Diego Bentivoglio : 1 September 2025 10:33
Research into radio frequency security never stops. In recent years, we’ve seen the emergence of increasingly accessible tools that have brought the world of RF hacking beyond academic laboratories. One device attracting considerable attention is the LilyGO T-Embed CC1101, a small platform based on the ESP32 and the Texas Instruments transceiver. Thanks to the tireless work of the developer community, it has made a fundamental leap forward.
With the latest version of the Bruce firmware, this device is now capable of capturing RF signals in RAW format. This means we’re no longer talking about simple replications, but rather in-depth analysis that allows researchers to observe bit by bit what’s happening in the air. A function that until recently required expensive hardware is now possible with an inexpensive, portable device, accessible to anyone who wants to explore the mechanics of radio transmission.
The heart of the matter concerns Rolling Code systems, used for years to protect remote controls and opening devices such as cars, burglar alarms, and gates. This technology was created to counter replay attacks, the recording and retransmission of a previously transmitted signal, which was devastating in fixed-code systems. With Rolling Code, each keystroke generates a different code, synchronized with the receiver, making simple recording unnecessary.
Yet, like any security system, Rolling Code is not immune to limitations. Weak implementations, outdated algorithms, or synchronization errors can open the door to real vulnerabilities. This is where RAW signal analysis comes in, allowing you to observe the protocol without filters and understand how robust the protection implemented by manufacturers really is.
It’s important to emphasize that we’re not talking about intrusion tools, but research tools. The goal is to raise user awareness, encourage the industry to strengthen protocols, and demonstrate how the community, through its work, can transform a simple device into a pocket-sized security laboratory.
The LilyGO T-Embed CC1101 with Bruce firmware is proof of how collaboration between developers and researchers can generate real value. Thanks to this evolution, anyone can study the Rolling Code and better understand the mechanisms that protect or expose the wireless devices we use every day.
In the video accompanying this article, we’ll demonstrate how it’s possible to capture an RF signal in RAW format, a fundamental step for anyone who wants to go further and truly understand what happens behind the magic of remote controls.
Diego Bentivoglio