Reputation: 51
How to find a pipe address using nRF24L01(+) 2.4GHz Wireless Transceiver
I'm trying to figure out if there is an efficient way of figuring out a pipe address of an rf24 radio. In order for two radios to communicate, they have to be on the same channel and have the same read and write pipe addresses.
The only approach I can think of now is by using brute force, the easiest way to eliminate the number of searches is to know at least the radio channel--I think that's the easy part. In theory (I guess), I could set my "searching" radio to the correct channel, the set it to only "listen", and then try one address after another. But that's inefficient, since the address can be any 40-bit hex value. So there are 2^40 possible keys--I don't want to spend 2 weeks at a time trying to find "listen" address.
Is there a better way? Is there maybe a way to send a signal to a channel and get all pipe addresses available on that channel? Basically anything but my method.
Edit 1:
I wonder if there is a way to modify a scanner like this one: https://github.com/TMRh20/RF24/blob/master/examples/scanner/scanner.ino so that it captures all of the "visible" packets for a given channel, and then find out the address. According to nRF24L01(+) specifications "packet contains a preamble, address, packet control, payload and CRC field". This would narrow down the number of possible addresses to very few.
Upvotes: 4
Views: 11028
Answers (2)
Reputation: 51
Or you can do the following:
Although the device/node-address is specified as 5 bytes eq. 40bits, you can specify just the first byte. In this case, the remaining 4 bytes become part of the payload.
Then, you have to listen only to 256 keys (2^8) instead of 2^40.
Upvotes: 5
Reputation: 51
I think I figured out my answer.
In order to view all addresses in the channel from different sources, I have receive all available packets, since (as mentioned in edit to my question), payload packets contain pipe addresses. In order to do that a receiver has to be put into a “promiscuous mode”. The problem is that nRF24L01 does not support that.
There is a way to have a "error prone" packet sniffing with nRF24L01 explained here: http://yveaux.blogspot.nl/2014/07/nrf24l01-sniffer-part-1.html
A receiver (or a transceiver in this case) that supports “promiscuous mode” and therefore allows for packet sniffing is esp8266 http://wp.dejvino.com/2015/02/how-to-use-an-esp8266-a-jumpstart-tutorial/
Upvotes: 0
Related Questions
- decoding 802.11 b
- Wireless Transmission using NRF24l01 or NRF24l01+ using arduino
- How to pipe I/Q data in Linux
- How to determine a wifi channel number used by wifi ap/network?
- How does GNU Radio File Sink work?
- nrf24l01 Transmission problems
- GNURADIO 3.7.8: identify a part of a byte stream
- unable to communicate wirelessly using arduino and nrf24L01+ transceivers
- Scanning WIFI in Android
- How to do Channel measurements in Gnuradio?