:37+01:00

If you want to practice RF sniffing and transmission without too much technical knowledge, PandwaRF Rogue Pro is probably what you are looking for. It comes with an Android app that tries to make everything as simple as possible.

Is GPS required on my Android smartphone to connect to PandwaRF?2023-03-21T12:11:27+01:00
  • On Android version 6, Bluetooth Low Energy (BLE) scanning will only work if Location services are enabled. This is a requirement from Google. If you don’t grant location permission to the app, the scan may not find any BLE device.
  • Starting Android 13, the location/GPS doesn’t need to be enabled to use the BLE.

See Android Permissions for more details.

How does PandwaRF knows if I have a valid Kaiju License?2023-03-21T12:12:27+01:00

When you purchase a PandwaRF (Rogue Pro, Marauder Standard, …) with a Kaiju license, the PandwaRF is automatically registered into Kaiju. When you first request a Kaiju analysis from your PandwaRF, you will be requested to create or link a Kaiju account. The PandwaRF, the Kaiju license and your email will then be linked together.
Once this first association is done, you can use Kaiju without using your PandwaRF.

See Kaiju Account Creation for more details.

How do I enable Flipper Zero sub-file generation in Kaiju?2023-03-03T09:25:10+01:00

You need a Kaiju account and a valid Kaiju License. You will then have the option to generate a Flipper Zero .sub file for each of your generated rolling codes.

What is Flipper Zero sub-file generation?2023-03-03T09:22:02+01:00

Flipper Zero Sub file generation is the ability to generate binary files (.sub files) from within the Kaiju server.
Sub files are generally used for rolling codes transmissions and can be loaded onto your Flipper Zero.

What is Kaiju, and how does it relate to Flipper Zero?2023-03-03T09:18:51+01:00

Kaiju is a rolling code management server made by ComThings.
Flipper Zero is general purpose hacking device made by Flipper Devices Inc.

There is no link between the 2 companies.

What is “De Bruijn attack” (open sesame)?2023-03-03T09:04:13+01:00

The De Bruijn sequence is an algorithm used to efficiently produce every possible code in as few bits as possible.
It is very effective against old gate openers receivers that contain shift registers.
More information here.
De Bruijn Brute Force is possibel with the PandwaRF Rogue Pro.

What is exactly “Kaiju”?2023-03-03T09:02:04+01:00

Kaiju is a Rolling code analyzer & generator.
It is the server that handle rolling codes decryption and generation.

Is PandwaRF Rogue Pro capable of opening gates without keys?2023-03-03T09:00:09+01:00

Yes, but only for some fixed codes models like Came and Nice gate openers for the moment.

Is PandwaRF Rogue capable of brute force? If yes, do I need anything to start or it uses in-app database?2023-03-03T08:59:18+01:00

Yes, PandwaRF Rogue Pro is Brute Force capable. But you need to set the frame parameters correctly, as it didn’t come with an exhaustive database.
Example of required parameters are bit rate, symbols encoding, interframe duration, synchro bits, tail bits, …
More information here and here.

I mainly want a tool to capture key fobs, generate rolling codes and replay them, is that possible? If yes, what model of PandwaRF?2023-03-03T08:55:08+01:00

You can do all that with a PandwaRF Rogue Pro.
Rolling codes decryption and generation require a Kaiju License.

What’s the difference between Rogue and Marauder?2023-03-03T08:53:44+01:00

Once started, PandwaRF Marauder captures all RF data from the specified frequency/modulation and store it internally for future analysis.
PandwaRF Rogue Pro is more for “interactive” data manipulation: capture/replay/rolling code generation…

What is the best version for a newbie?2023-03-03T08:50:00+01:00

PandwaRF Rogue Pro is the best version to start practicing and learning.

I have purchased a Kaiju License or Token Pack, how to use it?2023-01-02T10:43:37+01:00

After purchasing a Kaiju License or Token Pack, you will receive a license key by email (email used when purchasing).

This license key needs to be added to your Kaiju profile (https://rolling.pandwarf.com/profile-user) by using the buttons “Add license” or “Add tokens”.


Can Marauder be used to send new rolling codes?2021-03-24T16:59:52+01:00

No. New rolling code from Kaiju can only be replayed using a Rogue (Pro/Gov).

Can the Marauder be used with Rogue?2021-03-24T16:55:30+01:00

Yes! In fact Rogue & Marauder work better together.
Marauder Standard/Ultimate can export captured data to Rogue, and Rogue can also send the data to Kaiju for analysis.

