We are happy to announce that a new feature is now available for the PandwaRF Rogue family: autonomous brute force.
Once configured and started by the smartphone, the brute force will continue even if the phone is disconnected. The user can reconnect later, even from another phone, and see how the brute force has progressed.

With this feature, the attacker can now use the brute force feature in “set up and forget” mode.
The scenario is as follows:

  • the attacker configures the brute force parameters (if Rogue Pro), or use the built-in database for Rogue Gov
  • the PandwaRF Android application will indicate the estimated total brute force duration. If you are lucky, it can be much shorter.
  • the attacker powers down the Rogue Pro/Gov
  • the attacker gets in range of the brute force target
  • the attacker turns on the PandwaRF Rogue Pro/Gov
  • the brute force will start as per previously configured
  • the attacker will look at the target (gate opener, alarm, …) for visual indication that the brute force has completed, or come back after the estimated BF duration has elapsed

There are many advantages for a brute force to run without any host control:

  • Discreet: the attacker doesn’t stand in front or near the target once the BF is started
  • This allows to greatly reduce the power consumption caused by the constant BLE connection to the phone.
  • For long brute force sessions, you can also power the PandwaRF Rogue with an external USB power bank.
  • If the PandwaRF Rogue runs out of battery while brute forcing, it will resume as soon as powered again from a USB source.

This feature has been deployed to all the Rogue family with Nordic release 0.11.3 dispatched in March 2019.

Here is a demo video showing this feature.

Disclaimer: You may only use the brute force feature to assess the security of your own RF devices. You are solely responsible for using your PandwaRF legally.