Mobile-controlled RF pentesting toolkit. Control HackRF One and Evil Crow RF2 from your phone via an ESP8266-hosted web interface.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LAPTOP β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β Python Backend (server.py) ββ
β β β’ Receives commands from ESP via USB serial ββ
β β β’ Controls HackRF (scan, capture, replay) ββ
β β β’ Controls Evil Crow via WiFi (HTTP + WebSocket) ββ
β β β’ Auto-capture + OOK/FSK demodulation ββ
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β USB β USB WiFi β
β βΌ βΌ βΌ β
β ββββββββββββ βββββββββββββββ βββββββββββββββ β
β β HackRF β β ESP8266 β β Evil Crow β β
β β One β β (AP + Web) β β RF2 β β
β ββββββββββββ βββββββββββββββ βββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β WiFi AP ("RF-Pentest")
βΌ
ββββββββββββββββ
β Phone β
β (browser) β
ββββββββββββββββ
- Scan 315/433/868/915 MHz bands
- Real-time peak detection with SNR
- Identify active signals
- Configure replay frequency from mobile UI
- Record IQ capture during button press
- Save one named
.iqfile and replay trimmed burst clips
- Passive capture of N consecutive signals
- Session management with metadata
- Sequential replay for rolling code bypass
- Continuous jamming control from mobile UI
- Frequency-selectable jammer operation
- Auto-capture + decode tools (
signal_processor.py, GRC flows) - Evil Crow direct control logic remains in backend modules
- Used for diagnostics/research beyond the main final UI tabs
- ESP8266 (NodeMCU, Wemos D1 Mini, etc.)
- HackRF One (SDR for scanning and rollback)
- Evil Crow RF2 (h-RAT firmware, sub-GHz replay)
- Computer (runs Python backend, connects all devices)
- Phone (any device with a web browser)
Open firmware/esp8266_controller/esp8266_controller.ino in Arduino IDE:
- Install ESP8266 board support (Preferences β Boards Manager URL:
http://arduino.esp8266.com/stable/package_esp8266com_index.json) - Install libraries:
ArduinoJson - Select board: NodeMCU 1.0 (or your ESP8266 variant)
- Flash the firmware
cd backend
pip3 install -r requirements.txt- ESP8266 β Computer USB (note the port, e.g.,
/dev/ttyUSB1) - HackRF One β Computer USB
- Evil Crow RF2 β Computer USB (for power; WiFi for control)
- Computer WiFi β Connect to your Evil Crow AP (use your own credentials)
Edit backend/config.py:
ESP_SERIAL_PORT = "/dev/ttyUSB1" # Your ESP8266 port
ECRF_HOST = "192.168.4.1" # Evil Crow IP (default)cd backend
python3 server.pyExpected output:
============================================================
RF MOBILE CONTROLLER β Backend Server
============================================================
Serial Port : /dev/ttyUSB1
Baud Rate : 115200
Captures : /path/to/captures
============================================================
Waiting for commands from ESP8266...
============================================================
[OK] HackRF One connected
[OK] Evil Crow RF2 connected (192.168.4.1)
- Open WiFi settings on your phone
- Connect to your ESP8266 AP (SSID/password configured in firmware)
- Open browser and navigate to http://192.168.4.1
| Tab | Function |
|---|---|
| Scan | Frequency sweep with HackRF |
| Replay | Capture/save/replay workflow (HackRF backend) |
| Rollback | Multi-signal passive rollback attack |
| Jam | Jammer control |
rf-mobile-controller/
βββ README.md
βββ firmware/
β βββ esp8266_controller/
β βββ esp8266_controller.ino # ESP8266 AP + Web Server
βββ backend/
β βββ requirements.txt
β βββ config.py # Configuration
β βββ server.py # Main serial listener
β βββ hackrf_controller.py # HackRF operations
β βββ evil_crow_controller.py # Evil Crow HTTP API
β βββ signal_processor.py # Auto-capture + decode
βββ captures/ # Saved signals (created at runtime)
The ESP8266 communicates with the Python backend via JSON over serial:
Request (Phone β ESP β Computer):
{"cmd": "scan", "params": {"band": "315", "duration": 10}, "id": 1}Response (Computer β ESP β Phone):
{"status": "ok", "peaks": [...], "id": 1}Event (Computer β ESP β Phone via SSE):
{"event": "scan_progress", "data": {"progress": 50, "peaks": [...]}}βββββββββββββββββββββββββββββββββββββββββββββββ
β ESP8266 Access Point: (custom SSID) β
β IP: 192.168.4.1 β
β β
β Connected: β
β β’ Phone (192.168.4.x) β Web UI client β
βββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββ
β Evil Crow AP: (custom SSID) β
β IP: 192.168.4.1 β
β β
β Connected: β
β β’ Laptop WiFi β HTTP/WS control β
βββββββββββββββββββββββββββββββββββββββββββββββ
The laptop bridges both networks:
- USB to ESP8266 for serial communication
- WiFi to Evil Crow for h-RAT API access
# Auto-Capture #1
# Freq: 315.07 MHz
# Modulation: OOK
350,680,340,700,...
Filetype: Flipper SubGhz RAW File
Version: 1
Frequency: 315070000
Preset: FuriHalSubGhzPresetOok650Async
Protocol: RAW
RAW_Data: 350 -680 340 -700 ...
- Check serial port in
config.py - Verify baud rate is 115200
- Reflash ESP8266 firmware
- Run
hackrf_infoto verify connection - Check USB cable (must be data-capable)
- Connect laptop WiFi to your Evil Crow AP
- Verify Evil Crow is powered and running h-RAT
- Test with
curl http://192.168.4.1/
- Verify ESP8266 LED is blinking (AP active)
- Check the ESP8266 AP password configured in firmware
- Try forgetting and reconnecting to network
This tool is intended for authorized security testing and educational purposes only. Unauthorized interception or transmission of RF signals may violate local laws. Always obtain proper authorization before testing any RF systems.