Can PandwaRF Marauder be used to transmit RF data?2021-03-24T16:52:40+01:00

Marauder can only replay the data it has previously captured.

Power sources2019-10-03T07:39:29+02:00

PandwaRF can be powered by several sources:

  • internal battery
  • USB port with an external power bank
  • USB port, powered from smartphone using an USB OTG male-male cable (provided)
Can I power off my PandwaRF?2019-10-03T07:29:40+02:00

Yes, there is a ON/OFF power switch inside the case.

How long does the battery last?2019-10-03T07:28:25+02:00

It depends on the usage.

  • PandwaRF can last several weeks in idle mode.
  • In TX or RX mode, the battery will last for approx. 10 hours.
Is PandwaRF a SDR?2019-10-02T12:23:25+02:00

As explained here, PandwaRF is not a SDR.

  • A SDR sends I/Q samples directly (over USB) to the host. This allows the I/Q demodulation to be made by the SW running on the host.
  • PandwaRF doesn’t send the I/Q samples to the host over USB. These I/Q samples are directly demodulated by the chipset and the demodulated data is then sent to the host.
For how long can PandwaRF Marauder record RF data?2019-10-02T11:39:54+02:00

The battery lasts about 10 hours and depending on the Marauder version, it can perform a maximum of 256 or 512 captures of 1-second duration each.

Do you provide free samples/test devices?2019-10-02T11:35:57+02:00

We don’t provide free samples.

Long time ago we provided one free to an Elf, but he was famous. If you are famous or an Elf, contact us. You will not get a free sample, but we will discuss about Orcs.

Is there a guide on getting started with PandwaRF?2019-10-02T11:33:38+02:00

You can find the user guide here or have a look at our wiki.

How can we order without charging the VAT?2019-10-02T11:31:17+02:00

If you are a company in Europe and have a VAT number, please contact us to provide your billing information (including VAT number) and the VAT will not be charged.

I found PandwaRF for sale from a reseller not listed on your website, can I order from them anyway?2019-10-02T11:30:24+02:00

Orders from unauthorized resellers are poor quality clones and do not benefit from technical support and bug fixes, and are not compatible with the PandwaRF Android application.

What is the range for RX/TX?2019-10-02T11:29:59+02:00

The connection from smartphone to PandwaRF uses Bluetooth 4.0 (LE), and theoretical range is up to 100m, but depends on radio conditions.

The range from remote control to PandwaRF is approx. 30m, but also depends on radio conditions.

Can I buy directly at your office in France?2019-10-02T11:29:53+02:00

No, our office is not open to the public. You can only buy online.

Can I open my PandwaRF to see what’s under the hood?2019-10-02T11:54:52+02:00

Yes, use a coin or similar tool as shown here.

Is there some “Do the dirty work for me” button?2019-10-02T11:57:27+02:00

PandwaRF Rogue Pro has many auto-detection features:

  • Auto frequency detection
  • auto data rate measurement
  • data rate computation from over-sampled data
  • model searcher…
I don’t know RF, can I use PandwaRF?2019-10-02T11:22:55+02:00

Well, we would love to say yes, but the truth is that you need to understand the basis, like modulation, data rate, sampling rate, deviation, RSSI, etc…

Hopefully, we have made the app as easy as possible.

What version should I buy?2019-10-02T11:22:26+02:00

The PandwaRF family is composed of several product versions:

  • PandwaRF Bare: the cheapest version, no battery, no case. To experiment without big investment. €.
  • PandwaRF: Fits in your pocket, battery, nice black case. For basic RF tasks. €€.
  • PandwaRF Rogue Pro: Better at pentesting and brute forcing. Faster and more powerful. €€€.
  • PandwaRF Rogue Gov: Faster. Home Alarm hacking feature. Not for the Dark Side. €€€€.
  • PandwaRF Marauder: drop and forget. Capture and replay. Works without a Smartphone. €€€ to €€€€.

Before choosing a product version, you should think about what you are planning to use your PandwaRF for.

  • If you are not sure or you just want to try it out, the PandwaRF is probably right for you.
  • If you have a more specific purpose you should take a look at the Rogue Pro or the Marauder.
  • If you are part of/working with LEA and you don’t have a vast RF knowledge, the Rogue Gov is probably the best choice. 

More details here: https://pandwarf.com/news/which-pandwarf-variant-should-you-choose/

Battery replacement2019-10-02T11:19:12+02:00

It can happen that your battery become weak, or dead. Don’t worry you can replace your battery easily with instructions.

