derekste wrote:Did anything ever become of this? I think you're overthinking it. The older 160s/260s are just CW transmitters according to the FCC filing. Speculating here, but each transmitters unique ID is simply FSK-CW encoded and sent on the carrier?
Either way... my planned attack vector was/is to use SDR and simply clone one... but I need to start with a working one for this
I have the transponder Spank handed to me, but I’ve been travelling for work since Buttonwillow so haven’t taken a look at it yet unfortunately. Hopefully over the holidays I’ll get to take it apart.
Even the X2 is just FSK-CW, except the payload is encrypted and contains the precise number of “slots” that the next message will be transmitted, which is randomized. There’s also a sequential counter in there somewhere, so every single packet is different. I have a setup for recording the bitstreams but apart from a few header bits the rest is encrypted noise.
They key to figuring out the X2 system is finding the encryption key and method, everything is simple after that.
The older ones just transmit the unique ID, but if they’re anything like the AMB RC or motorcross ones they will do some “encoding” (not really encryption) on the ID that’s being sent.