SigFox
SigFox¶
- Battery conscious of up to 10 years on a AA battery
- Limits devices to 140, 12 byte data grams per day
- Ultra narrow Band
- Makes the signal to noise ratio better
Uplink¶
- Uses Phase Modulation in the form of D-BPSK
- Uses shift registers to encode the data using (5,7) Constitutional code
- This sends the same packet three times with no encoding, constitutional 5 and constitutional 7 encoding.
- This is used provide error correction
Decoding Uplink packets¶
- Has a Message Authentication Code (MAC)
- Digital Signature with symmetric key
- May be on the flash chip in plaintext
- Uses CBC-MAC with the Input being
- Flags
- Sequence ID
- Unique Device ID
- Payload
Example Hex Packets:
aaaa35f0a23db334d00dedbeef9a54ad20
aaaa35f0a24db334d00dedbeef85845cad
aaaa35f0a25db334d00dedbeef92387857
aaaa35f0a26db334d00dedbeef77b69fac
Structure of Uplink:
Preamble | Header | Flags | Sequence # | Unique Device ID | Payload | MAC | CRC-16 |
---------|--------|-------|------------|------------------|---------|-------|----------|
aaaa | 35f0 | | a23 |db334d00 | dedbeef | | 9a54ad20 |
aaaa | 35f0 | | a24 |db334d00 | dedbeef | | 85845cad |
aaaa | 35f0 | | a25 |db334d00 | dedbeef | | 92387857 |
aaaa | 35f0 | | a26 |db334d00 | dedbeef | | 77b69fac |
Pitflaws¶
- MAC is at most 16 bits long
- brute forcing can be done in 4 hours on a single frequency
- Can be done in less time with multi frequency can be done in a mater of mins
- Sequence Number is only 12 bits so at max you can repeat a packet less than 30 days
Downlink¶
- Can only be done after a uplink that contains a downlink request
- Uses Frequency Modulation using GFSK
- Uses Scrambling with the only inputs being
- Sequence Number
- Device ID
- BCH (15, 11, 1) Error Correction
- Has MAC
Structure of Downlink:
Preamble | ECC | Payload | MAC | CRC-16 |
----------------------------|--------|--------------------------|-----|--------|
2aaaaaaaaaaaaaaaaaaaaab227 | | | | |