Is PandwaRF legal?2019-10-02T11:18:36+02:00

PandwaRF is a tool. Like any tool, it can be used to do good or bad. We are not responsible for what you do with it. PandwaRF is made to assess the security of your own devices only.

I noticed an issue with my PandwaRF, when will you fix it?2019-10-02T11:18:13+02:00

Please raise a ticket for any technical issue. Contact us directly if you have a malfunctioning board.

What kind of support do you provide?2019-10-02T11:17:24+02:00

Any technical issue can be handled through our GitHub issue tracking. You can also reach us by chat/email/forum.

Does it work on all Android phones ?2019-10-02T11:16:34+02:00

PandwaRF application can only work on Android KitKat (API level 19 and higher). However, some phones have better Bluetooth than others. Please check the list of Android Tested Devices.

What modulation are best supported?2019-10-02T11:14:43+02:00

PandwaRF prefers working on OOK modulation, because it is the most common. However, supported modulation are ASK/OOK/MSK/2-FSK/GFSK.

What kind of devices can PandwaRF capture RF data from?2019-10-01T19:18:36+02:00

PandwaRF can capture data from devices like:

  • car keyfobs
  • garage door opener keyfobs
  • wireless plugs
  • wireless chimes etc.
What shipping carrier do you use to ship orders?2019-10-01T19:39:49+02:00

We only use express carriers like UPS or DHL.

If you prefer another shipping option like the postal service, please request it in the Notes for seller section when checking out and we will see what we can do 🙂

Why do I need to provide documents to confirm my identity or shipping address?2019-10-01T19:40:20+02:00

Occasionally we may request documents or more information in order to confirm your identity or address before shipping your order.

This is necessary for us to be covered in case of credit card fraud.

If you do not wish to provide the requested documents or information, you can also pay by bank transfer or purchase PandwaRF from one of our resellers (listed on our website) and soon on Amazon.

What is your return policy?2019-10-01T19:40:12+02:00
My phone has an old Android version, is it compatible with PandwaRF?2019-10-01T19:37:43+02:00

Please check the Requirements page in our wiki to see if your Android version is compatible with PandwaRF.

Is RF knowledge required in order to use PandwaRF?2019-10-01T19:17:43+02:00

We did our best to make sure that PandwaRF can be used by anybody, but basic RF knowledge (being familiar with terms like data rate, modulation etc) is recommended in order to fully enjoy all the features.

Are FW updates free?2019-10-01T19:19:04+02:00

Yes, FW updates are completely free.

How can I modify my order ?2019-10-01T19:39:55+02:00

You can only replace items in your order with other items that have the same price. Please contact us at pandwarf@comthings.com and we’ll update your order.

How can I cancel my order?2019-10-01T19:40:01+02:00

You can’t, so please contact us and we will do it for you.

Is it possible to upgrade a product version to another product version?2019-10-01T19:19:19+02:00

For PandwaRF and Rogue Family: no, this is not possible. Each product version is independent.

For Marauder, yes you can upgrade from one version to the other. Please check the Marauder version table for more information.

Is there an iOS app?2019-10-01T19:39:33+02:00

No. We developed one iOS app 2 years ago, but it was a bad move as the Android App evolves constantly and we cannot maintain 2 apps at the same time. But one day we will… Also we can’t afford spending more than 1000€ on a single phone 🙂

Will Nordic or CC1111 be open source?2019-10-01T19:18:55+02:00

Nordic or CC1111 are not planned to be open source. But we are working on “starter” code, like some basic BSP code to use the UART, GPIO, SPI, USB etc.

If you want to run some scripts, we have the Python USB RfCat script for Linux machine or JavaScript for BLE/USB on Android. If you feel that something is missing, please submit a GitHub ticket and we will see what we can do.

Can PandwaRF brute force rolling codes?2019-10-01T19:17:51+02:00

Yes, if the length is < 16bits. But it is not plug and play. You will have to configure PandwaRF with the correct settings (frequency, modulation, data rate, symbols etc).

We kindly remind you that brute forcing something that doesn’t belong to you is very very bad. Don’t do it. Seriously.

Is it possible to use PandwaRF without being connected to a network with data?2019-10-01T19:19:38+02:00

The PandwaRF uses a cloud connection to check for FW updates, provide anonymous statistic data about crashes, ANR etc. This is default Android/Google behaviour.

But you can still use your PandwaRF without being connected, it will work. However you won’t receive any FW update and will not be able to use the “Post data to API” feature (cf. github.com/ComThings/PandwaRF/wiki/Android-RX-Data-Post-Rest-API).

And we will not be able to spy on you and make money by selling your personal data to evil third parties. No, we are kidding.

Can PandwaRF be configured and managed using GNU radio?2019-10-01T19:25:40+02:00

No, it cannot be used with GNU radio, as PandwaRF is not a SDR and doesn’t send/receive IQ samples.

Does PandwaRF support normal Bluetooth?2019-10-01T19:19:26+02:00

Bluetooth Smart (aka Bluetooth Low Energy – BLE) is not the same as Bluetooth.

Unfortunately PandwaRF cannot use normal Bluetooth.

We have added this message “The device does not have a Bluetooth feature” to indicate the lack of Bluetooth Smart HW support from your phone.

In doubt, please install System Info for Android or equivalent and check in System/Functionalities if you see android.hardware.bluetooth.le.

If you don’t, your phone doesn’t support Bluetooth Smart. Keep it preciously, it is a collector.

What can you do using PandwaRF ?2019-10-01T15:24:44+02:00

Possible applications include:

  • Receive keyfobs transmission (car, alarm, gate opener, …)
  • Replay captured transmission from keyfobs
  • Replay a modified captured transmission
  • Transmit your own custom payload
  • Capture RF data and transmit it on another frequency
  • Brute force wireless devices (alarms, gate openers, ..)
  • Spectrum Analyzer
  • Find the frequency used by a RF device
  • Reverse engineer unknown protocols
  • Measure the data rate of a transmission
  • Check the RF jam-resistance of your own devices
  • Send captured data to a server for post-processing
  • Write custom Javascript scenarios
  • Develop your own Android application
How much time does it take before my order is shipped?2021-03-24T17:04:42+01:00

We normally ship once a week, so your order may be shipped between 1 day and 1 week after you made the payment.

But it can sometimes take 2 or 3 weeks because, well, we may be on holidays, or are busy working on a new feature. So if you are in a hurry, we recommend you order from one of our reseller. 

We’ll mark your order as:

  • completed: when it is ready and shipping has been scheduled with the delivery service
  • fulfilled: when the order has been shipped

You’ll also receive an email with the tracking number once it has been shipped.

How can I become a PandwaRF reseller?2019-10-01T19:40:35+02:00

If you’re interested in becoming a reseller, please contact us.

Is PandwaRF USB or Bluetooth Smart?2019-10-01T19:18:42+02:00

You can link with PandwaRF using an Android/iOS smartphone with a Bluetooth Smart feature.
In some cases, you will need a higher throughput than what BLE can offer, so you will have to use PandwaRF using its USB port.
You can connect PandwaRF to an Android Smartphone with an USB Host mode (the USB host mode is supported in Android 3.1 and higher) using a USB micro Male/Male cable.
You can also connect PandwaRF to a computer (Linux) and use #rfcat Python scripts or our native C stack to send/receive data.

Is PandwaRF open source?2019-10-01T19:18:07+02:00

Well, partially.
Some pieces are definitely open source (e.g. the #rfcat fork that we have made), and others will also be open source as they are important for developers in order to use PandwaRF
Other pieces are custom parts of our CTbee product, and cannot be disclosed without altering our relationship with existing CTbee customers.
But we will release everything needed for developers in order to use PandwaRF.

Can I use PandwaRF right away or do I need to code something?2019-10-01T19:19:11+02:00

PandwaRF can be paired with a smartphone & used immediately after unboxing.

What does ComThings provide for developers in order to use PandwaRF?2019-10-01T19:18:27+02:00

ComThings provides:

  • PandwaRF:
    • Nordic Semiconductor nRF51822 Multiprotocol Bluetooth® low energy/2.4 GHz RF System on Chip with ARM® Cortex™-M0
    • Texas Instruments CC1111 Low-Power SoC (System-on-Chip) with MCU, Memory, Sub-1 GHz RF Transceiver, and USB Controller
    • Micro USB type B connection with full-speed USB 2.0 interface
    • SPI memory
    • Fuel Gauge
    • 350mAh LiPo battery
    • 4 buttons
    • 3 LEDs
    • preflashed with bootloaders
  • Firmware: we provide binary firmware for both MCUs: Nordic nRF51822 & TI CC1111
  • Software libraries: we provide Gollum Java Android libraries
  • Reference application: we provide Android reference test application
Go to Top